From aa4fd32b831940d30a240efddfa4909d22832d7a Mon Sep 17 00:00:00 2001 From: yati1998 Date: Fri, 28 Jan 2022 12:04:53 +0530 Subject: [PATCH 01/11] controller: adds yaml to install and deploy controller this commit adds raw yaml generated using kustomize in deploy/controller/ which can be used by others to directly deploy the controller Fixes: #105 Signed-off-by: yati1998 (cherry picked from commit e515dd538463336541fbe65809653cbb73030417) --- Makefile | 4 +- deploy/controller/setup-controller.yaml | 1050 +++++++++++++++++++++++ 2 files changed, 1053 insertions(+), 1 deletion(-) create mode 100644 deploy/controller/setup-controller.yaml diff --git a/Makefile b/Makefile index 280d4fcb0..a6fd0f6f6 100644 --- a/Makefile +++ b/Makefile @@ -83,8 +83,10 @@ help: ## Display this help. ##@ Development .PHONY: manifests -manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. +manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="{./api/...,./cmd/...,./controllers/...,./sidecar/...}" output:crd:artifacts:config=config/crd/bases + cd config/manager && $(KUSTOMIZE) edit set image controller=${CONTROLLER_IMG} $(KUSTOMIZE_RBAC_PROXY) + $(KUSTOMIZE) build config/default > deploy/controller/setup-controller.yaml # generate the .clusterserviceversion.yaml config/manifests/bases/$(PACKAGE_NAME).clusterserviceversion.yaml: config/manifests/bases/clusterserviceversion.yaml.in diff --git a/deploy/controller/setup-controller.yaml b/deploy/controller/setup-controller.yaml new file mode 100644 index 000000000..490d38f93 --- /dev/null +++ b/deploy/controller/setup-controller.yaml @@ -0,0 +1,1050 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: csi-addons-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: csiaddonsnodes.csiaddons.openshift.io +spec: + group: csiaddons.openshift.io + names: + kind: CSIAddonsNode + listKind: CSIAddonsNodeList + plural: csiaddonsnodes + singular: csiaddonsnode + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.namespace + name: namespace + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.driver.name + name: DriverName + type: string + - jsonPath: .spec.driver.endpoint + name: Endpoint + type: string + - jsonPath: .spec.driver.nodeID + name: NodeID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: CSIAddonsNode is the Schema for the csiaddonsnode API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CSIAddonsNodeSpec defines the desired state of CSIAddonsNode + properties: + driver: + description: Driver is the information of the CSI Driver existing + on a node. If the driver is uninstalled, this can become empty. + properties: + endpoint: + description: EndPoint is url that contains the ip-address to which + the CSI-Addons side-car listens to. + type: string + name: + description: 'Name is the name of the CSI driver that this object + refers to. This must be the same name returned by the CSI-Addons + GetIdentity() call for that driver. The name of the driver is + in the format: `example.csi.ceph.com`' + type: string + nodeID: + description: NodeID is the ID of the node to identify on which + node the side-car is running. + type: string + required: + - endpoint + - name + - nodeID + type: object + required: + - driver + type: object + status: + description: CSIAddonsNodeStatus defines the observed state of CSIAddonsNode + properties: + message: + description: Messgae is a human-readable message indicating details + about why the CSIAddonsNode is in this state. + type: string + reason: + description: Reason is a brief CamelCase string that describes any + failure and is meant for machine parsing and tidy display in the + CLI. + type: string + state: + description: State represents the state of the CSIAddonsNode object. + It informs whether or not the CSIAddonsNode is Connected to the + CSI Driver. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: networkfences.csiaddons.openshift.io +spec: + group: csiaddons.openshift.io + names: + kind: NetworkFence + listKind: NetworkFenceList + plural: networkfences + singular: networkfence + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.driver + name: Driver + type: string + - jsonPath: .spec.cidrs + name: Cidrs + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.result + name: Result + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: NetworkFence is the Schema for the networkfences API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NetworkFenceSpec defines the desired state of NetworkFence + properties: + cidrs: + description: Cidrs contains a list of CIDR blocks, which are required + to be fenced. + items: + type: string + type: array + driver: + description: Driver contains the name of CSI driver. + type: string + parameters: + additionalProperties: + type: string + description: Parameters is used to pass additional parameters to the + CSI driver. + type: object + secret: + description: Secret is a kubernetes secret, which is required to perform + the fence/unfence operation. + properties: + name: + description: Name specifies the name of the secret. + type: string + namespace: + description: Namespace specifies the namespace in which the secret + is located. + type: string + type: object + required: + - cidrs + - driver + type: object + status: + description: NetworkFenceStatus defines the observed state of NetworkFence + properties: + conditions: + description: Conditions are the list of conditions and their status. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + message: + description: Message contains any message from the NetworkFence operation. + type: string + result: + description: Result indicates the result of NetworkFence operation. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: reclaimspacecronjobs.csiaddons.openshift.io +spec: + group: csiaddons.openshift.io + names: + kind: ReclaimSpaceCronJob + listKind: ReclaimSpaceCronJobList + plural: reclaimspacecronjobs + singular: reclaimspacecronjob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .spec.suspend + name: Suspend + type: boolean + - jsonPath: .status.active.name + name: Active + type: string + - jsonPath: .status.lastScheduleTime + name: Lastschedule + type: date + - jsonPath: .status.lastSuccessfulTime + name: Lastsuccessfultime + priority: 1 + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ReclaimSpaceCronJob is the Schema for the reclaimspacecronjobs + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReclaimSpaceCronJobSpec defines the desired state of ReclaimSpaceJob + properties: + concurrencyPolicy: + default: Forbid + description: 'Specifies how to treat concurrent executions of a Job. + Valid values are: - "Forbid" (default): forbids concurrent runs, + skipping next run if previous run hasn''t finished yet; - "Replace": + cancels currently running job and replaces it with a new one' + enum: + - Forbid + - Replace + type: string + failedJobsHistoryLimit: + default: 1 + description: The number of failed finished jobs to retain. Value must + be non-negative integer. Defaults to 1. + format: int32 + maximum: 60 + minimum: 0 + type: integer + jobTemplate: + description: Specifies the job that will be created when executing + a CronJob. + properties: + metadata: + description: 'Standard object''s metadata of the jobs created + from this template. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Specification of the desired behavior of the job. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + backOffLimit: + default: 6 + description: BackOffLimit specifies the number of retries + allowed before marking reclaim space operation as failed. + If not specified, defaults to 6. Maximum allowed value is + 60 and minimum allowed value is 0. + format: int32 + maximum: 60 + minimum: 0 + type: integer + retryDeadlineSeconds: + default: 600 + description: RetryDeadlineSeconds specifies the duration in + seconds relative to the start time that the operation may + be retried; value MUST be positive integer. If not specified, + defaults to 600 seconds. Maximum allowed value is 1800. + format: int64 + maximum: 1800 + minimum: 0 + type: integer + target: + description: Target represents volume target on which the + operation will be performed. + properties: + persistentVolumeClaim: + description: PersistentVolumeClaim specifies the target + PersistentVolumeClaim name. + type: string + type: object + required: + - target + type: object + type: object + schedule: + description: The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. + pattern: .+ + type: string + startingDeadlineSeconds: + description: Optional deadline in seconds for starting the job if + it misses scheduled time for any reason. Missed jobs executions + will be counted as failed ones. + format: int64 + type: integer + successfulJobsHistoryLimit: + default: 3 + description: The number of successful finished jobs to retain. Value + must be non-negative integer. Defaults to 3. + format: int32 + maximum: 60 + minimum: 0 + type: integer + suspend: + description: This flag tells the controller to suspend subsequent + executions, it does not apply to already started executions. Defaults + to false. + type: boolean + required: + - jobTemplate + - schedule + type: object + status: + description: ReclaimSpaceCronJobStatus defines the observed state of ReclaimSpaceJob + properties: + active: + description: A pointer to currently running job. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + lastScheduleTime: + description: Information when was the last time the job was successfully + scheduled. + format: date-time + type: string + lastSuccessfulTime: + description: Information when was the last time the job successfully + completed. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: reclaimspacejobs.csiaddons.openshift.io +spec: + group: csiaddons.openshift.io + names: + kind: ReclaimSpaceJob + listKind: ReclaimSpaceJobList + plural: reclaimspacejobs + singular: reclaimspacejob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.namespace + name: Namespace + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.retries + name: Retries + type: integer + - jsonPath: .status.result + name: Result + type: string + - jsonPath: .status.reclaimedSpace + name: ReclaimedSpace + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ReclaimSpaceJob is the Schema for the reclaimspacejobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReclaimSpaceJobSpec defines the desired state of ReclaimSpaceJob + properties: + backOffLimit: + default: 6 + description: BackOffLimit specifies the number of retries allowed + before marking reclaim space operation as failed. If not specified, + defaults to 6. Maximum allowed value is 60 and minimum allowed value + is 0. + format: int32 + maximum: 60 + minimum: 0 + type: integer + retryDeadlineSeconds: + default: 600 + description: RetryDeadlineSeconds specifies the duration in seconds + relative to the start time that the operation may be retried; value + MUST be positive integer. If not specified, defaults to 600 seconds. + Maximum allowed value is 1800. + format: int64 + maximum: 1800 + minimum: 0 + type: integer + target: + description: Target represents volume target on which the operation + will be performed. + properties: + persistentVolumeClaim: + description: PersistentVolumeClaim specifies the target PersistentVolumeClaim + name. + type: string + type: object + required: + - target + type: object + status: + description: ReclaimSpaceJobStatus defines the observed state of ReclaimSpaceJob + properties: + completionTime: + format: date-time + type: string + conditions: + description: Conditions are the list of conditions and their status. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + message: + description: Message contains any message from the ReclaimSpaceJob. + type: string + reclaimedSpace: + anyOf: + - type: integer + - type: string + description: ReclaimedSpace indicates the amount of space reclaimed. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + result: + description: Result indicates the result of ReclaimSpaceJob. + type: string + retries: + description: Retries indicates the number of times the operation is + retried. + format: int32 + type: integer + startTime: + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-addons-controller-manager + namespace: csi-addons-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: csi-addons-leader-election-role + namespace: csi-addons-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: csi-addons-manager-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/status + verbs: + - get + - patch + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - networkfences + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/status + verbs: + - get + - patch + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs/status + verbs: + - get + - patch + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: csi-addons-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: csi-addons-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: csi-addons-leader-election-rolebinding + namespace: csi-addons-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: csi-addons-leader-election-role +subjects: +- kind: ServiceAccount + name: csi-addons-controller-manager + namespace: csi-addons-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: csi-addons-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-addons-manager-role +subjects: +- kind: ServiceAccount + name: csi-addons-controller-manager + namespace: csi-addons-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: csi-addons-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-addons-proxy-role +subjects: +- kind: ServiceAccount + name: csi-addons-controller-manager + namespace: csi-addons-system +--- +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: e8cd140a.openshift.io +kind: ConfigMap +metadata: + name: csi-addons-manager-config + namespace: csi-addons-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: csi-addons-controller-manager-metrics-service + namespace: csi-addons-system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: csi-addons-controller-manager + namespace: csi-addons-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: quay.io/csiaddons/k8s-controller:latest + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: csi-addons-controller-manager + terminationGracePeriodSeconds: 10 From fb36779d36bb8fa52829b023a08026833b4fe6fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Jan 2022 15:16:09 +0000 Subject: [PATCH 02/11] vendor: bump google.golang.org/grpc from 1.43.0 to 1.44.0 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.43.0 to 1.44.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.43.0...v1.44.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] (cherry picked from commit 0aa69e4e6f9c999f475be17e040e04b5291ef7b9) --- go.mod | 2 +- go.sum | 4 ++-- .../grpc/attributes/attributes.go | 4 +++- .../grpc/credentials/insecure/insecure.go | 5 ----- vendor/google.golang.org/grpc/dialoptions.go | 4 ++-- .../google.golang.org/grpc/grpclog/loggerv2.go | 8 ++++---- .../grpc/internal/envconfig/xds.go | 7 +++++++ .../grpc/internal/grpclog/grpclog.go | 8 ++++---- .../grpc/internal/grpcutil/regex.go | 11 +++++++---- vendor/google.golang.org/grpc/regenerate.sh | 18 +++++++++++++++--- vendor/google.golang.org/grpc/version.go | 2 +- vendor/modules.txt | 2 +- 12 files changed, 47 insertions(+), 28 deletions(-) diff --git a/go.mod b/go.mod index e85a04564..1c9f8c357 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/operator-framework/operator-sdk v1.16.0 github.com/robfig/cron/v3 v3.0.1 github.com/stretchr/testify v1.7.0 - google.golang.org/grpc v1.43.0 + google.golang.org/grpc v1.44.0 google.golang.org/protobuf v1.27.1 k8s.io/api v0.23.1 k8s.io/apimachinery v0.23.1 diff --git a/go.sum b/go.sum index 9d4b289f1..2829fdc0a 100644 --- a/go.sum +++ b/go.sum @@ -1694,8 +1694,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.43.0 h1:Eeu7bZtDZ2DpRCsLhUlcrLnvYaMK1Gz86a+hMVvELmM= -google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg= +google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc/cmd/protoc-gen-go-grpc v0.0.0-20200709232328-d8193ee9cc3e/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= diff --git a/vendor/google.golang.org/grpc/attributes/attributes.go b/vendor/google.golang.org/grpc/attributes/attributes.go index 6ff2792ee..ae13ddac1 100644 --- a/vendor/google.golang.org/grpc/attributes/attributes.go +++ b/vendor/google.golang.org/grpc/attributes/attributes.go @@ -69,7 +69,9 @@ func (a *Attributes) Value(key interface{}) interface{} { // bool' is implemented for a value in the attributes, it is called to // determine if the value matches the one stored in the other attributes. If // Equal is not implemented, standard equality is used to determine if the two -// values are equal. +// values are equal. Note that some types (e.g. maps) aren't comparable by +// default, so they must be wrapped in a struct, or in an alias type, with Equal +// defined. func (a *Attributes) Equal(o *Attributes) bool { if a == nil && o == nil { return true diff --git a/vendor/google.golang.org/grpc/credentials/insecure/insecure.go b/vendor/google.golang.org/grpc/credentials/insecure/insecure.go index 22a8f996a..4fbed1256 100644 --- a/vendor/google.golang.org/grpc/credentials/insecure/insecure.go +++ b/vendor/google.golang.org/grpc/credentials/insecure/insecure.go @@ -18,11 +18,6 @@ // Package insecure provides an implementation of the // credentials.TransportCredentials interface which disables transport security. -// -// Experimental -// -// Notice: This package is EXPERIMENTAL and may be changed or removed in a -// later release. package insecure import ( diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go index 063f1e903..c4bf09f9e 100644 --- a/vendor/google.golang.org/grpc/dialoptions.go +++ b/vendor/google.golang.org/grpc/dialoptions.go @@ -272,7 +272,7 @@ func withBackoff(bs internalbackoff.Strategy) DialOption { }) } -// WithBlock returns a DialOption which makes caller of Dial blocks until the +// WithBlock returns a DialOption which makes callers of Dial block until the // underlying connection is up. Without this, Dial returns immediately and // connecting the server happens in background. func WithBlock() DialOption { @@ -304,7 +304,7 @@ func WithReturnConnectionError() DialOption { // WithCredentialsBundle or WithPerRPCCredentials) which require transport // security is incompatible and will cause grpc.Dial() to fail. // -// Deprecated: use insecure.NewCredentials() instead. +// Deprecated: use WithTransportCredentials and insecure.NewCredentials() instead. // Will be supported throughout 1.x. func WithInsecure() DialOption { return newFuncDialOption(func(o *dialOptions) { diff --git a/vendor/google.golang.org/grpc/grpclog/loggerv2.go b/vendor/google.golang.org/grpc/grpclog/loggerv2.go index 34098bb8e..7c1f66409 100644 --- a/vendor/google.golang.org/grpc/grpclog/loggerv2.go +++ b/vendor/google.golang.org/grpc/grpclog/loggerv2.go @@ -248,12 +248,12 @@ func (g *loggerT) V(l int) bool { // later release. type DepthLoggerV2 interface { LoggerV2 - // InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Print. + // InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Println. InfoDepth(depth int, args ...interface{}) - // WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Print. + // WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Println. WarningDepth(depth int, args ...interface{}) - // ErrorDetph logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Print. + // ErrorDepth logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Println. ErrorDepth(depth int, args ...interface{}) - // FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Print. + // FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Println. FatalDepth(depth int, args ...interface{}) } diff --git a/vendor/google.golang.org/grpc/internal/envconfig/xds.go b/vendor/google.golang.org/grpc/internal/envconfig/xds.go index 93522d716..9bad03cec 100644 --- a/vendor/google.golang.org/grpc/internal/envconfig/xds.go +++ b/vendor/google.golang.org/grpc/internal/envconfig/xds.go @@ -42,6 +42,7 @@ const ( aggregateAndDNSSupportEnv = "GRPC_XDS_EXPERIMENTAL_ENABLE_AGGREGATE_AND_LOGICAL_DNS_CLUSTER" rbacSupportEnv = "GRPC_XDS_EXPERIMENTAL_RBAC" federationEnv = "GRPC_EXPERIMENTAL_XDS_FEDERATION" + rlsInXDSEnv = "GRPC_EXPERIMENTAL_XDS_RLS_LB" c2pResolverTestOnlyTrafficDirectorURIEnv = "GRPC_TEST_ONLY_GOOGLE_C2P_RESOLVER_TRAFFIC_DIRECTOR_URI" ) @@ -85,6 +86,12 @@ var ( // XDSFederation indicates whether federation support is enabled. XDSFederation = strings.EqualFold(os.Getenv(federationEnv), "true") + // XDSRLS indicates whether processing of Cluster Specifier plugins and + // support for the RLS CLuster Specifier is enabled, which can be enabled by + // setting the environment variable "GRPC_EXPERIMENTAL_XDS_RLS_LB" to + // "true". + XDSRLS = strings.EqualFold(os.Getenv(rlsInXDSEnv), "true") + // C2PResolverTestOnlyTrafficDirectorURI is the TD URI for testing. C2PResolverTestOnlyTrafficDirectorURI = os.Getenv(c2pResolverTestOnlyTrafficDirectorURIEnv) ) diff --git a/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go b/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go index e6f975cbf..30a3b4258 100644 --- a/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go +++ b/vendor/google.golang.org/grpc/internal/grpclog/grpclog.go @@ -115,12 +115,12 @@ type LoggerV2 interface { // Notice: This type is EXPERIMENTAL and may be changed or removed in a // later release. type DepthLoggerV2 interface { - // InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Print. + // InfoDepth logs to INFO log at the specified depth. Arguments are handled in the manner of fmt.Println. InfoDepth(depth int, args ...interface{}) - // WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Print. + // WarningDepth logs to WARNING log at the specified depth. Arguments are handled in the manner of fmt.Println. WarningDepth(depth int, args ...interface{}) - // ErrorDetph logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Print. + // ErrorDepth logs to ERROR log at the specified depth. Arguments are handled in the manner of fmt.Println. ErrorDepth(depth int, args ...interface{}) - // FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Print. + // FatalDepth logs to FATAL log at the specified depth. Arguments are handled in the manner of fmt.Println. FatalDepth(depth int, args ...interface{}) } diff --git a/vendor/google.golang.org/grpc/internal/grpcutil/regex.go b/vendor/google.golang.org/grpc/internal/grpcutil/regex.go index 2810a8ba2..7a092b2b8 100644 --- a/vendor/google.golang.org/grpc/internal/grpcutil/regex.go +++ b/vendor/google.golang.org/grpc/internal/grpcutil/regex.go @@ -20,9 +20,12 @@ package grpcutil import "regexp" -// FullMatchWithRegex returns whether the full string matches the regex provided. -func FullMatchWithRegex(re *regexp.Regexp, string string) bool { +// FullMatchWithRegex returns whether the full text matches the regex provided. +func FullMatchWithRegex(re *regexp.Regexp, text string) bool { + if len(text) == 0 { + return re.MatchString(text) + } re.Longest() - rem := re.FindString(string) - return len(rem) == len(string) + rem := re.FindString(text) + return len(rem) == len(text) } diff --git a/vendor/google.golang.org/grpc/regenerate.sh b/vendor/google.golang.org/grpc/regenerate.sh index a0a71aae9..58c802f8a 100644 --- a/vendor/google.golang.org/grpc/regenerate.sh +++ b/vendor/google.golang.org/grpc/regenerate.sh @@ -76,7 +76,21 @@ SOURCES=( # These options of the form 'Mfoo.proto=bar' instruct the codegen to use an # import path of 'bar' in the generated code when 'foo.proto' is imported in # one of the sources. -OPTS=Mgrpc/service_config/service_config.proto=/internal/proto/grpc_service_config,Mgrpc/core/stats.proto=google.golang.org/grpc/interop/grpc_testing/core +# +# Note that the protos listed here are all for testing purposes. All protos to +# be used externally should have a go_package option (and they don't need to be +# listed here). +OPTS=Mgrpc/service_config/service_config.proto=/internal/proto/grpc_service_config,\ +Mgrpc/core/stats.proto=google.golang.org/grpc/interop/grpc_testing/core,\ +Mgrpc/testing/benchmark_service.proto=google.golang.org/grpc/interop/grpc_testing,\ +Mgrpc/testing/stats.proto=google.golang.org/grpc/interop/grpc_testing,\ +Mgrpc/testing/report_qps_scenario_service.proto=google.golang.org/grpc/interop/grpc_testing,\ +Mgrpc/testing/messages.proto=google.golang.org/grpc/interop/grpc_testing,\ +Mgrpc/testing/worker_service.proto=google.golang.org/grpc/interop/grpc_testing,\ +Mgrpc/testing/control.proto=google.golang.org/grpc/interop/grpc_testing,\ +Mgrpc/testing/test.proto=google.golang.org/grpc/interop/grpc_testing,\ +Mgrpc/testing/payloads.proto=google.golang.org/grpc/interop/grpc_testing,\ +Mgrpc/testing/empty.proto=google.golang.org/grpc/interop/grpc_testing for src in ${SOURCES[@]}; do echo "protoc ${src}" @@ -85,7 +99,6 @@ for src in ${SOURCES[@]}; do -I${WORKDIR}/grpc-proto \ -I${WORKDIR}/googleapis \ -I${WORKDIR}/protobuf/src \ - -I${WORKDIR}/istio \ ${src} done @@ -96,7 +109,6 @@ for src in ${LEGACY_SOURCES[@]}; do -I${WORKDIR}/grpc-proto \ -I${WORKDIR}/googleapis \ -I${WORKDIR}/protobuf/src \ - -I${WORKDIR}/istio \ ${src} done diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go index 8ef095879..9d3fd73da 100644 --- a/vendor/google.golang.org/grpc/version.go +++ b/vendor/google.golang.org/grpc/version.go @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.43.0" +const Version = "1.44.1-dev" diff --git a/vendor/modules.txt b/vendor/modules.txt index b98ef0227..8436839d2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1015,7 +1015,7 @@ google.golang.org/appengine/urlfetch google.golang.org/genproto/googleapis/api/httpbody google.golang.org/genproto/googleapis/rpc/status google.golang.org/genproto/protobuf/field_mask -# google.golang.org/grpc v1.43.0 +# google.golang.org/grpc v1.44.0 ## explicit; go 1.14 google.golang.org/grpc google.golang.org/grpc/attributes From e55ca6b2ce4430f78b847fa1c4c7482f9e96ce50 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Jan 2022 15:15:46 +0000 Subject: [PATCH 03/11] vendor: bump github.com/onsi/gomega from 1.18.0 to 1.18.1 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.18.0 to 1.18.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.18.0...v1.18.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] (cherry picked from commit 5060dc9a65169d84a5b6feed4b930776a55a36c2) --- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/onsi/gomega/CHANGELOG.md | 5 +++++ vendor/github.com/onsi/gomega/gomega_dsl.go | 2 +- vendor/github.com/onsi/gomega/matchers/have_field.go | 7 +++++++ vendor/modules.txt | 2 +- 6 files changed, 17 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 1c9f8c357..15c3976a4 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/golang/protobuf v1.5.2 github.com/kubernetes-csi/csi-lib-utils v0.10.0 github.com/onsi/ginkgo v1.16.5 - github.com/onsi/gomega v1.18.0 + github.com/onsi/gomega v1.18.1 github.com/operator-framework/operator-sdk v1.16.0 github.com/robfig/cron/v3 v3.0.1 github.com/stretchr/testify v1.7.0 diff --git a/go.sum b/go.sum index 2829fdc0a..50ed743ec 100644 --- a/go.sum +++ b/go.sum @@ -877,8 +877,8 @@ github.com/onsi/gomega v1.13.0/go.mod h1:lRk9szgn8TxENtWd0Tp4c3wjlRfMTMH27I+3Je4 github.com/onsi/gomega v1.14.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= -github.com/onsi/gomega v1.18.0 h1:ngbYoRctxjl8SiF7XgP0NxBFbfHcg3wfHMMaFHWwMTM= -github.com/onsi/gomega v1.18.0/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= +github.com/onsi/gomega v1.18.1 h1:M1GfJqGRrBrrGGsbxzV5dqM2U2ApXefZCQpkukxYRLE= +github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= diff --git a/vendor/github.com/onsi/gomega/CHANGELOG.md b/vendor/github.com/onsi/gomega/CHANGELOG.md index 78ca39a90..e3b437985 100644 --- a/vendor/github.com/onsi/gomega/CHANGELOG.md +++ b/vendor/github.com/onsi/gomega/CHANGELOG.md @@ -1,3 +1,8 @@ +## 1.18.1 + +## Fixes +- Add pointer support to HaveField matcher (#495) [79e41a3] + ## 1.18.0 ## Features diff --git a/vendor/github.com/onsi/gomega/gomega_dsl.go b/vendor/github.com/onsi/gomega/gomega_dsl.go index 81181dc94..6936e2411 100644 --- a/vendor/github.com/onsi/gomega/gomega_dsl.go +++ b/vendor/github.com/onsi/gomega/gomega_dsl.go @@ -22,7 +22,7 @@ import ( "github.com/onsi/gomega/types" ) -const GOMEGA_VERSION = "1.18.0" +const GOMEGA_VERSION = "1.18.1" const nilGomegaPanic = `You are trying to make an assertion, but haven't registered Gomega's fail handler. If you're using Ginkgo then you probably forgot to put your assertion in an It(). diff --git a/vendor/github.com/onsi/gomega/matchers/have_field.go b/vendor/github.com/onsi/gomega/matchers/have_field.go index 2f1a91634..e1fe934d5 100644 --- a/vendor/github.com/onsi/gomega/matchers/have_field.go +++ b/vendor/github.com/onsi/gomega/matchers/have_field.go @@ -12,6 +12,13 @@ func extractField(actual interface{}, field string) (interface{}, error) { fields := strings.SplitN(field, ".", 2) actualValue := reflect.ValueOf(actual) + if actualValue.Kind() == reflect.Ptr { + actualValue = actualValue.Elem() + } + if actualValue == (reflect.Value{}) { + return nil, fmt.Errorf("HaveField encountered nil while dereferencing a pointer of type %T.", actual) + } + if actualValue.Kind() != reflect.Struct { return nil, fmt.Errorf("HaveField encountered:\n%s\nWhich is not a struct.", format.Object(actual, 1)) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 8436839d2..7a0262283 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -534,7 +534,7 @@ github.com/onsi/ginkgo/reporters/stenographer github.com/onsi/ginkgo/reporters/stenographer/support/go-colorable github.com/onsi/ginkgo/reporters/stenographer/support/go-isatty github.com/onsi/ginkgo/types -# github.com/onsi/gomega v1.18.0 +# github.com/onsi/gomega v1.18.1 ## explicit; go 1.16 github.com/onsi/gomega github.com/onsi/gomega/format From f4b330c8e65f69e6648e6b3ccf5fa4bc7d80f14c Mon Sep 17 00:00:00 2001 From: Rakshith R Date: Mon, 31 Jan 2022 16:27:28 +0530 Subject: [PATCH 04/11] deploy: fix setting rbac-proxy image in kustomize files ` cd config/manager && $(KUSTOMIZE) edit set image controller=${CONTROLLER_IMG} $(KUSTOMIZE_RBAC_PROXY)` The above command did not set rbax-proxy image since this image variable was part of config/default/kustomization.yaml. This commit fixes this issue and does some cleanup in the Makefile and config/default/kustomization.yaml(running the cmd moved /removed some default parameters). Signed-off-by: Rakshith R (cherry picked from commit 383733b36833fb3560a7160e421cf3172c4f6516) --- Makefile | 18 +++++++----------- config/default/kustomization.yaml | 15 +++++++++------ 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/Makefile b/Makefile index a6fd0f6f6..a5e135442 100644 --- a/Makefile +++ b/Makefile @@ -32,10 +32,7 @@ PACKAGE_NAME ?= csi-addons # the kube-rbac-proxy can easily be tested. Products that include CSI-Addons # may want to provide a different location of the container-image. # The default value is set in config/default/kustomization.yaml -#RBAC_PROXY_IMG ?= gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 -ifneq ($(RBAC_PROXY_IMG),) -KUSTOMIZE_RBAC_PROXY := rbac-proxy=$(RBAC_PROXY_IMG) -endif +RBAC_PROXY_IMG ?= gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 # The default version of the bundle (CSV) can be found in # config/manifests/bases/csi-addons.clusterserviceversion.yaml . When tagging a @@ -85,7 +82,8 @@ help: ## Display this help. .PHONY: manifests manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="{./api/...,./cmd/...,./controllers/...,./sidecar/...}" output:crd:artifacts:config=config/crd/bases - cd config/manager && $(KUSTOMIZE) edit set image controller=${CONTROLLER_IMG} $(KUSTOMIZE_RBAC_PROXY) + cd config/default && $(KUSTOMIZE) edit set image rbac-proxy=${RBAC_PROXY_IMG} + cd config/manager && $(KUSTOMIZE) edit set image controller=${CONTROLLER_IMG} $(KUSTOMIZE) build config/default > deploy/controller/setup-controller.yaml # generate the .clusterserviceversion.yaml @@ -93,8 +91,7 @@ config/manifests/bases/$(PACKAGE_NAME).clusterserviceversion.yaml: config/manife sed 's/@PACKAGE_NAME@/$(PACKAGE_NAME)/g' < $^ > $@ .PHONY: bundle -bundle: config/manifests/bases/$(PACKAGE_NAME).clusterserviceversion.yaml kustomize operator-sdk - cd config/manager && $(KUSTOMIZE) edit set image controller=$(CONTROLLER_IMG) $(KUSTOMIZE_RBAC_PROXY) +bundle: config/manifests/bases/$(PACKAGE_NAME).clusterserviceversion.yaml manifests operator-sdk $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle --manifests --metadata --package=$(PACKAGE_NAME) $(BUNDLE_VERSION) .PHONY: generate @@ -164,16 +161,15 @@ ifndef ignore-not-found endif .PHONY: install -install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. +install: manifests ## Install CRDs into the K8s cluster specified in ~/.kube/config. $(KUSTOMIZE) build config/crd | kubectl apply -f - .PHONY: uninstall -uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. +uninstall: manifests ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. $(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f - .PHONY: deploy -deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. - cd config/manager && $(KUSTOMIZE) edit set image controller=${CONTROLLER_IMG} $(KUSTOMIZE_RBAC_PROXY) +deploy: manifests ## Deploy controller to the K8s cluster specified in ~/.kube/config. $(KUSTOMIZE) build config/default | kubectl apply -f - .PHONY: undeploy diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 580b2ad7f..825083400 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -12,10 +12,7 @@ namePrefix: csi-addons- #commonLabels: # someName: someValue -bases: -- ../crd -- ../rbac -- ../manager +# bases: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml #- ../webhook @@ -24,10 +21,10 @@ bases: # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus -patchesStrategicMerge: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. +patchesStrategicMerge: - manager_auth_proxy_patch.yaml # Mount the controller config file for loading manager configurations @@ -44,7 +41,7 @@ patchesStrategicMerge: #- webhookcainjection_patch.yaml # the following config is for teaching kustomize how to do var substitution -vars: +# vars: # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. #- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR # objref: @@ -77,3 +74,9 @@ images: - name: rbac-proxy newName: gcr.io/kubebuilder/kube-rbac-proxy newTag: v0.8.0 +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../crd +- ../rbac +- ../manager From 972553a5f285bf220f92d6c5f777913717f37b67 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Wed, 2 Feb 2022 09:26:54 +0100 Subject: [PATCH 05/11] build: add a job to publish a release by tag When a tag is pushed into the repository, a release is now automatically made from the tag. The release includes generated YAML files that can be applied with `kubectl` to install the controller and CRDs. Fixes: #107 See-also: https://github.com/ncipollo/release-action/ Signed-off-by: Niels de Vos (cherry picked from commit 57ed4f6211c0847eecead1d6f7baaee15f8e356d) --- .github/workflows/tag-release.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.github/workflows/tag-release.yaml b/.github/workflows/tag-release.yaml index 46d591507..18ae468ae 100644 --- a/.github/workflows/tag-release.yaml +++ b/.github/workflows/tag-release.yaml @@ -98,3 +98,29 @@ jobs: platforms: linux/amd64,linux/arm64,linux/arm/v7 push: true tags: quay.io/csiaddons/k8s-sidecar:${{ github.ref_name }} + + publish_release: + name: Publish a release based on the tag + if: github.repository == 'csi-addons/kubernetes-csi-addons' && github.ref_type == 'tag' + runs-on: ubuntu-latest + permissions: + contents: write + steps: + - name: Check out the repo + uses: actions/checkout@v2 + + - name: Install Go 1.17 + uses: actions/setup-go@v2 + with: + go-version: '1.17' + + - name: Generate manifests for installation by kubectl + run: make manifests TAG=${{ github.ref_name }} + + - name: Publish the release and attach YAML files + uses: ncipollo/release-action@v1 + with: + tag: ${{ github.ref_name }} + artifacts: "deploy/*/*.yaml" + generateReleaseNotes: true + token: ${{ secrets.GITHUB_TOKEN }} From 0efc4d6d5ea825e33698b397c41aee5aa7f9ef17 Mon Sep 17 00:00:00 2001 From: Niels de Vos Date: Thu, 3 Feb 2022 11:11:24 +0100 Subject: [PATCH 06/11] reclaimspace: do not report Unimplemented as an error When a CSI-driver does not implement NodeReclaimSpace and/or ControllerReclaimSpace, it should not reported as an error. Signed-off-by: Niels de Vos (cherry picked from commit 113628da932724f947719acc4051b4ca0feb92ce) --- controllers/reclaimspacejob_controller.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/controllers/reclaimspacejob_controller.go b/controllers/reclaimspacejob_controller.go index 439dcb687..f96737aba 100644 --- a/controllers/reclaimspacejob_controller.go +++ b/controllers/reclaimspacejob_controller.go @@ -30,6 +30,8 @@ import ( "github.com/csi-addons/spec/lib/go/identity" "github.com/go-logr/logr" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" corev1 "k8s.io/api/core/v1" scv1 "k8s.io/api/storage/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -374,6 +376,11 @@ func (r *ReclaimSpaceJobReconciler) controllerReclaimSpace( defer cancel() resp, err := controllerClient.ControllerReclaimSpace(newCtx, req) if err != nil { + // Unimplemented suggests that the function is not supported + if status.Code(err) == codes.Unimplemented { + logger.Info(fmt.Sprintf("ControllerReclaimSpace is not implemented by driver: %v", err)) + return true, nil, nil + } return true, nil, err } @@ -406,6 +413,11 @@ func (r *ReclaimSpaceJobReconciler) nodeReclaimSpace( defer cancel() resp, err := nodeClient.NodeReclaimSpace(newCtx, req) if err != nil { + // Unimplemented suggests that the function is not supported + if status.Code(err) == codes.Unimplemented { + logger.Info(fmt.Sprintf("NodeReclaimSpace is not implemented by driver: %v", err)) + return nil, nil + } return nil, err } From 713c18a126e4a37cb7539561ee41726a9814e341 Mon Sep 17 00:00:00 2001 From: Rakshith R Date: Thu, 3 Feb 2022 14:58:08 +0530 Subject: [PATCH 07/11] deploy: generate separate crds.yaml Generate separate file containing only crds. Signed-off-by: Rakshith R (cherry picked from commit efd47cbbd6750b949ed5f78fcc0a44469735a00c) --- Makefile | 5 +- deploy/controller/crds.yaml | 681 ++++++++++++++++++++++++++++++++++++ 2 files changed, 684 insertions(+), 2 deletions(-) create mode 100644 deploy/controller/crds.yaml diff --git a/Makefile b/Makefile index a5e135442..b66c60ecc 100644 --- a/Makefile +++ b/Makefile @@ -84,6 +84,7 @@ manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRol $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="{./api/...,./cmd/...,./controllers/...,./sidecar/...}" output:crd:artifacts:config=config/crd/bases cd config/default && $(KUSTOMIZE) edit set image rbac-proxy=${RBAC_PROXY_IMG} cd config/manager && $(KUSTOMIZE) edit set image controller=${CONTROLLER_IMG} + $(KUSTOMIZE) build config/crd > deploy/controller/crds.yaml $(KUSTOMIZE) build config/default > deploy/controller/setup-controller.yaml # generate the .clusterserviceversion.yaml @@ -162,11 +163,11 @@ endif .PHONY: install install: manifests ## Install CRDs into the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/crd | kubectl apply -f - + kubectl apply -f deploy/controller/crds.yaml .PHONY: uninstall uninstall: manifests ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. - $(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f - + kubectl delete --ignore-not-found=$(ignore-not-found) -f deploy/controller/crds.yaml .PHONY: deploy deploy: manifests ## Deploy controller to the K8s cluster specified in ~/.kube/config. diff --git a/deploy/controller/crds.yaml b/deploy/controller/crds.yaml new file mode 100644 index 000000000..3fa1900a8 --- /dev/null +++ b/deploy/controller/crds.yaml @@ -0,0 +1,681 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: csiaddonsnodes.csiaddons.openshift.io +spec: + group: csiaddons.openshift.io + names: + kind: CSIAddonsNode + listKind: CSIAddonsNodeList + plural: csiaddonsnodes + singular: csiaddonsnode + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.namespace + name: namespace + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .spec.driver.name + name: DriverName + type: string + - jsonPath: .spec.driver.endpoint + name: Endpoint + type: string + - jsonPath: .spec.driver.nodeID + name: NodeID + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: CSIAddonsNode is the Schema for the csiaddonsnode API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CSIAddonsNodeSpec defines the desired state of CSIAddonsNode + properties: + driver: + description: Driver is the information of the CSI Driver existing + on a node. If the driver is uninstalled, this can become empty. + properties: + endpoint: + description: EndPoint is url that contains the ip-address to which + the CSI-Addons side-car listens to. + type: string + name: + description: 'Name is the name of the CSI driver that this object + refers to. This must be the same name returned by the CSI-Addons + GetIdentity() call for that driver. The name of the driver is + in the format: `example.csi.ceph.com`' + type: string + nodeID: + description: NodeID is the ID of the node to identify on which + node the side-car is running. + type: string + required: + - endpoint + - name + - nodeID + type: object + required: + - driver + type: object + status: + description: CSIAddonsNodeStatus defines the observed state of CSIAddonsNode + properties: + message: + description: Messgae is a human-readable message indicating details + about why the CSIAddonsNode is in this state. + type: string + reason: + description: Reason is a brief CamelCase string that describes any + failure and is meant for machine parsing and tidy display in the + CLI. + type: string + state: + description: State represents the state of the CSIAddonsNode object. + It informs whether or not the CSIAddonsNode is Connected to the + CSI Driver. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: networkfences.csiaddons.openshift.io +spec: + group: csiaddons.openshift.io + names: + kind: NetworkFence + listKind: NetworkFenceList + plural: networkfences + singular: networkfence + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.driver + name: Driver + type: string + - jsonPath: .spec.cidrs + name: Cidrs + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.result + name: Result + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: NetworkFence is the Schema for the networkfences API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NetworkFenceSpec defines the desired state of NetworkFence + properties: + cidrs: + description: Cidrs contains a list of CIDR blocks, which are required + to be fenced. + items: + type: string + type: array + driver: + description: Driver contains the name of CSI driver. + type: string + parameters: + additionalProperties: + type: string + description: Parameters is used to pass additional parameters to the + CSI driver. + type: object + secret: + description: Secret is a kubernetes secret, which is required to perform + the fence/unfence operation. + properties: + name: + description: Name specifies the name of the secret. + type: string + namespace: + description: Namespace specifies the namespace in which the secret + is located. + type: string + type: object + required: + - cidrs + - driver + type: object + status: + description: NetworkFenceStatus defines the observed state of NetworkFence + properties: + conditions: + description: Conditions are the list of conditions and their status. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + message: + description: Message contains any message from the NetworkFence operation. + type: string + result: + description: Result indicates the result of NetworkFence operation. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: reclaimspacecronjobs.csiaddons.openshift.io +spec: + group: csiaddons.openshift.io + names: + kind: ReclaimSpaceCronJob + listKind: ReclaimSpaceCronJobList + plural: reclaimspacecronjobs + singular: reclaimspacecronjob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.schedule + name: Schedule + type: string + - jsonPath: .spec.suspend + name: Suspend + type: boolean + - jsonPath: .status.active.name + name: Active + type: string + - jsonPath: .status.lastScheduleTime + name: Lastschedule + type: date + - jsonPath: .status.lastSuccessfulTime + name: Lastsuccessfultime + priority: 1 + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ReclaimSpaceCronJob is the Schema for the reclaimspacecronjobs + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReclaimSpaceCronJobSpec defines the desired state of ReclaimSpaceJob + properties: + concurrencyPolicy: + default: Forbid + description: 'Specifies how to treat concurrent executions of a Job. + Valid values are: - "Forbid" (default): forbids concurrent runs, + skipping next run if previous run hasn''t finished yet; - "Replace": + cancels currently running job and replaces it with a new one' + enum: + - Forbid + - Replace + type: string + failedJobsHistoryLimit: + default: 1 + description: The number of failed finished jobs to retain. Value must + be non-negative integer. Defaults to 1. + format: int32 + maximum: 60 + minimum: 0 + type: integer + jobTemplate: + description: Specifies the job that will be created when executing + a CronJob. + properties: + metadata: + description: 'Standard object''s metadata of the jobs created + from this template. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + type: object + spec: + description: 'Specification of the desired behavior of the job. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + backOffLimit: + default: 6 + description: BackOffLimit specifies the number of retries + allowed before marking reclaim space operation as failed. + If not specified, defaults to 6. Maximum allowed value is + 60 and minimum allowed value is 0. + format: int32 + maximum: 60 + minimum: 0 + type: integer + retryDeadlineSeconds: + default: 600 + description: RetryDeadlineSeconds specifies the duration in + seconds relative to the start time that the operation may + be retried; value MUST be positive integer. If not specified, + defaults to 600 seconds. Maximum allowed value is 1800. + format: int64 + maximum: 1800 + minimum: 0 + type: integer + target: + description: Target represents volume target on which the + operation will be performed. + properties: + persistentVolumeClaim: + description: PersistentVolumeClaim specifies the target + PersistentVolumeClaim name. + type: string + type: object + required: + - target + type: object + type: object + schedule: + description: The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. + pattern: .+ + type: string + startingDeadlineSeconds: + description: Optional deadline in seconds for starting the job if + it misses scheduled time for any reason. Missed jobs executions + will be counted as failed ones. + format: int64 + type: integer + successfulJobsHistoryLimit: + default: 3 + description: The number of successful finished jobs to retain. Value + must be non-negative integer. Defaults to 3. + format: int32 + maximum: 60 + minimum: 0 + type: integer + suspend: + description: This flag tells the controller to suspend subsequent + executions, it does not apply to already started executions. Defaults + to false. + type: boolean + required: + - jobTemplate + - schedule + type: object + status: + description: ReclaimSpaceCronJobStatus defines the observed state of ReclaimSpaceJob + properties: + active: + description: A pointer to currently running job. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + lastScheduleTime: + description: Information when was the last time the job was successfully + scheduled. + format: date-time + type: string + lastSuccessfulTime: + description: Information when was the last time the job successfully + completed. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: reclaimspacejobs.csiaddons.openshift.io +spec: + group: csiaddons.openshift.io + names: + kind: ReclaimSpaceJob + listKind: ReclaimSpaceJobList + plural: reclaimspacejobs + singular: reclaimspacejob + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.namespace + name: Namespace + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - jsonPath: .status.retries + name: Retries + type: integer + - jsonPath: .status.result + name: Result + type: string + - jsonPath: .status.reclaimedSpace + name: ReclaimedSpace + priority: 1 + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: ReclaimSpaceJob is the Schema for the reclaimspacejobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReclaimSpaceJobSpec defines the desired state of ReclaimSpaceJob + properties: + backOffLimit: + default: 6 + description: BackOffLimit specifies the number of retries allowed + before marking reclaim space operation as failed. If not specified, + defaults to 6. Maximum allowed value is 60 and minimum allowed value + is 0. + format: int32 + maximum: 60 + minimum: 0 + type: integer + retryDeadlineSeconds: + default: 600 + description: RetryDeadlineSeconds specifies the duration in seconds + relative to the start time that the operation may be retried; value + MUST be positive integer. If not specified, defaults to 600 seconds. + Maximum allowed value is 1800. + format: int64 + maximum: 1800 + minimum: 0 + type: integer + target: + description: Target represents volume target on which the operation + will be performed. + properties: + persistentVolumeClaim: + description: PersistentVolumeClaim specifies the target PersistentVolumeClaim + name. + type: string + type: object + required: + - target + type: object + status: + description: ReclaimSpaceJobStatus defines the observed state of ReclaimSpaceJob + properties: + completionTime: + format: date-time + type: string + conditions: + description: Conditions are the list of conditions and their status. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + message: + description: Message contains any message from the ReclaimSpaceJob. + type: string + reclaimedSpace: + anyOf: + - type: integer + - type: string + description: ReclaimedSpace indicates the amount of space reclaimed. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + result: + description: Result indicates the result of ReclaimSpaceJob. + type: string + retries: + description: Retries indicates the number of times the operation is + retried. + format: int32 + type: integer + startTime: + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] From 346ff3a24b7c584a7533030873ab2a6732ccc6c8 Mon Sep 17 00:00:00 2001 From: Rakshith R Date: Thu, 3 Feb 2022 15:07:21 +0530 Subject: [PATCH 08/11] deploy: move namespace and namePrefix to respective kustomization files Moving namespace and namePrefix to respective kustomize files of config/rbac and config/manager from config/default allows us to generate them independently. Signed-off-by: Rakshith R (cherry picked from commit eb1427138313ed447e3fbc72fb5a93f15c18036c) --- config/default/kustomization.yaml | 10 ---------- config/manager/kustomization.yaml | 10 ++++++++++ config/rbac/kustomization.yaml | 10 ++++++++++ 3 files changed, 20 insertions(+), 10 deletions(-) diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 825083400..6c19c81f5 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,13 +1,3 @@ -# Adds namespace to all resources. -namespace: csi-addons-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: csi-addons- - # Labels to add to all resources and selectors. #commonLabels: # someName: someValue diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 98ef21b5b..30c5fb986 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,3 +1,13 @@ +# Adds namespace to all resources. +namespace: csi-addons-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: csi-addons- + resources: - manager.yaml diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a6a..505c247e0 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -1,3 +1,13 @@ +# Adds namespace to all resources. +namespace: csi-addons-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: csi-addons- + resources: # All RBAC will be applied under this service account in # the deployment namespace. You may comment out this resource From c899492c7e796b249199f946a5a643a4361ad112 Mon Sep 17 00:00:00 2001 From: Rakshith R Date: Thu, 3 Feb 2022 15:10:59 +0530 Subject: [PATCH 09/11] deploy: generate separate rbac.yaml This commit moves namespace from manager.yaml to separate file under config/rbac and adds cmd to create separate rbac.yaml. This allows us to create a separate rbac.yaml file containing namespace and rbac yamls. Signed-off-by: Rakshith R (cherry picked from commit 9cf0159f2e375d5a7c07424fb858c2aa4f850d9e) --- Makefile | 1 + config/manager/manager.yaml | 7 - config/rbac/kustomization.yaml | 1 + config/rbac/namespace.yaml | 6 + deploy/controller/rbac.yaml | 284 +++++++++++++++++++++++++++++++++ 5 files changed, 292 insertions(+), 7 deletions(-) create mode 100644 config/rbac/namespace.yaml create mode 100644 deploy/controller/rbac.yaml diff --git a/Makefile b/Makefile index b66c60ecc..2de0aed8c 100644 --- a/Makefile +++ b/Makefile @@ -85,6 +85,7 @@ manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRol cd config/default && $(KUSTOMIZE) edit set image rbac-proxy=${RBAC_PROXY_IMG} cd config/manager && $(KUSTOMIZE) edit set image controller=${CONTROLLER_IMG} $(KUSTOMIZE) build config/crd > deploy/controller/crds.yaml + $(KUSTOMIZE) build config/rbac > deploy/controller/rbac.yaml $(KUSTOMIZE) build config/default > deploy/controller/setup-controller.yaml # generate the .clusterserviceversion.yaml diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index cf11cecc2..4778ad10e 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -1,10 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system ---- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 505c247e0..d60ac367d 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -14,6 +14,7 @@ resources: # if your manager will use a service account that exists at # runtime. Be sure to update RoleBinding and ClusterRoleBinding # subjects if changing service account names. +- namespace.yaml - service_account.yaml - role.yaml - role_binding.yaml diff --git a/config/rbac/namespace.yaml b/config/rbac/namespace.yaml new file mode 100644 index 000000000..8b55c3cd8 --- /dev/null +++ b/config/rbac/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: system diff --git a/deploy/controller/rbac.yaml b/deploy/controller/rbac.yaml new file mode 100644 index 000000000..f4103061e --- /dev/null +++ b/deploy/controller/rbac.yaml @@ -0,0 +1,284 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: csi-addons-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-addons-controller-manager + namespace: csi-addons-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: csi-addons-leader-election-role + namespace: csi-addons-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: csi-addons-manager-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/status + verbs: + - get + - patch + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - networkfences + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/status + verbs: + - get + - patch + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs/status + verbs: + - get + - patch + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: csi-addons-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: csi-addons-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: csi-addons-leader-election-rolebinding + namespace: csi-addons-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: csi-addons-leader-election-role +subjects: +- kind: ServiceAccount + name: csi-addons-controller-manager + namespace: csi-addons-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: csi-addons-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-addons-manager-role +subjects: +- kind: ServiceAccount + name: csi-addons-controller-manager + namespace: csi-addons-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: csi-addons-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-addons-proxy-role +subjects: +- kind: ServiceAccount + name: csi-addons-controller-manager + namespace: csi-addons-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: csi-addons-controller-manager-metrics-service + namespace: csi-addons-system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager From 2946235a213dcbc1504ec417c274694ab100681f Mon Sep 17 00:00:00 2001 From: Rakshith R Date: Thu, 3 Feb 2022 15:38:43 +0530 Subject: [PATCH 10/11] deploy: generate setup-controller.yaml from config/manager This commit adds capability to generate setup-controller.yaml containing only configmap and controller deployment. it moves manager_auth_proxy patch to config/manager and performs other required changes. Signed-off-by: Rakshith R (cherry picked from commit e707f76c80aa46f934d887db48fe526929df2e00) --- Makefile | 5 +- config/default/kustomization.yaml | 11 +- config/manager/kustomization.yaml | 9 + config/manager/manager.yaml | 2 +- .../manager_auth_proxy_patch.yaml | 9 + deploy/controller/setup-controller.yaml | 974 +----------------- 6 files changed, 29 insertions(+), 981 deletions(-) rename config/{default => manager}/manager_auth_proxy_patch.yaml (69%) diff --git a/Makefile b/Makefile index 2de0aed8c..db517d51c 100644 --- a/Makefile +++ b/Makefile @@ -82,11 +82,10 @@ help: ## Display this help. .PHONY: manifests manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="{./api/...,./cmd/...,./controllers/...,./sidecar/...}" output:crd:artifacts:config=config/crd/bases - cd config/default && $(KUSTOMIZE) edit set image rbac-proxy=${RBAC_PROXY_IMG} - cd config/manager && $(KUSTOMIZE) edit set image controller=${CONTROLLER_IMG} + cd config/manager && $(KUSTOMIZE) edit set image controller=${CONTROLLER_IMG} rbac-proxy=${RBAC_PROXY_IMG} $(KUSTOMIZE) build config/crd > deploy/controller/crds.yaml $(KUSTOMIZE) build config/rbac > deploy/controller/rbac.yaml - $(KUSTOMIZE) build config/default > deploy/controller/setup-controller.yaml + $(KUSTOMIZE) build config/manager > deploy/controller/setup-controller.yaml # generate the .clusterserviceversion.yaml config/manifests/bases/$(PACKAGE_NAME).clusterserviceversion.yaml: config/manifests/bases/clusterserviceversion.yaml.in diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 6c19c81f5..14ff6fb61 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -11,12 +11,7 @@ # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -patchesStrategicMerge: -- manager_auth_proxy_patch.yaml - +# patchesStrategicMerge: # Mount the controller config file for loading manager configurations # through a ComponentConfig type #- manager_config_patch.yaml @@ -60,10 +55,6 @@ patchesStrategicMerge: # version: v1 # name: webhook-service -images: -- name: rbac-proxy - newName: gcr.io/kubebuilder/kube-rbac-proxy - newTag: v0.8.0 apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 30c5fb986..05fdf6996 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -11,6 +11,12 @@ namePrefix: csi-addons- resources: - manager.yaml +# Protect the /metrics endpoint by putting it behind auth. +# If you want your controller-manager to expose the /metrics +# endpoint w/o any authn/z, please comment the following line. +patchesStrategicMerge: +- manager_auth_proxy_patch.yaml + generatorOptions: disableNameSuffixHash: true @@ -24,3 +30,6 @@ images: - name: controller newName: quay.io/csiaddons/k8s-controller newTag: latest +- name: rbac-proxy + newName: gcr.io/kubebuilder/kube-rbac-proxy + newTag: v0.8.0 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 4778ad10e..a2bfae75e 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -49,5 +49,5 @@ spec: requests: cpu: 10m memory: 64Mi - serviceAccountName: controller-manager + serviceAccountName: csi-addons-controller-manager terminationGracePeriodSeconds: 10 diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/manager/manager_auth_proxy_patch.yaml similarity index 69% rename from config/default/manager_auth_proxy_patch.yaml rename to config/manager/manager_auth_proxy_patch.yaml index 1858c6c34..dbb8f2d84 100644 --- a/config/default/manager_auth_proxy_patch.yaml +++ b/config/manager/manager_auth_proxy_patch.yaml @@ -20,6 +20,15 @@ spec: - containerPort: 8443 protocol: TCP name: https + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi - name: manager args: - "--health-probe-bind-address=:8081" diff --git a/deploy/controller/setup-controller.yaml b/deploy/controller/setup-controller.yaml index 490d38f93..410c1b63e 100644 --- a/deploy/controller/setup-controller.yaml +++ b/deploy/controller/setup-controller.yaml @@ -1,955 +1,4 @@ apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: csi-addons-system ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null - name: csiaddonsnodes.csiaddons.openshift.io -spec: - group: csiaddons.openshift.io - names: - kind: CSIAddonsNode - listKind: CSIAddonsNodeList - plural: csiaddonsnodes - singular: csiaddonsnode - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.namespace - name: namespace - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.driver.name - name: DriverName - type: string - - jsonPath: .spec.driver.endpoint - name: Endpoint - type: string - - jsonPath: .spec.driver.nodeID - name: NodeID - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: CSIAddonsNode is the Schema for the csiaddonsnode API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CSIAddonsNodeSpec defines the desired state of CSIAddonsNode - properties: - driver: - description: Driver is the information of the CSI Driver existing - on a node. If the driver is uninstalled, this can become empty. - properties: - endpoint: - description: EndPoint is url that contains the ip-address to which - the CSI-Addons side-car listens to. - type: string - name: - description: 'Name is the name of the CSI driver that this object - refers to. This must be the same name returned by the CSI-Addons - GetIdentity() call for that driver. The name of the driver is - in the format: `example.csi.ceph.com`' - type: string - nodeID: - description: NodeID is the ID of the node to identify on which - node the side-car is running. - type: string - required: - - endpoint - - name - - nodeID - type: object - required: - - driver - type: object - status: - description: CSIAddonsNodeStatus defines the observed state of CSIAddonsNode - properties: - message: - description: Messgae is a human-readable message indicating details - about why the CSIAddonsNode is in this state. - type: string - reason: - description: Reason is a brief CamelCase string that describes any - failure and is meant for machine parsing and tidy display in the - CLI. - type: string - state: - description: State represents the state of the CSIAddonsNode object. - It informs whether or not the CSIAddonsNode is Connected to the - CSI Driver. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null - name: networkfences.csiaddons.openshift.io -spec: - group: csiaddons.openshift.io - names: - kind: NetworkFence - listKind: NetworkFenceList - plural: networkfences - singular: networkfence - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.driver - name: Driver - type: string - - jsonPath: .spec.cidrs - name: Cidrs - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.result - name: Result - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: NetworkFence is the Schema for the networkfences API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkFenceSpec defines the desired state of NetworkFence - properties: - cidrs: - description: Cidrs contains a list of CIDR blocks, which are required - to be fenced. - items: - type: string - type: array - driver: - description: Driver contains the name of CSI driver. - type: string - parameters: - additionalProperties: - type: string - description: Parameters is used to pass additional parameters to the - CSI driver. - type: object - secret: - description: Secret is a kubernetes secret, which is required to perform - the fence/unfence operation. - properties: - name: - description: Name specifies the name of the secret. - type: string - namespace: - description: Namespace specifies the namespace in which the secret - is located. - type: string - type: object - required: - - cidrs - - driver - type: object - status: - description: NetworkFenceStatus defines the observed state of NetworkFence - properties: - conditions: - description: Conditions are the list of conditions and their status. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a foo's - current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - message: - description: Message contains any message from the NetworkFence operation. - type: string - result: - description: Result indicates the result of NetworkFence operation. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null - name: reclaimspacecronjobs.csiaddons.openshift.io -spec: - group: csiaddons.openshift.io - names: - kind: ReclaimSpaceCronJob - listKind: ReclaimSpaceCronJobList - plural: reclaimspacecronjobs - singular: reclaimspacecronjob - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.schedule - name: Schedule - type: string - - jsonPath: .spec.suspend - name: Suspend - type: boolean - - jsonPath: .status.active.name - name: Active - type: string - - jsonPath: .status.lastScheduleTime - name: Lastschedule - type: date - - jsonPath: .status.lastSuccessfulTime - name: Lastsuccessfultime - priority: 1 - type: date - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: ReclaimSpaceCronJob is the Schema for the reclaimspacecronjobs - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReclaimSpaceCronJobSpec defines the desired state of ReclaimSpaceJob - properties: - concurrencyPolicy: - default: Forbid - description: 'Specifies how to treat concurrent executions of a Job. - Valid values are: - "Forbid" (default): forbids concurrent runs, - skipping next run if previous run hasn''t finished yet; - "Replace": - cancels currently running job and replaces it with a new one' - enum: - - Forbid - - Replace - type: string - failedJobsHistoryLimit: - default: 1 - description: The number of failed finished jobs to retain. Value must - be non-negative integer. Defaults to 1. - format: int32 - maximum: 60 - minimum: 0 - type: integer - jobTemplate: - description: Specifies the job that will be created when executing - a CronJob. - properties: - metadata: - description: 'Standard object''s metadata of the jobs created - from this template. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: - description: 'Specification of the desired behavior of the job. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - backOffLimit: - default: 6 - description: BackOffLimit specifies the number of retries - allowed before marking reclaim space operation as failed. - If not specified, defaults to 6. Maximum allowed value is - 60 and minimum allowed value is 0. - format: int32 - maximum: 60 - minimum: 0 - type: integer - retryDeadlineSeconds: - default: 600 - description: RetryDeadlineSeconds specifies the duration in - seconds relative to the start time that the operation may - be retried; value MUST be positive integer. If not specified, - defaults to 600 seconds. Maximum allowed value is 1800. - format: int64 - maximum: 1800 - minimum: 0 - type: integer - target: - description: Target represents volume target on which the - operation will be performed. - properties: - persistentVolumeClaim: - description: PersistentVolumeClaim specifies the target - PersistentVolumeClaim name. - type: string - type: object - required: - - target - type: object - type: object - schedule: - description: The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. - pattern: .+ - type: string - startingDeadlineSeconds: - description: Optional deadline in seconds for starting the job if - it misses scheduled time for any reason. Missed jobs executions - will be counted as failed ones. - format: int64 - type: integer - successfulJobsHistoryLimit: - default: 3 - description: The number of successful finished jobs to retain. Value - must be non-negative integer. Defaults to 3. - format: int32 - maximum: 60 - minimum: 0 - type: integer - suspend: - description: This flag tells the controller to suspend subsequent - executions, it does not apply to already started executions. Defaults - to false. - type: boolean - required: - - jobTemplate - - schedule - type: object - status: - description: ReclaimSpaceCronJobStatus defines the observed state of ReclaimSpaceJob - properties: - active: - description: A pointer to currently running job. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - lastScheduleTime: - description: Information when was the last time the job was successfully - scheduled. - format: date-time - type: string - lastSuccessfulTime: - description: Information when was the last time the job successfully - completed. - format: date-time - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null - name: reclaimspacejobs.csiaddons.openshift.io -spec: - group: csiaddons.openshift.io - names: - kind: ReclaimSpaceJob - listKind: ReclaimSpaceJobList - plural: reclaimspacejobs - singular: reclaimspacejob - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.namespace - name: Namespace - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.retries - name: Retries - type: integer - - jsonPath: .status.result - name: Result - type: string - - jsonPath: .status.reclaimedSpace - name: ReclaimedSpace - priority: 1 - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ReclaimSpaceJob is the Schema for the reclaimspacejobs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReclaimSpaceJobSpec defines the desired state of ReclaimSpaceJob - properties: - backOffLimit: - default: 6 - description: BackOffLimit specifies the number of retries allowed - before marking reclaim space operation as failed. If not specified, - defaults to 6. Maximum allowed value is 60 and minimum allowed value - is 0. - format: int32 - maximum: 60 - minimum: 0 - type: integer - retryDeadlineSeconds: - default: 600 - description: RetryDeadlineSeconds specifies the duration in seconds - relative to the start time that the operation may be retried; value - MUST be positive integer. If not specified, defaults to 600 seconds. - Maximum allowed value is 1800. - format: int64 - maximum: 1800 - minimum: 0 - type: integer - target: - description: Target represents volume target on which the operation - will be performed. - properties: - persistentVolumeClaim: - description: PersistentVolumeClaim specifies the target PersistentVolumeClaim - name. - type: string - type: object - required: - - target - type: object - status: - description: ReclaimSpaceJobStatus defines the observed state of ReclaimSpaceJob - properties: - completionTime: - format: date-time - type: string - conditions: - description: Conditions are the list of conditions and their status. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a foo's - current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - message: - description: Message contains any message from the ReclaimSpaceJob. - type: string - reclaimedSpace: - anyOf: - - type: integer - - type: string - description: ReclaimedSpace indicates the amount of space reclaimed. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - result: - description: Result indicates the result of ReclaimSpaceJob. - type: string - retries: - description: Retries indicates the number of times the operation is - retried. - format: int32 - type: integer - startTime: - format: date-time - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-addons-controller-manager - namespace: csi-addons-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: csi-addons-leader-election-role - namespace: csi-addons-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: csi-addons-manager-role -rules: -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims/finalizers - verbs: - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes/finalizers - verbs: - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes/status - verbs: - - get - - patch - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences/finalizers - verbs: - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences/status - verbs: - - get - - patch - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs/finalizers - verbs: - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs/status - verbs: - - get - - patch - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs/finalizers - verbs: - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs/status - verbs: - - get - - patch - - update -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: csi-addons-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: csi-addons-proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: csi-addons-leader-election-rolebinding - namespace: csi-addons-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: csi-addons-leader-election-role -subjects: -- kind: ServiceAccount - name: csi-addons-controller-manager - namespace: csi-addons-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: csi-addons-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-addons-manager-role -subjects: -- kind: ServiceAccount - name: csi-addons-controller-manager - namespace: csi-addons-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: csi-addons-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: csi-addons-proxy-role -subjects: -- kind: ServiceAccount - name: csi-addons-controller-manager - namespace: csi-addons-system ---- -apiVersion: v1 data: controller_manager_config.yaml: | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 @@ -968,22 +17,6 @@ metadata: name: csi-addons-manager-config namespace: csi-addons-system --- -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: csi-addons-controller-manager-metrics-service - namespace: csi-addons-system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -1015,6 +48,13 @@ spec: - containerPort: 8443 name: https protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi - args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 From cb0ed247197f855f3b74a39bff9a5dce50aa11ed Mon Sep 17 00:00:00 2001 From: Rakshith R Date: Thu, 3 Feb 2022 15:42:58 +0530 Subject: [PATCH 11/11] deploy: use generated file to run make deploy & undeploy Signed-off-by: Rakshith R (cherry picked from commit a0ce7a90997876a1f2d9d0da4a64bfa969a89b74) --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index db517d51c..09d358b2d 100644 --- a/Makefile +++ b/Makefile @@ -171,11 +171,11 @@ uninstall: manifests ## Uninstall CRDs from the K8s cluster specified in ~/.kube .PHONY: deploy deploy: manifests ## Deploy controller to the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/default | kubectl apply -f - + cd deploy/controller && kubectl apply -f crds.yaml -f rbac.yaml -f setup-controller.yaml .PHONY: undeploy undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. - $(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f - + cd deploy/controller && kubectl delete -f setup-controller.yaml -f rbac.yaml -f crds.yaml --ignore-not-found=$(ignore-not-found) # controller-gen gets installed from the vendor/ directory. CONTROLLER_GEN = $(shell pwd)/bin/controller-gen