feat: version bump kubezero-storage drivers
This commit is contained in:
parent
dc962dfed1
commit
1de653f03e
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero-storage
|
||||
description: KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini
|
||||
type: application
|
||||
version: 0.7.3
|
||||
version: 0.7.4
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
@ -28,11 +28,11 @@ dependencies:
|
||||
condition: gemini.enabled
|
||||
# repository: https://charts.fairwinds.com/stable
|
||||
- name: aws-ebs-csi-driver
|
||||
version: 2.12.0
|
||||
version: 2.13.0
|
||||
condition: aws-ebs-csi-driver.enabled
|
||||
# repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
|
||||
repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
|
||||
- name: aws-efs-csi-driver
|
||||
version: 2.2.9
|
||||
version: 2.3.2
|
||||
condition: aws-efs-csi-driver.enabled
|
||||
# repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
|
||||
kubeVersion: ">= 1.24.0"
|
||||
|
@ -1,6 +1,6 @@
|
||||
# kubezero-storage
|
||||
|
||||
![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
![Version: 0.7.4](https://img.shields.io/badge/Version-0.7.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero umbrella chart for all things storage incl. AWS EBS/EFS, openEBS-lvm, gemini
|
||||
|
||||
@ -18,11 +18,11 @@ Kubernetes: `>= 1.24.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| | aws-ebs-csi-driver | 2.12.0 |
|
||||
| | aws-efs-csi-driver | 2.2.9 |
|
||||
| | aws-efs-csi-driver | 2.3.2 |
|
||||
| | gemini | 1.0.0 |
|
||||
| | lvm-localpv | 1.0.0 |
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 |
|
||||
| https://kubernetes-sigs.github.io/aws-ebs-csi-driver | aws-ebs-csi-driver | 2.13.0 |
|
||||
|
||||
## Values
|
||||
|
||||
@ -39,6 +39,13 @@ Kubernetes: `>= 1.24.0`
|
||||
| aws-ebs-csi-driver.controller.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
|
||||
| aws-ebs-csi-driver.controller.tolerations[1].effect | string | `"NoSchedule"` | |
|
||||
| aws-ebs-csi-driver.controller.tolerations[1].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||
| aws-ebs-csi-driver.controller.volumeMounts[0].mountPath | string | `"/var/run/secrets/sts.amazonaws.com/serviceaccount/"` | |
|
||||
| aws-ebs-csi-driver.controller.volumeMounts[0].name | string | `"aws-token"` | |
|
||||
| aws-ebs-csi-driver.controller.volumeMounts[0].readOnly | bool | `true` | |
|
||||
| aws-ebs-csi-driver.controller.volumes[0].name | string | `"aws-token"` | |
|
||||
| aws-ebs-csi-driver.controller.volumes[0].projected.sources[0].serviceAccountToken.audience | string | `"sts.amazonaws.com"` | |
|
||||
| aws-ebs-csi-driver.controller.volumes[0].projected.sources[0].serviceAccountToken.expirationSeconds | int | `86400` | |
|
||||
| aws-ebs-csi-driver.controller.volumes[0].projected.sources[0].serviceAccountToken.path | string | `"token"` | |
|
||||
| aws-ebs-csi-driver.enabled | bool | `false` | |
|
||||
| aws-ebs-csi-driver.node.resources.limits.memory | string | `"32Mi"` | |
|
||||
| aws-ebs-csi-driver.node.resources.requests.cpu | string | `"10m"` | |
|
||||
@ -129,3 +136,4 @@ Kubernetes: `>= 1.24.0`
|
||||
|
||||
## Resources
|
||||
- https://github.com/openebs/monitoring/blob/develop/docs/openebs-mixin-user-guide.md#install-openebs-mixin-in-existing-prometheus-stack
|
||||
- https://quay.io/organization/fairwinds
|
||||
|
@ -20,3 +20,4 @@
|
||||
|
||||
## Resources
|
||||
- https://github.com/openebs/monitoring/blob/develop/docs/openebs-mixin-user-guide.md#install-openebs-mixin-in-existing-prometheus-stack
|
||||
- https://quay.io/organization/fairwinds
|
||||
|
@ -1,22 +0,0 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
@ -1,168 +0,0 @@
|
||||
# Helm chart
|
||||
|
||||
## v2.12.0
|
||||
* Bump app/driver to version `v1.12.0`
|
||||
* Move default toleration to values.yaml so it can be overriden if desired by users ([#1400](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1400), [@cnmcavoy](https://github.com/cnmcavoy))
|
||||
* Add enableMetrics configuration ([#1380](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1380), [@torredil](https://github.com/torredil))
|
||||
* add initContainer to the controller's template ([#1379](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1379), [@InsomniaCoder](https://github.com/InsomniaCoder))
|
||||
* Add controller nodeAffinity to prefer EC2 over Fargate ([#1360](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1360), [@torredil](https://github.com/torredil))
|
||||
|
||||
## v2.11.1
|
||||
* Add `useOldCSIDriver` parameter to use old `CSIDriver` object.
|
||||
|
||||
## v2.11.0
|
||||
|
||||
**Important Notice:** This version updates the `CSIDriver` object in order to fix [a bug with static volumes and the `fsGroup` parameter](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1365). This upgrade will fail on existing clusters because the associated field in `CSIDriver` is immutable.
|
||||
|
||||
Users upgrading to this version should pre-delete the existing `CSIDriver` object (example: `kubectl delete csidriver ebs.csi.aws.com`). This will not affect any existing volumes, but will cause the EBS CSI Driver to be unavailable to handle future requests, and should be immediately followed by an upgrade. For users that cannot delete the `CSIDriver` object, v2.11.1 implements a new parameter `useOldCSIDriver` that will use the previous `CSIDriver`.
|
||||
|
||||
* Bump app/driver to version `v1.11.3`
|
||||
* Add support for leader election tuning for `csi-provisioner` and `csi-attacher` ([#1371](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1371), [@moogzy](https://github.com/moogzy))
|
||||
* Change `fsGroupPolicy` to `File` ([#1377](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1377), [@ConnorJC3](https://github.com/ConnorJC3))
|
||||
* Allow all taint for `csi-node` by default ([#1381](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1381), [@gtxu](https://github.com/gtxu))
|
||||
|
||||
## v2.10.1
|
||||
* Bump app/driver to version `v1.11.2`
|
||||
|
||||
## v2.10.0
|
||||
* Implement securityContext for containers
|
||||
* Add securityContext for node pod
|
||||
* Utilize more secure defaults for securityContext
|
||||
|
||||
## v2.9.0
|
||||
* Bump app/driver to version `v1.10.0`
|
||||
* Feature: Reference `configMaps` across multiple resources using `envFrom` ([#1312](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1312), [@jebbens](https://github.com/jebbens))
|
||||
|
||||
## v2.8.1
|
||||
* Bump app/driver to version `v1.9.0`
|
||||
* Update livenessprobe to version `v2.6.0`
|
||||
|
||||
## v2.8.0
|
||||
* Feature: Support custom affinity definition on node daemon set ([#1277](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1277), [@vauchok](https://github.com/vauchok))
|
||||
|
||||
## v2.7.1
|
||||
* Bump app/driver to version `v1.8.0`
|
||||
|
||||
## v2.7.0
|
||||
* Support optional ec2 endpoint configuration.
|
||||
* Fix node driver registrar socket path.
|
||||
* Fix hardcoded kubelet path.
|
||||
|
||||
## v2.6.11
|
||||
* Bump app/driver to version `v1.7.0`
|
||||
* Set handle-volume-inuse-error to `false`
|
||||
|
||||
## v2.6.10
|
||||
|
||||
* Add quotes around the `extra-tags` argument in order to prevent special characters such as `":"` from breaking the manifest YAML after template rendering.
|
||||
|
||||
## v2.6.9
|
||||
|
||||
* Update csi-snapshotter to version `v6.0.1`
|
||||
* Update external-attacher to version `v3.4.0`
|
||||
* Update external-resizer to version `v1.4.0`
|
||||
* Update external-provisioner to version `v3.1.0`
|
||||
* Update node-driver-registrar to version `v2.5.1`
|
||||
* Update livenessprobe to version `v2.5.0`
|
||||
|
||||
## v2.6.8
|
||||
|
||||
* Bump app/driver to version `v1.6.2`
|
||||
* Bump sidecar version for nodeDriverRegistrar, provisioner to be consistent with EKS CSI Driver Add-on
|
||||
|
||||
## v2.6.7
|
||||
|
||||
* Bump app/driver to version `v1.6.1`
|
||||
|
||||
## v2.6.6
|
||||
|
||||
* Bump app/driver to version `v1.6.0`
|
||||
|
||||
## v2.6.5
|
||||
|
||||
* Bump app/driver to version `v1.5.3`
|
||||
|
||||
## v2.6.4
|
||||
|
||||
* Remove exposure all secrets to external-snapshotter-role
|
||||
|
||||
## v2.6.3
|
||||
|
||||
* Bump app/driver to version `v1.5.1`
|
||||
|
||||
## v2.6.2
|
||||
|
||||
* Update csi-resizer version to v1.1.0
|
||||
|
||||
## v2.6.1
|
||||
|
||||
* Add securityContext support for controller Deployment
|
||||
|
||||
## v2.5.0
|
||||
|
||||
* Bump app/driver version to `v1.5.0`
|
||||
|
||||
## v2.4.1
|
||||
|
||||
* Replace deprecated arg `--extra-volume-tags` by `--extra-tags`
|
||||
|
||||
## v2.4.0
|
||||
|
||||
* Bump app/driver version to `v1.4.0`
|
||||
|
||||
## v2.3.1
|
||||
|
||||
* Bump app/driver version to `v1.3.1`
|
||||
|
||||
## v2.3.0
|
||||
|
||||
* Support overriding controller `--default-fstype` flag via values
|
||||
|
||||
## v2.2.1
|
||||
|
||||
* Bump app/driver version to `v1.3.0`
|
||||
|
||||
## v2.2.0
|
||||
|
||||
* Support setting imagePullPolicy for all containers
|
||||
|
||||
## v2.1.1
|
||||
|
||||
* Bump app/driver version to `v1.2.1`
|
||||
|
||||
## v2.1.0
|
||||
|
||||
* Custom `controller.updateStrategy` to set controller deployment strategy.
|
||||
|
||||
## v2.0.4
|
||||
|
||||
* Use chart app version as default image tag
|
||||
* Add updateStrategy to daemonsets
|
||||
|
||||
## v2.0.3
|
||||
|
||||
* Bump app/driver version to `v1.2.0`
|
||||
|
||||
## v2.0.2
|
||||
|
||||
* Bump app/driver version to `v1.1.3`
|
||||
|
||||
## v2.0.1
|
||||
|
||||
* Only create Windows daemonset if enableWindows is true
|
||||
* Update Windows daemonset to align better to the Linux one
|
||||
|
||||
## v2.0.0
|
||||
|
||||
* Remove support for Helm 2
|
||||
* Remove deprecated values
|
||||
* No longer install snapshot controller or its CRDs
|
||||
* Reorganize additional values
|
||||
|
||||
[Upgrade instructions](/docs/README.md#upgrading-from-version-1x-to-2x-of-the-helm-chart)
|
||||
|
||||
## v1.2.4
|
||||
|
||||
* Bump app/driver version to `v1.1.1`
|
||||
* Install VolumeSnapshotClass, VolumeSnapshotContent, VolumeSnapshot CRDs if enableVolumeSnapshot is true
|
||||
* Only run csi-snapshotter sidecar if enableVolumeSnapshot is true or if CRDs are already installed
|
@ -1,22 +0,0 @@
|
||||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- kind: added
|
||||
description: Custom controller.updateStrategy to set controller deployment strategy.
|
||||
apiVersion: v2
|
||||
appVersion: 1.12.0
|
||||
description: A Helm chart for AWS EBS CSI Driver
|
||||
home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver
|
||||
keywords:
|
||||
- aws
|
||||
- ebs
|
||||
- csi
|
||||
kubeVersion: '>=1.17.0-0'
|
||||
maintainers:
|
||||
- email: chengpan@amazon.com
|
||||
name: leakingtapan
|
||||
- name: krmichel
|
||||
url: https://github.com/krmichel
|
||||
name: aws-ebs-csi-driver
|
||||
sources:
|
||||
- https://github.com/kubernetes-sigs/aws-ebs-csi-driver
|
||||
version: 2.12.0
|
@ -1,5 +0,0 @@
|
||||
To verify that aws-ebs-csi-driver has started, run:
|
||||
|
||||
kubectl get pod -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "aws-ebs-csi-driver.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
|
||||
|
||||
NOTE: The [CSI Snapshotter](https://github.com/kubernetes-csi/external-snapshotter) controller and CRDs will no longer be installed as part of this chart and moving forward will be a prerequisite of using the snap shotting functionality.
|
@ -1,85 +0,0 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "aws-ebs-csi-driver.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "aws-ebs-csi-driver.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "aws-ebs-csi-driver.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "aws-ebs-csi-driver.labels" -}}
|
||||
{{ include "aws-ebs-csi-driver.selectorLabels" . }}
|
||||
{{- if ne .Release.Name "kustomize" }}
|
||||
helm.sh/chart: {{ include "aws-ebs-csi-driver.chart" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/component: csi-driver
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
{{- if .Values.customLabels }}
|
||||
{{ toYaml .Values.customLabels }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common selector labels
|
||||
*/}}
|
||||
{{- define "aws-ebs-csi-driver.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "aws-ebs-csi-driver.name" . }}
|
||||
{{- if ne .Release.Name "kustomize" }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Convert the `--extra-tags` command line arg from a map.
|
||||
*/}}
|
||||
{{- define "aws-ebs-csi-driver.extra-volume-tags" -}}
|
||||
{{- $result := dict "pairs" (list) -}}
|
||||
{{- range $key, $value := .Values.controller.extraVolumeTags -}}
|
||||
{{- $noop := printf "%s=%v" $key $value | append $result.pairs | set $result "pairs" -}}
|
||||
{{- end -}}
|
||||
{{- if gt (len $result.pairs) 0 -}}
|
||||
{{- printf "- \"--extra-tags=%s\"" (join "," $result.pairs) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Handle http proxy env vars
|
||||
*/}}
|
||||
{{- define "aws-ebs-csi-driver.http-proxy" -}}
|
||||
- name: HTTP_PROXY
|
||||
value: {{ .Values.proxy.http_proxy | quote }}
|
||||
- name: HTTPS_PROXY
|
||||
value: {{ .Values.proxy.http_proxy | quote }}
|
||||
- name: NO_PROXY
|
||||
value: {{ .Values.proxy.no_proxy | quote }}
|
||||
{{- end -}}
|
@ -1,23 +0,0 @@
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-external-attacher-role
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "persistentvolumes" ]
|
||||
verbs: [ "get", "list", "watch", "update", "patch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "nodes" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "csi.storage.k8s.io" ]
|
||||
resources: [ "csinodeinfos" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "volumeattachments" ]
|
||||
verbs: [ "get", "list", "watch", "update", "patch" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "volumeattachments/status" ]
|
||||
verbs: [ "patch" ]
|
@ -1,11 +0,0 @@
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-csi-node-role
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get"]
|
@ -1,38 +0,0 @@
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-external-provisioner-role
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "persistentvolumes" ]
|
||||
verbs: [ "get", "list", "watch", "create", "delete" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "persistentvolumeclaims" ]
|
||||
verbs: [ "get", "list", "watch", "update" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "storageclasses" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "events" ]
|
||||
verbs: [ "list", "watch", "create", "update", "patch" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources: [ "volumesnapshots" ]
|
||||
verbs: [ "get", "list" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources: [ "volumesnapshotcontents" ]
|
||||
verbs: [ "get", "list" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "csinodes" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "nodes" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "coordination.k8s.io" ]
|
||||
resources: [ "leases" ]
|
||||
verbs: [ "get", "watch", "list", "delete", "update", "create" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "volumeattachments" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
@ -1,31 +0,0 @@
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-external-resizer-role
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
rules:
|
||||
# The following rule should be uncommented for plugins that require secrets
|
||||
# for provisioning.
|
||||
# - apiGroups: [""]
|
||||
# resources: ["secrets"]
|
||||
# verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "persistentvolumes" ]
|
||||
verbs: [ "get", "list", "watch", "update", "patch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "persistentvolumeclaims" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "persistentvolumeclaims/status" ]
|
||||
verbs: [ "update", "patch" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "storageclasses" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "events" ]
|
||||
verbs: [ "list", "watch", "create", "update", "patch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "pods" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
@ -1,27 +0,0 @@
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-external-snapshotter-role
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "events" ]
|
||||
verbs: [ "list", "watch", "create", "update", "patch" ]
|
||||
# Secret permission is optional.
|
||||
# Enable it if your driver needs secret.
|
||||
# For example, `csi.storage.k8s.io/snapshotter-secret-name` is set in VolumeSnapshotClass.
|
||||
# See https://kubernetes-csi.github.io/docs/secrets-and-credentials.html for more details.
|
||||
# - apiGroups: [ "" ]
|
||||
# resources: [ "secrets" ]
|
||||
# verbs: [ "get", "list" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources: [ "volumesnapshotclasses" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources: [ "volumesnapshotcontents" ]
|
||||
verbs: [ "create", "get", "list", "watch", "update", "delete", "patch" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources: [ "volumesnapshotcontents/status" ]
|
||||
verbs: [ "update" ]
|
@ -1,15 +0,0 @@
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-csi-attacher-binding
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.controller.serviceAccount.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: ebs-external-attacher-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
@ -1,15 +0,0 @@
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-csi-node-getter-binding
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.node.serviceAccount.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: ebs-csi-node-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
@ -1,15 +0,0 @@
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-csi-provisioner-binding
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.controller.serviceAccount.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: ebs-external-provisioner-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
@ -1,15 +0,0 @@
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-csi-resizer-binding
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.controller.serviceAccount.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: ebs-external-resizer-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
@ -1,15 +0,0 @@
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-csi-snapshotter-binding
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.controller.serviceAccount.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: ebs-external-snapshotter-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
@ -1,362 +0,0 @@
|
||||
# Controller Service
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: ebs-csi-controller
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.controller.replicaCount }}
|
||||
{{- with .Values.controller.updateStrategy }}
|
||||
strategy:
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ebs-csi-controller
|
||||
{{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: ebs-csi-controller
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 8 }}
|
||||
{{- if .Values.controller.podLabels }}
|
||||
{{- toYaml .Values.controller.podLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml .Values.controller.podAnnotations | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
{{- with .Values.controller.nodeSelector }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ .Values.controller.serviceAccount.name }}
|
||||
priorityClassName: {{ .Values.controller.priorityClassName }}
|
||||
{{- with default .Values.controller.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
tolerations:
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- operator: Exists
|
||||
effect: NoExecute
|
||||
tolerationSeconds: 300
|
||||
{{- with .Values.controller.tolerations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.topologySpreadConstraints }}
|
||||
{{- $tscLabelSelector := dict "labelSelector" ( dict "matchLabels" ( dict "app" "ebs-csi-controller" ) ) }}
|
||||
{{- $constraints := list }}
|
||||
{{- range .Values.controller.topologySpreadConstraints }}
|
||||
{{- $constraints = mustAppend $constraints (mergeOverwrite . $tscLabelSelector) }}
|
||||
{{- end }}
|
||||
topologySpreadConstraints:
|
||||
{{- $constraints | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.initContainers }}
|
||||
initContainers:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: ebs-plugin
|
||||
image: {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (.Values.image.tag | toString)) }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
args:
|
||||
{{- if ne .Release.Name "kustomize" }}
|
||||
- controller
|
||||
{{- else }}
|
||||
# - {all,controller,node} # specify the driver mode
|
||||
{{- end }}
|
||||
- --endpoint=$(CSI_ENDPOINT)
|
||||
{{- if .Values.controller.extraVolumeTags }}
|
||||
{{- include "aws-ebs-csi-driver.extra-volume-tags" . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.k8sTagClusterId }}
|
||||
- --k8s-tag-cluster-id={{ . }}
|
||||
{{- end }}
|
||||
{{- if and (.Values.controller.enableMetrics) (not .Values.controller.httpEndpoint) }}
|
||||
- --http-endpoint=0.0.0.0:3301
|
||||
{{- end}}
|
||||
{{- with .Values.controller.httpEndpoint }}
|
||||
- --http-endpoint={{ . }}
|
||||
{{- end }}
|
||||
- --logtostderr
|
||||
- --v={{ .Values.controller.logLevel }}
|
||||
{{- range .Values.controller.additionalArgs }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: CSI_ENDPOINT
|
||||
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
|
||||
- name: CSI_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: AWS_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: aws-secret
|
||||
key: key_id
|
||||
optional: true
|
||||
- name: AWS_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: aws-secret
|
||||
key: access_key
|
||||
optional: true
|
||||
- name: AWS_EC2_ENDPOINT
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: aws-meta
|
||||
key: endpoint
|
||||
optional: true
|
||||
{{- with .Values.controller.region }}
|
||||
- name: AWS_REGION
|
||||
value: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .Values.proxy.http_proxy }}
|
||||
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.env }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
envFrom:
|
||||
{{- with .Values.controller.envFrom }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: socket-dir
|
||||
mountPath: /var/lib/csi/sockets/pluginproxy/
|
||||
- name: aws-token
|
||||
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||||
readOnly: true
|
||||
ports:
|
||||
- name: healthz
|
||||
containerPort: 9808
|
||||
protocol: TCP
|
||||
{{- if .Values.controller.enableMetrics }}
|
||||
- name: metrics
|
||||
containerPort: 3301
|
||||
protocol: TCP
|
||||
{{- end}}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: healthz
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 3
|
||||
periodSeconds: 10
|
||||
failureThreshold: 5
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: healthz
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 3
|
||||
periodSeconds: 10
|
||||
failureThreshold: 5
|
||||
{{- with .Values.controller.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.containerSecurityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
- name: csi-provisioner
|
||||
image: {{ printf "%s:%s" .Values.sidecars.provisioner.image.repository .Values.sidecars.provisioner.image.tag }}
|
||||
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.provisioner.image.pullPolicy }}
|
||||
args:
|
||||
- --csi-address=$(ADDRESS)
|
||||
- --v={{ .Values.sidecars.provisioner.logLevel }}
|
||||
- --feature-gates=Topology=true
|
||||
{{- if .Values.controller.extraCreateMetadata }}
|
||||
- --extra-create-metadata
|
||||
{{- end}}
|
||||
- --leader-election={{ .Values.sidecars.provisioner.leaderElection.enabled | required "leader election state for csi-provisioner is required, must be set to true || false." }}
|
||||
{{- if .Values.sidecars.provisioner.leaderElection.enabled }}
|
||||
{{- if .Values.sidecars.provisioner.leaderElection.leaseDuration }}
|
||||
- --leader-election-lease-duration={{ .Values.sidecars.provisioner.leaderElection.leaseDuration }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecars.provisioner.leaderElection.renewDeadline}}
|
||||
- --leader-election-renew-deadline={{ .Values.sidecars.provisioner.leaderElection.renewDeadline }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecars.provisioner.leaderElection.retryPeriod }}
|
||||
- --leader-election-retry-period={{ .Values.sidecars.provisioner.leaderElection.retryPeriod }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- --default-fstype={{ .Values.controller.defaultFsType }}
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: /var/lib/csi/sockets/pluginproxy/csi.sock
|
||||
{{- if .Values.proxy.http_proxy }}
|
||||
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.provisioner.env }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
envFrom:
|
||||
{{- with .Values.controller.envFrom }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: socket-dir
|
||||
mountPath: /var/lib/csi/sockets/pluginproxy/
|
||||
{{- with default .Values.controller.resources .Values.sidecars.provisioner.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.provisioner.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
- name: csi-attacher
|
||||
image: {{ printf "%s:%s" .Values.sidecars.attacher.image.repository .Values.sidecars.attacher.image.tag }}
|
||||
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.attacher.image.pullPolicy }}
|
||||
args:
|
||||
- --csi-address=$(ADDRESS)
|
||||
- --v={{ .Values.sidecars.attacher.logLevel }}
|
||||
- --leader-election={{ .Values.sidecars.attacher.leaderElection.enabled | required "leader election state for csi-attacher is required, must be set to true || false." }}
|
||||
{{- if .Values.sidecars.attacher.leaderElection.enabled }}
|
||||
{{- if .Values.sidecars.attacher.leaderElection.leaseDuration }}
|
||||
- --leader-election-lease-duration={{ .Values.sidecars.attacher.leaderElection.leaseDuration }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecars.attacher.leaderElection.renewDeadline}}
|
||||
- --leader-election-renew-deadline={{ .Values.sidecars.attacher.leaderElection.renewDeadline }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecars.attacher.leaderElection.retryPeriod }}
|
||||
- --leader-election-retry-period={{ .Values.sidecars.attacher.leaderElection.retryPeriod }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: /var/lib/csi/sockets/pluginproxy/csi.sock
|
||||
{{- if .Values.proxy.http_proxy }}
|
||||
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.attacher.env }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
envFrom:
|
||||
{{- with .Values.controller.envFrom }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: socket-dir
|
||||
mountPath: /var/lib/csi/sockets/pluginproxy/
|
||||
{{- with default .Values.controller.resources .Values.sidecars.attacher.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.attacher.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if or (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1") (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1") }}
|
||||
- name: csi-snapshotter
|
||||
image: {{ printf "%s:%s" .Values.sidecars.snapshotter.image.repository .Values.sidecars.snapshotter.image.tag }}
|
||||
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.snapshotter.image.pullPolicy }}
|
||||
args:
|
||||
- --csi-address=$(ADDRESS)
|
||||
- --leader-election=true
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: /var/lib/csi/sockets/pluginproxy/csi.sock
|
||||
{{- if .Values.proxy.http_proxy }}
|
||||
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.snapshotter.env }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
envFrom:
|
||||
{{- with .Values.controller.envFrom }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: socket-dir
|
||||
mountPath: /var/lib/csi/sockets/pluginproxy/
|
||||
{{- with default .Values.controller.resources .Values.sidecars.snapshotter.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.snapshotter.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: csi-resizer
|
||||
image: {{ printf "%s:%s" .Values.sidecars.resizer.image.repository .Values.sidecars.resizer.image.tag }}
|
||||
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.resizer.image.pullPolicy }}
|
||||
args:
|
||||
- --csi-address=$(ADDRESS)
|
||||
- --v={{ .Values.sidecars.resizer.logLevel }}
|
||||
- --handle-volume-inuse-error=false
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: /var/lib/csi/sockets/pluginproxy/csi.sock
|
||||
{{- if .Values.proxy.http_proxy }}
|
||||
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.resizer.env }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
envFrom:
|
||||
{{- with .Values.controller.envFrom }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: socket-dir
|
||||
mountPath: /var/lib/csi/sockets/pluginproxy/
|
||||
{{- with default .Values.controller.resources .Values.sidecars.resizer.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.resizer.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
- name: liveness-probe
|
||||
image: {{ printf "%s:%s" .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }}
|
||||
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }}
|
||||
args:
|
||||
- --csi-address=/csi/csi.sock
|
||||
envFrom:
|
||||
{{- with .Values.controller.envFrom }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: socket-dir
|
||||
mountPath: /csi
|
||||
{{- with default .Values.controller.resources .Values.sidecars.livenessProbe.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.livenessProbe.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: socket-dir
|
||||
emptyDir: {}
|
||||
- name: aws-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
path: token
|
||||
expirationSeconds: 86400
|
||||
audience: "sts.amazonaws.com"
|
@ -1,12 +0,0 @@
|
||||
apiVersion: {{ ternary "storage.k8s.io/v1" "storage.k8s.io/v1beta1" (semverCompare ">=1.18.0-0" .Capabilities.KubeVersion.Version) }}
|
||||
kind: CSIDriver
|
||||
metadata:
|
||||
name: ebs.csi.aws.com
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
spec:
|
||||
attachRequired: true
|
||||
podInfoOnMount: false
|
||||
{{- if not .Values.useOldCSIDriver }}
|
||||
fsGroupPolicy: File
|
||||
{{- end }}
|
@ -1,40 +0,0 @@
|
||||
{{- if .Values.controller.enableMetrics -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ebs-csi-controller
|
||||
namespace: kube-system
|
||||
labels:
|
||||
app: ebs-csi-controller
|
||||
spec:
|
||||
selector:
|
||||
app: ebs-csi-controller
|
||||
ports:
|
||||
- name: metrics
|
||||
port: 3301
|
||||
targetPort: 3301
|
||||
type: ClusterIP
|
||||
---
|
||||
{{- if (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") -}}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: ebs-csi-controller
|
||||
namespace: kube-system
|
||||
labels:
|
||||
app: ebs-csi-controller
|
||||
release: prometheus
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ebs-csi-controller
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- kube-system
|
||||
endpoints:
|
||||
- targetPort: 3301
|
||||
path: /metrics
|
||||
interval: 15s
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -1,170 +0,0 @@
|
||||
{{- if .Values.node.enableWindows }}
|
||||
kind: DaemonSet
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: ebs-csi-node-windows
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ebs-csi-node
|
||||
{{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }}
|
||||
updateStrategy:
|
||||
{{ toYaml .Values.node.updateStrategy | nindent 4 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: ebs-csi-node
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 8 }}
|
||||
{{- if .Values.node.podLabels }}
|
||||
{{- toYaml .Values.node.podLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.node.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with .Values.node.affinity }}
|
||||
affinity: {{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
nodeSelector:
|
||||
kubernetes.io/os: windows
|
||||
{{- with .Values.node.nodeSelector }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ .Values.node.serviceAccount.name }}
|
||||
priorityClassName: {{ .Values.node.priorityClassName | default "system-node-critical" }}
|
||||
tolerations:
|
||||
{{- if .Values.node.tolerateAllTaints }}
|
||||
- operator: Exists
|
||||
{{- else }}
|
||||
{{- with .Values.node.tolerations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: ebs-plugin
|
||||
image: {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
args:
|
||||
- node
|
||||
- --endpoint=$(CSI_ENDPOINT)
|
||||
{{- with .Values.node.volumeAttachLimit }}
|
||||
- --volume-attach-limit={{ . }}
|
||||
{{- end }}
|
||||
- --logtostderr
|
||||
- --v={{ .Values.node.logLevel }}
|
||||
env:
|
||||
- name: CSI_ENDPOINT
|
||||
value: unix:/csi/csi.sock
|
||||
- name: CSI_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
{{- if .Values.proxy.http_proxy }}
|
||||
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.node.env }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: kubelet-dir
|
||||
mountPath: C:\var\lib\kubelet
|
||||
mountPropagation: "None"
|
||||
- name: plugin-dir
|
||||
mountPath: C:\csi
|
||||
- name: csi-proxy-disk-pipe
|
||||
mountPath: \\.\pipe\csi-proxy-disk-v1
|
||||
- name: csi-proxy-volume-pipe
|
||||
mountPath: \\.\pipe\csi-proxy-volume-v1
|
||||
- name: csi-proxy-filesystem-pipe
|
||||
mountPath: \\.\pipe\csi-proxy-filesystem-v1
|
||||
ports:
|
||||
- name: healthz
|
||||
containerPort: 9808
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: healthz
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 3
|
||||
periodSeconds: 10
|
||||
failureThreshold: 5
|
||||
{{- with .Values.node.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
- name: node-driver-registrar
|
||||
image: {{ printf "%s:%s" .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }}
|
||||
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }}
|
||||
args:
|
||||
- --csi-address=$(ADDRESS)
|
||||
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
|
||||
- --v={{ .Values.sidecars.nodeDriverRegistrar.logLevel }}
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: unix:/csi/csi.sock
|
||||
- name: DRIVER_REG_SOCK_PATH
|
||||
value: C:\var\lib\kubelet\plugins\ebs.csi.aws.com\csi.sock
|
||||
{{- if .Values.proxy.http_proxy }}
|
||||
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.nodeDriverRegistrar.env }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: plugin-dir
|
||||
mountPath: C:\csi
|
||||
- name: registration-dir
|
||||
mountPath: C:\registration
|
||||
{{- with default .Values.node.resources .Values.sidecars.nodeDriverRegistrar.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
- name: liveness-probe
|
||||
image: {{ printf "%s:%s" .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }}
|
||||
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }}
|
||||
args:
|
||||
- --csi-address=unix:/csi/csi.sock
|
||||
volumeMounts:
|
||||
- name: plugin-dir
|
||||
mountPath: C:\csi
|
||||
{{- with default .Values.node.resources .Values.sidecars.livenessProbe.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: kubelet-dir
|
||||
hostPath:
|
||||
path: C:\var\lib\kubelet
|
||||
type: Directory
|
||||
- name: plugin-dir
|
||||
hostPath:
|
||||
path: C:\var\lib\kubelet\plugins\ebs.csi.aws.com
|
||||
type: DirectoryOrCreate
|
||||
- name: registration-dir
|
||||
hostPath:
|
||||
path: C:\var\lib\kubelet\plugins_registry
|
||||
type: Directory
|
||||
- name: csi-proxy-disk-pipe
|
||||
hostPath:
|
||||
path: \\.\pipe\csi-proxy-disk-v1
|
||||
type: ""
|
||||
- name: csi-proxy-volume-pipe
|
||||
hostPath:
|
||||
path: \\.\pipe\csi-proxy-volume-v1
|
||||
type: ""
|
||||
- name: csi-proxy-filesystem-pipe
|
||||
hostPath:
|
||||
path: \\.\pipe\csi-proxy-filesystem-v1
|
||||
type: ""
|
||||
{{- end }}
|
@ -1,185 +0,0 @@
|
||||
# Node Service
|
||||
kind: DaemonSet
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: ebs-csi-node
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ebs-csi-node
|
||||
{{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }}
|
||||
updateStrategy:
|
||||
{{- toYaml .Values.node.updateStrategy | nindent 4 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: ebs-csi-node
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 8 }}
|
||||
{{- if .Values.node.podLabels }}
|
||||
{{- toYaml .Values.node.podLabels | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.node.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with .Values.node.affinity }}
|
||||
affinity: {{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
{{- with .Values.node.nodeSelector }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ .Values.node.serviceAccount.name }}
|
||||
priorityClassName: {{ .Values.node.priorityClassName | default "system-node-critical" }}
|
||||
tolerations:
|
||||
{{- if .Values.node.tolerateAllTaints }}
|
||||
- operator: Exists
|
||||
{{- else }}
|
||||
{{- with .Values.node.tolerations }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.node.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: ebs-plugin
|
||||
image: {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
args:
|
||||
- node
|
||||
- --endpoint=$(CSI_ENDPOINT)
|
||||
{{- with .Values.node.volumeAttachLimit }}
|
||||
- --volume-attach-limit={{ . }}
|
||||
{{- end }}
|
||||
- --logtostderr
|
||||
- --v={{ .Values.node.logLevel }}
|
||||
env:
|
||||
- name: CSI_ENDPOINT
|
||||
value: unix:/csi/csi.sock
|
||||
- name: CSI_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
{{- if .Values.proxy.http_proxy }}
|
||||
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.node.env }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
envFrom:
|
||||
{{- with .Values.controller.envFrom }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: kubelet-dir
|
||||
mountPath: {{ .Values.node.kubeletPath }}
|
||||
mountPropagation: "Bidirectional"
|
||||
- name: plugin-dir
|
||||
mountPath: /csi
|
||||
- name: device-dir
|
||||
mountPath: /dev
|
||||
ports:
|
||||
- name: healthz
|
||||
containerPort: 9808
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: healthz
|
||||
initialDelaySeconds: 10
|
||||
timeoutSeconds: 3
|
||||
periodSeconds: 10
|
||||
failureThreshold: 5
|
||||
{{- with .Values.node.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.node.containerSecurityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
- name: node-driver-registrar
|
||||
image: {{ printf "%s:%s" .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }}
|
||||
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }}
|
||||
args:
|
||||
- --csi-address=$(ADDRESS)
|
||||
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
|
||||
- --v={{ .Values.sidecars.nodeDriverRegistrar.logLevel }}
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: /csi/csi.sock
|
||||
- name: DRIVER_REG_SOCK_PATH
|
||||
value: {{ printf "%s/plugins/ebs.csi.aws.com/csi.sock" (trimSuffix "/" .Values.node.kubeletPath) }}
|
||||
{{- if .Values.proxy.http_proxy }}
|
||||
{{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.nodeDriverRegistrar.env }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
envFrom:
|
||||
{{- with .Values.controller.envFrom }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: plugin-dir
|
||||
mountPath: /csi
|
||||
- name: registration-dir
|
||||
mountPath: /registration
|
||||
{{- with default .Values.node.resources .Values.sidecars.nodeDriverRegistrar.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.nodeDriverRegistrar.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
- name: liveness-probe
|
||||
image: {{ printf "%s:%s" .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }}
|
||||
imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }}
|
||||
args:
|
||||
- --csi-address=/csi/csi.sock
|
||||
envFrom:
|
||||
{{- with .Values.controller.envFrom }}
|
||||
{{- . | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: plugin-dir
|
||||
mountPath: /csi
|
||||
{{- with default .Values.node.resources .Values.sidecars.livenessProbe.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.sidecars.livenessProbe.securityContext }}
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.imagePullSecrets }}
|
||||
- name: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: kubelet-dir
|
||||
hostPath:
|
||||
path: {{ .Values.node.kubeletPath }}
|
||||
type: Directory
|
||||
- name: plugin-dir
|
||||
hostPath:
|
||||
path: {{ printf "%s/plugins/ebs.csi.aws.com/" (trimSuffix "/" .Values.node.kubeletPath) }}
|
||||
type: DirectoryOrCreate
|
||||
- name: registration-dir
|
||||
hostPath:
|
||||
path: {{ printf "%s/plugins_registry/" (trimSuffix "/" .Values.node.kubeletPath) }}
|
||||
type: Directory
|
||||
- name: device-dir
|
||||
hostPath:
|
||||
path: /dev
|
||||
type: Directory
|
@ -1,21 +0,0 @@
|
||||
{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
|
||||
apiVersion: policy/v1
|
||||
{{- else }}
|
||||
apiVersion: policy/v1beta1
|
||||
{{- end }}
|
||||
kind: PodDisruptionBudget
|
||||
metadata:
|
||||
name: ebs-csi-controller
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ebs-csi-controller
|
||||
{{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }}
|
||||
{{- if le (.Values.controller.replicaCount | int) 2 }}
|
||||
maxUnavailable: 1
|
||||
{{- else }}
|
||||
minAvailable: 2
|
||||
{{- end }}
|
@ -1,18 +0,0 @@
|
||||
{{- if .Values.controller.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ .Values.controller.serviceAccount.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
{{- with .Values.controller.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if eq .Release.Name "kustomize" }}
|
||||
#Enable if EKS IAM roles for service accounts (IRSA) is used. See https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html for details.
|
||||
#annotations:
|
||||
# eks.amazonaws.com/role-arn: arn:<partition>:iam::<account>:role/ebs-csi-role
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -1,13 +0,0 @@
|
||||
{{- if .Values.node.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ .Values.node.serviceAccount.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
{{- with .Values.node.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -1,15 +0,0 @@
|
||||
{{- range .Values.storageClasses }}
|
||||
---
|
||||
kind: StorageClass
|
||||
apiVersion: storage.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
{{- with .annotations }}
|
||||
annotations: {{- . | toYaml | trim | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .labels }}
|
||||
labels: {{- . | toYaml | trim | nindent 4 }}
|
||||
{{- end }}
|
||||
provisioner: ebs.csi.aws.com
|
||||
{{ omit (dict "volumeBindingMode" "WaitForFirstConsumer" | merge .) "name" "annotations" "labels" | toYaml }}
|
||||
{{- end }}
|
@ -1,279 +0,0 @@
|
||||
# Default values for aws-ebs-csi-driver.
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
image:
|
||||
repository: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver
|
||||
# Overrides the image tag whose default is v{{ .Chart.AppVersion }}
|
||||
tag: ""
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
# -- Custom labels to add into metadata
|
||||
customLabels:
|
||||
{}
|
||||
# k8s-app: aws-ebs-csi-driver
|
||||
|
||||
sidecars:
|
||||
provisioner:
|
||||
env: []
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: k8s.gcr.io/sig-storage/csi-provisioner
|
||||
tag: "v3.1.0"
|
||||
logLevel: 2
|
||||
resources: {}
|
||||
# Tune leader lease election for csi-provisioner.
|
||||
# Leader election is on by default.
|
||||
leaderElection:
|
||||
enabled: true
|
||||
# Optional values to tune lease behavior.
|
||||
# The arguments provided must be in an acceptable time.ParseDuration format.
|
||||
# Ref: https://pkg.go.dev/flag#Duration
|
||||
# leaseDuration: "15s"
|
||||
# renewDeadline: "10s"
|
||||
# retryPeriod: "5s"
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
attacher:
|
||||
env: []
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: k8s.gcr.io/sig-storage/csi-attacher
|
||||
tag: "v3.4.0"
|
||||
# Tune leader lease election for csi-attacher.
|
||||
# Leader election is on by default.
|
||||
leaderElection:
|
||||
enabled: true
|
||||
# Optional values to tune lease behavior.
|
||||
# The arguments provided must be in an acceptable time.ParseDuration format.
|
||||
# Ref: https://pkg.go.dev/flag#Duration
|
||||
# leaseDuration: "15s"
|
||||
# renewDeadline: "10s"
|
||||
# retryPeriod: "5s"
|
||||
logLevel: 2
|
||||
resources: {}
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
snapshotter:
|
||||
env: []
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: k8s.gcr.io/sig-storage/csi-snapshotter
|
||||
tag: "v6.0.1"
|
||||
logLevel: 2
|
||||
resources: {}
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
livenessProbe:
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: k8s.gcr.io/sig-storage/livenessprobe
|
||||
tag: "v2.6.0"
|
||||
resources: {}
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
resizer:
|
||||
env: []
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: k8s.gcr.io/sig-storage/csi-resizer
|
||||
tag: "v1.4.0"
|
||||
logLevel: 2
|
||||
resources: {}
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
nodeDriverRegistrar:
|
||||
env: []
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: k8s.gcr.io/sig-storage/csi-node-driver-registrar
|
||||
tag: "v2.5.1"
|
||||
logLevel: 2
|
||||
resources: {}
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
|
||||
proxy:
|
||||
http_proxy:
|
||||
no_proxy:
|
||||
|
||||
imagePullSecrets: []
|
||||
nameOverride:
|
||||
fullnameOverride:
|
||||
|
||||
controller:
|
||||
# If arbitrary args like "--aws-sdk-debug-log=true" need to be passed, use this value
|
||||
additionalArgs: []
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- weight: 1
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: eks.amazonaws.com/compute-type
|
||||
operator: NotIn
|
||||
values:
|
||||
- fargate
|
||||
# The default filesystem type of the volume to provision when fstype is unspecified in the StorageClass.
|
||||
# If the default is not set and fstype is unset in the StorageClass, then no fstype will be set
|
||||
defaultFsType: ext4
|
||||
env: []
|
||||
# Use envFrom to reference ConfigMaps and Secrets across all containers in the deployment
|
||||
envFrom: []
|
||||
# If set, add pv/pvc metadata to plugin create requests as parameters.
|
||||
extraCreateMetadata: true
|
||||
# Extra volume tags to attach to each dynamically provisioned volume.
|
||||
# ---
|
||||
# extraVolumeTags:
|
||||
# key1: value1
|
||||
# key2: value2
|
||||
extraVolumeTags: {}
|
||||
httpEndpoint:
|
||||
# (deprecated) The TCP network address where the prometheus metrics endpoint
|
||||
# will run (example: `:8080` which corresponds to port 8080 on local host).
|
||||
# The default is empty string, which means metrics endpoint is disabled.
|
||||
# ---
|
||||
enableMetrics: false
|
||||
# If set to true, AWS API call metrics will be exported to the following
|
||||
# TCP endpoint: "0.0.0.0:3301"
|
||||
# ---
|
||||
# ID of the Kubernetes cluster used for tagging provisioned EBS volumes (optional).
|
||||
k8sTagClusterId:
|
||||
logLevel: 2
|
||||
nodeSelector: {}
|
||||
podAnnotations: {}
|
||||
podLabels: {}
|
||||
priorityClassName: system-cluster-critical
|
||||
# AWS region to use. If not specified then the region will be looked up via the AWS EC2 metadata
|
||||
# service.
|
||||
# ---
|
||||
# region: us-east-1
|
||||
region:
|
||||
replicaCount: 2
|
||||
updateStrategy: {}
|
||||
# type: RollingUpdate
|
||||
# rollingUpdate:
|
||||
# maxSurge: 0
|
||||
# maxUnavailable: 1
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# Note that you will need to set resource requests if you want the cluster autoscaler to
|
||||
# scale your nodes when you increase/decrease the number of ebs-csi-controller replicas.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
serviceAccount:
|
||||
create: true # A service account will be created for you if set to true. Set to false if you want to use your own.
|
||||
name: ebs-csi-controller-sa # Name of the service-account to be used/created.
|
||||
annotations: {}
|
||||
tolerations: []
|
||||
# TSCs without the label selector stanza
|
||||
#
|
||||
# Example:
|
||||
#
|
||||
# topologySpreadConstraints:
|
||||
# - maxSkew: 1
|
||||
# topologyKey: topology.kubernetes.io/zone
|
||||
# whenUnsatisfiable: ScheduleAnyway
|
||||
# - maxSkew: 1
|
||||
# topologyKey: kubernetes.io/hostname
|
||||
# whenUnsatisfiable: ScheduleAnyway
|
||||
topologySpreadConstraints: []
|
||||
# securityContext on the controller pod
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
# securityContext on the controller container (see sidecars for securityContext on sidecar containers)
|
||||
containerSecurityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
initContainers: []
|
||||
# containers to be run before the controller's container starts.
|
||||
#
|
||||
# Example:
|
||||
#
|
||||
# - name: wait
|
||||
# image: busybox
|
||||
# command: [ 'sh', '-c', "sleep 20" ]
|
||||
|
||||
node:
|
||||
env: []
|
||||
envFrom: []
|
||||
kubeletPath: /var/lib/kubelet
|
||||
logLevel: 2
|
||||
priorityClassName:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: eks.amazonaws.com/compute-type
|
||||
operator: NotIn
|
||||
values:
|
||||
- fargate
|
||||
nodeSelector: {}
|
||||
podAnnotations: {}
|
||||
podLabels: {}
|
||||
tolerateAllTaints: true
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
effect: NoExecute
|
||||
tolerationSeconds: 300
|
||||
resources: {}
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: ebs-csi-node-sa
|
||||
annotations: {}
|
||||
enableWindows: false
|
||||
# The "maximum number of attachable volumes" per node
|
||||
volumeAttachLimit:
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
maxUnavailable: "10%"
|
||||
# securityContext on the node pod
|
||||
securityContext:
|
||||
# The node pod must be run as root to bind to the registration/driver sockets
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
fsGroup: 0
|
||||
# securityContext on the node container (see sidecars for securityContext on sidecar containers)
|
||||
containerSecurityContext:
|
||||
readOnlyRootFilesystem: true
|
||||
privileged: true
|
||||
|
||||
storageClasses: []
|
||||
# Add StorageClass resources like:
|
||||
# - name: ebs-sc
|
||||
# # annotation metadata
|
||||
# annotations:
|
||||
# storageclass.kubernetes.io/is-default-class: "true"
|
||||
# # label metadata
|
||||
# labels:
|
||||
# my-label-is: supercool
|
||||
# # defaults to WaitForFirstConsumer
|
||||
# volumeBindingMode: WaitForFirstConsumer
|
||||
# # defaults to Delete
|
||||
# reclaimPolicy: Retain
|
||||
# parameters:
|
||||
# encrypted: "true"
|
||||
|
||||
# Use old CSIDriver without an fsGroupPolicy set
|
||||
# Intended for use with older clusters that cannot easily replace the CSIDriver object
|
||||
# This parameter should always be false for new installations
|
||||
useOldCSIDriver: false
|
@ -1,4 +1,12 @@
|
||||
# Helm chart
|
||||
# v2.3.2
|
||||
* Bump app/driver version to `v1.4.5`
|
||||
|
||||
# v2.3.1
|
||||
* Bump app/driver version to `v1.4.4`
|
||||
|
||||
# v2.3.0
|
||||
* Bump app/driver version to `v1.4.3`
|
||||
|
||||
# v2.2.9
|
||||
* Bump app/driver version to `v1.4.2`
|
||||
|
@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: 1.4.2
|
||||
appVersion: 1.4.5
|
||||
description: A Helm chart for AWS EFS CSI Driver
|
||||
home: https://github.com/kubernetes-sigs/aws-efs-csi-driver
|
||||
keywords:
|
||||
@ -15,4 +15,4 @@ maintainers:
|
||||
name: aws-efs-csi-driver
|
||||
sources:
|
||||
- https://github.com/kubernetes-sigs/aws-efs-csi-driver
|
||||
version: 2.2.9
|
||||
version: 2.3.2
|
||||
|
@ -36,7 +36,7 @@ spec:
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
nodeSelector:
|
||||
beta.kubernetes.io/os: linux
|
||||
kubernetes.io/os: linux
|
||||
{{- with .Values.node.nodeSelector }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
@ -11,7 +11,7 @@ useFIPS: false
|
||||
|
||||
image:
|
||||
repository: amazon/aws-efs-csi-driver
|
||||
tag: "v1.4.2"
|
||||
tag: "v1.4.5"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
sidecars:
|
||||
|
@ -1,24 +0,0 @@
|
||||
diff -tuNr charts/aws-ebs-csi-driver.orig/templates/controller.yaml charts/aws-ebs-csi-driver/templates/controller.yaml
|
||||
--- charts/aws-ebs-csi-driver.orig/templates/controller.yaml 2021-08-12 10:46:10.000000000 +0200
|
||||
+++ charts/aws-ebs-csi-driver/templates/controller.yaml 2021-09-07 15:13:47.497732918 +0200
|
||||
@@ -114,6 +114,9 @@
|
||||
volumeMounts:
|
||||
- name: socket-dir
|
||||
mountPath: /var/lib/csi/sockets/pluginproxy/
|
||||
+ - name: aws-token
|
||||
+ mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||||
+ readOnly: true
|
||||
ports:
|
||||
- name: healthz
|
||||
containerPort: 9808
|
||||
@@ -252,3 +255,10 @@
|
||||
volumes:
|
||||
- name: socket-dir
|
||||
emptyDir: {}
|
||||
+ - name: aws-token
|
||||
+ projected:
|
||||
+ sources:
|
||||
+ - serviceAccountToken:
|
||||
+ path: token
|
||||
+ expirationSeconds: 86400
|
||||
+ audience: "sts.amazonaws.com"
|
@ -18,7 +18,7 @@
|
||||
"subdir": "contrib/mixin"
|
||||
}
|
||||
},
|
||||
"version": "7cd9e5a3383d688b072808cea5dedeb209cc6d47",
|
||||
"version": "c2378be1b552663ac6c5278148aefbeb281b7228",
|
||||
"sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc="
|
||||
},
|
||||
{
|
||||
@ -38,7 +38,7 @@
|
||||
"subdir": "grafana-builder"
|
||||
}
|
||||
},
|
||||
"version": "187833fc2d104a75dadf28ea5d628818e21619cb",
|
||||
"version": "fd5379a1fba2d572fc314a0395dd61e7df335948",
|
||||
"sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0="
|
||||
},
|
||||
{
|
||||
|
@ -1,6 +1,8 @@
|
||||
#!/bin/bash
|
||||
set -ex
|
||||
|
||||
helm dependencies update
|
||||
|
||||
### Gemini
|
||||
rm -rf charts/gemini
|
||||
helm pull fairwinds-stable/gemini --untar --untardir charts
|
||||
@ -16,10 +18,10 @@ mv charts/lvm-localpv/crds/volumesnapshot* crds
|
||||
patch -i lvm.patch -p0 --no-backup-if-mismatch
|
||||
|
||||
### EBS
|
||||
VERSION=$(yq eval '.dependencies[] | select(.name=="aws-ebs-csi-driver") | .version' Chart.yaml)
|
||||
rm -rf charts/aws-ebs-csi-driver
|
||||
curl -L -s -o - https://github.com/kubernetes-sigs/aws-ebs-csi-driver/releases/download/helm-chart-aws-ebs-csi-driver-${VERSION}/aws-ebs-csi-driver-${VERSION}.tgz | tar xfz - -C charts
|
||||
patch -i ebs.patch -p0 --no-backup-if-mismatch
|
||||
#VERSION=$(yq eval '.dependencies[] | select(.name=="aws-ebs-csi-driver") | .version' Chart.yaml)
|
||||
#rm -rf charts/aws-ebs-csi-driver
|
||||
#curl -L -s -o - https://github.com/kubernetes-sigs/aws-ebs-csi-driver/releases/download/helm-chart-aws-ebs-csi-driver-${VERSION}/aws-ebs-csi-driver-${VERSION}.tgz | tar xfz - -C charts
|
||||
#patch -i ebs.patch -p0 --no-backup-if-mismatch
|
||||
|
||||
### EFS
|
||||
VERSION=$(yq eval '.dependencies[] | select(.name=="aws-efs-csi-driver") | .version' Chart.yaml)
|
||||
|
@ -55,6 +55,9 @@ gemini:
|
||||
enabled: false
|
||||
# verbosity: 1
|
||||
|
||||
#image:
|
||||
# tag: build_500
|
||||
|
||||
resources:
|
||||
requests:
|
||||
memory: 32Mi
|
||||
@ -92,6 +95,20 @@ aws-ebs-csi-driver:
|
||||
# value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
|
||||
#- name: AWS_STS_REGIONAL_ENDPOINTS
|
||||
# value: regional
|
||||
|
||||
volumeMounts:
|
||||
- name: aws-token
|
||||
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: aws-token
|
||||
projected:
|
||||
sources:
|
||||
- serviceAccountToken:
|
||||
path: token
|
||||
expirationSeconds: 86400
|
||||
audience: "sts.amazonaws.com"
|
||||
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
|
Loading…
Reference in New Issue
Block a user