feat: upgrade addons, storage and network module as part of v1.28
This commit is contained in:
parent
7bbeb9d22d
commit
a054f8e0c3
@ -73,6 +73,7 @@ apiServer:
|
||||
{{- end }}
|
||||
{{- if .Values.api.awsIamAuth.enabled }}
|
||||
authentication-token-webhook-config-file: /etc/kubernetes/apiserver/aws-iam-authenticator.yaml
|
||||
authentication-token-webhook-cache-ttl: 3600s
|
||||
{{- end }}
|
||||
feature-gates: {{ include "kubeadm.featuregates" ( dict "return" "csv" ) | trimSuffix "," | quote }}
|
||||
enable-admission-plugins: DenyServiceExternalIPs,NodeRestriction,EventRateLimit,ExtendedResourceToleration
|
||||
|
@ -117,7 +117,7 @@ spec:
|
||||
|
||||
containers:
|
||||
- name: aws-iam-authenticator
|
||||
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.11
|
||||
image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.14
|
||||
args:
|
||||
- server
|
||||
- --backend-mode=CRD,MountedFile
|
||||
|
@ -3,7 +3,7 @@ name: kubezero-addons
|
||||
description: KubeZero umbrella chart for various optional cluster addons
|
||||
type: application
|
||||
version: 0.8.5
|
||||
appVersion: v1.27
|
||||
appVersion: v1.28
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -1,6 +1,6 @@
|
||||
# kubezero-addons
|
||||
|
||||
![Version: 0.8.4](https://img.shields.io/badge/Version-0.8.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.27](https://img.shields.io/badge/AppVersion-v1.27-informational?style=flat-square)
|
||||
![Version: 0.8.5](https://img.shields.io/badge/Version-0.8.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.28](https://img.shields.io/badge/AppVersion-v1.28-informational?style=flat-square)
|
||||
|
||||
KubeZero umbrella chart for various optional cluster addons
|
||||
|
||||
@ -18,12 +18,12 @@ Kubernetes: `>= 1.26.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.13.2 |
|
||||
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.13.1 |
|
||||
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.29.5 |
|
||||
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.14.2 |
|
||||
| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.15.1 |
|
||||
| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.14.3 |
|
||||
| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.36.0 |
|
||||
| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.14.5 |
|
||||
| https://twin.github.io/helm-charts | aws-eks-asg-rolling-update-handler | 1.5.0 |
|
||||
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.22.0 |
|
||||
| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.23.0 |
|
||||
|
||||
# MetalLB
|
||||
|
||||
@ -63,7 +63,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
||||
| aws-eks-asg-rolling-update-handler.environmentVars[8].name | string | `"AWS_STS_REGIONAL_ENDPOINTS"` | |
|
||||
| aws-eks-asg-rolling-update-handler.environmentVars[8].value | string | `"regional"` | |
|
||||
| aws-eks-asg-rolling-update-handler.image.repository | string | `"twinproduction/aws-eks-asg-rolling-update-handler"` | |
|
||||
| aws-eks-asg-rolling-update-handler.image.tag | string | `"v1.8.2"` | |
|
||||
| aws-eks-asg-rolling-update-handler.image.tag | string | `"v1.8.3"` | |
|
||||
| aws-eks-asg-rolling-update-handler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| aws-eks-asg-rolling-update-handler.resources.limits.memory | string | `"128Mi"` | |
|
||||
| aws-eks-asg-rolling-update-handler.resources.requests.cpu | string | `"10m"` | |
|
||||
@ -102,7 +102,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
||||
| aws-node-termination-handler.useProviderId | bool | `true` | |
|
||||
| awsNeuron.enabled | bool | `false` | |
|
||||
| awsNeuron.image.name | string | `"public.ecr.aws/neuron/neuron-device-plugin"` | |
|
||||
| awsNeuron.image.tag | string | `"2.12.5.0"` | |
|
||||
| awsNeuron.image.tag | string | `"2.19.16.0"` | |
|
||||
| cluster-autoscaler.autoDiscovery.clusterName | string | `""` | |
|
||||
| cluster-autoscaler.awsRegion | string | `"us-west-2"` | |
|
||||
| cluster-autoscaler.enabled | bool | `false` | |
|
||||
@ -111,7 +111,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/)
|
||||
| cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` | |
|
||||
| cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` | |
|
||||
| cluster-autoscaler.image.repository | string | `"registry.k8s.io/autoscaling/cluster-autoscaler"` | |
|
||||
| cluster-autoscaler.image.tag | string | `"v1.27.3"` | |
|
||||
| cluster-autoscaler.image.tag | string | `"v1.28.2"` | |
|
||||
| cluster-autoscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| cluster-autoscaler.podDisruptionBudget | bool | `false` | |
|
||||
| cluster-autoscaler.prometheusRule.enabled | bool | `false` | |
|
||||
|
@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: 1.20.0
|
||||
appVersion: 1.21.0
|
||||
description: A Helm chart for the AWS Node Termination Handler.
|
||||
home: https://github.com/aws/aws-node-termination-handler/
|
||||
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
|
||||
@ -21,4 +21,4 @@ name: aws-node-termination-handler
|
||||
sources:
|
||||
- https://github.com/aws/aws-node-termination-handler/
|
||||
type: application
|
||||
version: 0.22.0
|
||||
version: 0.23.0
|
||||
|
@ -119,7 +119,7 @@ The configuration in this table applies to AWS Node Termination Handler in queue
|
||||
| `checkASGTagBeforeDraining` | [DEPRECATED](Use `checkTagBeforeDraining` instead) If `true`, check that the instance is tagged with the `managedAsgTag` before draining the node. If `false`, disables calls ASG API. | `true` |
|
||||
| `managedAsgTag` | [DEPRECATED](Use `managedTag` instead) The node tag to check if `checkASGTagBeforeDraining` is `true`.
|
||||
| `useProviderId` | If `true`, fetch node name through Kubernetes node spec ProviderID instead of AWS event PrivateDnsHostname. | `false` |
|
||||
|
||||
| `topologySpreadConstraints` | [Topology Spread Constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/) for pod scheduling. Useful with a highly available deployment to reduce the risk of running multiple replicas on the same Node | `[]` |
|
||||
### IMDS Mode Configuration
|
||||
|
||||
The configuration in this table applies to AWS Node Termination Handler in IMDS mode.
|
||||
@ -174,6 +174,6 @@ The configuration in this table applies to AWS Node Termination Handler testing
|
||||
|
||||
## Metrics Endpoint Considerations
|
||||
|
||||
AWS Node Termination HAndler in IMDS mode runs as a DaemonSet with `useHostNetwork: true` by default. If the Prometheus server is enabled with `enablePrometheusServer: true` nothing else will be able to bind to the configured port (by default `prometheusServerPort: 9092`) in the root network namespace. Therefore, it will need to have a firewall/security group configured on the nodes to block access to the `/metrics` endpoint.
|
||||
AWS Node Termination Handler in IMDS mode runs as a DaemonSet with `useHostNetwork: true` by default. If the Prometheus server is enabled with `enablePrometheusServer: true` nothing else will be able to bind to the configured port (by default `prometheusServerPort: 9092`) in the root network namespace. Therefore, it will need to have a firewall/security group configured on the nodes to block access to the `/metrics` endpoint.
|
||||
|
||||
You can switch NTH in IMDS mode to run w/ `useHostNetwork: false`, but you will need to make sure that IMDSv1 is enabled or IMDSv2 IP hop count will need to be incremented to 2 (see the [IMDSv2 documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html).
|
||||
|
@ -220,4 +220,8 @@ spec:
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.topologySpreadConstraints }}
|
||||
topologySpreadConstraints:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -52,6 +52,8 @@ affinity: {}
|
||||
|
||||
tolerations: []
|
||||
|
||||
topologySpreadConstraints: []
|
||||
|
||||
# Extra environment variables
|
||||
extraEnv: []
|
||||
|
||||
|
@ -24,6 +24,7 @@ spec:
|
||||
volumeMounts:
|
||||
- name: host
|
||||
mountPath: /host
|
||||
readOnly: true
|
||||
- name: workdir
|
||||
mountPath: /tmp
|
||||
env:
|
||||
|
@ -107,7 +107,6 @@ aws-node-termination-handler:
|
||||
|
||||
fullnameOverride: "aws-node-termination-handler"
|
||||
|
||||
checkASGTagBeforeDraining: false
|
||||
# -- "zdt:kubezero:nth:${ClusterName}"
|
||||
managedTag: "zdt:kubezero:nth:${ClusterName}"
|
||||
|
||||
@ -161,7 +160,7 @@ awsNeuron:
|
||||
|
||||
image:
|
||||
name: public.ecr.aws/neuron/neuron-device-plugin
|
||||
tag: 2.12.5.0
|
||||
tag: 2.19.16.0
|
||||
|
||||
nvidia-device-plugin:
|
||||
enabled: false
|
||||
@ -201,7 +200,7 @@ cluster-autoscaler:
|
||||
|
||||
image:
|
||||
repository: registry.k8s.io/autoscaling/cluster-autoscaler
|
||||
tag: v1.27.3
|
||||
tag: v1.28.2
|
||||
|
||||
autoDiscovery:
|
||||
clusterName: ""
|
||||
|
@ -2,7 +2,7 @@ apiVersion: v2
|
||||
name: kubezero-network
|
||||
description: KubeZero umbrella chart for all things network
|
||||
type: application
|
||||
version: 0.4.7
|
||||
version: 0.5.0
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -1,6 +1,6 @@
|
||||
# kubezero-network
|
||||
|
||||
![Version: 0.4.6](https://img.shields.io/badge/Version-0.4.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
|
||||
|
||||
KubeZero umbrella chart for all things network
|
||||
|
||||
@ -19,8 +19,8 @@ Kubernetes: `>= 1.26.0`
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 |
|
||||
| https://helm.cilium.io/ | cilium | 1.14.4 |
|
||||
| https://metallb.github.io/metallb | metallb | 0.13.12 |
|
||||
| https://helm.cilium.io/ | cilium | 1.15.2 |
|
||||
| https://metallb.github.io/metallb | metallb | 0.14.3 |
|
||||
|
||||
## Values
|
||||
|
||||
@ -56,7 +56,7 @@ Kubernetes: `>= 1.26.0`
|
||||
| cilium.resources.limits.memory | string | `"1024Mi"` | |
|
||||
| cilium.resources.requests.cpu | string | `"10m"` | |
|
||||
| cilium.resources.requests.memory | string | `"256Mi"` | |
|
||||
| cilium.tunnel | string | `"geneve"` | |
|
||||
| cilium.tunnelProtocol | string | `"geneve"` | |
|
||||
| metallb.controller.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | |
|
||||
| metallb.controller.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| metallb.controller.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | |
|
||||
|
File diff suppressed because one or more lines are too long
@ -1,4 +1,48 @@
|
||||
# Helm chart
|
||||
## v2.29.0
|
||||
### Urgent Upgrade Notes
|
||||
*(No, really, you MUST read this before you upgrade)*
|
||||
|
||||
The EBS CSI Driver Helm chart no longer supports upgrading with `--reuse-values`. This chart will not test for `--reuse-values` compatibility and upgrading with `--reuse-values` will likely fail. Users of `--reuse-values` are strongly encouraged to migrate to `--reset-then-reuse-values`.
|
||||
|
||||
For more information see [the deprecation announcement](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1864).
|
||||
|
||||
### Other Changes
|
||||
* Bump driver version to `v1.29.0` and sidecars to latest versions
|
||||
* Add helm-tester enabled flag ([#1954](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1954), [@nunodomingues-td](https://github.com/nunodomingues-td))
|
||||
|
||||
## v2.28.1
|
||||
* Add `reservedVolumeAttachments` that overrides heuristic-determined reserved attachments via `--reserved-volume-attachments` CLI option from [PR #1919](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1919) through Helm ([#1939](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1939), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
* Add `additionalArgs` parameter to node daemonSet ([#1939](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1939), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
|
||||
## v2.28.0
|
||||
### Urgent Upgrade Notes
|
||||
*(No, really, you MUST read this before you upgrade)*
|
||||
|
||||
This is the last minor version of the EBS CSI Driver Helm chart to support upgrading with `--reuse-values`. Future versions of the chart (starting with `v2.29.0`) will not test for `--reuse-values` compatibility and upgrading with `--reuse-values` will likely fail. Users of `--reuse-values` are strongly encouraged to migrate to `--reset-then-reuse-values`.
|
||||
|
||||
For more information see [the deprecation announcement](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1864).
|
||||
|
||||
### Other Changes
|
||||
* Bump driver version to `v1.28.0` and sidecars to latest versions
|
||||
* Add labels to leases role used by EBS CSI controller ([#1914](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1914), [@cHiv0rz](https://github.com/cHiv0rz))
|
||||
* Enforce `linux` and `amd64` node affinity for helm tester pod ([#1922](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1922), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
* Add configuration for `DaemonSet` annotations ([#1923](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1923), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
* Incorporate KubeLinter recommended best practices for chart tester pod ([#1924](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1924), [@torredil](https://github.com/torredil))
|
||||
* Add configuration for chart tester pod image ([#1928](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1928), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
|
||||
## v2.27.0
|
||||
* Bump driver version to `v1.27.0`
|
||||
* Add parameters for tuning revisionHistoryLimit and emptyDir volumes ([#1840](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1840), [@bodgit](https://github.com/bodgit))
|
||||
|
||||
## v2.26.1
|
||||
* Bump driver version to `v1.26.1`
|
||||
* Bump sidecar container versions to fix [restart bug in external attacher, provisioner, resizer, snapshotter, and node-driver-registrar](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1875) ([#1886](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1886), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
|
||||
## v2.26.0
|
||||
* Bump driver version to `v1.26.0`
|
||||
* Bump sidecar container versions ([#1867](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1867), [@AndrewSirenko](https://github.com/AndrewSirenko))
|
||||
* Add warning about --reuse-values deprecation to NOTES.txt ([#1865](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1865), [@ConnorJC3](https://github.com/ConnorJC3))
|
||||
|
||||
## v2.25.0
|
||||
* Bump driver version to `v1.25.0`
|
||||
|
@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: 1.25.0
|
||||
appVersion: 1.29.0
|
||||
description: A Helm chart for AWS EBS CSI Driver
|
||||
home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver
|
||||
keywords:
|
||||
@ -13,4 +13,4 @@ maintainers:
|
||||
name: aws-ebs-csi-driver
|
||||
sources:
|
||||
- https://github.com/kubernetes-sigs/aws-ebs-csi-driver
|
||||
version: 2.25.0
|
||||
version: 2.29.0
|
||||
|
@ -3,3 +3,5 @@ To verify that aws-ebs-csi-driver has started, run:
|
||||
kubectl get pod -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "aws-ebs-csi-driver.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
|
||||
|
||||
NOTE: The [CSI Snapshotter](https://github.com/kubernetes-csi/external-snapshotter) controller and CRDs will no longer be installed as part of this chart and moving forward will be a prerequisite of using the snap shotting functionality.
|
||||
|
||||
WARNING: Upgrading the EBS CSI Driver Helm chart with --reuse-values will no longer be supported in a future release. For more information, see https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1864
|
||||
|
@ -9,6 +9,9 @@ metadata:
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
spec:
|
||||
{{- if or (kindIs "float64" .Values.node.revisionHistoryLimit) (kindIs "int64" .Values.node.revisionHistoryLimit) }}
|
||||
revisionHistoryLimit: {{ .Values.node.revisionHistoryLimit }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ .NodeName }}
|
||||
@ -199,6 +202,10 @@ spec:
|
||||
path: \\.\pipe\csi-proxy-filesystem-v1
|
||||
type: ""
|
||||
- name: probe-dir
|
||||
{{- if .Values.node.probeDirVolume }}
|
||||
{{- toYaml .Values.node.probeDirVolume | nindent 10 }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
@ -8,7 +8,14 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
{{- with .Values.node.daemonSetAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if or (kindIs "float64" .Values.node.revisionHistoryLimit) (kindIs "int64" .Values.node.revisionHistoryLimit) }}
|
||||
revisionHistoryLimit: {{ .Values.node.revisionHistoryLimit }}
|
||||
{{- end }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ .NodeName }}
|
||||
@ -60,6 +67,9 @@ spec:
|
||||
args:
|
||||
- node
|
||||
- --endpoint=$(CSI_ENDPOINT)
|
||||
{{- with .Values.node.reservedVolumeAttachments }}
|
||||
- --reserved-volume-attachments={{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.node.volumeAttachLimit }}
|
||||
- --volume-attach-limit={{ . }}
|
||||
{{- end }}
|
||||
@ -70,6 +80,9 @@ spec:
|
||||
{{- if .Values.node.otelTracing }}
|
||||
- --enable-otel-tracing=true
|
||||
{{- end}}
|
||||
{{- range .Values.node.additionalArgs }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: CSI_ENDPOINT
|
||||
value: unix:/csi/csi.sock
|
||||
@ -219,7 +232,11 @@ spec:
|
||||
path: /dev
|
||||
type: Directory
|
||||
- name: probe-dir
|
||||
{{- if .Values.node.probeDirVolume }}
|
||||
{{- toYaml .Values.node.probeDirVolume | nindent 10 }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- with .Values.node.volumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
@ -11,4 +11,7 @@ rules:
|
||||
verbs: ["get", "patch"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["volumeattachments"]
|
||||
verbs: ["list"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["csinodes"]
|
||||
verbs: ["get"]
|
||||
|
@ -33,6 +33,9 @@ rules:
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "volumeattachments" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "volumeattributesclasses" ]
|
||||
verbs: [ "get" ]
|
||||
{{- with .Values.sidecars.provisioner.additionalClusterRoleRules }}
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
|
@ -29,6 +29,9 @@ rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "pods" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "volumeattributesclasses" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
{{- with .Values.sidecars.resizer.additionalClusterRoleRules }}
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
|
@ -6,8 +6,15 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
{{- with .Values.controller.deploymentAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.controller.replicaCount }}
|
||||
{{- if or (kindIs "float64" .Values.controller.revisionHistoryLimit) (kindIs "int64" .Values.controller.revisionHistoryLimit) }}
|
||||
revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.updateStrategy }}
|
||||
strategy:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
@ -486,7 +493,11 @@ spec:
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: socket-dir
|
||||
{{- if .Values.controller.socketDirVolume }}
|
||||
{{- toYaml .Values.controller.socketDirVolume | nindent 10 }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.volumes }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
|
@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
name: ebs-csi-leases-role
|
||||
labels:
|
||||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
|
@ -0,0 +1,235 @@
|
||||
{{- if .Values.helmTester.enabled -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: ebs-csi-driver-test
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-csi-driver-test
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- events
|
||||
- nodes
|
||||
- pods
|
||||
- replicationcontrollers
|
||||
- serviceaccounts
|
||||
- configmaps
|
||||
- persistentvolumes
|
||||
- persistentvolumeclaims
|
||||
verbs: [ "list" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- services
|
||||
- nodes
|
||||
- nodes/proxy
|
||||
- persistentvolumes
|
||||
- persistentvolumeclaims
|
||||
- pods
|
||||
- pods/log
|
||||
verbs: [ "get" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- namespaces
|
||||
- persistentvolumes
|
||||
- persistentvolumeclaims
|
||||
- pods
|
||||
- pods/exec
|
||||
verbs: [ "create" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- namespaces
|
||||
- persistentvolumes
|
||||
- persistentvolumeclaims
|
||||
- pods
|
||||
verbs: [ "delete" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- persistentvolumeclaims
|
||||
verbs: [ "update" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- pods/ephemeralcontainers
|
||||
verbs: [ "patch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources:
|
||||
- serviceaccounts
|
||||
- configmaps
|
||||
verbs: [ "watch" ]
|
||||
- apiGroups: [ "apps" ]
|
||||
resources:
|
||||
- replicasets
|
||||
- daemonsets
|
||||
verbs: [ "list" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs: [ "create" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources:
|
||||
- storageclasses
|
||||
- csinodes
|
||||
verbs: [ "get" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs: [ "delete" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources:
|
||||
- volumesnapshots
|
||||
- volumesnapshotclasses
|
||||
- volumesnapshotcontents
|
||||
verbs: [ "create" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources:
|
||||
- volumesnapshots
|
||||
- volumesnapshotclasses
|
||||
- volumesnapshotcontents
|
||||
verbs: [ "get" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources:
|
||||
- volumesnapshotcontents
|
||||
verbs: [ "update" ]
|
||||
- apiGroups: [ "snapshot.storage.k8s.io" ]
|
||||
resources:
|
||||
- volumesnapshots
|
||||
- volumesnapshotclasses
|
||||
- volumesnapshotcontents
|
||||
verbs: [ "delete" ]
|
||||
- apiGroups: [ "authorization.k8s.io" ]
|
||||
resources:
|
||||
- clusterroles
|
||||
verbs: [ "list" ]
|
||||
- apiGroups: [ "authorization.k8s.io" ]
|
||||
resources:
|
||||
- subjectaccessreviews
|
||||
verbs: [ "create" ]
|
||||
- apiGroups: [ "rbac.authorization.k8s.io" ]
|
||||
resources:
|
||||
- clusterroles
|
||||
verbs: [ "list" ]
|
||||
- apiGroups: [ "rbac.authorization.k8s.io" ]
|
||||
resources:
|
||||
- clusterrolebindings
|
||||
verbs: [ "create" ]
|
||||
- apiGroups: [ "apiextensions.k8s.io" ]
|
||||
resources:
|
||||
- customresourcedefinitions
|
||||
verbs: [ "get" ]
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs-csi-driver-test
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ebs-csi-driver-test
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: ebs-csi-driver-test
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
data:
|
||||
manifests.yaml: |
|
||||
ShortName: ebs
|
||||
StorageClass:
|
||||
FromFile: storageclass.yaml
|
||||
SnapshotClass:
|
||||
FromName: true
|
||||
DriverInfo:
|
||||
Name: ebs.csi.aws.com
|
||||
SupportedSizeRange:
|
||||
Min: 1Gi
|
||||
Max: 16Ti
|
||||
SupportedFsType:
|
||||
xfs: {}
|
||||
ext4: {}
|
||||
SupportedMountOption:
|
||||
dirsync: {}
|
||||
TopologyKeys: ["topology.ebs.csi.aws.com/zone"]
|
||||
Capabilities:
|
||||
persistence: true
|
||||
fsGroup: true
|
||||
block: true
|
||||
exec: true
|
||||
snapshotDataSource: true
|
||||
pvcDataSource: false
|
||||
multipods: true
|
||||
controllerExpansion: true
|
||||
nodeExpansion: true
|
||||
volumeLimits: true
|
||||
topology: true
|
||||
storageclass.yaml: |
|
||||
kind: StorageClass
|
||||
apiVersion: storage.k8s.io/v1
|
||||
metadata:
|
||||
name: ebs.csi.aws.com
|
||||
provisioner: ebs.csi.aws.com
|
||||
volumeBindingMode: WaitForFirstConsumer
|
||||
metadata:
|
||||
name: ebs-csi-driver-test
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: ebs-csi-driver-test
|
||||
annotations:
|
||||
"helm.sh/hook": test
|
||||
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
|
||||
"ignore-check.kube-linter.io/run-as-non-root": "kubetest2 image runs as root"
|
||||
"ignore-check.kube-linter.io/no-read-only-root-fs": "test pod requires privileged access"
|
||||
spec:
|
||||
containers:
|
||||
- name: kubetest2
|
||||
image: {{ .Values.helmTester.image }}
|
||||
resources:
|
||||
requests:
|
||||
cpu: 2000m
|
||||
memory: 4Gi
|
||||
limits:
|
||||
memory: 4Gi
|
||||
command: [ "/bin/sh", "-c" ]
|
||||
args:
|
||||
- |
|
||||
cp /etc/config/storageclass.yaml /workspace/storageclass.yaml
|
||||
kubectl config set-cluster cluster --server=https://kubernetes.default --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
kubectl config set-context kubetest2 --cluster=cluster
|
||||
kubectl config set-credentials sa --token=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
||||
kubectl config set-context kubetest2 --user=sa && kubectl config use-context kubetest2
|
||||
export FOCUS_REGEX='\bebs.csi.aws.com\b.+(validate content|resize volume|offline PVC|AllowedTopologies|store data$SNAPSHOTS)'
|
||||
if kubectl get crd volumesnapshots.snapshot.storage.k8s.io; then
|
||||
FORCUS_REGEX="${FOCUS_REGEX}|snapshot fields"
|
||||
fi
|
||||
kubetest2 noop --run-id='e2e-kubernetes' --test=ginkgo -- --test-package-version="$(curl -L https://dl.k8s.io/release/stable-1.29.txt)" --skip-regex='[Disruptive]|[Serial]' --focus-regex="$FOCUS_REGEX" --parallel=25 --test-args='-storage.testdriver=/etc/config/manifests.yaml'
|
||||
volumeMounts:
|
||||
- name: config-vol
|
||||
mountPath: /etc/config
|
||||
# kubekins-e2e v1 image is linux amd64 only.
|
||||
nodeSelector:
|
||||
kubernetes.io/os: linux
|
||||
kubernetes.io/arch: amd64
|
||||
serviceAccountName: ebs-csi-driver-test
|
||||
volumes:
|
||||
- name: config-vol
|
||||
configMap:
|
||||
name: ebs-csi-driver-test
|
||||
restartPolicy: Never
|
||||
{{- end }}
|
@ -19,7 +19,7 @@ sidecars:
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner
|
||||
tag: "v3.6.2-eks-1-28-9"
|
||||
tag: "v4.0.0-eks-1-29-7"
|
||||
logLevel: 2
|
||||
# Additional parameters provided by external-provisioner.
|
||||
additionalArgs: []
|
||||
@ -44,7 +44,7 @@ sidecars:
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-attacher
|
||||
tag: "v4.4.2-eks-1-28-9"
|
||||
tag: "v4.5.0-eks-1-29-7"
|
||||
# Tune leader lease election for csi-attacher.
|
||||
# Leader election is on by default.
|
||||
leaderElection:
|
||||
@ -71,7 +71,7 @@ sidecars:
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter
|
||||
tag: "v6.3.2-eks-1-28-9"
|
||||
tag: "v7.0.1-eks-1-29-7"
|
||||
logLevel: 2
|
||||
# Additional parameters provided by csi-snapshotter.
|
||||
additionalArgs: []
|
||||
@ -85,7 +85,7 @@ sidecars:
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe
|
||||
tag: "v2.11.0-eks-1-28-9"
|
||||
tag: "v2.12.0-eks-1-29-7"
|
||||
# Additional parameters provided by livenessprobe.
|
||||
additionalArgs: []
|
||||
resources: {}
|
||||
@ -97,7 +97,7 @@ sidecars:
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-resizer
|
||||
tag: "v1.9.2-eks-1-28-9"
|
||||
tag: "v1.10.0-eks-1-29-7"
|
||||
# Tune leader lease election for csi-resizer.
|
||||
# Leader election is on by default.
|
||||
leaderElection:
|
||||
@ -122,7 +122,7 @@ sidecars:
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar
|
||||
tag: "v2.9.1-eks-1-28-9"
|
||||
tag: "v2.10.0-eks-1-29-7"
|
||||
logLevel: 2
|
||||
# Additional parameters provided by node-driver-registrar.
|
||||
additionalArgs: []
|
||||
@ -144,7 +144,7 @@ sidecars:
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s
|
||||
tag: "v0.1.3"
|
||||
tag: "v0.2.1"
|
||||
leaderElection:
|
||||
enabled: true
|
||||
# Optional values to tune lease behavior.
|
||||
@ -237,6 +237,7 @@ controller:
|
||||
logLevel: 2
|
||||
userAgentExtra: "helm"
|
||||
nodeSelector: {}
|
||||
deploymentAnnotations: {}
|
||||
podAnnotations: {}
|
||||
podLabels: {}
|
||||
priorityClassName: system-cluster-critical
|
||||
@ -246,6 +247,9 @@ controller:
|
||||
# region: us-east-1
|
||||
region:
|
||||
replicaCount: 2
|
||||
revisionHistoryLimit: 10
|
||||
socketDirVolume:
|
||||
emptyDir: {}
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
rollingUpdate:
|
||||
@ -328,6 +332,7 @@ node:
|
||||
loggingFormat: text
|
||||
logLevel: 2
|
||||
priorityClassName:
|
||||
additionalArgs: []
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
@ -346,6 +351,7 @@ node:
|
||||
- a1.2xlarge
|
||||
- a1.4xlarge
|
||||
nodeSelector: {}
|
||||
daemonSetAnnotations: {}
|
||||
podAnnotations: {}
|
||||
podLabels: {}
|
||||
tolerateAllTaints: true
|
||||
@ -359,6 +365,9 @@ node:
|
||||
memory: 40Mi
|
||||
limits:
|
||||
memory: 256Mi
|
||||
revisionHistoryLimit: 10
|
||||
probeDirVolume:
|
||||
emptyDir: {}
|
||||
serviceAccount:
|
||||
create: true
|
||||
name: ebs-csi-node-sa
|
||||
@ -369,7 +378,12 @@ node:
|
||||
# Enable the linux daemonset creation
|
||||
enableLinux: true
|
||||
enableWindows: false
|
||||
# The number of attachment slots to reserve for system use (and not to be used for CSI volumes)
|
||||
# When this parameter is not specified (or set to -1), the EBS CSI Driver will attempt to determine the number of reserved slots via heuristic
|
||||
# Cannot be specified at the same time as `node.volumeAttachLimit`
|
||||
reservedVolumeAttachments:
|
||||
# The "maximum number of attachable volumes" per node
|
||||
# Cannot be specified at the same time as `node.reservedVolumeAttachments`
|
||||
volumeAttachLimit:
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
@ -449,3 +463,8 @@ volumeSnapshotClasses: []
|
||||
# Intended for use with older clusters that cannot easily replace the CSIDriver object
|
||||
# This parameter should always be false for new installations
|
||||
useOldCSIDriver: false
|
||||
|
||||
helmTester:
|
||||
enabled: true
|
||||
# Supply a custom image to the ebs-csi-driver-test pod in helm-tester.yaml
|
||||
image: "gcr.io/k8s-staging-test-infra/kubekins-e2e:v20240311-b09cdeb92c-master"
|
||||
|
@ -1,4 +1,14 @@
|
||||
# Helm chart
|
||||
# v2.5.6
|
||||
* Bump app/driver version to `v1.7.6`
|
||||
# v2.5.5
|
||||
* Bump app/driver version to `v1.7.5`
|
||||
# v2.5.4
|
||||
* Bump app/driver version to `v1.7.4`
|
||||
# v2.5.3
|
||||
* Bump app/driver version to `v1.7.3`
|
||||
# v2.5.2
|
||||
* Bump app/driver version to `v1.7.2`
|
||||
# v2.5.1
|
||||
* Bump app/driver version to `v1.7.1`
|
||||
# v2.5.0
|
||||
|
@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: 1.7.1
|
||||
appVersion: 1.7.6
|
||||
description: A Helm chart for AWS EFS CSI Driver
|
||||
home: https://github.com/kubernetes-sigs/aws-efs-csi-driver
|
||||
keywords:
|
||||
@ -15,4 +15,4 @@ maintainers:
|
||||
name: aws-efs-csi-driver
|
||||
sources:
|
||||
- https://github.com/kubernetes-sigs/aws-efs-csi-driver
|
||||
version: 2.5.1
|
||||
version: 2.5.6
|
||||
|
@ -6,6 +6,9 @@ metadata:
|
||||
name: efs-csi-controller
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
|
||||
{{- with .Values.controller.additionalLabels }}
|
||||
{{ toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
selector:
|
||||
@ -23,10 +26,16 @@ spec:
|
||||
app: efs-csi-controller
|
||||
app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- with .Values.controller.podLabels }}
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.podAnnotations }}
|
||||
annotations: {{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if hasKey .Values.controller "hostNetwork" }}
|
||||
hostNetwork: {{ .Values.controller.hostNetwork }}
|
||||
{{- end }}
|
||||
{{- if .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.imagePullSecrets }}
|
||||
@ -39,7 +48,7 @@ spec:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ .Values.controller.serviceAccount.name }}
|
||||
priorityClassName: system-cluster-critical
|
||||
priorityClassName: {{ .Values.controller.priorityClassName | default "system-cluster-critical" }}
|
||||
{{- with .Values.controller.tolerations }}
|
||||
tolerations: {{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@ -47,10 +56,18 @@ spec:
|
||||
securityContext:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.dnsPolicy }}
|
||||
dnsPolicy: {{ .Values.controller.dnsPolicy }}
|
||||
{{- end }}
|
||||
{{- with .Values.controller.dnsConfig }}
|
||||
dnsConfig: {{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: efs-plugin
|
||||
{{- with .Values.controller.containerSecurityContext }}
|
||||
securityContext:
|
||||
privileged: true
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
image: {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
args:
|
||||
@ -110,6 +127,12 @@ spec:
|
||||
- --extra-create-metadata
|
||||
{{- end }}
|
||||
- --leader-election
|
||||
{{- if hasKey .Values.controller "leaderElectionRenewDeadline" }}
|
||||
- --leader-election-renew-deadline={{ .Values.controller.leaderElectionRenewDeadline }}
|
||||
{{- end }}
|
||||
{{- if hasKey .Values.controller "leaderElectionLeaseDuration" }}
|
||||
- --leader-election-lease-duration={{ .Values.controller.leaderElectionLeaseDuration }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: /var/lib/csi/sockets/pluginproxy/csi.sock
|
||||
|
@ -40,12 +40,19 @@ rules:
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
verbs: ["get", "watch", "list", "delete", "update", "create"]
|
||||
# - apiGroups: [ "" ]
|
||||
# resources: [ "secrets" ]
|
||||
# verbs: [ "get", "watch", "list" ]
|
||||
|
||||
---
|
||||
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: efs-csi-external-provisioner-role-describe-secrets
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "secrets" ]
|
||||
resourceNames: ["x-account"]
|
||||
verbs: [ "get", "watch", "list" ]
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
@ -60,3 +67,20 @@ roleRef:
|
||||
kind: ClusterRole
|
||||
name: efs-csi-external-provisioner-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
# We use a RoleBinding to restrict Secret access to the namespace that the
|
||||
# RoleBinding is created in (typically kube-system)
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: efs-csi-provisioner-binding-describe-secrets
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.controller.serviceAccount.name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: efs-csi-external-provisioner-role-describe-secrets
|
||||
apiGroup: rbac.authorization.k8s.io
|
@ -20,7 +20,7 @@ metadata:
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
verbs: ["get", "list", "watch", "patch"]
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
@ -11,14 +11,14 @@ useFIPS: false
|
||||
|
||||
image:
|
||||
repository: amazon/aws-efs-csi-driver
|
||||
tag: "v1.7.1"
|
||||
tag: "v1.7.6"
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
sidecars:
|
||||
livenessProbe:
|
||||
image:
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe
|
||||
tag: v2.10.0-eks-1-27-3
|
||||
tag: v2.11.0-eks-1-29-2
|
||||
pullPolicy: IfNotPresent
|
||||
resources: {}
|
||||
securityContext:
|
||||
@ -27,7 +27,7 @@ sidecars:
|
||||
nodeDriverRegistrar:
|
||||
image:
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar
|
||||
tag: v2.8.0-eks-1-27-3
|
||||
tag: v2.9.3-eks-1-29-2
|
||||
pullPolicy: IfNotPresent
|
||||
resources: {}
|
||||
securityContext:
|
||||
@ -36,7 +36,7 @@ sidecars:
|
||||
csiProvisioner:
|
||||
image:
|
||||
repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner
|
||||
tag: v3.5.0-eks-1-27-3
|
||||
tag: v3.6.3-eks-1-29-2
|
||||
pullPolicy: IfNotPresent
|
||||
resources: {}
|
||||
securityContext:
|
||||
@ -63,6 +63,12 @@ controller:
|
||||
# path on efs when deleteing an access point
|
||||
deleteAccessPointRootDir: false
|
||||
podAnnotations: {}
|
||||
podLabel: {}
|
||||
hostNetwork: false
|
||||
priorityClassName: system-cluster-critical
|
||||
dnsPolicy: ClusterFirst
|
||||
dnsConfig: {}
|
||||
additionalLabels: {}
|
||||
resources:
|
||||
{}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
@ -80,6 +86,8 @@ controller:
|
||||
tolerations:
|
||||
- key: CriticalAddonsOnly
|
||||
operator: Exists
|
||||
- key: efs.csi.aws.com/agent-not-ready
|
||||
operator: Exists
|
||||
affinity: {}
|
||||
# Specifies whether a service account should be created
|
||||
serviceAccount:
|
||||
@ -96,6 +104,12 @@ controller:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
fsGroup: 0
|
||||
# securityContext on the controller container
|
||||
# Setting privileged=false will cause the "delete-access-point-root-dir" controller option to fail
|
||||
containerSecurityContext:
|
||||
privileged: true
|
||||
leaderElectionRenewDeadline: 10s
|
||||
leaderElectionLeaseDuration: 15s
|
||||
|
||||
|
||||
## Node daemonset variables
|
||||
|
@ -1,5 +1,9 @@
|
||||
apiVersion: v2
|
||||
appVersion: 1.3.0
|
||||
appVersion: 1.5.0
|
||||
dependencies:
|
||||
- name: crds
|
||||
repository: ""
|
||||
version: 1.5.0
|
||||
description: CSI Driver for dynamic provisioning of LVM Persistent Local Volumes.
|
||||
home: https://openebs.io/
|
||||
icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png
|
||||
@ -20,4 +24,4 @@ maintainers:
|
||||
name: lvm-localpv
|
||||
sources:
|
||||
- https://github.com/openebs/lvm-localpv
|
||||
version: 1.3.0
|
||||
version: 1.5.0
|
||||
|
@ -47,10 +47,10 @@ $ helm install [RELEASE_NAME] openebs-lvmlocalpv/lvm-localpv --namespace [NAMESP
|
||||
|
||||
|
||||
**Note:** If moving from the operator to helm
|
||||
- Make sure the namespace provided in the helm install command is same as `LVM_NAMESPACE` (by default it is `openebs`) env in the controller statefulset.
|
||||
- Before installing, clean up the stale statefulset and daemonset from `kube-system` namespace using the below commands
|
||||
- Make sure the namespace provided in the helm install command is same as `LVM_NAMESPACE` (by default it is `openebs`) env in the controller deployment.
|
||||
- Before installing, clean up the stale deployment and daemonset from `kube-system` namespace using the below commands
|
||||
```sh
|
||||
kubectl delete sts openebs-lvm-controller -n kube-system
|
||||
kubectl delete deployment openebs-lvm-controller -n kube-system
|
||||
kubectl delete ds openebs-lvm-node -n kube-system
|
||||
```
|
||||
|
||||
@ -96,7 +96,8 @@ helm install openebs-lvmlocalpv openebs-lvmlocalpv/lvm-localpv --namespace opene
|
||||
|
||||
| Parameter | Description | Default |
|
||||
|-----------------------------------------------------|----------------------------------------------------------------------------------|-----------------------------------------|
|
||||
| `imagePullSecrets` | Provides image pull secrect | `""` |
|
||||
| `crds.csi.volumeSnapshots.enabled` | Enable/Disable installation of VolumeSnapshot-related CRDs | `true` |
|
||||
| `imagePullSecrets` | Provides image pull secret | `""` |
|
||||
| `lvmPlugin.image.registry` | Registry for openebs-lvm-plugin image | `""` |
|
||||
| `lvmPlugin.image.repository` | Image repository for openebs-lvm-plugin | `openebs/lvm-driver` |
|
||||
| `lvmPlugin.image.pullPolicy` | Image pull policy for openebs-lvm-plugin | `IfNotPresent` |
|
||||
@ -133,15 +134,16 @@ helm install openebs-lvmlocalpv openebs-lvmlocalpv/lvm-localpv --namespace opene
|
||||
| `lvmController.provisioner.image.repository` | Image repository for csi-provisioner | `sig-storage/csi-provisioner` |
|
||||
| `lvmController.provisioner.image.pullPolicy` | Image pull policy for csi-provisioner | `IfNotPresent` |
|
||||
| `lvmController.provisioner.image.tag` | Image tag for csi-provisioner | `v3.5.0` |
|
||||
| `lvmController.updateStrategy.type` | Update strategy for lvm localpv controller statefulset | `RollingUpdate` |
|
||||
| `lvmController.annotations` | Annotations for lvm localpv controller statefulset metadata | `""` |
|
||||
| `lvmController.podAnnotations` | Annotations for lvm localpv controller statefulset's pods metadata | `""` |
|
||||
| `lvmController.resources` | Resource and request and limit for lvm localpv controller statefulset containers | `""` |
|
||||
| `lvmController.labels` | Labels for lvm localpv controller statefulset metadata | `""` |
|
||||
| `lvmController.podLabels` | Appends labels to the lvm localpv controller statefulset pods | `""` |
|
||||
| `lvmController.nodeSelector` | Nodeselector for lvm localpv controller statefulset pods | `""` |
|
||||
| `lvmController.tolerations` | lvm localpv controller statefulset's pod toleration values | `""` |
|
||||
| `lvmController.securityContext` | Seurity context for lvm localpv controller statefulset container | `""` |
|
||||
| `lvmController.updateStrategy.type` | Update strategy for lvm localpv controller deployment | `RollingUpdate` |
|
||||
| `lvmController.annotations` | Annotations for lvm localpv controller deployment metadata | `""` |
|
||||
| `lvmController.podAnnotations` | Annotations for lvm localpv controller deployment's pods metadata | `""` |
|
||||
| `lvmController.resources` | Resource and request and limit for lvm localpv controller deployment containers | `""` |
|
||||
| `lvmController.labels` | Labels for lvm localpv controller deployment metadata | `""` |
|
||||
| `lvmController.podLabels` | Appends labels to the lvm localpv controller deployment pods | `""` |
|
||||
| `lvmController.nodeSelector` | Nodeselector for lvm localpv controller deployment pods | `""` |
|
||||
| `lvmController.tolerations` | lvm localpv controller deployment's pod toleration values | `""` |
|
||||
| `lvmController.topologySpreadConstraints` | lvm localpv controller deployment's pod topologySpreadConstraints values | `""` |
|
||||
| `lvmController.securityContext` | Security context for lvm localpv controller deployment container | `""` |
|
||||
| `rbac.pspEnabled` | Enable PodSecurityPolicy | `false` |
|
||||
| `serviceAccount.lvmNode.create` | Create a service account for lvmnode or not | `true` |
|
||||
| `serviceAccount.lvmNode.name` | Name for the lvmnode service account | `openebs-lvm-node-sa` |
|
||||
|
@ -0,0 +1,23 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
@ -0,0 +1,4 @@
|
||||
apiVersion: v2
|
||||
description: A Helm chart that collects CustomResourceDefinitions (CRDs) from lvm-localpv.
|
||||
name: crds
|
||||
version: 1.5.0
|
@ -0,0 +1,17 @@
|
||||
{{/*
|
||||
This returns a "1" if the CRD is absent in the cluster
|
||||
Usage:
|
||||
{{- if (include "crdIsAbsent" (list <crd-name>)) -}}
|
||||
# CRD Yaml
|
||||
{{- end -}}
|
||||
*/}}
|
||||
{{- define "crdIsAbsent" -}}
|
||||
{{- $crdName := index . 0 -}}
|
||||
{{- $crd := lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" $crdName -}}
|
||||
{{- $output := "1" -}}
|
||||
{{- if $crd -}}
|
||||
{{- $output = "" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- $output -}}
|
||||
{{- end -}}
|
@ -0,0 +1,152 @@
|
||||
{{- if .Values.csi.volumeSnapshots.enabled -}}
|
||||
{{- $crdName := "volumesnapshotclasses.snapshot.storage.k8s.io" -}}
|
||||
{{- if (include "crdIsAbsent" (list $crdName)) -}}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/814
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
creationTimestamp: null
|
||||
name: volumesnapshotclasses.snapshot.storage.k8s.io
|
||||
spec:
|
||||
group: snapshot.storage.k8s.io
|
||||
names:
|
||||
kind: VolumeSnapshotClass
|
||||
listKind: VolumeSnapshotClassList
|
||||
plural: volumesnapshotclasses
|
||||
shortNames:
|
||||
- vsclass
|
||||
- vsclasses
|
||||
singular: volumesnapshotclass
|
||||
scope: Cluster
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .driver
|
||||
name: Driver
|
||||
type: string
|
||||
- description: Determines whether a VolumeSnapshotContent created through the
|
||||
VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted.
|
||||
jsonPath: .deletionPolicy
|
||||
name: DeletionPolicy
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: VolumeSnapshotClass specifies parameters that a underlying storage
|
||||
system uses when creating a volume snapshot. A specific VolumeSnapshotClass
|
||||
is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses
|
||||
are non-namespaced
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
deletionPolicy:
|
||||
description: deletionPolicy determines whether a VolumeSnapshotContent
|
||||
created through the VolumeSnapshotClass should be deleted when its bound
|
||||
VolumeSnapshot is deleted. Supported values are "Retain" and "Delete".
|
||||
"Retain" means that the VolumeSnapshotContent and its physical snapshot
|
||||
on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent
|
||||
and its physical snapshot on underlying storage system are deleted.
|
||||
Required.
|
||||
enum:
|
||||
- Delete
|
||||
- Retain
|
||||
type: string
|
||||
driver:
|
||||
description: driver is the name of the storage driver that handles this
|
||||
VolumeSnapshotClass. Required.
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
parameters:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: parameters is a key-value map with storage driver specific
|
||||
parameters for creating snapshots. These values are opaque to Kubernetes.
|
||||
type: object
|
||||
required:
|
||||
- deletionPolicy
|
||||
- driver
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .driver
|
||||
name: Driver
|
||||
type: string
|
||||
- description: Determines whether a VolumeSnapshotContent created through the
|
||||
VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted.
|
||||
jsonPath: .deletionPolicy
|
||||
name: DeletionPolicy
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
deprecated: true
|
||||
deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotClass is deprecated;
|
||||
use snapshot.storage.k8s.io/v1 VolumeSnapshotClass
|
||||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: VolumeSnapshotClass specifies parameters that a underlying storage
|
||||
system uses when creating a volume snapshot. A specific VolumeSnapshotClass
|
||||
is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses
|
||||
are non-namespaced
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
deletionPolicy:
|
||||
description: deletionPolicy determines whether a VolumeSnapshotContent
|
||||
created through the VolumeSnapshotClass should be deleted when its bound
|
||||
VolumeSnapshot is deleted. Supported values are "Retain" and "Delete".
|
||||
"Retain" means that the VolumeSnapshotContent and its physical snapshot
|
||||
on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent
|
||||
and its physical snapshot on underlying storage system are deleted.
|
||||
Required.
|
||||
enum:
|
||||
- Delete
|
||||
- Retain
|
||||
type: string
|
||||
driver:
|
||||
description: driver is the name of the storage driver that handles this
|
||||
VolumeSnapshotClass. Required.
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
parameters:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: parameters is a key-value map with storage driver specific
|
||||
parameters for creating snapshots. These values are opaque to Kubernetes.
|
||||
type: object
|
||||
required:
|
||||
- deletionPolicy
|
||||
- driver
|
||||
type: object
|
||||
served: false
|
||||
storage: false
|
||||
subresources: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,490 @@
|
||||
{{- if .Values.csi.volumeSnapshots.enabled -}}
|
||||
{{- $crdName := "volumesnapshotcontents.snapshot.storage.k8s.io" -}}
|
||||
{{- if (include "crdIsAbsent" (list $crdName)) -}}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/814
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
creationTimestamp: null
|
||||
name: volumesnapshotcontents.snapshot.storage.k8s.io
|
||||
spec:
|
||||
group: snapshot.storage.k8s.io
|
||||
names:
|
||||
kind: VolumeSnapshotContent
|
||||
listKind: VolumeSnapshotContentList
|
||||
plural: volumesnapshotcontents
|
||||
shortNames:
|
||||
- vsc
|
||||
- vscs
|
||||
singular: volumesnapshotcontent
|
||||
scope: Cluster
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- description: Indicates if the snapshot is ready to be used to restore a volume.
|
||||
jsonPath: .status.readyToUse
|
||||
name: ReadyToUse
|
||||
type: boolean
|
||||
- description: Represents the complete size of the snapshot in bytes
|
||||
jsonPath: .status.restoreSize
|
||||
name: RestoreSize
|
||||
type: integer
|
||||
- description: Determines whether this VolumeSnapshotContent and its physical
|
||||
snapshot on the underlying storage system should be deleted when its bound
|
||||
VolumeSnapshot is deleted.
|
||||
jsonPath: .spec.deletionPolicy
|
||||
name: DeletionPolicy
|
||||
type: string
|
||||
- description: Name of the CSI driver used to create the physical snapshot on
|
||||
the underlying storage system.
|
||||
jsonPath: .spec.driver
|
||||
name: Driver
|
||||
type: string
|
||||
- description: Name of the VolumeSnapshotClass to which this snapshot belongs.
|
||||
jsonPath: .spec.volumeSnapshotClassName
|
||||
name: VolumeSnapshotClass
|
||||
type: string
|
||||
- description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent
|
||||
object is bound.
|
||||
jsonPath: .spec.volumeSnapshotRef.name
|
||||
name: VolumeSnapshot
|
||||
type: string
|
||||
- description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent
|
||||
object is bound.
|
||||
jsonPath: .spec.volumeSnapshotRef.namespace
|
||||
name: VolumeSnapshotNamespace
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: VolumeSnapshotContent represents the actual "on-disk" snapshot
|
||||
object in the underlying storage system
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
spec:
|
||||
description: spec defines properties of a VolumeSnapshotContent created
|
||||
by the underlying storage system. Required.
|
||||
properties:
|
||||
deletionPolicy:
|
||||
description: deletionPolicy determines whether this VolumeSnapshotContent
|
||||
and its physical snapshot on the underlying storage system should
|
||||
be deleted when its bound VolumeSnapshot is deleted. Supported values
|
||||
are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent
|
||||
and its physical snapshot on underlying storage system are kept.
|
||||
"Delete" means that the VolumeSnapshotContent and its physical snapshot
|
||||
on underlying storage system are deleted. For dynamically provisioned
|
||||
snapshots, this field will automatically be filled in by the CSI
|
||||
snapshotter sidecar with the "DeletionPolicy" field defined in the
|
||||
corresponding VolumeSnapshotClass. For pre-existing snapshots, users
|
||||
MUST specify this field when creating the VolumeSnapshotContent
|
||||
object. Required.
|
||||
enum:
|
||||
- Delete
|
||||
- Retain
|
||||
type: string
|
||||
driver:
|
||||
description: driver is the name of the CSI driver used to create the
|
||||
physical snapshot on the underlying storage system. This MUST be
|
||||
the same as the name returned by the CSI GetPluginName() call for
|
||||
that driver. Required.
|
||||
type: string
|
||||
source:
|
||||
description: source specifies whether the snapshot is (or should be)
|
||||
dynamically provisioned or already exists, and just requires a Kubernetes
|
||||
object representation. This field is immutable after creation. Required.
|
||||
oneOf:
|
||||
- required:
|
||||
- snapshotHandle
|
||||
- required:
|
||||
- volumeHandle
|
||||
properties:
|
||||
snapshotHandle:
|
||||
description: snapshotHandle specifies the CSI "snapshot_id" of
|
||||
a pre-existing snapshot on the underlying storage system for
|
||||
which a Kubernetes object representation was (or should be)
|
||||
created. This field is immutable.
|
||||
type: string
|
||||
volumeHandle:
|
||||
description: volumeHandle specifies the CSI "volume_id" of the
|
||||
volume from which a snapshot should be dynamically taken from.
|
||||
This field is immutable.
|
||||
type: string
|
||||
type: object
|
||||
sourceVolumeMode:
|
||||
description: SourceVolumeMode is the mode of the volume whose snapshot
|
||||
is taken. Can be either “Filesystem” or “Block”. If not specified,
|
||||
it indicates the source volume's mode is unknown. This field is
|
||||
immutable. This field is an alpha field.
|
||||
type: string
|
||||
volumeSnapshotClassName:
|
||||
description: name of the VolumeSnapshotClass from which this snapshot
|
||||
was (or will be) created. Note that after provisioning, the VolumeSnapshotClass
|
||||
may be deleted or recreated with different set of values, and as
|
||||
such, should not be referenced post-snapshot creation.
|
||||
type: string
|
||||
volumeSnapshotRef:
|
||||
description: volumeSnapshotRef specifies the VolumeSnapshot object
|
||||
to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName
|
||||
field must reference to this VolumeSnapshotContent's name for the
|
||||
bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent
|
||||
object, name and namespace of the VolumeSnapshot object MUST be
|
||||
provided for binding to happen. This field is immutable after creation.
|
||||
Required.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: API version of the referent.
|
||||
type: string
|
||||
fieldPath:
|
||||
description: 'If referring to a piece of an object instead of
|
||||
an entire object, this string should contain a valid JSON/Go
|
||||
field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within
|
||||
a pod, this would take on a value like: "spec.containers{name}"
|
||||
(where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]"
|
||||
(container with index 2 in this pod). This syntax is chosen
|
||||
only to have some well-defined way of referencing a part of
|
||||
an object. TODO: this design is not final and this field is
|
||||
subject to change in the future.'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
|
||||
type: string
|
||||
resourceVersion:
|
||||
description: 'Specific resourceVersion to which this reference
|
||||
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
|
||||
type: string
|
||||
uid:
|
||||
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
|
||||
type: string
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
required:
|
||||
- deletionPolicy
|
||||
- driver
|
||||
- source
|
||||
- volumeSnapshotRef
|
||||
type: object
|
||||
status:
|
||||
description: status represents the current information of a snapshot.
|
||||
properties:
|
||||
creationTime:
|
||||
description: creationTime is the timestamp when the point-in-time
|
||||
snapshot is taken by the underlying storage system. In dynamic snapshot
|
||||
creation case, this field will be filled in by the CSI snapshotter
|
||||
sidecar with the "creation_time" value returned from CSI "CreateSnapshot"
|
||||
gRPC call. For a pre-existing snapshot, this field will be filled
|
||||
with the "creation_time" value returned from the CSI "ListSnapshots"
|
||||
gRPC call if the driver supports it. If not specified, it indicates
|
||||
the creation time is unknown. The format of this field is a Unix
|
||||
nanoseconds time encoded as an int64. On Unix, the command `date
|
||||
+%s%N` returns the current time in nanoseconds since 1970-01-01
|
||||
00:00:00 UTC.
|
||||
format: int64
|
||||
type: integer
|
||||
error:
|
||||
description: error is the last observed error during snapshot creation,
|
||||
if any. Upon success after retry, this error field will be cleared.
|
||||
properties:
|
||||
message:
|
||||
description: 'message is a string detailing the encountered error
|
||||
during snapshot creation if specified. NOTE: message may be
|
||||
logged, and it should not contain sensitive information.'
|
||||
type: string
|
||||
time:
|
||||
description: time is the timestamp when the error was encountered.
|
||||
format: date-time
|
||||
type: string
|
||||
type: object
|
||||
readyToUse:
|
||||
description: readyToUse indicates if a snapshot is ready to be used
|
||||
to restore a volume. In dynamic snapshot creation case, this field
|
||||
will be filled in by the CSI snapshotter sidecar with the "ready_to_use"
|
||||
value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing
|
||||
snapshot, this field will be filled with the "ready_to_use" value
|
||||
returned from the CSI "ListSnapshots" gRPC call if the driver supports
|
||||
it, otherwise, this field will be set to "True". If not specified,
|
||||
it means the readiness of a snapshot is unknown.
|
||||
type: boolean
|
||||
restoreSize:
|
||||
description: restoreSize represents the complete size of the snapshot
|
||||
in bytes. In dynamic snapshot creation case, this field will be
|
||||
filled in by the CSI snapshotter sidecar with the "size_bytes" value
|
||||
returned from CSI "CreateSnapshot" gRPC call. For a pre-existing
|
||||
snapshot, this field will be filled with the "size_bytes" value
|
||||
returned from the CSI "ListSnapshots" gRPC call if the driver supports
|
||||
it. When restoring a volume from this snapshot, the size of the
|
||||
volume MUST NOT be smaller than the restoreSize if it is specified,
|
||||
otherwise the restoration will fail. If not specified, it indicates
|
||||
that the size is unknown.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
snapshotHandle:
|
||||
description: snapshotHandle is the CSI "snapshot_id" of a snapshot
|
||||
on the underlying storage system. If not specified, it indicates
|
||||
that dynamic snapshot creation has either failed or it is still
|
||||
in progress.
|
||||
type: string
|
||||
volumeGroupSnapshotContentName:
|
||||
description: VolumeGroupSnapshotContentName is the name of the VolumeGroupSnapshotContent
|
||||
of which this VolumeSnapshotContent is a part of.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
- additionalPrinterColumns:
|
||||
- description: Indicates if the snapshot is ready to be used to restore a volume.
|
||||
jsonPath: .status.readyToUse
|
||||
name: ReadyToUse
|
||||
type: boolean
|
||||
- description: Represents the complete size of the snapshot in bytes
|
||||
jsonPath: .status.restoreSize
|
||||
name: RestoreSize
|
||||
type: integer
|
||||
- description: Determines whether this VolumeSnapshotContent and its physical
|
||||
snapshot on the underlying storage system should be deleted when its bound
|
||||
VolumeSnapshot is deleted.
|
||||
jsonPath: .spec.deletionPolicy
|
||||
name: DeletionPolicy
|
||||
type: string
|
||||
- description: Name of the CSI driver used to create the physical snapshot on
|
||||
the underlying storage system.
|
||||
jsonPath: .spec.driver
|
||||
name: Driver
|
||||
type: string
|
||||
- description: Name of the VolumeSnapshotClass to which this snapshot belongs.
|
||||
jsonPath: .spec.volumeSnapshotClassName
|
||||
name: VolumeSnapshotClass
|
||||
type: string
|
||||
- description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent
|
||||
object is bound.
|
||||
jsonPath: .spec.volumeSnapshotRef.name
|
||||
name: VolumeSnapshot
|
||||
type: string
|
||||
- description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent
|
||||
object is bound.
|
||||
jsonPath: .spec.volumeSnapshotRef.namespace
|
||||
name: VolumeSnapshotNamespace
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
deprecated: true
|
||||
deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshotContent is deprecated;
|
||||
use snapshot.storage.k8s.io/v1 VolumeSnapshotContent
|
||||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: VolumeSnapshotContent represents the actual "on-disk" snapshot
|
||||
object in the underlying storage system
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
spec:
|
||||
description: spec defines properties of a VolumeSnapshotContent created
|
||||
by the underlying storage system. Required.
|
||||
properties:
|
||||
deletionPolicy:
|
||||
description: deletionPolicy determines whether this VolumeSnapshotContent
|
||||
and its physical snapshot on the underlying storage system should
|
||||
be deleted when its bound VolumeSnapshot is deleted. Supported values
|
||||
are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent
|
||||
and its physical snapshot on underlying storage system are kept.
|
||||
"Delete" means that the VolumeSnapshotContent and its physical snapshot
|
||||
on underlying storage system are deleted. For dynamically provisioned
|
||||
snapshots, this field will automatically be filled in by the CSI
|
||||
snapshotter sidecar with the "DeletionPolicy" field defined in the
|
||||
corresponding VolumeSnapshotClass. For pre-existing snapshots, users
|
||||
MUST specify this field when creating the VolumeSnapshotContent
|
||||
object. Required.
|
||||
enum:
|
||||
- Delete
|
||||
- Retain
|
||||
type: string
|
||||
driver:
|
||||
description: driver is the name of the CSI driver used to create the
|
||||
physical snapshot on the underlying storage system. This MUST be
|
||||
the same as the name returned by the CSI GetPluginName() call for
|
||||
that driver. Required.
|
||||
type: string
|
||||
source:
|
||||
description: source specifies whether the snapshot is (or should be)
|
||||
dynamically provisioned or already exists, and just requires a Kubernetes
|
||||
object representation. This field is immutable after creation. Required.
|
||||
properties:
|
||||
snapshotHandle:
|
||||
description: snapshotHandle specifies the CSI "snapshot_id" of
|
||||
a pre-existing snapshot on the underlying storage system for
|
||||
which a Kubernetes object representation was (or should be)
|
||||
created. This field is immutable.
|
||||
type: string
|
||||
volumeHandle:
|
||||
description: volumeHandle specifies the CSI "volume_id" of the
|
||||
volume from which a snapshot should be dynamically taken from.
|
||||
This field is immutable.
|
||||
type: string
|
||||
type: object
|
||||
volumeSnapshotClassName:
|
||||
description: name of the VolumeSnapshotClass from which this snapshot
|
||||
was (or will be) created. Note that after provisioning, the VolumeSnapshotClass
|
||||
may be deleted or recreated with different set of values, and as
|
||||
such, should not be referenced post-snapshot creation.
|
||||
type: string
|
||||
volumeSnapshotRef:
|
||||
description: volumeSnapshotRef specifies the VolumeSnapshot object
|
||||
to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName
|
||||
field must reference to this VolumeSnapshotContent's name for the
|
||||
bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent
|
||||
object, name and namespace of the VolumeSnapshot object MUST be
|
||||
provided for binding to happen. This field is immutable after creation.
|
||||
Required.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: API version of the referent.
|
||||
type: string
|
||||
fieldPath:
|
||||
description: 'If referring to a piece of an object instead of
|
||||
an entire object, this string should contain a valid JSON/Go
|
||||
field access statement, such as desiredState.manifest.containers[2].
|
||||
For example, if the object reference is to a container within
|
||||
a pod, this would take on a value like: "spec.containers{name}"
|
||||
(where "name" refers to the name of the container that triggered
|
||||
the event) or if no container name is specified "spec.containers[2]"
|
||||
(container with index 2 in this pod). This syntax is chosen
|
||||
only to have some well-defined way of referencing a part of
|
||||
an object. TODO: this design is not final and this field is
|
||||
subject to change in the future.'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
|
||||
type: string
|
||||
namespace:
|
||||
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
|
||||
type: string
|
||||
resourceVersion:
|
||||
description: 'Specific resourceVersion to which this reference
|
||||
is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
|
||||
type: string
|
||||
uid:
|
||||
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- deletionPolicy
|
||||
- driver
|
||||
- source
|
||||
- volumeSnapshotRef
|
||||
type: object
|
||||
status:
|
||||
description: status represents the current information of a snapshot.
|
||||
properties:
|
||||
creationTime:
|
||||
description: creationTime is the timestamp when the point-in-time
|
||||
snapshot is taken by the underlying storage system. In dynamic snapshot
|
||||
creation case, this field will be filled in by the CSI snapshotter
|
||||
sidecar with the "creation_time" value returned from CSI "CreateSnapshot"
|
||||
gRPC call. For a pre-existing snapshot, this field will be filled
|
||||
with the "creation_time" value returned from the CSI "ListSnapshots"
|
||||
gRPC call if the driver supports it. If not specified, it indicates
|
||||
the creation time is unknown. The format of this field is a Unix
|
||||
nanoseconds time encoded as an int64. On Unix, the command `date
|
||||
+%s%N` returns the current time in nanoseconds since 1970-01-01
|
||||
00:00:00 UTC.
|
||||
format: int64
|
||||
type: integer
|
||||
error:
|
||||
description: error is the last observed error during snapshot creation,
|
||||
if any. Upon success after retry, this error field will be cleared.
|
||||
properties:
|
||||
message:
|
||||
description: 'message is a string detailing the encountered error
|
||||
during snapshot creation if specified. NOTE: message may be
|
||||
logged, and it should not contain sensitive information.'
|
||||
type: string
|
||||
time:
|
||||
description: time is the timestamp when the error was encountered.
|
||||
format: date-time
|
||||
type: string
|
||||
type: object
|
||||
readyToUse:
|
||||
description: readyToUse indicates if a snapshot is ready to be used
|
||||
to restore a volume. In dynamic snapshot creation case, this field
|
||||
will be filled in by the CSI snapshotter sidecar with the "ready_to_use"
|
||||
value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing
|
||||
snapshot, this field will be filled with the "ready_to_use" value
|
||||
returned from the CSI "ListSnapshots" gRPC call if the driver supports
|
||||
it, otherwise, this field will be set to "True". If not specified,
|
||||
it means the readiness of a snapshot is unknown.
|
||||
type: boolean
|
||||
restoreSize:
|
||||
description: restoreSize represents the complete size of the snapshot
|
||||
in bytes. In dynamic snapshot creation case, this field will be
|
||||
filled in by the CSI snapshotter sidecar with the "size_bytes" value
|
||||
returned from CSI "CreateSnapshot" gRPC call. For a pre-existing
|
||||
snapshot, this field will be filled with the "size_bytes" value
|
||||
returned from the CSI "ListSnapshots" gRPC call if the driver supports
|
||||
it. When restoring a volume from this snapshot, the size of the
|
||||
volume MUST NOT be smaller than the restoreSize if it is specified,
|
||||
otherwise the restoration will fail. If not specified, it indicates
|
||||
that the size is unknown.
|
||||
format: int64
|
||||
minimum: 0
|
||||
type: integer
|
||||
snapshotHandle:
|
||||
description: snapshotHandle is the CSI "snapshot_id" of a snapshot
|
||||
on the underlying storage system. If not specified, it indicates
|
||||
that dynamic snapshot creation has either failed or it is still
|
||||
in progress.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: false
|
||||
storage: false
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,392 @@
|
||||
{{- if .Values.csi.volumeSnapshots.enabled -}}
|
||||
{{- $crdName := "volumesnapshots.snapshot.storage.k8s.io" -}}
|
||||
{{- if (include "crdIsAbsent" (list $crdName)) -}}
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
api-approved.kubernetes.io: https://github.com/kubernetes-csi/external-snapshotter/pull/814
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
creationTimestamp: null
|
||||
name: volumesnapshots.snapshot.storage.k8s.io
|
||||
spec:
|
||||
group: snapshot.storage.k8s.io
|
||||
names:
|
||||
kind: VolumeSnapshot
|
||||
listKind: VolumeSnapshotList
|
||||
plural: volumesnapshots
|
||||
shortNames:
|
||||
- vs
|
||||
singular: volumesnapshot
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- description: Indicates if the snapshot is ready to be used to restore a volume.
|
||||
jsonPath: .status.readyToUse
|
||||
name: ReadyToUse
|
||||
type: boolean
|
||||
- description: If a new snapshot needs to be created, this contains the name of
|
||||
the source PVC from which this snapshot was (or will be) created.
|
||||
jsonPath: .spec.source.persistentVolumeClaimName
|
||||
name: SourcePVC
|
||||
type: string
|
||||
- description: If a snapshot already exists, this contains the name of the existing
|
||||
VolumeSnapshotContent object representing the existing snapshot.
|
||||
jsonPath: .spec.source.volumeSnapshotContentName
|
||||
name: SourceSnapshotContent
|
||||
type: string
|
||||
- description: Represents the minimum size of volume required to rehydrate from
|
||||
this snapshot.
|
||||
jsonPath: .status.restoreSize
|
||||
name: RestoreSize
|
||||
type: string
|
||||
- description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot.
|
||||
jsonPath: .spec.volumeSnapshotClassName
|
||||
name: SnapshotClass
|
||||
type: string
|
||||
- description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot
|
||||
object intends to bind to. Please note that verification of binding actually
|
||||
requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure
|
||||
both are pointing at each other. Binding MUST be verified prior to usage of
|
||||
this object.
|
||||
jsonPath: .status.boundVolumeSnapshotContentName
|
||||
name: SnapshotContent
|
||||
type: string
|
||||
- description: Timestamp when the point-in-time snapshot was taken by the underlying
|
||||
storage system.
|
||||
jsonPath: .status.creationTime
|
||||
name: CreationTime
|
||||
type: date
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: VolumeSnapshot is a user's request for either creating a point-in-time
|
||||
snapshot of a persistent volume, or binding to a pre-existing snapshot.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
spec:
|
||||
description: 'spec defines the desired characteristics of a snapshot requested
|
||||
by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots
|
||||
Required.'
|
||||
properties:
|
||||
source:
|
||||
description: source specifies where a snapshot will be created from.
|
||||
This field is immutable after creation. Required.
|
||||
oneOf:
|
||||
- required:
|
||||
- persistentVolumeClaimName
|
||||
- required:
|
||||
- volumeSnapshotContentName
|
||||
properties:
|
||||
persistentVolumeClaimName:
|
||||
description: persistentVolumeClaimName specifies the name of the
|
||||
PersistentVolumeClaim object representing the volume from which
|
||||
a snapshot should be created. This PVC is assumed to be in the
|
||||
same namespace as the VolumeSnapshot object. This field should
|
||||
be set if the snapshot does not exists, and needs to be created.
|
||||
This field is immutable.
|
||||
type: string
|
||||
volumeSnapshotContentName:
|
||||
description: volumeSnapshotContentName specifies the name of a
|
||||
pre-existing VolumeSnapshotContent object representing an existing
|
||||
volume snapshot. This field should be set if the snapshot already
|
||||
exists and only needs a representation in Kubernetes. This field
|
||||
is immutable.
|
||||
type: string
|
||||
type: object
|
||||
volumeSnapshotClassName:
|
||||
description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass
|
||||
requested by the VolumeSnapshot. VolumeSnapshotClassName may be
|
||||
left nil to indicate that the default SnapshotClass should be used.
|
||||
A given cluster may have multiple default Volume SnapshotClasses:
|
||||
one default per CSI Driver. If a VolumeSnapshot does not specify
|
||||
a SnapshotClass, VolumeSnapshotSource will be checked to figure
|
||||
out what the associated CSI Driver is, and the default VolumeSnapshotClass
|
||||
associated with that CSI Driver will be used. If more than one VolumeSnapshotClass
|
||||
exist for a given CSI Driver and more than one have been marked
|
||||
as default, CreateSnapshot will fail and generate an event. Empty
|
||||
string is not allowed for this field.'
|
||||
type: string
|
||||
required:
|
||||
- source
|
||||
type: object
|
||||
status:
|
||||
description: status represents the current information of a snapshot.
|
||||
Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent
|
||||
objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent
|
||||
point at each other) before using this object.
|
||||
properties:
|
||||
boundVolumeSnapshotContentName:
|
||||
description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent
|
||||
object to which this VolumeSnapshot object intends to bind to. If
|
||||
not specified, it indicates that the VolumeSnapshot object has not
|
||||
been successfully bound to a VolumeSnapshotContent object yet. NOTE:
|
||||
To avoid possible security issues, consumers must verify binding
|
||||
between VolumeSnapshot and VolumeSnapshotContent objects is successful
|
||||
(by validating that both VolumeSnapshot and VolumeSnapshotContent
|
||||
point at each other) before using this object.'
|
||||
type: string
|
||||
creationTime:
|
||||
description: creationTime is the timestamp when the point-in-time
|
||||
snapshot is taken by the underlying storage system. In dynamic snapshot
|
||||
creation case, this field will be filled in by the snapshot controller
|
||||
with the "creation_time" value returned from CSI "CreateSnapshot"
|
||||
gRPC call. For a pre-existing snapshot, this field will be filled
|
||||
with the "creation_time" value returned from the CSI "ListSnapshots"
|
||||
gRPC call if the driver supports it. If not specified, it may indicate
|
||||
that the creation time of the snapshot is unknown.
|
||||
format: date-time
|
||||
type: string
|
||||
error:
|
||||
description: error is the last observed error during snapshot creation,
|
||||
if any. This field could be helpful to upper level controllers(i.e.,
|
||||
application controller) to decide whether they should continue on
|
||||
waiting for the snapshot to be created based on the type of error
|
||||
reported. The snapshot controller will keep retrying when an error
|
||||
occurs during the snapshot creation. Upon success, this error field
|
||||
will be cleared.
|
||||
properties:
|
||||
message:
|
||||
description: 'message is a string detailing the encountered error
|
||||
during snapshot creation if specified. NOTE: message may be
|
||||
logged, and it should not contain sensitive information.'
|
||||
type: string
|
||||
time:
|
||||
description: time is the timestamp when the error was encountered.
|
||||
format: date-time
|
||||
type: string
|
||||
type: object
|
||||
readyToUse:
|
||||
description: readyToUse indicates if the snapshot is ready to be used
|
||||
to restore a volume. In dynamic snapshot creation case, this field
|
||||
will be filled in by the snapshot controller with the "ready_to_use"
|
||||
value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing
|
||||
snapshot, this field will be filled with the "ready_to_use" value
|
||||
returned from the CSI "ListSnapshots" gRPC call if the driver supports
|
||||
it, otherwise, this field will be set to "True". If not specified,
|
||||
it means the readiness of a snapshot is unknown.
|
||||
type: boolean
|
||||
restoreSize:
|
||||
description: restoreSize represents the minimum size of volume required
|
||||
to create a volume from this snapshot. In dynamic snapshot creation
|
||||
case, this field will be filled in by the snapshot controller with
|
||||
the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call.
|
||||
For a pre-existing snapshot, this field will be filled with the
|
||||
"size_bytes" value returned from the CSI "ListSnapshots" gRPC call
|
||||
if the driver supports it. When restoring a volume from this snapshot,
|
||||
the size of the volume MUST NOT be smaller than the restoreSize
|
||||
if it is specified, otherwise the restoration will fail. If not
|
||||
specified, it indicates that the size is unknown.
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
volumeGroupSnapshotName:
|
||||
description: VolumeGroupSnapshotName is the name of the VolumeGroupSnapshot
|
||||
of which this VolumeSnapshot is a part of.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
- additionalPrinterColumns:
|
||||
- description: Indicates if the snapshot is ready to be used to restore a volume.
|
||||
jsonPath: .status.readyToUse
|
||||
name: ReadyToUse
|
||||
type: boolean
|
||||
- description: If a new snapshot needs to be created, this contains the name of
|
||||
the source PVC from which this snapshot was (or will be) created.
|
||||
jsonPath: .spec.source.persistentVolumeClaimName
|
||||
name: SourcePVC
|
||||
type: string
|
||||
- description: If a snapshot already exists, this contains the name of the existing
|
||||
VolumeSnapshotContent object representing the existing snapshot.
|
||||
jsonPath: .spec.source.volumeSnapshotContentName
|
||||
name: SourceSnapshotContent
|
||||
type: string
|
||||
- description: Represents the minimum size of volume required to rehydrate from
|
||||
this snapshot.
|
||||
jsonPath: .status.restoreSize
|
||||
name: RestoreSize
|
||||
type: string
|
||||
- description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot.
|
||||
jsonPath: .spec.volumeSnapshotClassName
|
||||
name: SnapshotClass
|
||||
type: string
|
||||
- description: Name of the VolumeSnapshotContent object to which the VolumeSnapshot
|
||||
object intends to bind to. Please note that verification of binding actually
|
||||
requires checking both VolumeSnapshot and VolumeSnapshotContent to ensure
|
||||
both are pointing at each other. Binding MUST be verified prior to usage of
|
||||
this object.
|
||||
jsonPath: .status.boundVolumeSnapshotContentName
|
||||
name: SnapshotContent
|
||||
type: string
|
||||
- description: Timestamp when the point-in-time snapshot was taken by the underlying
|
||||
storage system.
|
||||
jsonPath: .status.creationTime
|
||||
name: CreationTime
|
||||
type: date
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
deprecated: true
|
||||
deprecationWarning: snapshot.storage.k8s.io/v1beta1 VolumeSnapshot is deprecated;
|
||||
use snapshot.storage.k8s.io/v1 VolumeSnapshot
|
||||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: VolumeSnapshot is a user's request for either creating a point-in-time
|
||||
snapshot of a persistent volume, or binding to a pre-existing snapshot.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
spec:
|
||||
description: 'spec defines the desired characteristics of a snapshot requested
|
||||
by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots
|
||||
Required.'
|
||||
properties:
|
||||
source:
|
||||
description: source specifies where a snapshot will be created from.
|
||||
This field is immutable after creation. Required.
|
||||
properties:
|
||||
persistentVolumeClaimName:
|
||||
description: persistentVolumeClaimName specifies the name of the
|
||||
PersistentVolumeClaim object representing the volume from which
|
||||
a snapshot should be created. This PVC is assumed to be in the
|
||||
same namespace as the VolumeSnapshot object. This field should
|
||||
be set if the snapshot does not exists, and needs to be created.
|
||||
This field is immutable.
|
||||
type: string
|
||||
volumeSnapshotContentName:
|
||||
description: volumeSnapshotContentName specifies the name of a
|
||||
pre-existing VolumeSnapshotContent object representing an existing
|
||||
volume snapshot. This field should be set if the snapshot already
|
||||
exists and only needs a representation in Kubernetes. This field
|
||||
is immutable.
|
||||
type: string
|
||||
type: object
|
||||
volumeSnapshotClassName:
|
||||
description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass
|
||||
requested by the VolumeSnapshot. VolumeSnapshotClassName may be
|
||||
left nil to indicate that the default SnapshotClass should be used.
|
||||
A given cluster may have multiple default Volume SnapshotClasses:
|
||||
one default per CSI Driver. If a VolumeSnapshot does not specify
|
||||
a SnapshotClass, VolumeSnapshotSource will be checked to figure
|
||||
out what the associated CSI Driver is, and the default VolumeSnapshotClass
|
||||
associated with that CSI Driver will be used. If more than one VolumeSnapshotClass
|
||||
exist for a given CSI Driver and more than one have been marked
|
||||
as default, CreateSnapshot will fail and generate an event. Empty
|
||||
string is not allowed for this field.'
|
||||
type: string
|
||||
required:
|
||||
- source
|
||||
type: object
|
||||
status:
|
||||
description: status represents the current information of a snapshot.
|
||||
Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent
|
||||
objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent
|
||||
point at each other) before using this object.
|
||||
properties:
|
||||
boundVolumeSnapshotContentName:
|
||||
description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent
|
||||
object to which this VolumeSnapshot object intends to bind to. If
|
||||
not specified, it indicates that the VolumeSnapshot object has not
|
||||
been successfully bound to a VolumeSnapshotContent object yet. NOTE:
|
||||
To avoid possible security issues, consumers must verify binding
|
||||
between VolumeSnapshot and VolumeSnapshotContent objects is successful
|
||||
(by validating that both VolumeSnapshot and VolumeSnapshotContent
|
||||
point at each other) before using this object.'
|
||||
type: string
|
||||
creationTime:
|
||||
description: creationTime is the timestamp when the point-in-time
|
||||
snapshot is taken by the underlying storage system. In dynamic snapshot
|
||||
creation case, this field will be filled in by the snapshot controller
|
||||
with the "creation_time" value returned from CSI "CreateSnapshot"
|
||||
gRPC call. For a pre-existing snapshot, this field will be filled
|
||||
with the "creation_time" value returned from the CSI "ListSnapshots"
|
||||
gRPC call if the driver supports it. If not specified, it may indicate
|
||||
that the creation time of the snapshot is unknown.
|
||||
format: date-time
|
||||
type: string
|
||||
error:
|
||||
description: error is the last observed error during snapshot creation,
|
||||
if any. This field could be helpful to upper level controllers(i.e.,
|
||||
application controller) to decide whether they should continue on
|
||||
waiting for the snapshot to be created based on the type of error
|
||||
reported. The snapshot controller will keep retrying when an error
|
||||
occurs during the snapshot creation. Upon success, this error field
|
||||
will be cleared.
|
||||
properties:
|
||||
message:
|
||||
description: 'message is a string detailing the encountered error
|
||||
during snapshot creation if specified. NOTE: message may be
|
||||
logged, and it should not contain sensitive information.'
|
||||
type: string
|
||||
time:
|
||||
description: time is the timestamp when the error was encountered.
|
||||
format: date-time
|
||||
type: string
|
||||
type: object
|
||||
readyToUse:
|
||||
description: readyToUse indicates if the snapshot is ready to be used
|
||||
to restore a volume. In dynamic snapshot creation case, this field
|
||||
will be filled in by the snapshot controller with the "ready_to_use"
|
||||
value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing
|
||||
snapshot, this field will be filled with the "ready_to_use" value
|
||||
returned from the CSI "ListSnapshots" gRPC call if the driver supports
|
||||
it, otherwise, this field will be set to "True". If not specified,
|
||||
it means the readiness of a snapshot is unknown.
|
||||
type: boolean
|
||||
restoreSize:
|
||||
description: restoreSize represents the minimum size of volume required
|
||||
to create a volume from this snapshot. In dynamic snapshot creation
|
||||
case, this field will be filled in by the snapshot controller with
|
||||
the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call.
|
||||
For a pre-existing snapshot, this field will be filled with the
|
||||
"size_bytes" value returned from the CSI "ListSnapshots" gRPC call
|
||||
if the driver supports it. When restoring a volume from this snapshot,
|
||||
the size of the volume MUST NOT be smaller than the restoreSize
|
||||
if it is specified, otherwise the restoration will fail. If not
|
||||
specified, it indicates that the size is unknown.
|
||||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||
type: string
|
||||
x-kubernetes-int-or-string: true
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
served: false
|
||||
storage: false
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -1,5 +1,6 @@
|
||||
|
||||
|
||||
{{- if .Values.lvmLocalPv.enabled -}}
|
||||
{{- $crdName := "lvmnodes.local.openebs.io" -}}
|
||||
{{- if (include "crdIsAbsent" (list $crdName)) -}}
|
||||
##############################################
|
||||
########### ############
|
||||
########### LVMNode CRD ############
|
||||
@ -175,3 +176,5 @@ status:
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -1,5 +1,6 @@
|
||||
|
||||
|
||||
{{- if .Values.lvmLocalPv.enabled -}}
|
||||
{{- $crdName := "lvmsnapshots.local.openebs.io" -}}
|
||||
{{- if (include "crdIsAbsent" (list $crdName)) -}}
|
||||
##############################################
|
||||
########### ############
|
||||
########### LVMSnapshot CRD ############
|
||||
@ -83,3 +84,5 @@ status:
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -1,5 +1,6 @@
|
||||
|
||||
|
||||
{{- if .Values.lvmLocalPv.enabled -}}
|
||||
{{- $crdName := "lvmvolumes.local.openebs.io" -}}
|
||||
{{- if (include "crdIsAbsent" (list $crdName)) -}}
|
||||
##############################################
|
||||
########### ############
|
||||
########### LVMVolume CRD ############
|
||||
@ -151,3 +152,5 @@ status:
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -0,0 +1,8 @@
|
||||
lvmLocalPv:
|
||||
# Install lvm-localpv CRDs
|
||||
enabled: true
|
||||
|
||||
csi:
|
||||
volumeSnapshots:
|
||||
# Install Volume Snapshot CRDs
|
||||
enabled: true
|
@ -1,5 +1,5 @@
|
||||
apiVersion: apps/v1
|
||||
kind: StatefulSet
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "lvmlocalpv.fullname" . }}-controller
|
||||
{{- with .Values.lvmController.annotations }}
|
||||
@ -11,7 +11,6 @@ spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "lvmlocalpv.lvmController.matchLabels" . | nindent 6 }}
|
||||
serviceName: "{{ .Values.lvmController.serviceName }}"
|
||||
replicas: {{ .Values.lvmController.replicas }}
|
||||
template:
|
||||
metadata:
|
||||
@ -147,3 +146,7 @@ spec:
|
||||
tolerations:
|
||||
{{ toYaml .Values.lvmController.tolerations | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.lvmController.topologySpreadConstraints }}
|
||||
topologySpreadConstraints:
|
||||
{{ toYaml .Values.lvmController.topologySpreadConstraints | indent 8 }}
|
||||
{{- end }}
|
||||
|
@ -30,7 +30,7 @@ spec:
|
||||
priorityClassName: {{ template "lvmlocalpv.lvmNode.priorityClassName" . }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ .Values.serviceAccount.lvmNode.name }}
|
||||
hostNetwork: true
|
||||
hostNetwork: {{ .Values.lvmNode.hostNetwork }}
|
||||
containers:
|
||||
- name: {{ .Values.lvmNode.driverRegistrar.name }}
|
||||
image: "{{ .Values.lvmNode.driverRegistrar.image.registry }}{{ .Values.lvmNode.driverRegistrar.image.repository }}:{{ .Values.lvmNode.driverRegistrar.image.tag }}"
|
||||
|
@ -10,7 +10,7 @@ spec:
|
||||
allowPrivilegeEscalation: true
|
||||
allowedCapabilities: ['*']
|
||||
volumes: ['*']
|
||||
hostNetwork: true
|
||||
hostNetwork: {{ .Values.lvmNode.hostNetwork}}
|
||||
hostIPC: true
|
||||
hostPID: true
|
||||
runAsUser:
|
||||
|
@ -14,9 +14,6 @@ metadata:
|
||||
labels:
|
||||
{{- include "lvmlocalpv.lvmController.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["get", "list"]
|
||||
- apiGroups: [""]
|
||||
resources: ["namespaces"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
@ -123,7 +120,8 @@ roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
{{- end }}
|
||||
{{- if .Values.serviceAccount.lvmNode.create -}}
|
||||
|
||||
{{- if .Values.serviceAccount.lvmNode.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
|
@ -2,7 +2,7 @@
|
||||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
release:
|
||||
version: "1.3.0"
|
||||
version: "1.5.0"
|
||||
|
||||
imagePullSecrets:
|
||||
# - name: "image-pull-secret"
|
||||
@ -61,14 +61,15 @@ lvmNode:
|
||||
# Configure the maximum number of queries allowed after
|
||||
# accounting for rolled over qps from previous seconds.
|
||||
burst: 0
|
||||
# Disable or enable the use of hostNetwork for the lvm node daemonset.
|
||||
hostNetwork: false
|
||||
|
||||
|
||||
# lvmController contains the configurables for
|
||||
# the lvm controller statefulset
|
||||
# the lvm controller deployment
|
||||
lvmController:
|
||||
componentName: openebs-lvm-controller
|
||||
replicas: 1
|
||||
serviceName: openebs-lvm
|
||||
logLevel: 5
|
||||
resizer:
|
||||
name: "csi-resizer"
|
||||
@ -126,6 +127,7 @@ lvmController:
|
||||
name: openebs-lvm-controller
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
topologySpreadConstraints: []
|
||||
securityContext: {}
|
||||
priorityClass:
|
||||
create: true
|
||||
@ -139,7 +141,7 @@ lvmController:
|
||||
burst: 0
|
||||
|
||||
# lvmPlugin is the common csi container used by the
|
||||
# controller statefulset and node daemonset
|
||||
# controller deployment and node daemonset
|
||||
lvmPlugin:
|
||||
name: "openebs-lvm-plugin"
|
||||
image:
|
||||
@ -149,7 +151,7 @@ lvmPlugin:
|
||||
repository: openebs/lvm-driver
|
||||
pullPolicy: IfNotPresent
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
tag: 1.3.0
|
||||
tag: 1.5.0
|
||||
ioLimits:
|
||||
enabled: false
|
||||
containerRuntime: containerd
|
||||
@ -164,12 +166,6 @@ lvmPlugin:
|
||||
|
||||
role: openebs-lvm
|
||||
|
||||
crd:
|
||||
enableInstall: true
|
||||
# Specify installation of the kubernetes-csi volume snapshot CRDs if your Kubernetes distribution
|
||||
# or another storage operator already manages them.
|
||||
volumeSnapshot: true
|
||||
|
||||
serviceAccount:
|
||||
lvmController:
|
||||
# Specifies whether a service account should be created
|
||||
@ -186,3 +182,12 @@ serviceAccount:
|
||||
|
||||
analytics:
|
||||
enabled: true
|
||||
|
||||
crds:
|
||||
lvmLocalPv:
|
||||
# Install lvm-localpv CRDs
|
||||
enabled: true
|
||||
csi:
|
||||
volumeSnapshots:
|
||||
# Install Volume Snapshot CRDs
|
||||
enabled: true
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -18,7 +18,7 @@
|
||||
"subdir": "contrib/mixin"
|
||||
}
|
||||
},
|
||||
"version": "7851295966ae3dd5308c37079b5df58440d1fb36",
|
||||
"version": "9359aef3e3dd39b7bbf57cab4b6899a238af3144",
|
||||
"sum": "xuUBd2vqF7asyVDe5CE08uPT/RxAdy8O75EjFJoMXXU="
|
||||
},
|
||||
{
|
||||
@ -51,6 +51,16 @@
|
||||
"version": "a1d61cce1da59c71409b99b5c7568511fec661ea",
|
||||
"sum": "gCtR9s/4D5fxU9aKXg0Bru+/njZhA0YjLjPiASc61FM="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/grafana/grafonnet.git",
|
||||
"subdir": "gen/grafonnet-latest"
|
||||
}
|
||||
},
|
||||
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
|
||||
"sum": "GxEO83uxgsDclLp/fmlUJZDbSGpeUZY6Ap3G2cgdL1g="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
@ -58,8 +68,18 @@
|
||||
"subdir": "gen/grafonnet-v10.0.0"
|
||||
}
|
||||
},
|
||||
"version": "a1b14991306adebdb0107ea9aa74870bf86c346e",
|
||||
"sum": "gj/20VIGucG2vDGjG7YdHLC4yUUfrpuaneUYaRmymOM="
|
||||
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
|
||||
"sum": "W7sLuAvMSJPkC7Oo31t45Nz/cUdJV7jzNSJTd3F1daM="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
"git": {
|
||||
"remote": "https://github.com/grafana/grafonnet.git",
|
||||
"subdir": "gen/grafonnet-v10.4.0"
|
||||
}
|
||||
},
|
||||
"version": "6ac1593ca787638da223380ff4a3fd0f96e953e1",
|
||||
"sum": "ZSmDT7i/qU9P8ggmuPuJT+jonq1ZEsBRCXycW/H5L/A="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -68,8 +88,8 @@
|
||||
"subdir": "grafana-builder"
|
||||
}
|
||||
},
|
||||
"version": "931f6b1139bb3694b06f2261279ba3dc01aca5b8",
|
||||
"sum": "VmOxvg9FuY9UYr3lN6ZJe2HhuIErJoWimPybQr3S3yQ="
|
||||
"version": "7561fd330312538d22b00e0c7caecb4ba66321ea",
|
||||
"sum": "+z5VY+bPBNqXcmNAV8xbJcbsRA+pro1R3IM7aIY8OlU="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -78,8 +98,8 @@
|
||||
"subdir": "doc-util"
|
||||
}
|
||||
},
|
||||
"version": "503e5c8fe96d6b55775037713ac10b184709ad93",
|
||||
"sum": "BY4u0kLF3Qf/4IB4HnX9S5kEQIpHb4MUrppp6WLDtlU="
|
||||
"version": "6ac6c69685b8c29c54515448eaca583da2d88150",
|
||||
"sum": "BrAL/k23jq+xy9oA7TWIhUx07dsA/QLm3g7ktCwe//U="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -88,8 +108,8 @@
|
||||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "c1a315a7dbead0335a5e0486acc5583395b22a24",
|
||||
"sum": "UVdL+uuFI8BSQgLfMJEJk2WDKsQXNT3dRHcr2Ti9rLI="
|
||||
"version": "fc2e57a8839902ed4ba6cab5a99d642500f7102b",
|
||||
"sum": "43waffw1QzvpY4rKcWoo3L7Vpee+DCYexwLDd5cPG0M="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -98,8 +118,8 @@
|
||||
"subdir": ""
|
||||
}
|
||||
},
|
||||
"version": "2dbe4f9625a811b8b89f0495e74509c74779da82",
|
||||
"sum": "Fe7bN9E6qeKNUdENjQvYttgf4S1DDqXRVB80wdmQgHQ="
|
||||
"version": "a1c276d7a46c4b06fa5d8b4a64441939d398efe5",
|
||||
"sum": "b/mEai1MvVnZ22YvZlXEO4jWDZledrtJg8eOS1ZUj0M="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -108,8 +128,8 @@
|
||||
"subdir": "jsonnet/kube-state-metrics"
|
||||
}
|
||||
},
|
||||
"version": "c707af4c2d84193a3480729b3525b0fc3d686e73",
|
||||
"sum": "+dOzAK+fwsFf97uZpjcjTcEJEC1H8hh/j8f5uIQK/5g="
|
||||
"version": "9ba1c3702142918e09e8eb5ca530e15198624259",
|
||||
"sum": "msMZyUvcebzRILLzNlTIiSOwa1XgQKtP7jbZTkiqwM0="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -118,7 +138,7 @@
|
||||
"subdir": "jsonnet/kube-state-metrics-mixin"
|
||||
}
|
||||
},
|
||||
"version": "c707af4c2d84193a3480729b3525b0fc3d686e73",
|
||||
"version": "9ba1c3702142918e09e8eb5ca530e15198624259",
|
||||
"sum": "qclI7LwucTjBef3PkGBkKxF0mfZPbHnn4rlNWKGtR4c="
|
||||
},
|
||||
{
|
||||
@ -138,8 +158,8 @@
|
||||
"subdir": "jsonnet/kube-prometheus"
|
||||
}
|
||||
},
|
||||
"version": "035b09f42441d4630b3a3de4e4a490d19b1ba5e4",
|
||||
"sum": "bp+cUUcoQjREBPigCP2S1xIvrh7HDQeYqCcrHCuDnUQ="
|
||||
"version": "76f2e1ef95be0df752037baa040781c5219e1fb3",
|
||||
"sum": "IgpAgyyBZ7VT2vr9kSYQP/lkZUNQnbqpGh2sYCtUKs0="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -148,8 +168,8 @@
|
||||
"subdir": "jsonnet/mixin"
|
||||
}
|
||||
},
|
||||
"version": "0d918323945ce87f0094c05c153075c0a6edc8de",
|
||||
"sum": "n3flMIzlADeyygb0uipZ4KPp2uNSjdtkrwgHjTC7Ca4=",
|
||||
"version": "8f8464b41775e13c71c2700799352a3dcd82f528",
|
||||
"sum": "gi+knjdxs2T715iIQIntrimbHRgHnpM8IFBJDD1gYfs=",
|
||||
"name": "prometheus-operator-mixin"
|
||||
},
|
||||
{
|
||||
@ -159,8 +179,8 @@
|
||||
"subdir": "jsonnet/prometheus-operator"
|
||||
}
|
||||
},
|
||||
"version": "0d918323945ce87f0094c05c153075c0a6edc8de",
|
||||
"sum": "1X9mGAj+nRaBAgNRG19mYtDc+ZLVIeAiK5M3h0Tpu7A="
|
||||
"version": "8f8464b41775e13c71c2700799352a3dcd82f528",
|
||||
"sum": "/xycwh6lbet/dMzqZHJjSv6AfBEAQPAgk+1usi3d3W4="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -169,7 +189,7 @@
|
||||
"subdir": "doc/alertmanager-mixin"
|
||||
}
|
||||
},
|
||||
"version": "83486834deb4f886b4828cad3dbbe42d141d951d",
|
||||
"version": "14cbe6301c732658d6fe877ec55ad5b738abcf06",
|
||||
"sum": "IpF46ZXsm+0wJJAPtAre8+yxTNZA57mBqGpBP/r7/kw=",
|
||||
"name": "alertmanager"
|
||||
},
|
||||
@ -180,8 +200,8 @@
|
||||
"subdir": "docs/node-mixin"
|
||||
}
|
||||
},
|
||||
"version": "9666d002487039ac66b20287998945461eefe746",
|
||||
"sum": "QZwFBpulndqo799gkR5rP2/WdcQKQkNnaBwhaOI8Jeg="
|
||||
"version": "6425f079d162ebd22d4c6c4e4d7e4a36ebbe2239",
|
||||
"sum": "vWhHvFqV7+fxrQddTeGVKi1e4EzB3VWtNyD8TjSmevY="
|
||||
},
|
||||
{
|
||||
"source": {
|
||||
@ -190,8 +210,8 @@
|
||||
"subdir": "documentation/prometheus-mixin"
|
||||
}
|
||||
},
|
||||
"version": "2ae84f980f981a004143c8239f4f20a35547ef04",
|
||||
"sum": "rNvddVTMNfaguOGzEGoeKjUsfhlXJBUImC+SIFNNCiM=",
|
||||
"version": "bfaa0a319ceca0814b076072a61cc1640e6a4f36",
|
||||
"sum": "u/Fpz2MPkezy71/q+c7mF0vc3hE9fWt2W/YbvF0LP/8=",
|
||||
"name": "prometheus"
|
||||
},
|
||||
{
|
||||
@ -212,7 +232,7 @@
|
||||
"subdir": "mixin"
|
||||
}
|
||||
},
|
||||
"version": "e7aecb401f54bec52540900d455a9c226c5791ff",
|
||||
"version": "4a2a4555d24665a52c3ed43e007301dd492af9b3",
|
||||
"sum": "HhSSbGGCNHCMy1ee5jElYDm0yS9Vesa7QB2/SHKdjsY=",
|
||||
"name": "thanos-mixin"
|
||||
}
|
||||
|
@ -22,7 +22,7 @@ spec:
|
||||
# the snapshot controller won't be marked as ready if the v1 CRDs are unavailable
|
||||
# in #504 the snapshot-controller will exit after around 7.5 seconds if it
|
||||
# can't find the v1 CRDs so this value should be greater than that
|
||||
minReadySeconds: 15
|
||||
minReadySeconds: 35
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 0
|
||||
|
@ -0,0 +1,103 @@
|
||||
# RBAC file for the snapshot controller.
|
||||
#
|
||||
# The snapshot controller implements the control loop for CSI snapshot functionality.
|
||||
# It should be installed as part of the base Kubernetes distribution in an appropriate
|
||||
# namespace for components implementing base system functionality. For installing with
|
||||
# Vanilla Kubernetes, kube-system makes sense for the namespace.
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: snapshot-controller
|
||||
namespace: kube-system
|
||||
|
||||
---
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: snapshot-controller-runner
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumes"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumeclaims"]
|
||||
verbs: ["get", "list", "watch", "update"]
|
||||
- apiGroups: [""]
|
||||
resources: ["events"]
|
||||
verbs: ["list", "watch", "create", "update", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshotcontents/status"]
|
||||
verbs: ["patch"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots"]
|
||||
verbs: ["get", "list", "watch", "update", "patch", "delete"]
|
||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||
resources: ["volumesnapshots/status"]
|
||||
verbs: ["update", "patch"]
|
||||
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshotclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshotcontents"]
|
||||
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshotcontents/status"]
|
||||
verbs: ["patch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshots"]
|
||||
verbs: ["get", "list", "watch", "update", "patch"]
|
||||
- apiGroups: ["groupsnapshot.storage.k8s.io"]
|
||||
resources: ["volumegroupsnapshots/status"]
|
||||
verbs: ["update", "patch"]
|
||||
|
||||
# Enable this RBAC rule only when using distributed snapshotting, i.e. when the enable-distributed-snapshotting flag is set to true
|
||||
# - apiGroups: [""]
|
||||
# resources: ["nodes"]
|
||||
# verbs: ["get", "list", "watch"]
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: snapshot-controller-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: snapshot-controller
|
||||
namespace: kube-system
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: snapshot-controller-runner
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
---
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: snapshot-controller-leaderelection
|
||||
namespace: kube-system
|
||||
rules:
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
verbs: ["get", "watch", "list", "delete", "update", "create"]
|
||||
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: snapshot-controller-leaderelection
|
||||
namespace: kube-system
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: snapshot-controller
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: snapshot-controller-leaderelection
|
||||
apiGroup: rbac.authorization.k8s.io
|
@ -1,11 +1,11 @@
|
||||
{{- if .Values.crd.volumeSnapshot }}
|
||||
{{- if .Values.snapshotController.enabled }}
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/814"
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
creationTimestamp: null
|
||||
name: volumesnapshotclasses.snapshot.storage.k8s.io
|
||||
spec:
|
||||
@ -66,6 +66,8 @@ spec:
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
parameters:
|
||||
additionalProperties:
|
||||
type: string
|
||||
|
@ -1,11 +1,11 @@
|
||||
{{- if .Values.crd.volumeSnapshot }}
|
||||
{{- if .Values.snapshotController.enabled }}
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/814"
|
||||
api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/955"
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
creationTimestamp: null
|
||||
name: volumesnapshotcontents.snapshot.storage.k8s.io
|
||||
spec:
|
||||
@ -72,6 +72,8 @@ spec:
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: spec defines properties of a VolumeSnapshotContent created
|
||||
by the underlying storage system. Required.
|
||||
@ -241,9 +243,9 @@ spec:
|
||||
that dynamic snapshot creation has either failed or it is still
|
||||
in progress.
|
||||
type: string
|
||||
volumeGroupSnapshotContentName:
|
||||
description: VolumeGroupSnapshotContentName is the name of the VolumeGroupSnapshotContent
|
||||
of which this VolumeSnapshotContent is a part of.
|
||||
volumeGroupSnapshotHandle:
|
||||
description: VolumeGroupSnapshotHandle is the CSI "group_snapshot_id"
|
||||
of a group snapshot on the underlying storage system.
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
|
@ -1,11 +1,11 @@
|
||||
{{- if .Values.crd.volumeSnapshot }}
|
||||
{{- if .Values.snapshotController.enabled }}
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.11.3
|
||||
api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/814"
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
creationTimestamp: null
|
||||
name: volumesnapshots.snapshot.storage.k8s.io
|
||||
spec:
|
||||
@ -75,6 +75,8 @@ spec:
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: 'spec defines the desired characteristics of a snapshot requested
|
||||
by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots
|
||||
|
@ -6,16 +6,25 @@ set -ex
|
||||
#login_ecr_public
|
||||
update_helm
|
||||
|
||||
patch_chart gemini
|
||||
|
||||
patch_chart aws-ebs-csi-driver
|
||||
rm -rf charts/aws-ebs-csi-driver/templates/tests
|
||||
|
||||
patch_chart aws-efs-csi-driver
|
||||
|
||||
patch_chart lvm-localpv
|
||||
# move snapshotclasses/content from lvm-localpv to toplevel
|
||||
mv charts/lvm-localpv/templates/*crd.yaml templates/snapshot-controller
|
||||
|
||||
patch_chart gemini
|
||||
|
||||
# snapshotter
|
||||
# https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml
|
||||
# https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml
|
||||
|
||||
for crd in volumesnapshotclasses volumesnapshotcontents volumesnapshots; do
|
||||
_f="templates/snapshot-controller/${crd}-crd.yaml"
|
||||
echo "{{- if .Values.snapshotController.enabled }}" > $_f
|
||||
curl -L -s https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/client/config/crd/snapshot.storage.k8s.io_${crd}.yaml >> $_f
|
||||
echo "{{- end }}" >> $_f
|
||||
done
|
||||
|
||||
|
||||
# k8up - CRDs
|
||||
VERSION=$(yq eval '.dependencies[] | select(.name=="k8up") | .version' Chart.yaml)
|
||||
|
@ -1,12 +1,9 @@
|
||||
crd:
|
||||
volumeSnapshot: true
|
||||
|
||||
snapshotController:
|
||||
enabled: false
|
||||
|
||||
image:
|
||||
name: registry.k8s.io/sig-storage/snapshot-controller
|
||||
tag: v6.3.0
|
||||
tag: v7.0.1
|
||||
|
||||
replicas: 1
|
||||
logLevel: 2
|
||||
@ -28,6 +25,11 @@ snapshotController:
|
||||
lvm-localpv:
|
||||
enabled: false
|
||||
|
||||
crds:
|
||||
csi:
|
||||
volumeSnapshots:
|
||||
enabled: false
|
||||
|
||||
lvmNode:
|
||||
logLevel: 2
|
||||
nodeSelector:
|
||||
@ -190,6 +192,8 @@ aws-ebs-csi-driver:
|
||||
type: gp3
|
||||
encrypted: "true"
|
||||
|
||||
helmTester:
|
||||
enabled: false
|
||||
|
||||
aws-efs-csi-driver:
|
||||
enabled: false
|
||||
|
@ -37,12 +37,6 @@ metallb:
|
||||
|
||||
|
||||
{{- define "network-argo" }}
|
||||
# Metallb
|
||||
ignoreDifferences:
|
||||
- group: apiextensions.k8s.io
|
||||
kind: CustomResourceDefinition
|
||||
jsonPointers:
|
||||
- /spec/conversion/webhook/clientConfig/caBundle
|
||||
{{- end }}
|
||||
|
||||
{{ include "kubezero-app.app" . }}
|
||||
|
@ -11,7 +11,7 @@ global:
|
||||
|
||||
addons:
|
||||
enabled: true
|
||||
targetRevision: 0.8.4
|
||||
targetRevision: 0.8.5
|
||||
external-dns:
|
||||
enabled: false
|
||||
forseti:
|
||||
@ -30,7 +30,7 @@ addons:
|
||||
network:
|
||||
enabled: true
|
||||
retain: true
|
||||
targetRevision: 0.4.6
|
||||
targetRevision: 0.5.0
|
||||
cilium:
|
||||
cluster: {}
|
||||
|
||||
@ -41,7 +41,7 @@ cert-manager:
|
||||
|
||||
storage:
|
||||
enabled: false
|
||||
targetRevision: 0.8.4
|
||||
targetRevision: 0.8.5
|
||||
lvm-localpv:
|
||||
enabled: false
|
||||
aws-ebs-csi-driver:
|
||||
|
Loading…
Reference in New Issue
Block a user