From 16ed9cff9723ec8bcc79c207ee1522aabb12e240 Mon Sep 17 00:00:00 2001 From: Cody Baker Date: Fri, 26 Apr 2019 01:02:20 +0000 Subject: [PATCH] Release csi-digitalocean v0.4.1 * Cherry-pick: Add tagging support for Volumes via the new `--do-tag` flag [[GH-130]](https://github.com/digitalocean/csi-digitalocean/pull/130) * Cherry-pick: Fix support for volume snapshots by setting snapshot id on volume creation [[GH-129]](https://github.com/digitalocean/csi-digitalocean/pull/129) * Cherry-pick: Goreportcard fixes (typos, exported variables, etc..) [[GH-121]](https://github.com/digitalocean/csi-digitalocean/pull/121) * Cherry-pick: Rename the cluster role bindings for the `node-driver-registrar` to be consistent with the other role bindings. [[GH-118]](https://github.com/digitalocean/csi-digitalocean/pull/118) * Cherry-pick: Remove the `--token` flag for the `csi-do-node` driver. Drivers running on the node don't need the token anymore. [[GH-118]](https://github.com/digitalocean/csi-digitalocean/pull/118) * Cherry-pick: Don't check the volume limits on the worker nodes (worker nodes are not able to talk to DigitalOcean API) [[GH-142]](https://github.com/digitalocean/csi-digitalocean/pull/142) * Cherry-pick: Update `godo` (DigitalOcean API package) version to v1.13.0 [[GH-143]](https://github.com/digitalocean/csi-digitalocean/pull/143) * Cherry-pick: Fix race in snapshot integration test. [[GH-146]](https://github.com/digitalocean/csi-digitalocean/pull/146) * Cherry-pick: Add tagging support for Volume snapshots via the new `--do-tag` flag [[GH-145]](https://github.com/digitalocean/csi-digitalocean/pull/145) --- CHANGELOG.md | 2 + README.md | 12 +- VERSION | 2 +- .../releases/csi-digitalocean-v0.4.1.yaml | 543 ++++++++++++++++++ 4 files changed, 552 insertions(+), 7 deletions(-) create mode 100644 deploy/kubernetes/releases/csi-digitalocean-v0.4.1.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index cfd52de5..39154701 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ## unreleased +## v0.4.1 - 2019.04.26 + * Cherry-pick: Add tagging support for Volumes via the new `--do-tag` flag [[GH-130]](https://github.com/digitalocean/csi-digitalocean/pull/130) * Cherry-pick: Fix support for volume snapshots by setting snapshot id on volume creation diff --git a/README.md b/README.md index 40335305..bb339be2 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Cloud Foundry. Feel free to test it on other CO's and give us a feedback. ## Releases The DigitalOcean CSI plugin follows [semantic versioning](https://semver.org/). -The current version is: **`v0.4.0`**. This means that the project is still +The current version is: **`v0.4.1`**. This means that the project is still under active development and may not be production ready. The plugin will be bumped to **`v1.0.0`** once the [DigitalOcean Kubernetes product](https://www.digitalocean.com/products/kubernetes/) is released and @@ -75,10 +75,10 @@ digitalocean Opaque 1 18h Before you continue, be sure to checkout to a [tagged release](https://github.com/digitalocean/csi-digitalocean/releases). Always use the [latest stable version](https://github.com/digitalocean/csi-digitalocean/releases/latest) -For example, to use the latest stable version (`v0.4.0`) you can execute the following command: +For example, to use the latest stable version (`v0.4.1`) you can execute the following command: ``` -$ kubectl apply -f https://raw.githubusercontent.com/digitalocean/csi-digitalocean/master/deploy/kubernetes/releases/csi-digitalocean-v0.4.0.yaml +$ kubectl apply -f https://raw.githubusercontent.com/digitalocean/csi-digitalocean/master/deploy/kubernetes/releases/csi-digitalocean-v0.4.1.yaml ``` This file will be always updated to point to the latest stable release. If you @@ -207,15 +207,15 @@ $ git push origin After it's merged to master, [create a new Github release](https://github.com/digitalocean/csi-digitalocean/releases/new) from -master with the version `v0.4.0` and then publish a new docker build: +master with the version `v0.4.1` and then publish a new docker build: ``` $ git checkout master $ make publish ``` -This will create a binary with version `v0.4.0` and docker image pushed to -`digitalocean/do-csi-plugin:v0.4.0` +This will create a binary with version `v0.4.1` and docker image pushed to +`digitalocean/do-csi-plugin:v0.4.1` ## Contributing diff --git a/VERSION b/VERSION index fb7a04cf..5aff472d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.4.0 +v0.4.1 diff --git a/deploy/kubernetes/releases/csi-digitalocean-v0.4.1.yaml b/deploy/kubernetes/releases/csi-digitalocean-v0.4.1.yaml new file mode 100644 index 00000000..4b4552fd --- /dev/null +++ b/deploy/kubernetes/releases/csi-digitalocean-v0.4.1.yaml @@ -0,0 +1,543 @@ +# Copyright 2018 DigitalOcean +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Configuration to deploy release version of the CSI DigitalOcean +# plugin (https://github.com/digitalocean/csi-digitalocean) compatible with +# Kubernetes >=v1.12.1 +# +# example usage: kubectl create -f + +--- + +#################################################### +########### ############ +########### CSI Node and Driver CRDs ############ +########### ############ +#################################################### + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: csinodeinfos.csi.storage.k8s.io +spec: + group: csi.storage.k8s.io + names: + kind: CSINodeInfo + plural: csinodeinfos + scope: Cluster + validation: + openAPIV3Schema: + properties: + csiDrivers: + description: List of CSI drivers running on the node and their properties. + items: + properties: + driver: + description: The CSI driver that this object refers to. + type: string + nodeID: + description: The node from the driver point of view. + type: string + topologyKeys: + description: List of keys supported by the driver. + items: + type: string + type: array + type: array + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: csidrivers.csi.storage.k8s.io +spec: + group: csi.storage.k8s.io + names: + kind: CSIDriver + plural: csidrivers + scope: Cluster + validation: + openAPIV3Schema: + properties: + spec: + description: Specification of the CSI Driver. + properties: + attachRequired: + description: Indicates this CSI volume driver requires an attach operation, + and that Kubernetes should call attach and wait for any attach operation + to complete before proceeding to mount. + type: boolean + podInfoOnMountVersion: + description: Indicates this CSI volume driver requires additional pod + information (like podName, podUID, etc.) during mount operations. + type: string + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +# CSIDriverRegistry feature gate needs to be enabled +apiVersion: csi.storage.k8s.io/v1alpha1 +kind: CSIDriver +metadata: + name: dobs.csi.digitalocean.com +spec: + attachRequired: true + podInfoOnMountVersion: "v1" + +--- + +############################################## +########### ############ +########### Snapshot CRDs ############ +########### ############ +############################################## +# +# The following CRD's are created by the csi-snapshotter, however it +# complicates installing a driver, because we're not able to install a custom +# VolumeSnapshotClass until the csi-snapshotter sidecar is up and running. We +# pulled out the CRD's and put them here to simplify the installation for the +# users. Make sure these are up to date with the original ones whenever we +# release a new version: https://github.com/kubernetes-csi/external-snapshotter/blob/master/cmd/csi-snapshotter/create_crd.go + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshotclasses.snapshot.storage.k8s.io +spec: + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotClass + plural: volumesnapshotclasses + scope: Cluster + version: v1alpha1 + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshotcontents.snapshot.storage.k8s.io +spec: + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotContent + plural: volumesnapshotcontents + scope: Cluster + version: v1alpha1 + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshots.snapshot.storage.k8s.io +spec: + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshot + plural: volumesnapshots + scope: Namespaced + version: v1alpha1 + +--- + +kind: VolumeSnapshotClass +apiVersion: snapshot.storage.k8s.io/v1alpha1 +metadata: + name: do-block-storage + namespace: kube-system + annotations: + snapshot.storage.kubernetes.io/is-default-class: "true" +snapshotter: dobs.csi.digitalocean.com + +--- + +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: do-block-storage + namespace: kube-system + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: dobs.csi.digitalocean.com + +--- + + +############################################## +########### ############ +########### Controller plugin ############ +########### ############ +############################################## + +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: csi-do-controller + namespace: kube-system +spec: + serviceName: "csi-do" + replicas: 1 + template: + metadata: + labels: + app: csi-do-controller + role: csi-do + spec: + serviceAccount: csi-do-controller-sa + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v0.4.1 + args: + - "--provisioner=dobs.csi.digitalocean.com" + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v0.4.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v0.4.1 + args: + - "--connection-timeout=15s" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: Always + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-do-plugin + image: digitalocean/do-csi-plugin:v0.4.1 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" + - "--url=$(DIGITALOCEAN_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: DIGITALOCEAN_API_URL + value: https://api.digitalocean.com/ + - name: DIGITALOCEAN_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} +--- + +kind: ServiceAccount +apiVersion: v1 +metadata: + name: csi-do-controller-sa + namespace: kube-system + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-provisioner-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-provisioner-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- +# Attacher must be able to work with PVs, nodes and VolumeAttachments +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-attacher-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-attacher-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-snapshotter-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-snapshotter-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-snapshotter-role + apiGroup: rbac.authorization.k8s.io + + + + +######################################## +########### ############ +########### Node plugin ############ +########### ############ +######################################## + +kind: DaemonSet +apiVersion: apps/v1beta2 +metadata: + name: csi-do-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-do-node + template: + metadata: + labels: + app: csi-do-node + role: csi-do + spec: + serviceAccount: csi-do-node-sa + hostNetwork: true + containers: + - name: driver-registrar + image: quay.io/k8scsi/driver-registrar:v0.4.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--mode=node-register" + - "--driver-requires-attachment=true" + - "--pod-info-mount-version=\"v1\"" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/dobs.csi.digitalocean.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration/ + - name: csi-do-plugin + image: digitalocean/do-csi-plugin:v0.4.1 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" + - "--url=$(DIGITALOCEAN_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: DIGITALOCEAN_API_URL + value: https://api.digitalocean.com/ + - name: DIGITALOCEAN_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + imagePullPolicy: "Always" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins/ + type: DirectoryOrCreate + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/dobs.csi.digitalocean.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-do-node-sa + namespace: kube-system + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-driver-registrar-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-driver-registrar-binding +subjects: + - kind: ServiceAccount + name: csi-do-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-driver-registrar-role + apiGroup: rbac.authorization.k8s.io + +