From df0f1f11e34658ed6b1c6733fea024b618bb149f Mon Sep 17 00:00:00 2001 From: Adam Wolfe Gordon Date: Tue, 17 Sep 2019 14:26:05 -0600 Subject: [PATCH] Bump versions and update changelog for v0.4.3 release --- CHANGELOG.md | 8 +- README.md | 12 +- VERSION | 2 +- .../releases/csi-digitalocean-v0.4.3.yaml | 543 ++++++++++++++++++ 4 files changed, 557 insertions(+), 8 deletions(-) create mode 100644 deploy/kubernetes/releases/csi-digitalocean-v0.4.3.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ed700cb..f8d42d58 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,10 @@ -## unreleased\n +## unreleased + +## v0.4.3 - 2019.09.17 + +* Allow for custom driver names, to help with upgrades from Kubernetes 1.11 + [[GH-181](https://github.com/digitalocean/csi-digitalocean/pull/181)] + ## v0.4.2 - 2019.07.02 * Cherry-pick: Set a custom user agent for the godo client. diff --git a/README.md b/README.md index 6e4fd5ea..eb8b5bb6 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Cloud Foundry. Feel free to test it on other CO's and give us a feedback. ## Releases The DigitalOcean CSI plugin follows [semantic versioning](https://semver.org/). -The current version is: **`v0.4.2`**. This means that the project is still +The current version is: **`v0.4.3`**. This means that the project is still under active development and may not be production ready. The plugin will be bumped to **`v1.0.0`** once the [DigitalOcean Kubernetes product](https://www.digitalocean.com/products/kubernetes/) is released and @@ -75,10 +75,10 @@ digitalocean Opaque 1 18h Before you continue, be sure to checkout to a [tagged release](https://github.com/digitalocean/csi-digitalocean/releases). Always use the [latest stable version](https://github.com/digitalocean/csi-digitalocean/releases/latest) -For example, to use the latest stable version (`v0.4.2`) you can execute the following command: +For example, to use the latest stable version (`v0.4.3`) you can execute the following command: ``` -$ kubectl apply -f https://raw.githubusercontent.com/digitalocean/csi-digitalocean/master/deploy/kubernetes/releases/csi-digitalocean-v0.4.2.yaml +$ kubectl apply -f https://raw.githubusercontent.com/digitalocean/csi-digitalocean/master/deploy/kubernetes/releases/csi-digitalocean-v0.4.3.yaml ``` This file will be always updated to point to the latest stable release. If you @@ -221,15 +221,15 @@ $ git push origin After it's merged to master, [create a new Github release](https://github.com/digitalocean/csi-digitalocean/releases/new) from -master with the version `v0.4.2` and then publish a new docker build: +master with the version `v0.4.3` and then publish a new docker build: ``` $ git checkout master $ make publish ``` -This will create a binary with version `v0.4.2` and docker image pushed to -`digitalocean/do-csi-plugin:v0.4.2` +This will create a binary with version `v0.4.3` and docker image pushed to +`digitalocean/do-csi-plugin:v0.4.3` ## Contributing diff --git a/VERSION b/VERSION index 0eec13e4..f87d474c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.4.2 +v0.4.3 diff --git a/deploy/kubernetes/releases/csi-digitalocean-v0.4.3.yaml b/deploy/kubernetes/releases/csi-digitalocean-v0.4.3.yaml new file mode 100644 index 00000000..63373b3b --- /dev/null +++ b/deploy/kubernetes/releases/csi-digitalocean-v0.4.3.yaml @@ -0,0 +1,543 @@ +# Copyright 2018 DigitalOcean +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Configuration to deploy release version of the CSI DigitalOcean +# plugin (https://github.com/digitalocean/csi-digitalocean) compatible with +# Kubernetes >=v1.12.1 +# +# example usage: kubectl create -f + +--- + +#################################################### +########### ############ +########### CSI Node and Driver CRDs ############ +########### ############ +#################################################### + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: csinodeinfos.csi.storage.k8s.io +spec: + group: csi.storage.k8s.io + names: + kind: CSINodeInfo + plural: csinodeinfos + scope: Cluster + validation: + openAPIV3Schema: + properties: + csiDrivers: + description: List of CSI drivers running on the node and their properties. + items: + properties: + driver: + description: The CSI driver that this object refers to. + type: string + nodeID: + description: The node from the driver point of view. + type: string + topologyKeys: + description: List of keys supported by the driver. + items: + type: string + type: array + type: array + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: csidrivers.csi.storage.k8s.io +spec: + group: csi.storage.k8s.io + names: + kind: CSIDriver + plural: csidrivers + scope: Cluster + validation: + openAPIV3Schema: + properties: + spec: + description: Specification of the CSI Driver. + properties: + attachRequired: + description: Indicates this CSI volume driver requires an attach operation, + and that Kubernetes should call attach and wait for any attach operation + to complete before proceeding to mount. + type: boolean + podInfoOnMountVersion: + description: Indicates this CSI volume driver requires additional pod + information (like podName, podUID, etc.) during mount operations. + type: string + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +# CSIDriverRegistry feature gate needs to be enabled +apiVersion: csi.storage.k8s.io/v1alpha1 +kind: CSIDriver +metadata: + name: dobs.csi.digitalocean.com +spec: + attachRequired: true + podInfoOnMountVersion: "v1" + +--- + +############################################## +########### ############ +########### Snapshot CRDs ############ +########### ############ +############################################## +# +# The following CRD's are created by the csi-snapshotter, however it +# complicates installing a driver, because we're not able to install a custom +# VolumeSnapshotClass until the csi-snapshotter sidecar is up and running. We +# pulled out the CRD's and put them here to simplify the installation for the +# users. Make sure these are up to date with the original ones whenever we +# release a new version: https://github.com/kubernetes-csi/external-snapshotter/blob/master/cmd/csi-snapshotter/create_crd.go + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshotclasses.snapshot.storage.k8s.io +spec: + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotClass + plural: volumesnapshotclasses + scope: Cluster + version: v1alpha1 + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshotcontents.snapshot.storage.k8s.io +spec: + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotContent + plural: volumesnapshotcontents + scope: Cluster + version: v1alpha1 + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshots.snapshot.storage.k8s.io +spec: + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshot + plural: volumesnapshots + scope: Namespaced + version: v1alpha1 + +--- + +kind: VolumeSnapshotClass +apiVersion: snapshot.storage.k8s.io/v1alpha1 +metadata: + name: do-block-storage + namespace: kube-system + annotations: + snapshot.storage.kubernetes.io/is-default-class: "true" +snapshotter: dobs.csi.digitalocean.com + +--- + +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: do-block-storage + namespace: kube-system + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: dobs.csi.digitalocean.com + +--- + + +############################################## +########### ############ +########### Controller plugin ############ +########### ############ +############################################## + +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: csi-do-controller + namespace: kube-system +spec: + serviceName: "csi-do" + replicas: 1 + template: + metadata: + labels: + app: csi-do-controller + role: csi-do + spec: + serviceAccount: csi-do-controller-sa + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v0.4.2 + args: + - "--provisioner=dobs.csi.digitalocean.com" + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v0.4.2 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v0.4.2 + args: + - "--connection-timeout=15s" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: Always + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-do-plugin + image: digitalocean/do-csi-plugin:v0.4.3 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" + - "--url=$(DIGITALOCEAN_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: DIGITALOCEAN_API_URL + value: https://api.digitalocean.com/ + - name: DIGITALOCEAN_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} +--- + +kind: ServiceAccount +apiVersion: v1 +metadata: + name: csi-do-controller-sa + namespace: kube-system + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-provisioner-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-provisioner-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- +# Attacher must be able to work with PVs, nodes and VolumeAttachments +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-attacher-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-attacher-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-snapshotter-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-snapshotter-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-snapshotter-role + apiGroup: rbac.authorization.k8s.io + + + + +######################################## +########### ############ +########### Node plugin ############ +########### ############ +######################################## + +kind: DaemonSet +apiVersion: apps/v1beta2 +metadata: + name: csi-do-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-do-node + template: + metadata: + labels: + app: csi-do-node + role: csi-do + spec: + serviceAccount: csi-do-node-sa + hostNetwork: true + containers: + - name: driver-registrar + image: quay.io/k8scsi/driver-registrar:v0.4.2 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--mode=node-register" + - "--driver-requires-attachment=true" + - "--pod-info-mount-version=\"v1\"" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/dobs.csi.digitalocean.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration/ + - name: csi-do-plugin + image: digitalocean/do-csi-plugin:v0.4.3 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" + - "--url=$(DIGITALOCEAN_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: DIGITALOCEAN_API_URL + value: https://api.digitalocean.com/ + - name: DIGITALOCEAN_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + imagePullPolicy: "Always" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins/ + type: DirectoryOrCreate + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/dobs.csi.digitalocean.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-do-node-sa + namespace: kube-system + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-driver-registrar-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-driver-registrar-binding +subjects: + - kind: ServiceAccount + name: csi-do-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-driver-registrar-role + apiGroup: rbac.authorization.k8s.io + +