diff --git a/CHANGELOG.md b/CHANGELOG.md index e789a7c0..d8170a7d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,14 @@ ## unreleased +## v1.1.2 - 2019.09.17 + +* Improve error messages for incorrectly attached volumes + [[GH-176](https://github.com/digitalocean/csi-digitalocean/pull/176)] + [[GH-177](https://github.com/digitalocean/csi-digitalocean/pull/177)] +* Allow for custom driver names, to help with upgrades from Kubernetes 1.11 + [[GH-179](https://github.com/digitalocean/csi-digitalocean/pull/179)] + [[GH-182](https://github.com/digitalocean/csi-digitalocean/pull/182)] + ## v1.1.1 - 2019.07.02 * Set a custom user agent for the godo client. [[GH-156](https://github.com/digitalocean/csi-digitalocean/pull/156)] diff --git a/README.md b/README.md index 50ce09ac..450eb5dc 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Cloud Foundry. Feel free to test it on other CO's and give us a feedback. ## Releases The DigitalOcean CSI plugin follows [semantic versioning](https://semver.org/). -The current version is: **`v1.1.1`**. The project is still +The current version is: **`v1.1.2`**. The project is still under active development and may not be production ready. The plugin will be bumped following the rules below: @@ -119,10 +119,10 @@ digitalocean Opaque 1 18h Before you continue, be sure to checkout to a [tagged release](https://github.com/digitalocean/csi-digitalocean/releases). Always use the [latest stable version](https://github.com/digitalocean/csi-digitalocean/releases/latest) -For example, to use the latest stable version (`v1.1.1`) you can execute the following command: +For example, to use the latest stable version (`v1.1.2`) you can execute the following command: ``` -$ kubectl apply -f https://raw.githubusercontent.com/digitalocean/csi-digitalocean/master/deploy/kubernetes/releases/csi-digitalocean-v1.1.1.yaml +$ kubectl apply -f https://raw.githubusercontent.com/digitalocean/csi-digitalocean/master/deploy/kubernetes/releases/csi-digitalocean-v1.1.2.yaml ``` This file will be always updated to point to the latest stable release. If you @@ -252,7 +252,7 @@ Dependencies are managed via [Go modules](https://github.com/golang/go/wiki/Modu To release a new version bump first the version: ``` -$ make NEW_VERSION=v1.1.1 bump-version +$ make NEW_VERSION=v1.1.2 bump-version ``` Make sure everything looks good. Create a new branch with all changes: @@ -265,15 +265,15 @@ $ git push origin After it's merged to master, [create a new Github release](https://github.com/digitalocean/csi-digitalocean/releases/new) from -master with the version `v1.1.1` and then publish a new docker build: +master with the version `v1.1.2` and then publish a new docker build: ``` $ git checkout master $ make publish ``` -This will create a binary with version `v1.1.1` and docker image pushed to -`digitalocean/do-csi-plugin:v1.1.1` +This will create a binary with version `v1.1.2` and docker image pushed to +`digitalocean/do-csi-plugin:v1.1.2` ## Contributing diff --git a/VERSION b/VERSION index 56130fb3..0f1acbd5 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v1.1.1 +v1.1.2 diff --git a/deploy/kubernetes/releases/csi-digitalocean-v1.1.2.yaml b/deploy/kubernetes/releases/csi-digitalocean-v1.1.2.yaml new file mode 100644 index 00000000..c6e47fc3 --- /dev/null +++ b/deploy/kubernetes/releases/csi-digitalocean-v1.1.2.yaml @@ -0,0 +1,465 @@ +# Copyright 2018 DigitalOcean +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Configuration to deploy release version of the CSI DigitalOcean +# plugin (https://github.com/digitalocean/csi-digitalocean) compatible with +# Kubernetes >=v1.14+ +# +# example usage: kubectl create -f +# + + +# Install the CSI Driver. This simplifies driver discovery and enables us to +# customize Kubernetes behavior +# https://kubernetes-csi.github.io/docs/csi-driver-object.html +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: dobs.csi.digitalocean.com +spec: + attachRequired: true + podInfoOnMount: true + +--- + +############################################## +########### ############ +########### Snapshot CRDs ############ +########### ############ +############################################## +# +# The following CRD's are created by the csi-snapshotter, however it +# complicates installing a driver, because we're not able to install a custom +# VolumeSnapshotClass until the csi-snapshotter sidecar is up and running. We +# pulled out the CRD's and put them here to simplify the installation for the +# users. Make sure these are up to date with the original ones whenever we +# release a new version: https://github.com/kubernetes-csi/external-snapshotter/blob/master/cmd/csi-snapshotter/create_crd.go + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshotclasses.snapshot.storage.k8s.io +spec: + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotClass + plural: volumesnapshotclasses + scope: Cluster + version: v1alpha1 + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshotcontents.snapshot.storage.k8s.io +spec: + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotContent + plural: volumesnapshotcontents + scope: Cluster + version: v1alpha1 + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshots.snapshot.storage.k8s.io +spec: + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshot + plural: volumesnapshots + scope: Namespaced + version: v1alpha1 + +--- + +kind: VolumeSnapshotClass +apiVersion: snapshot.storage.k8s.io/v1alpha1 +metadata: + name: do-block-storage + namespace: kube-system + annotations: + snapshot.storage.kubernetes.io/is-default-class: "true" +snapshotter: dobs.csi.digitalocean.com + +--- + +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: do-block-storage + namespace: kube-system + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: dobs.csi.digitalocean.com + +--- + +############################################## +########### ############ +########### Controller plugin ############ +########### ############ +############################################## + +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: csi-do-controller + namespace: kube-system +spec: + serviceName: "csi-do" + replicas: 1 + template: + metadata: + labels: + app: csi-do-controller + role: csi-do + spec: + priorityClassName: system-cluster-critical + serviceAccount: csi-do-controller-sa + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.1.0 + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v1.1.2 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v1.1.0 + args: + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: Always + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-do-plugin + image: digitalocean/do-csi-plugin:v1.1.2 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" + - "--url=$(DIGITALOCEAN_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: DIGITALOCEAN_API_URL + value: https://api.digitalocean.com/ + - name: DIGITALOCEAN_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} +--- + +kind: ServiceAccount +apiVersion: v1 +metadata: + name: csi-do-controller-sa + namespace: kube-system + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-provisioner-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-provisioner-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- +# Attacher must be able to work with PVs, nodes and VolumeAttachments +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-attacher-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-attacher-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-snapshotter-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-snapshotter-binding +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-snapshotter-role + apiGroup: rbac.authorization.k8s.io + +--- + +######################################## +########### ############ +########### Node plugin ############ +########### ############ +######################################## + +kind: DaemonSet +apiVersion: apps/v1beta2 +metadata: + name: csi-do-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-do-node + template: + metadata: + labels: + app: csi-do-node + role: csi-do + spec: + priorityClassName: system-node-critical + serviceAccount: csi-do-node-sa + hostNetwork: true + containers: + - name: csi-node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/dobs.csi.digitalocean.com /registration/dobs.csi.digitalocean.com-reg.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/dobs.csi.digitalocean.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration/ + - name: csi-do-plugin + image: digitalocean/do-csi-plugin:v1.1.2 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--url=$(DIGITALOCEAN_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: DIGITALOCEAN_API_URL + value: https://api.digitalocean.com/ + - name: DIGITALOCEAN_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + imagePullPolicy: "Always" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/dobs.csi.digitalocean.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-do-node-sa + namespace: kube-system + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-node-driver-registrar-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-node-driver-registrar-binding +subjects: + - kind: ServiceAccount + name: csi-do-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-node-driver-registrar-role + apiGroup: rbac.authorization.k8s.io