From 143a8e7220d68143fd82104966cee6d63b98db87 Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Fri, 18 Dec 2020 19:06:49 +0100 Subject: [PATCH] AWS CSI driver --- pkg/apis/kops/componentconfig.go | 10 +- pkg/apis/kops/v1alpha2/componentconfig.go | 8 + upup/models/bindata.go | 653 ++++++++++++++++++ .../k8s-1.17.yaml.template | 591 ++++++++++++++++ .../pkg/fi/cloudup/bootstrapchannelbuilder.go | 19 +- .../amazonvpc/manifest.yaml | 8 + .../awscloudcontroller/manifest.yaml | 8 + .../awsiamauthenticator/manifest.yaml | 8 + .../cilium/manifest.yaml | 8 + .../public-jwks/manifest.yaml | 8 + .../simple/manifest.yaml | 8 + .../weave/manifest.yaml | 8 + 12 files changed, 1335 insertions(+), 2 deletions(-) create mode 100644 upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go index 8d1dc6e643926..d999e6035ef0c 100644 --- a/pkg/apis/kops/componentconfig.go +++ b/pkg/apis/kops/componentconfig.go @@ -775,7 +775,7 @@ type CloudConfiguration struct { // VShpereDatacenter is deprecated and will be removed in a later version VSphereDatacenter *string `json:"vSphereDatacenter,omitempty"` // VSphereResourcePool is deprecated and will be removed in a later version - VSphereResourcePool *string `json:"vSphereResourcePool,omitempty"` + VSphereResourcePool *string `json:"vSphereResot rcePool,omitempty"` // VSphereDatastore is deprecated and will be removed in a later version VSphereDatastore *string `json:"vSphereDatastore,omitempty"` // VSphereCoreDNSServer is deprecated and will be removed in a later version @@ -785,6 +785,14 @@ type CloudConfiguration struct { SpotinstOrientation *string `json:"spotinstOrientation,omitempty"` // Openstack cloud-config options Openstack *OpenstackConfiguration `json:"openstack,omitempty"` + // AWSEBSCSIDriver is the config for the AWS EBS CSI driver + AWSEBSCSIDriver *AWSEBSCSIDriver `json:"awsEBSCSIDriver"` +} + +// AWSEBSCSIDriver is the config for the AWS EBS CSI driver +type AWSEBSCSIDriver struct { + //Enabled enables the AWS EBS CSI driver + Enabled *bool `json:"enabled,omitempty"` } // NodeTerminationHandlerConfig determines the node termination handler configuration. diff --git a/pkg/apis/kops/v1alpha2/componentconfig.go b/pkg/apis/kops/v1alpha2/componentconfig.go index 044ade273467c..0939b3e90cfc8 100644 --- a/pkg/apis/kops/v1alpha2/componentconfig.go +++ b/pkg/apis/kops/v1alpha2/componentconfig.go @@ -784,6 +784,14 @@ type CloudConfiguration struct { SpotinstOrientation *string `json:"spotinstOrientation,omitempty"` // Openstack cloud-config options Openstack *OpenstackConfiguration `json:"openstack,omitempty"` + // AWSEBSCSIDriver is the config for the AWS EBS CSI driver + AWSEBSCSIDriver *AWSEBSCSIDriver `json:"awsEBSCSIDriver"` +} + +// AWSEBSCSIDriver is the config for the AWS EBS CSI driver +type AWSEBSCSIDriver struct { + //Enabled enables the AWS EBS CSI driver + Enabled *bool `json:"enabled,omitempty"` } // NodeTerminationHandlerConfig determines the node termination handler configuration. diff --git a/upup/models/bindata.go b/upup/models/bindata.go index ed07a27965fbc..c4d5349ce3702 100644 --- a/upup/models/bindata.go +++ b/upup/models/bindata.go @@ -14,6 +14,7 @@ // upup/models/cloudup/resources/addons/coredns.addons.k8s.io/k8s-1.12.yaml.template // upup/models/cloudup/resources/addons/digitalocean-cloud-controller.addons.k8s.io/k8s-1.8.yaml.template // upup/models/cloudup/resources/addons/dns-controller.addons.k8s.io/k8s-1.12.yaml.template +// upup/models/cloudup/resources/addons/ebs-csi-driver.aws/k8s-1.17.yaml.template // upup/models/cloudup/resources/addons/external-dns.addons.k8s.io/README.md // upup/models/cloudup/resources/addons/external-dns.addons.k8s.io/k8s-1.12.yaml.template // upup/models/cloudup/resources/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml.template @@ -28294,6 +28295,654 @@ func cloudupResourcesAddonsDnsControllerAddonsK8sIoK8s112YamlTemplate() (*asset, return a, nil } +var _cloudupResourcesAddonsEbsCsiDriverAwsK8s117YamlTemplate = []byte(`--- +# Source: aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ebs-csi-controller-sa + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: aws-ebs-csi-driver/templates/serviceaccount-snapshot-controller.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ebs-snapshot-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-attacher.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-attacher-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-provisioner-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-resizer.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-resizer-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +rules: + # The following rule should be uncommented for plugins that require secrets + # for provisioning. + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-snapshot-controller.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-snapshotter-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-attacher.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-attacher-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-attacher-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-provisioner.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-provisioner-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-provisioner-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-resizer-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-resizer-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-snapshot-controller.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-snapshot-controller-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +subjects: + - kind: ServiceAccount + name: ebs-snapshot-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-snapshot-controller-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-snapshotter-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-snapshotter-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/role-snapshot-controller-leaderelection.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-leaderelection + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: aws-ebs-csi-driver/templates/rolebinding-snapshot-controller-leaderelection.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-leaderelection + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +subjects: + - kind: ServiceAccount + name: ebs-snapshot-controller + namespace: kube-system +roleRef: + kind: Role + name: ebs-snapshot-controller-leaderelection + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/node.yaml +# Node Service +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: ebs-csi-node + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +spec: + selector: + matchLabels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + spec: + nodeSelector: + kubernetes.io/os: linux + hostNetwork: true + priorityClassName: system-node-critical + tolerations: + - operator: Exists + containers: + - name: ebs-plugin + securityContext: + privileged: true + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.8.0 + args: + - node + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /csi + - name: device-dir + mountPath: /dev + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0 + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=5 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory +--- +# Source: aws-ebs-csi-driver/templates/controller.yaml +# Controller Service +kind: Deployment +apiVersion: apps/v1 +metadata: + name: ebs-csi-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 2 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + spec: + nodeSelector: + kubernetes.io/os: linux + node-role.kubernetes.io/master: "" + serviceAccountName: ebs-csi-controller-sa + priorityClassName: system-cluster-critical + tolerations: + - operator: Exists + containers: + - name: ebs-plugin + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.8.0 + imagePullPolicy: IfNotPresent + args: + - controller + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --k8s-tag-cluster-id={{ ClusterName }} + - --extra-volume-tags=KubernetesCluster={{ ClusterName }} + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-secret + key: key_id + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-secret + key: access_key + optional: true + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.6.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + - --feature-gates=Topology=true + - --enable-leader-election + - --leader-election-type=leases + - --extra-create-metadata=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v2.2.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v2.1.1 + args: + - --csi-address=$(ADDRESS) + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: quay.io/k8scsi/csi-resizer:v0.5.0 + imagePullPolicy: Always + args: + - --csi-address=$(ADDRESS) + - --v=5 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + volumes: + - name: socket-dir + emptyDir: {} +--- +# Source: aws-ebs-csi-driver/templates/statefulset.yaml +#Snapshot controller +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: ebs-snapshot-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +spec: + serviceName: ebs-snapshot-controller + replicas: 1 + selector: + matchLabels: + app: ebs-snapshot-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-snapshot-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm + spec: + serviceAccountName: ebs-snapshot-controller + containers: + - name: snapshot-controller + image: quay.io/k8scsi/snapshot-controller:v2.1.1 + args: + - --v=5 + - --leader-election=false +--- +# Source: aws-ebs-csi-driver/templates/csidriver.yaml +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: ebs.csi.aws.com + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + helm.sh/chart: aws-ebs-csi-driver-0.7.1 + app.kubernetes.io/version: "0.8.0" + app.kubernetes.io/managed-by: Helm +spec: + attachRequired: true + podInfoOnMount: false +`) + +func cloudupResourcesAddonsEbsCsiDriverAwsK8s117YamlTemplateBytes() ([]byte, error) { + return _cloudupResourcesAddonsEbsCsiDriverAwsK8s117YamlTemplate, nil +} + +func cloudupResourcesAddonsEbsCsiDriverAwsK8s117YamlTemplate() (*asset, error) { + bytes, err := cloudupResourcesAddonsEbsCsiDriverAwsK8s117YamlTemplateBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "cloudup/resources/addons/ebs-csi-driver.aws/k8s-1.17.yaml.template", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + var _cloudupResourcesAddonsExternalDnsAddonsK8sIoReadmeMd = []byte(`# ExternalDNS ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers. @@ -42625,6 +43274,7 @@ var _bindata = map[string]func() (*asset, error){ "cloudup/resources/addons/coredns.addons.k8s.io/k8s-1.12.yaml.template": cloudupResourcesAddonsCorednsAddonsK8sIoK8s112YamlTemplate, "cloudup/resources/addons/digitalocean-cloud-controller.addons.k8s.io/k8s-1.8.yaml.template": cloudupResourcesAddonsDigitaloceanCloudControllerAddonsK8sIoK8s18YamlTemplate, "cloudup/resources/addons/dns-controller.addons.k8s.io/k8s-1.12.yaml.template": cloudupResourcesAddonsDnsControllerAddonsK8sIoK8s112YamlTemplate, + "cloudup/resources/addons/ebs-csi-driver.aws/k8s-1.17.yaml.template": cloudupResourcesAddonsEbsCsiDriverAwsK8s117YamlTemplate, "cloudup/resources/addons/external-dns.addons.k8s.io/README.md": cloudupResourcesAddonsExternalDnsAddonsK8sIoReadmeMd, "cloudup/resources/addons/external-dns.addons.k8s.io/k8s-1.12.yaml.template": cloudupResourcesAddonsExternalDnsAddonsK8sIoK8s112YamlTemplate, "cloudup/resources/addons/kops-controller.addons.k8s.io/k8s-1.16.yaml.template": cloudupResourcesAddonsKopsControllerAddonsK8sIoK8s116YamlTemplate, @@ -42740,6 +43390,9 @@ var _bintree = &bintree{nil, map[string]*bintree{ "dns-controller.addons.k8s.io": {nil, map[string]*bintree{ "k8s-1.12.yaml.template": {cloudupResourcesAddonsDnsControllerAddonsK8sIoK8s112YamlTemplate, map[string]*bintree{}}, }}, + "ebs-csi-driver.aws": {nil, map[string]*bintree{ + "k8s-1.17.yaml.template": {cloudupResourcesAddonsEbsCsiDriverAwsK8s117YamlTemplate, map[string]*bintree{}}, + }}, "external-dns.addons.k8s.io": {nil, map[string]*bintree{ "README.md": {cloudupResourcesAddonsExternalDnsAddonsK8sIoReadmeMd, map[string]*bintree{}}, "k8s-1.12.yaml.template": {cloudupResourcesAddonsExternalDnsAddonsK8sIoK8s112YamlTemplate, map[string]*bintree{}}, diff --git a/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template b/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template new file mode 100644 index 0000000000000..ce55626582462 --- /dev/null +++ b/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template @@ -0,0 +1,591 @@ +--- +# Source: aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ebs-csi-controller-sa + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +--- +# Source: aws-ebs-csi-driver/templates/serviceaccount-snapshot-controller.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ebs-snapshot-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-attacher.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-attacher-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-provisioner-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-resizer.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-resizer-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + # The following rule should be uncommented for plugins that require secrets + # for provisioning. + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-snapshot-controller.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-snapshotter-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-attacher.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-attacher-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-attacher-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-provisioner.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-provisioner-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-provisioner-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-resizer-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-resizer-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-snapshot-controller.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-snapshot-controller-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-snapshot-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-snapshot-controller-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-snapshotter-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-snapshotter-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/role-snapshot-controller-leaderelection.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-leaderelection + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: aws-ebs-csi-driver/templates/rolebinding-snapshot-controller-leaderelection.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-snapshot-controller-leaderelection + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-snapshot-controller + namespace: kube-system +roleRef: + kind: Role + name: ebs-snapshot-controller-leaderelection + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/node.yaml +# Node Service +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: ebs-csi-node + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + selector: + matchLabels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + nodeSelector: + kubernetes.io/os: linux + hostNetwork: true + priorityClassName: system-node-critical + tolerations: + - operator: Exists + containers: + - name: ebs-plugin + securityContext: + privileged: true + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.8.0 + args: + - node + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /csi + - name: device-dir + mountPath: /dev + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0 + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=5 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory +--- +# Source: aws-ebs-csi-driver/templates/controller.yaml +# Controller Service +kind: Deployment +apiVersion: apps/v1 +metadata: + name: ebs-csi-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + replicas: 2 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + nodeSelector: + kubernetes.io/os: linux + node-role.kubernetes.io/master: "" + serviceAccountName: ebs-csi-controller-sa + priorityClassName: system-cluster-critical + tolerations: + - operator: Exists + containers: + - name: ebs-plugin + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.8.0 + imagePullPolicy: IfNotPresent + args: + - controller + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --k8s-tag-cluster-id={{ ClusterName }} + - --extra-volume-tags=KubernetesCluster={{ ClusterName }} + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-secret + key: key_id + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-secret + key: access_key + optional: true + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.6.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + - --feature-gates=Topology=true + - --enable-leader-election + - --leader-election-type=leases + - --extra-create-metadata=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v2.2.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v2.1.1 + args: + - --csi-address=$(ADDRESS) + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: quay.io/k8scsi/csi-resizer:v0.5.0 + imagePullPolicy: Always + args: + - --csi-address=$(ADDRESS) + - --v=5 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + volumes: + - name: socket-dir + emptyDir: {} +--- +# Source: aws-ebs-csi-driver/templates/statefulset.yaml +#Snapshot controller +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: ebs-snapshot-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + serviceName: ebs-snapshot-controller + replicas: 1 + selector: + matchLabels: + app: ebs-snapshot-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-snapshot-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + serviceAccountName: ebs-snapshot-controller + containers: + - name: snapshot-controller + image: quay.io/k8scsi/snapshot-controller:v2.1.1 + args: + - --v=5 + - --leader-election=false +--- +# Source: aws-ebs-csi-driver/templates/csidriver.yaml +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: ebs.csi.aws.com + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + attachRequired: true + podInfoOnMount: false diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go index 972b75b060650..f5ef275120602 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go @@ -1016,9 +1016,9 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann } if kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderAWS { - key := "aws-cloud-controller.addons.k8s.io" if b.Cluster.Spec.ExternalCloudControllerManager != nil { + key := "aws-cloud-controller.addons.k8s.io" // Version refers to the addon configuration. The CCM tag is given by // the template function AWSCCMTag() version := "1.18.0-kops.1" @@ -1035,6 +1035,23 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann }) } } + if b.Cluster.Spec.CloudConfig.AWSEBSCSIDriver != nil && fi.BoolValue(b.Cluster.Spec.CloudConfig.AWSEBSCSIDriver.Enabled) { + key := "aws-ebs-csi-driver.addons.k8s.io" + + version := "0.8.0-kops.1" + { + id := "k8s-1.17" + location := key + "/" + id + ".yaml" + addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{ + Name: fi.String(key), + Version: fi.String(version), + Manifest: fi.String(location), + Selector: map[string]string{"k8s-addon": key}, + KubernetesVersion: ">=1.17.0", + Id: id, + }) + } + } } if b.Cluster.Spec.KubeScheduler.UsePolicyConfigMap != nil { diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml index 8c7126f2b2db9..678c4e6b5e999 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml @@ -84,3 +84,11 @@ spec: selector: role.kubernetes.io/networking: "1" version: 1.7.5-kops.1 + - id: k8s-1.17 + kubernetesVersion: '>=1.17.0' + manifest: ebs-csi-driver.aws/k8s-1.17.yaml + manifestHash: d3a6c53cfaa4886ca1facf26e0a96b18864e4aca + name: ebs-csi-driver.aws + selector: + k8s-addon: ebs-csi-driver.aws + version: 0.8.0-kops.1 diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml index 2a7d02e3ba52e..e229ebf4a9fca 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml @@ -69,3 +69,11 @@ spec: selector: k8s-addon: aws-cloud-controller.addons.k8s.io version: 1.18.0-kops.1 + - id: k8s-1.17 + kubernetesVersion: '>=1.17.0' + manifest: ebs-csi-driver.aws/k8s-1.17.yaml + manifestHash: d3a6c53cfaa4886ca1facf26e0a96b18864e4aca + name: ebs-csi-driver.aws + selector: + k8s-addon: ebs-csi-driver.aws + version: 0.8.0-kops.1 diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/manifest.yaml index 47bff4d0c26b8..16634a63e8c9d 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/manifest.yaml @@ -68,3 +68,11 @@ spec: selector: role.kubernetes.io/authentication: "1" version: 0.5.1-kops.1 + - id: k8s-1.17 + kubernetesVersion: '>=1.17.0' + manifest: ebs-csi-driver.aws/k8s-1.17.yaml + manifestHash: d3a6c53cfaa4886ca1facf26e0a96b18864e4aca + name: ebs-csi-driver.aws + selector: + k8s-addon: ebs-csi-driver.aws + version: 0.8.0-kops.1 diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml index e82dededfc3ec..728cf9cd4cdf3 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml @@ -76,3 +76,11 @@ spec: selector: role.kubernetes.io/networking: "1" version: 1.8.0-kops.1 + - id: k8s-1.17 + kubernetesVersion: '>=1.17.0' + manifest: ebs-csi-driver.aws/k8s-1.17.yaml + manifestHash: d3a6c53cfaa4886ca1facf26e0a96b18864e4aca + name: ebs-csi-driver.aws + selector: + k8s-addon: ebs-csi-driver.aws + version: 0.8.0-kops.1 diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/public-jwks/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/public-jwks/manifest.yaml index 09a9a5f8c3069..0308635db0cf0 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/public-jwks/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/public-jwks/manifest.yaml @@ -76,3 +76,11 @@ spec: selector: k8s-addon: storage-aws.addons.k8s.io version: 1.17.0 + - id: k8s-1.17 + kubernetesVersion: '>=1.17.0' + manifest: ebs-csi-driver.aws/k8s-1.17.yaml + manifestHash: d3a6c53cfaa4886ca1facf26e0a96b18864e4aca + name: ebs-csi-driver.aws + selector: + k8s-addon: ebs-csi-driver.aws + version: 0.8.0-kops.1 diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml index 1d55b96fe1ec4..b2c663aa10cef 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml @@ -61,3 +61,11 @@ spec: selector: k8s-addon: storage-aws.addons.k8s.io version: 1.17.0 + - id: k8s-1.17 + kubernetesVersion: '>=1.17.0' + manifest: ebs-csi-driver.aws/k8s-1.17.yaml + manifestHash: d3a6c53cfaa4886ca1facf26e0a96b18864e4aca + name: ebs-csi-driver.aws + selector: + k8s-addon: ebs-csi-driver.aws + version: 0.8.0-kops.1 diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml index d9841077af669..92e10be2d3aeb 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml @@ -68,3 +68,11 @@ spec: selector: role.kubernetes.io/networking: "1" version: 2.7.0-kops.1 + - id: k8s-1.17 + kubernetesVersion: '>=1.17.0' + manifest: ebs-csi-driver.aws/k8s-1.17.yaml + manifestHash: d3a6c53cfaa4886ca1facf26e0a96b18864e4aca + name: ebs-csi-driver.aws + selector: + k8s-addon: ebs-csi-driver.aws + version: 0.8.0-kops.1