From 76b4ec1e5c585098024a98fdfe8fe7abb7b77085 Mon Sep 17 00:00:00 2001 From: Ole Markus With Date: Fri, 18 Dec 2020 19:06:49 +0100 Subject: [PATCH] AWS CSI driver --- k8s/crds/kops.k8s.io_clusters.yaml | 8 + pkg/apis/kops/componentconfig.go | 8 + pkg/apis/kops/v1alpha2/componentconfig.go | 8 + .../kops/v1alpha2/zz_generated.conversion.go | 48 ++ .../kops/v1alpha2/zz_generated.deepcopy.go | 26 + pkg/apis/kops/validation/aws.go | 16 + pkg/apis/kops/validation/aws_test.go | 37 ++ pkg/apis/kops/zz_generated.deepcopy.go | 26 + pkg/model/components/kubecontrollermanager.go | 18 +- pkg/model/components/kubelet.go | 11 + upup/models/bindata.go | 481 ++++++++++++++++++ .../k8s-1.17.yaml.template | 459 +++++++++++++++++ .../pkg/fi/cloudup/bootstrapchannelbuilder.go | 20 +- .../awscloudcontroller/cluster.yaml | 3 + .../awscloudcontroller/manifest.yaml | 8 + 15 files changed, 1168 insertions(+), 9 deletions(-) create mode 100644 upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml index cee32d24fb5bc..8469a95ab973e 100644 --- a/k8s/crds/kops.k8s.io_clusters.yaml +++ b/k8s/crds/kops.k8s.io_clusters.yaml @@ -214,6 +214,14 @@ spec: cloudConfig: description: CloudConfiguration defines the cloud provider configuration properties: + awsEBSCSIDriver: + description: AWSEBSCSIDriver is the config for the AWS EBS CSI + driver + properties: + enabled: + description: Enabled enables the AWS EBS CSI driver + type: boolean + type: object azure: description: Azure cloud-config options properties: diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go index ce97497d181d0..882b433975274 100644 --- a/pkg/apis/kops/componentconfig.go +++ b/pkg/apis/kops/componentconfig.go @@ -811,6 +811,14 @@ type CloudConfiguration struct { Openstack *OpenstackConfiguration `json:"openstack,omitempty"` // Azure cloud-config options Azure *AzureConfiguration `json:"azure,omitempty"` + // AWSEBSCSIDriver is the config for the AWS EBS CSI driver + AWSEBSCSIDriver *AWSEBSCSIDriver `json:"awsEBSCSIDriver,omitempty"` +} + +// AWSEBSCSIDriver is the config for the AWS EBS CSI driver +type AWSEBSCSIDriver struct { + //Enabled enables the AWS EBS CSI driver + Enabled *bool `json:"enabled,omitempty"` } // NodeTerminationHandlerConfig determines the node termination handler configuration. diff --git a/pkg/apis/kops/v1alpha2/componentconfig.go b/pkg/apis/kops/v1alpha2/componentconfig.go index 0e60e97be6275..039702aa5c3d3 100644 --- a/pkg/apis/kops/v1alpha2/componentconfig.go +++ b/pkg/apis/kops/v1alpha2/componentconfig.go @@ -810,6 +810,14 @@ type CloudConfiguration struct { Openstack *OpenstackConfiguration `json:"openstack,omitempty"` // Azure cloud-config options Azure *AzureConfiguration `json:"azure,omitempty"` + // AWSEBSCSIDriver is the config for the AWS EBS CSI driver + AWSEBSCSIDriver *AWSEBSCSIDriver `json:"awsEBSCSIDriver,omitempty"` +} + +// AWSEBSCSIDriver is the config for the AWS EBS CSI driver +type AWSEBSCSIDriver struct { + //Enabled enables the AWS EBS CSI driver + Enabled *bool `json:"enabled,omitempty"` } // NodeTerminationHandlerConfig determines the node termination handler configuration. diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go index 2f024e571de0c..745f6eece0bf6 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go @@ -33,6 +33,16 @@ func init() { // RegisterConversions adds conversion functions to the given scheme. // Public to allow building arbitrary schemes. func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*AWSEBSCSIDriver)(nil), (*kops.AWSEBSCSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha2_AWSEBSCSIDriver_To_kops_AWSEBSCSIDriver(a.(*AWSEBSCSIDriver), b.(*kops.AWSEBSCSIDriver), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*kops.AWSEBSCSIDriver)(nil), (*AWSEBSCSIDriver)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_kops_AWSEBSCSIDriver_To_v1alpha2_AWSEBSCSIDriver(a.(*kops.AWSEBSCSIDriver), b.(*AWSEBSCSIDriver), scope) + }); err != nil { + return err + } if err := s.AddGeneratedConversionFunc((*AccessSpec)(nil), (*kops.AccessSpec)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha2_AccessSpec_To_kops_AccessSpec(a.(*AccessSpec), b.(*kops.AccessSpec), scope) }); err != nil { @@ -1006,6 +1016,26 @@ func RegisterConversions(s *runtime.Scheme) error { return nil } +func autoConvert_v1alpha2_AWSEBSCSIDriver_To_kops_AWSEBSCSIDriver(in *AWSEBSCSIDriver, out *kops.AWSEBSCSIDriver, s conversion.Scope) error { + out.Enabled = in.Enabled + return nil +} + +// Convert_v1alpha2_AWSEBSCSIDriver_To_kops_AWSEBSCSIDriver is an autogenerated conversion function. +func Convert_v1alpha2_AWSEBSCSIDriver_To_kops_AWSEBSCSIDriver(in *AWSEBSCSIDriver, out *kops.AWSEBSCSIDriver, s conversion.Scope) error { + return autoConvert_v1alpha2_AWSEBSCSIDriver_To_kops_AWSEBSCSIDriver(in, out, s) +} + +func autoConvert_kops_AWSEBSCSIDriver_To_v1alpha2_AWSEBSCSIDriver(in *kops.AWSEBSCSIDriver, out *AWSEBSCSIDriver, s conversion.Scope) error { + out.Enabled = in.Enabled + return nil +} + +// Convert_kops_AWSEBSCSIDriver_To_v1alpha2_AWSEBSCSIDriver is an autogenerated conversion function. +func Convert_kops_AWSEBSCSIDriver_To_v1alpha2_AWSEBSCSIDriver(in *kops.AWSEBSCSIDriver, out *AWSEBSCSIDriver, s conversion.Scope) error { + return autoConvert_kops_AWSEBSCSIDriver_To_v1alpha2_AWSEBSCSIDriver(in, out, s) +} + func autoConvert_v1alpha2_AccessSpec_To_kops_AccessSpec(in *AccessSpec, out *kops.AccessSpec, s conversion.Scope) error { if in.DNS != nil { in, out := &in.DNS, &out.DNS @@ -1786,6 +1816,15 @@ func autoConvert_v1alpha2_CloudConfiguration_To_kops_CloudConfiguration(in *Clou } else { out.Azure = nil } + if in.AWSEBSCSIDriver != nil { + in, out := &in.AWSEBSCSIDriver, &out.AWSEBSCSIDriver + *out = new(kops.AWSEBSCSIDriver) + if err := Convert_v1alpha2_AWSEBSCSIDriver_To_kops_AWSEBSCSIDriver(*in, *out, s); err != nil { + return err + } + } else { + out.AWSEBSCSIDriver = nil + } return nil } @@ -1828,6 +1867,15 @@ func autoConvert_kops_CloudConfiguration_To_v1alpha2_CloudConfiguration(in *kops } else { out.Azure = nil } + if in.AWSEBSCSIDriver != nil { + in, out := &in.AWSEBSCSIDriver, &out.AWSEBSCSIDriver + *out = new(AWSEBSCSIDriver) + if err := Convert_kops_AWSEBSCSIDriver_To_v1alpha2_AWSEBSCSIDriver(*in, *out, s); err != nil { + return err + } + } else { + out.AWSEBSCSIDriver = nil + } return nil } diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go index fa1db81e3ec00..69df53e3b2ac8 100644 --- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go @@ -26,6 +26,27 @@ import ( intstr "k8s.io/apimachinery/pkg/util/intstr" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSEBSCSIDriver) DeepCopyInto(out *AWSEBSCSIDriver) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSEBSCSIDriver. +func (in *AWSEBSCSIDriver) DeepCopy() *AWSEBSCSIDriver { + if in == nil { + return nil + } + out := new(AWSEBSCSIDriver) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessSpec) DeepCopyInto(out *AccessSpec) { *out = *in @@ -540,6 +561,11 @@ func (in *CloudConfiguration) DeepCopyInto(out *CloudConfiguration) { *out = new(AzureConfiguration) **out = **in } + if in.AWSEBSCSIDriver != nil { + in, out := &in.AWSEBSCSIDriver, &out.AWSEBSCSIDriver + *out = new(AWSEBSCSIDriver) + (*in).DeepCopyInto(*out) + } return } diff --git a/pkg/apis/kops/validation/aws.go b/pkg/apis/kops/validation/aws.go index dd0a30713b2ff..67352409d42bc 100644 --- a/pkg/apis/kops/validation/aws.go +++ b/pkg/apis/kops/validation/aws.go @@ -38,9 +38,25 @@ func awsValidateCluster(c *kops.Cluster) field.ErrorList { } } + allErrs = append(allErrs, awsValidateExternalCloudControllerManager(c.Spec)...) + return allErrs } +func awsValidateExternalCloudControllerManager(c kops.ClusterSpec) (allErrs field.ErrorList) { + + if c.ExternalCloudControllerManager != nil { + if c.KubeControllerManager == nil || c.KubeControllerManager.ExternalCloudVolumePlugin != "aws" { + if c.CloudConfig == nil || c.CloudConfig.AWSEBSCSIDriver == nil || !fi.BoolValue(c.CloudConfig.AWSEBSCSIDriver.Enabled) { + allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "externalCloudControllerManager"), + "AWS external CCM cannot be used without enabling spec.cloudConfig.AWSEBSCSIDriver or setting spec.kubeControllerManaager.externalCloudVolumePlugin set to `aws`")) + } + } + } + return allErrs + +} + func awsValidateInstanceGroup(ig *kops.InstanceGroup, cloud awsup.AWSCloud) field.ErrorList { allErrs := field.ErrorList{} diff --git a/pkg/apis/kops/validation/aws_test.go b/pkg/apis/kops/validation/aws_test.go index b0205f5f05183..4b777acbb3276 100644 --- a/pkg/apis/kops/validation/aws_test.go +++ b/pkg/apis/kops/validation/aws_test.go @@ -26,6 +26,43 @@ import ( "k8s.io/kops/pkg/apis/kops" ) +func TestAWSValidateExternalCloudConfig(t *testing.T) { + grid := []struct { + Input kops.ClusterSpec + ExpectedErrors []string + }{ + { + Input: kops.ClusterSpec{ + ExternalCloudControllerManager: &kops.CloudControllerManagerConfig{}, + }, + ExpectedErrors: []string{"Forbidden::spec.externalCloudControllerManager"}, + }, + { + Input: kops.ClusterSpec{ + ExternalCloudControllerManager: &kops.CloudControllerManagerConfig{}, + CloudConfig: &kops.CloudConfiguration{ + AWSEBSCSIDriver: &kops.AWSEBSCSIDriver{ + Enabled: fi.Bool(true), + }, + }, + }, + }, + { + Input: kops.ClusterSpec{ + ExternalCloudControllerManager: &kops.CloudControllerManagerConfig{}, + KubeControllerManager: &kops.KubeControllerManagerConfig{ + ExternalCloudVolumePlugin: "aws", + }, + }, + }, + } + for _, g := range grid { + errs := awsValidateExternalCloudControllerManager(g.Input) + + testErrors(t, g.Input, errs, g.ExpectedErrors) + } +} + func TestValidateInstanceGroupSpec(t *testing.T) { grid := []struct { Input kops.InstanceGroupSpec diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go index ac6dc9cda30b8..c5701d9fb3bc0 100644 --- a/pkg/apis/kops/zz_generated.deepcopy.go +++ b/pkg/apis/kops/zz_generated.deepcopy.go @@ -26,6 +26,27 @@ import ( intstr "k8s.io/apimachinery/pkg/util/intstr" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AWSEBSCSIDriver) DeepCopyInto(out *AWSEBSCSIDriver) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSEBSCSIDriver. +func (in *AWSEBSCSIDriver) DeepCopy() *AWSEBSCSIDriver { + if in == nil { + return nil + } + out := new(AWSEBSCSIDriver) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AccessSpec) DeepCopyInto(out *AccessSpec) { *out = *in @@ -640,6 +661,11 @@ func (in *CloudConfiguration) DeepCopyInto(out *CloudConfiguration) { *out = new(AzureConfiguration) **out = **in } + if in.AWSEBSCSIDriver != nil { + in, out := &in.AWSEBSCSIDriver, &out.AWSEBSCSIDriver + *out = new(AWSEBSCSIDriver) + (*in).DeepCopyInto(*out) + } return } diff --git a/pkg/model/components/kubecontrollermanager.go b/pkg/model/components/kubecontrollermanager.go index 732e5848f6979..bb65bab253ee6 100644 --- a/pkg/model/components/kubecontrollermanager.go +++ b/pkg/model/components/kubecontrollermanager.go @@ -101,14 +101,6 @@ func (b *KubeControllerManagerOptionsBuilder) BuildOptions(o interface{}) error if clusterSpec.ExternalCloudControllerManager != nil { kcm.CloudProvider = "external" - - // External cloud provider disables KCM volume controllers, so - // most users would want to either install CSI or pass - // --external-cloud-volume-plugin to the KCM, which runs the - // KCM volume controllers. - if kcm.ExternalCloudVolumePlugin == "" { - klog.Infof("An external cloud controller manager is configured, but ExternalCloudVolumePlugin is not configured for the KCM. This means a CSI plugin must be installed by the user or else volume management might not work.") - } } kcm.LogLevel = 2 @@ -158,5 +150,15 @@ func (b *KubeControllerManagerOptionsBuilder) BuildOptions(o interface{}) error kcm.Controllers = []string{"*", "tokencleaner"} } + if clusterSpec.CloudConfig != nil && clusterSpec.CloudConfig.AWSEBSCSIDriver != nil && fi.BoolValue(clusterSpec.CloudConfig.AWSEBSCSIDriver.Enabled) { + + if kcm.FeatureGates == nil { + kcm.FeatureGates = make(map[string]string) + } + if _, found := kcm.FeatureGates["CSIMigrationAWSComplete"]; !found { + kcm.FeatureGates["CSIMigrationAWSComplete"] = "true" + } + } + return nil } diff --git a/pkg/model/components/kubelet.go b/pkg/model/components/kubelet.go index 2e7a12c43e00a..e79e2f2209695 100644 --- a/pkg/model/components/kubelet.go +++ b/pkg/model/components/kubelet.go @@ -213,5 +213,16 @@ func (b *KubeletOptionsBuilder) BuildOptions(o interface{}) error { } } + if clusterSpec.CloudConfig != nil && clusterSpec.CloudConfig.AWSEBSCSIDriver != nil && fi.BoolValue(clusterSpec.CloudConfig.AWSEBSCSIDriver.Enabled) { + if _, found := clusterSpec.Kubelet.FeatureGates["CSIMigrationAWSComplete"]; !found { + clusterSpec.Kubelet.FeatureGates["CSIMigrationAWSComplete"] = "true" + } + } + if _, found := clusterSpec.Kubelet.FeatureGates["ExperimentalCriticalPodAnnotation"]; !found { + if b.IsKubernetesLT("1.16") { + clusterSpec.Kubelet.FeatureGates["ExperimentalCriticalPodAnnotation"] = "true" + } + } + return nil } diff --git a/upup/models/bindata.go b/upup/models/bindata.go index 91b7662f5f14c..b6e8d71c4c607 100644 --- a/upup/models/bindata.go +++ b/upup/models/bindata.go @@ -6,6 +6,7 @@ // upup/models/cloudup/resources/addons/authentication.aws/k8s-1.12.yaml.template // upup/models/cloudup/resources/addons/authentication.kope.io/k8s-1.12.yaml // upup/models/cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template +// upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template // upup/models/cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template // upup/models/cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template // upup/models/cloudup/resources/addons/core.addons.k8s.io/addon.yaml @@ -755,6 +756,482 @@ func cloudupResourcesAddonsAwsCloudControllerAddonsK8sIoK8s118YamlTemplate() (*a return a, nil } +var _cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplate = []byte(`--- +# Source: aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ebs-csi-controller-sa + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-attacher.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-attacher-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-provisioner-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-resizer.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-resizer-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + # The following rule should be uncommented for plugins that require secrets + # for provisioning. + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-snapshotter-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-attacher.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-attacher-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-attacher-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-provisioner.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-provisioner-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-provisioner-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-resizer-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-resizer-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-snapshotter-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-snapshotter-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/node.yaml +# Node Service +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: ebs-csi-node + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + selector: + matchLabels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + nodeSelector: + kubernetes.io/os: linux + hostNetwork: true + priorityClassName: system-node-critical + tolerations: + - operator: Exists + containers: + - name: ebs-plugin + securityContext: + privileged: true + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.8.0 + args: + - node + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /csi + - name: device-dir + mountPath: /dev + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0 + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=5 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory +--- +# Source: aws-ebs-csi-driver/templates/controller.yaml +# Controller Service +kind: Deployment +apiVersion: apps/v1 +metadata: + name: ebs-csi-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + replicas: 2 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + nodeSelector: + kubernetes.io/os: linux + node-role.kubernetes.io/master: "" + serviceAccountName: ebs-csi-controller-sa + priorityClassName: system-cluster-critical + tolerations: + - operator: Exists + containers: + - name: ebs-plugin + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.8.0 + imagePullPolicy: IfNotPresent + args: + - controller + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --k8s-tag-cluster-id={{ ClusterName }} + - --extra-tags=KubernetesCluster={{ ClusterName }} + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-secret + key: key_id + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-secret + key: access_key + optional: true + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.6.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + - --feature-gates=Topology=true + - --enable-leader-election + - --leader-election-type=leases + - --extra-create-metadata=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v2.2.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v2.1.1 + args: + - --csi-address=$(ADDRESS) + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: quay.io/k8scsi/csi-resizer:v0.5.0 + imagePullPolicy: Always + args: + - --csi-address=$(ADDRESS) + - --v=5 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + volumes: + - name: socket-dir + emptyDir: {} +--- +# Source: aws-ebs-csi-driver/templates/csidriver.yaml +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: ebs.csi.aws.com + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + attachRequired: true + podInfoOnMount: false +`) + +func cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplateBytes() ([]byte, error) { + return _cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplate, nil +} + +func cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplate() (*asset, error) { + bytes, err := cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplateBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + var _cloudupResourcesAddonsCertmanagerIoK8s116YamlTemplate = []byte(`# Copyright The Jetstack cert-manager contributors. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -42625,6 +43102,7 @@ var _bindata = map[string]func() (*asset, error){ "cloudup/resources/addons/authentication.aws/k8s-1.12.yaml.template": cloudupResourcesAddonsAuthenticationAwsK8s112YamlTemplate, "cloudup/resources/addons/authentication.kope.io/k8s-1.12.yaml": cloudupResourcesAddonsAuthenticationKopeIoK8s112Yaml, "cloudup/resources/addons/aws-cloud-controller.addons.k8s.io/k8s-1.18.yaml.template": cloudupResourcesAddonsAwsCloudControllerAddonsK8sIoK8s118YamlTemplate, + "cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template": cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplate, "cloudup/resources/addons/certmanager.io/k8s-1.16.yaml.template": cloudupResourcesAddonsCertmanagerIoK8s116YamlTemplate, "cloudup/resources/addons/cluster-autoscaler.addons.k8s.io/k8s-1.15.yaml.template": cloudupResourcesAddonsClusterAutoscalerAddonsK8sIoK8s115YamlTemplate, "cloudup/resources/addons/core.addons.k8s.io/addon.yaml": cloudupResourcesAddonsCoreAddonsK8sIoAddonYaml, @@ -42728,6 +43206,9 @@ var _bintree = &bintree{nil, map[string]*bintree{ "aws-cloud-controller.addons.k8s.io": {nil, map[string]*bintree{ "k8s-1.18.yaml.template": {cloudupResourcesAddonsAwsCloudControllerAddonsK8sIoK8s118YamlTemplate, map[string]*bintree{}}, }}, + "aws-ebs-csi-driver.addons.k8s.io": {nil, map[string]*bintree{ + "k8s-1.17.yaml.template": {cloudupResourcesAddonsAwsEbsCsiDriverAddonsK8sIoK8s117YamlTemplate, map[string]*bintree{}}, + }}, "certmanager.io": {nil, map[string]*bintree{ "k8s-1.16.yaml.template": {cloudupResourcesAddonsCertmanagerIoK8s116YamlTemplate, map[string]*bintree{}}, }}, diff --git a/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template b/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template new file mode 100644 index 0000000000000..27ff62337e642 --- /dev/null +++ b/upup/models/cloudup/resources/addons/aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml.template @@ -0,0 +1,459 @@ +--- +# Source: aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ebs-csi-controller-sa + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-attacher.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-attacher-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-provisioner-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-resizer.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-resizer-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + # The following rule should be uncommented for plugins that require secrets + # for provisioning. + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +# Source: aws-ebs-csi-driver/templates/clusterrole-snapshotter.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-snapshotter-role + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-attacher.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-attacher-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-attacher-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-provisioner.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-provisioner-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-provisioner-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-resizer-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-resizer-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-snapshotter-binding + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-snapshotter-role + apiGroup: rbac.authorization.k8s.io +--- +# Source: aws-ebs-csi-driver/templates/node.yaml +# Node Service +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: ebs-csi-node + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + selector: + matchLabels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-node + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + nodeSelector: + kubernetes.io/os: linux + hostNetwork: true + priorityClassName: system-node-critical + tolerations: + - operator: Exists + containers: + - name: ebs-plugin + securityContext: + privileged: true + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.8.0 + args: + - node + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /csi + - name: device-dir + mountPath: /dev + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0 + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=5 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory +--- +# Source: aws-ebs-csi-driver/templates/controller.yaml +# Controller Service +kind: Deployment +apiVersion: apps/v1 +metadata: + name: ebs-csi-controller + namespace: kube-system + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + replicas: 2 + selector: + matchLabels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + template: + metadata: + labels: + app: ebs-csi-controller + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" + spec: + nodeSelector: + kubernetes.io/os: linux + node-role.kubernetes.io/master: "" + serviceAccountName: ebs-csi-controller-sa + priorityClassName: system-cluster-critical + tolerations: + - operator: Exists + containers: + - name: ebs-plugin + image: k8s.gcr.io/provider-aws/aws-ebs-csi-driver:v0.8.0 + imagePullPolicy: IfNotPresent + args: + - controller + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --k8s-tag-cluster-id={{ ClusterName }} + - --extra-tags=KubernetesCluster={{ ClusterName }} + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-secret + key: key_id + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-secret + key: access_key + optional: true + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.6.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + - --feature-gates=Topology=true + - --enable-leader-election + - --leader-election-type=leases + - --extra-create-metadata=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v2.2.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v2.1.1 + args: + - --csi-address=$(ADDRESS) + - --leader-election=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: quay.io/k8scsi/csi-resizer:v0.5.0 + imagePullPolicy: Always + args: + - --csi-address=$(ADDRESS) + - --v=5 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + volumes: + - name: socket-dir + emptyDir: {} +--- +# Source: aws-ebs-csi-driver/templates/csidriver.yaml +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: ebs.csi.aws.com + labels: + app.kubernetes.io/name: aws-ebs-csi-driver + app.kubernetes.io/instance: aws-ebs-csi-driver + app.kubernetes.io/version: "0.8.0" +spec: + attachRequired: true + podInfoOnMount: false diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go index f6f5289958f4e..e385e78bcaa45 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go @@ -1016,9 +1016,9 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann } if kops.CloudProviderID(b.Cluster.Spec.CloudProvider) == kops.CloudProviderAWS { - key := "aws-cloud-controller.addons.k8s.io" if b.Cluster.Spec.ExternalCloudControllerManager != nil { + key := "aws-cloud-controller.addons.k8s.io" // Version refers to the addon configuration. The CCM tag is given by // the template function AWSCCMTag() version := "1.18.0-kops.1" @@ -1035,6 +1035,24 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann }) } } + if b.Cluster.Spec.CloudConfig != nil && b.Cluster.Spec.CloudConfig.AWSEBSCSIDriver != nil && fi.BoolValue(b.Cluster.Spec.CloudConfig.AWSEBSCSIDriver.Enabled) { + key := "aws-ebs-csi-driver.addons.k8s.io" + + version := "0.8.0-kops.1" + { + id := "k8s-1.17" + location := key + "/" + id + ".yaml" + addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{ + Name: fi.String(key), + Version: fi.String(version), + Manifest: fi.String(location), + Selector: map[string]string{"k8s-addon": key}, + KubernetesVersion: ">=1.17.0", + Id: id, + }) + } + } + } if b.Cluster.Spec.KubeScheduler.UsePolicyConfigMap != nil { diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/cluster.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/cluster.yaml index c91b70d045baa..3605a12f38ced 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/cluster.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/cluster.yaml @@ -10,6 +10,9 @@ spec: - 0.0.0.0/0 channel: stable cloudProvider: aws + cloudConfig: + awsEBSCSIDriver: + enabled: true configBase: memfs://clusters.example.com/minimal.example.com etcdClusters: - etcdMembers: diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml index 2a7d02e3ba52e..67adffb153271 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awscloudcontroller/manifest.yaml @@ -69,3 +69,11 @@ spec: selector: k8s-addon: aws-cloud-controller.addons.k8s.io version: 1.18.0-kops.1 + - id: k8s-1.17 + kubernetesVersion: '>=1.17.0' + manifest: aws-ebs-csi-driver.addons.k8s.io/k8s-1.17.yaml + manifestHash: 764e53dc640a307c42a075797e6307d2014a28b6 + name: aws-ebs-csi-driver.addons.k8s.io + selector: + k8s-addon: aws-ebs-csi-driver.addons.k8s.io + version: 0.8.0-kops.1