From bd03a4a3b8f34c2d198dc9ce4ba20b23d70dec8c Mon Sep 17 00:00:00 2001
From: Yiannis Gkoufas <yiannisg@ie.ibm.com>
Date: Mon, 8 Feb 2021 17:47:45 +0000
Subject: [PATCH] removed limits for containers passing flags on the sidecar
 and adding TCP on the LISTEN_ADDRESS missing rbac for provisioner sidecar

---
 resources/deployment.yaml | 19 +++++--------------
 resources/rbac.yaml       |  6 ++++++
 resources/secret.yaml     |  2 +-
 3 files changed, 12 insertions(+), 15 deletions(-)

diff --git a/resources/deployment.yaml b/resources/deployment.yaml
index 06d1518..e0946ee 100644
--- a/resources/deployment.yaml
+++ b/resources/deployment.yaml
@@ -35,25 +35,16 @@ spec:
       containers:
       - name: objectstorage-sample-driver
         image: quay.io/containerobjectstorage/objectstorage-sample-driver:latest
-        resources:
-          limits:
-            cpu: 1
-            memory: 1Gi
-          requests:
-            cpu: 100m
-            memory: 100Mi
+        args:
+          - "--listen-address=$(LISTEN_ADDRESS)"
+          - "--s3-endpoint=$(S3_ENDPOINT)"
+          - "--access-key=$(ACCESS_KEY)"
+          - "--secret-key=$(SECRET_KEY)"
         envFrom:
         - secretRef:
             name: objectstorage-provisioner
       - name: objectstorage-provisioner-sidecar
         image: quay.io/containerobjectstorage/objectstorage-sidecar:latest
-        resources:
-          limits:
-            cpu: 1
-            memory: 1Gi
-          requests:
-            cpu: 100m
-            memory: 100Mi
         env:
         - name: CONNECT_ADDRESS
           valueFrom:
diff --git a/resources/rbac.yaml b/resources/rbac.yaml
index f933510..eb2be5c 100644
--- a/resources/rbac.yaml
+++ b/resources/rbac.yaml
@@ -16,6 +16,12 @@ rules:
 - apiGroups: [""]
   resources: ["events"]
   verbs: ["list", "watch", "create", "update", "patch"]
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+- apiGroups: ["objectstorage.k8s.io"]
+  resources: ["bucketaccesses"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/resources/secret.yaml b/resources/secret.yaml
index 92479f5..d020bab 100644
--- a/resources/secret.yaml
+++ b/resources/secret.yaml
@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/name: container-object-storage-interface-provisioner
 type: Opaque
 stringData:
-  LISTEN_ADDRESS: 0.0.0.0:9000
+  LISTEN_ADDRESS: tcp://0.0.0.0:9000
 data:
   # set to space
   S3_ENDPOINT: IA==