Skip to content

Commit 2c5b3d4

Browse files
mattcarymattcary
committed
Update deployment for 1.24 and 1.25
Change-Id: I694842d570567faf879897d35c4516b2bfd74759
1 parent 88feefc commit 2c5b3d4

22 files changed

+304
-5
lines changed

deploy/kubernetes/base/controller/kustomization.yaml

-1
Original file line numberDiff line numberDiff line change
@@ -5,5 +5,4 @@ namespace:
55
resources:
66
- cluster_setup.yaml
77
- controller.yaml
8-
- psp.yaml
98
- v1_csidriver.yaml

deploy/kubernetes/base/node_linux/kustomization.yaml

-1
Original file line numberDiff line numberDiff line change
@@ -4,4 +4,3 @@ namespace:
44
gce-pd-csi-driver
55
resources:
66
- node.yaml
7-
- psp.yaml

deploy/kubernetes/base/node_windows/kustomization.yaml

-1
Original file line numberDiff line numberDiff line change
@@ -4,4 +4,3 @@ namespace:
44
gce-pd-csi-driver
55
resources:
66
- node.yaml
7-
- psp.yaml

deploy/kubernetes/deploy-driver.sh

+2-2
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,8 @@
1010
# Args:
1111
# GCE_PD_SA_DIR: Directory the service account key has been saved in (generated
1212
# by setup-project.sh). Ignored if GCE_PD_DRIVER_VERSION == noauth.
13-
# GCE_PD_DRIVER_VERSION: The kustomize overlay (located in
14-
# deploy/kubernetes/overlays) to deploy. Can be one of {stable, dev}
13+
# GCE_PD_DRIVER_VERSION: The kustomize overlay to deploy. See
14+
# `deploy/kubernetes/overlays` for your choices.
1515

1616
set -o nounset
1717
set -o errexit

deploy/kubernetes/images/stable-1-24/image.yaml

+56
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
apiVersion: builtin
2+
kind: ImageTagTransformer
3+
metadata:
4+
name: imagetag-csi-provisioner
5+
imageTag:
6+
name: k8s.gcr.io/sig-storage/csi-provisioner
7+
newTag: "v3.1.0"
8+
9+
---
10+
apiVersion: builtin
11+
kind: ImageTagTransformer
12+
metadata:
13+
name: imagetag-csi-attacher
14+
imageTag:
15+
name: k8s.gcr.io/sig-storage/csi-attacher
16+
newTag: "v3.4.0"
17+
---
18+
19+
apiVersion: builtin
20+
kind: ImageTagTransformer
21+
metadata:
22+
name: imagetag-csi-resizer
23+
imageTag:
24+
name: k8s.gcr.io/sig-storage/csi-resizer
25+
newTag: "v1.4.0"
26+
---
27+
28+
apiVersion: builtin
29+
kind: ImageTagTransformer
30+
metadata:
31+
name: imagetag-csi-snapshotter
32+
imageTag:
33+
name: k8s.gcr.io/sig-storage/csi-snapshotter
34+
newTag: "v4.0.1"
35+
---
36+
37+
apiVersion: builtin
38+
kind: ImageTagTransformer
39+
metadata:
40+
name: imagetag-csi-node-registrar
41+
imageTag:
42+
name: k8s.gcr.io/sig-storage/csi-node-driver-registrar
43+
newTag: "v2.5.0"
44+
---
45+
46+
apiVersion: builtin
47+
kind: ImageTagTransformer
48+
metadata:
49+
name: imagetag-gcepd-driver
50+
imageTag:
51+
name: gke.gcr.io/gcp-compute-persistent-disk-csi-driver
52+
# Don't change stable image without changing pdImagePlaceholder in
53+
# test/k8s-integration/main.go
54+
newName: k8s.gcr.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver
55+
newTag: "v1.4.0"
56+
---

deploy/kubernetes/images/stable-1-24/kustomization.yaml

+4
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
namespace:
2+
gce-pd-csi-driver
3+
resources:
4+
- image.yaml

deploy/kubernetes/overlays/stable-1-21/kustomization.yaml

+3
Original file line numberDiff line numberDiff line change
@@ -4,5 +4,8 @@ namespace:
44
gce-pd-csi-driver
55
resources:
66
- ../../base/
7+
- psp_controller.yaml
8+
- psp_linux.yaml
9+
- psp_windows.yaml
710
transformers:
811
- ../../images/stable-1-21

deploy/kubernetes/base/controller/psp.yaml renamed to deploy/kubernetes/overlays/stable-1-21/psp_controller.yaml

File renamed without changes.

deploy/kubernetes/base/node_linux/psp.yaml renamed to deploy/kubernetes/overlays/stable-1-21/psp_linux.yaml

File renamed without changes.

deploy/kubernetes/base/node_windows/psp.yaml renamed to deploy/kubernetes/overlays/stable-1-21/psp_windows.yaml

File renamed without changes.

deploy/kubernetes/overlays/stable-1-22/kustomization.yaml

+3
Original file line numberDiff line numberDiff line change
@@ -4,5 +4,8 @@ namespace:
44
gce-pd-csi-driver
55
resources:
66
- ../../base/
7+
- psp_controller.yaml
8+
- psp_linux.yaml
9+
- psp_windows.yaml
710
transformers:
811
- ../../images/stable-1-21

deploy/kubernetes/overlays/stable-1-22/psp_controller.yaml

+17
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
apiVersion: policy/v1beta1
2+
kind: PodSecurityPolicy
3+
metadata:
4+
name: csi-gce-pd-controller-psp
5+
spec:
6+
seLinux:
7+
rule: RunAsAny
8+
supplementalGroups:
9+
rule: RunAsAny
10+
runAsUser:
11+
rule: RunAsAny
12+
fsGroup:
13+
rule: RunAsAny
14+
volumes:
15+
- "emptyDir"
16+
- "secret"
17+
hostNetwork: true

deploy/kubernetes/overlays/stable-1-22/psp_linux.yaml

+27
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
apiVersion: policy/v1beta1
2+
kind: PodSecurityPolicy
3+
metadata:
4+
name: csi-gce-pd-node-psp
5+
spec:
6+
seLinux:
7+
rule: RunAsAny
8+
supplementalGroups:
9+
rule: RunAsAny
10+
runAsUser:
11+
rule: RunAsAny
12+
fsGroup:
13+
rule: RunAsAny
14+
privileged: true
15+
volumes:
16+
- '*'
17+
hostNetwork: true
18+
allowedHostPaths:
19+
- pathPrefix: "/var/lib/kubelet/plugins_registry/"
20+
- pathPrefix: "/var/lib/kubelet"
21+
- pathPrefix: "/var/lib/kubelet/plugins/pd.csi.storage.gke.io/"
22+
- pathPrefix: "/dev"
23+
- pathPrefix: "/etc/udev"
24+
- pathPrefix: "/lib/udev"
25+
- pathPrefix: "/run/udev"
26+
- pathPrefix: "/sys"
27+

deploy/kubernetes/overlays/stable-1-22/psp_windows.yaml

+30
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
apiVersion: policy/v1beta1
2+
kind: PodSecurityPolicy
3+
metadata:
4+
name: csi-gce-pd-node-psp-win
5+
spec:
6+
supplementalGroups:
7+
rule: RunAsAny
8+
runAsUser:
9+
rule: RunAsAny
10+
fsGroup:
11+
rule: RunAsAny
12+
seLinux:
13+
rule: RunAsAny
14+
volumes:
15+
- '*'
16+
hostNetwork: true
17+
allowedHostPaths:
18+
- pathPrefix: \var\lib\kubelet
19+
- pathPrefix: \var\lib\kubelet\plugins_registry
20+
- pathPrefix: \var\lib\kubelet\plugins\pd.csi.storage.gke.io
21+
- pathPrefix: \\.\pipe\csi-proxy-disk-v1
22+
- pathPrefix: \\.\pipe\csi-proxy-volume-v1
23+
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1
24+
# these paths are allowed only for compatibility mode if the PD CSI driver
25+
# is using the CSI Proxy v1 client and the node is still using the
26+
# beta version of the CSI proxy
27+
- pathPrefix: \\.\pipe\csi-proxy-disk-v1beta2
28+
- pathPrefix: \\.\pipe\csi-proxy-volume-v1beta1
29+
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1beta1
30+

deploy/kubernetes/overlays/stable-1-23/kustomization.yaml

+3
Original file line numberDiff line numberDiff line change
@@ -4,5 +4,8 @@ namespace:
44
gce-pd-csi-driver
55
resources:
66
- ../../base/
7+
- psp_controller.yaml
8+
- psp_linux.yaml
9+
- psp_windows.yaml
710
transformers:
811
- ../../images/stable-1-23

deploy/kubernetes/overlays/stable-1-23/psp_controller.yaml

+17
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
apiVersion: policy/v1beta1
2+
kind: PodSecurityPolicy
3+
metadata:
4+
name: csi-gce-pd-controller-psp
5+
spec:
6+
seLinux:
7+
rule: RunAsAny
8+
supplementalGroups:
9+
rule: RunAsAny
10+
runAsUser:
11+
rule: RunAsAny
12+
fsGroup:
13+
rule: RunAsAny
14+
volumes:
15+
- "emptyDir"
16+
- "secret"
17+
hostNetwork: true

deploy/kubernetes/overlays/stable-1-23/psp_linux.yaml

+27
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
apiVersion: policy/v1beta1
2+
kind: PodSecurityPolicy
3+
metadata:
4+
name: csi-gce-pd-node-psp
5+
spec:
6+
seLinux:
7+
rule: RunAsAny
8+
supplementalGroups:
9+
rule: RunAsAny
10+
runAsUser:
11+
rule: RunAsAny
12+
fsGroup:
13+
rule: RunAsAny
14+
privileged: true
15+
volumes:
16+
- '*'
17+
hostNetwork: true
18+
allowedHostPaths:
19+
- pathPrefix: "/var/lib/kubelet/plugins_registry/"
20+
- pathPrefix: "/var/lib/kubelet"
21+
- pathPrefix: "/var/lib/kubelet/plugins/pd.csi.storage.gke.io/"
22+
- pathPrefix: "/dev"
23+
- pathPrefix: "/etc/udev"
24+
- pathPrefix: "/lib/udev"
25+
- pathPrefix: "/run/udev"
26+
- pathPrefix: "/sys"
27+

deploy/kubernetes/overlays/stable-1-23/psp_windows.yaml

+30
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
apiVersion: policy/v1beta1
2+
kind: PodSecurityPolicy
3+
metadata:
4+
name: csi-gce-pd-node-psp-win
5+
spec:
6+
supplementalGroups:
7+
rule: RunAsAny
8+
runAsUser:
9+
rule: RunAsAny
10+
fsGroup:
11+
rule: RunAsAny
12+
seLinux:
13+
rule: RunAsAny
14+
volumes:
15+
- '*'
16+
hostNetwork: true
17+
allowedHostPaths:
18+
- pathPrefix: \var\lib\kubelet
19+
- pathPrefix: \var\lib\kubelet\plugins_registry
20+
- pathPrefix: \var\lib\kubelet\plugins\pd.csi.storage.gke.io
21+
- pathPrefix: \\.\pipe\csi-proxy-disk-v1
22+
- pathPrefix: \\.\pipe\csi-proxy-volume-v1
23+
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1
24+
# these paths are allowed only for compatibility mode if the PD CSI driver
25+
# is using the CSI Proxy v1 client and the node is still using the
26+
# beta version of the CSI proxy
27+
- pathPrefix: \\.\pipe\csi-proxy-disk-v1beta2
28+
- pathPrefix: \\.\pipe\csi-proxy-volume-v1beta1
29+
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1beta1
30+

deploy/kubernetes/overlays/stable-1-24/kustomization.yaml

+11
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
apiVersion: kustomize.config.k8s.io/v1beta1
2+
kind: Kustomization
3+
namespace:
4+
gce-pd-csi-driver
5+
resources:
6+
- ../../base
7+
- psp_controller.yaml
8+
- psp_linux.yaml
9+
- psp_windows.yaml
10+
transformers:
11+
- ../../images/stable-1-24

deploy/kubernetes/overlays/stable-1-24/psp_controller.yaml

+17
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
apiVersion: policy/v1beta1
2+
kind: PodSecurityPolicy
3+
metadata:
4+
name: csi-gce-pd-controller-psp
5+
spec:
6+
seLinux:
7+
rule: RunAsAny
8+
supplementalGroups:
9+
rule: RunAsAny
10+
runAsUser:
11+
rule: RunAsAny
12+
fsGroup:
13+
rule: RunAsAny
14+
volumes:
15+
- "emptyDir"
16+
- "secret"
17+
hostNetwork: true

deploy/kubernetes/overlays/stable-1-24/psp_linux.yaml

+27
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
apiVersion: policy/v1beta1
2+
kind: PodSecurityPolicy
3+
metadata:
4+
name: csi-gce-pd-node-psp
5+
spec:
6+
seLinux:
7+
rule: RunAsAny
8+
supplementalGroups:
9+
rule: RunAsAny
10+
runAsUser:
11+
rule: RunAsAny
12+
fsGroup:
13+
rule: RunAsAny
14+
privileged: true
15+
volumes:
16+
- '*'
17+
hostNetwork: true
18+
allowedHostPaths:
19+
- pathPrefix: "/var/lib/kubelet/plugins_registry/"
20+
- pathPrefix: "/var/lib/kubelet"
21+
- pathPrefix: "/var/lib/kubelet/plugins/pd.csi.storage.gke.io/"
22+
- pathPrefix: "/dev"
23+
- pathPrefix: "/etc/udev"
24+
- pathPrefix: "/lib/udev"
25+
- pathPrefix: "/run/udev"
26+
- pathPrefix: "/sys"
27+

deploy/kubernetes/overlays/stable-1-24/psp_windows.yaml

+30
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
apiVersion: policy/v1beta1
2+
kind: PodSecurityPolicy
3+
metadata:
4+
name: csi-gce-pd-node-psp-win
5+
spec:
6+
supplementalGroups:
7+
rule: RunAsAny
8+
runAsUser:
9+
rule: RunAsAny
10+
fsGroup:
11+
rule: RunAsAny
12+
seLinux:
13+
rule: RunAsAny
14+
volumes:
15+
- '*'
16+
hostNetwork: true
17+
allowedHostPaths:
18+
- pathPrefix: \var\lib\kubelet
19+
- pathPrefix: \var\lib\kubelet\plugins_registry
20+
- pathPrefix: \var\lib\kubelet\plugins\pd.csi.storage.gke.io
21+
- pathPrefix: \\.\pipe\csi-proxy-disk-v1
22+
- pathPrefix: \\.\pipe\csi-proxy-volume-v1
23+
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1
24+
# these paths are allowed only for compatibility mode if the PD CSI driver
25+
# is using the CSI Proxy v1 client and the node is still using the
26+
# beta version of the CSI proxy
27+
- pathPrefix: \\.\pipe\csi-proxy-disk-v1beta2
28+
- pathPrefix: \\.\pipe\csi-proxy-volume-v1beta1
29+
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1beta1
30+

0 commit comments

Comments
 (0)