enable 2.x snapshotter side car in PD CSI driver in staging rc

Author: saikat-royc

deploy/kubernetes/overlays/prow-gke-release-staging-rc/controller_add_snapshotter.yaml

@@ -0,0 +1,17 @@
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: csi-gce-pd-controller
+spec:
+  template:
+    spec:
+      containers:
+        - name: csi-snapshotter
+          imagePullPolicy: Always
+          image: quay.io/k8scsi/csi-snapshotter:v2.1.0
+          args:
+            - "--v=5"
+            - "--csi-address=/csi/csi.sock"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi

deploy/kubernetes/overlays/prow-gke-release-staging-rc/enable_sidecar_metrics.yaml

@@ -1,14 +1,20 @@
-# for external-provisioner
+# for external-snapshotter
 - op: add
   path: /spec/template/spec/containers/0/args/-
+  value: "--metrics-address=:22014"
+
+# for external-provisioner
+- op: add
+  path: /spec/template/spec/containers/1/args/-
   value: "--metrics-address=:22011"
 
 # for external-attacher
 - op: add
-  path: /spec/template/spec/containers/1/args/-
+  path: /spec/template/spec/containers/2/args/-
   value: "--metrics-address=:22012"
 
 # for external-resizer
 - op: add
-  path: /spec/template/spec/containers/2/args/-
+  path: /spec/template/spec/containers/3/args/-
   value: "--metrics-address=:22013"
+

deploy/kubernetes/overlays/prow-gke-release-staging-rc/kustomization.yaml

@@ -18,11 +18,23 @@ images:
 - name: gke.gcr.io/csi-resizer
   newName: gcr.io/gke-release-staging/csi-resizer
   newTag: "v0.5.0-gke.0"
-
+patches:
+- controller_add_snapshotter.yaml
 patchesJson6902:
+- target:
+    group: rbac.authorization.k8s.io
+    version: v1
+    kind: ClusterRole
+    name: csi-gce-pd-provisioner-role
+  path: rbac_add_snapshots_to_provisioner.yaml
 - target:
     group: apps
     version: v1
     kind: StatefulSet
     name: csi-gce-pd-controller
   path: enable_sidecar_metrics.yaml
+resources:
+- rbac_add_snapshotter.yaml
+# Reapplying namespace transformer to include newly added RBAC rules.
+namespace:
+  gce-pd-csi-driver

deploy/kubernetes/overlays/prow-gke-release-staging-rc/rbac_add_snapshots_to_provisioner.yaml

@@ -0,0 +1,16 @@
+# arrays without strategic patch merge defined need to be appended
+# using jsonpatch
+# https://github.com/kubernetes-sigs/kustomize/blob/master/examples/jsonpatch.md
+- op: add
+  path: /rules/-
+  value:
+    apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
+
+- op: add
+  path: /rules/-
+  value:
+    apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["get", "list"]

deploy/kubernetes/overlays/prow-gke-release-staging-rc/rbac_add_snapshotter.yaml

@@ -0,0 +1,32 @@
+# xref: https://github.com/kubernetes-csi/external-snapshotter/blob/master/deploy/kubernetes/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: csi-gce-pd-snapshotter-role
+rules:
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  # Secrets resource omitted since GCE PD snapshots does not require them
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["create", "get", "list", "watch", "update", "delete"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents/status"]
+    verbs: ["update"]
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-gce-pd-controller-snapshotter-binding
+subjects:
+  - kind: ServiceAccount
+    name: csi-gce-pd-controller-sa
+roleRef:
+  kind: ClusterRole
+  name: csi-gce-pd-snapshotter-role
+  apiGroup: rbac.authorization.k8s.io