add 2.1-canary csi snapshotter side car to PD CSI driver

in release-staging-head

Author: saikat-royc

deploy/kubernetes/overlays/prow-gke-release-staging-head/controller_add_snapshotter.yaml

@@ -0,0 +1,17 @@
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: csi-gce-pd-controller
+spec:
+  template:
+    spec:
+      containers:
+        - name: csi-snapshotter
+          imagePullPolicy: Always
+          image: quay.io/k8scsi/csi-snapshotter:2.1-canary
+          args:
+            - "--v=5"
+            - "--csi-address=/csi/csi.sock"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi

deploy/kubernetes/overlays/prow-gke-release-staging-head/kustomization.yaml

@@ -18,3 +18,17 @@ images:
 - name: gke.gcr.io/csi-resizer
   newName: quay.io/k8scsi/csi-resizer
   newTag: "canary"
+patches:
+- controller_add_snapshotter.yaml
+patchesJson6902:
+- target:
+    group: rbac.authorization.k8s.io
+    version: v1
+    kind: ClusterRole
+    name: csi-gce-pd-provisioner-role
+  path: rbac_add_snapshots_to_provisioner.yaml
+resources:
+- rbac_add_snapshotter.yaml
+# Reapplying namespace transformer to include newly added RBAC rules.
+namespace:
+  gce-pd-csi-driver

deploy/kubernetes/overlays/prow-gke-release-staging-head/rbac_add_snapshots_to_provisioner.yaml

@@ -0,0 +1,16 @@
+# arrays without strategic patch merge defined need to be appended
+# using jsonpatch
+# https://github.com/kubernetes-sigs/kustomize/blob/master/examples/jsonpatch.md
+- op: add
+  path: /rules/-
+  value:
+    apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
+
+- op: add
+  path: /rules/-
+  value:
+    apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["get", "list"]

deploy/kubernetes/overlays/prow-gke-release-staging-head/rbac_add_snapshotter.yaml

@@ -0,0 +1,32 @@
+# xref: https://github.com/kubernetes-csi/external-snapshotter/blob/master/deploy/kubernetes/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: csi-gce-pd-snapshotter-role
+rules:
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  # Secrets resource omitted since GCE PD snapshots does not require them
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["create", "get", "list", "watch", "update", "delete"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents/status"]
+    verbs: ["update"]
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-gce-pd-controller-snapshotter-binding
+subjects:
+  - kind: ServiceAccount
+    name: csi-gce-pd-controller-sa
+roleRef:
+  kind: ClusterRole
+  name: csi-gce-pd-snapshotter-role
+  apiGroup: rbac.authorization.k8s.io