Adding separate namespace; removed driver-registrar role; bumped snapshotter version

verult · verult · commit 96f212dd6065 · 2019-08-02T16:19:19.000-07:00
diff --git a/deploy/kubernetes/base/kustomization.yaml b/deploy/kubernetes/base/kustomization.yaml
@@ -1,7 +1,7 @@
 commonLabels:
-  app: gcp-compute-persistent-disk-csi-driver
+  k8s-app: gcp-compute-persistent-disk-csi-driver
 namespace:
-  default
+  pdcsi-serving
 resources:
 - node.yaml
 - controller.yaml
diff --git a/deploy/kubernetes/base/setup-cluster.yaml b/deploy/kubernetes/base/setup-cluster.yaml
@@ -4,33 +4,6 @@ kind: ServiceAccount
 metadata:
   name: csi-node-sa
 
----
-
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: driver-registrar-role
-rules:
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["get", "list", "watch", "create", "update", "patch"]
-
-
----
-
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: driver-registrar-binding
-subjects:
-  - kind: ServiceAccount
-    name: csi-node-sa
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: driver-registrar-role
-  apiGroup: rbac.authorization.k8s.io
-
 ---
 ##### Controller Service Account, Roles, Rolebindings
 apiVersion: v1
@@ -73,7 +46,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: csi-controller-sa
-    namespace: default
+    namespace: pdcsi-serving
 roleRef:
   kind: ClusterRole
   name: external-provisioner-role
@@ -108,8 +81,32 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: csi-controller-sa
-    namespace: default
+    namespace: pdcsi-serving
 roleRef:
   kind: ClusterRole
   name: external-attacher-role
   apiGroup: rbac.authorization.k8s.io
+
+---
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-controller-leaderelection
+rules:
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-controller-leaderelection-binding
+subjects:
+  - kind: ServiceAccount
+    name: csi-controller-sa
+    namespace: pdcsi-serving
+roleRef:
+  kind: Role
+  name: csi-controller-leaderelection
+  apiGroup: rbac.authorization.k8s.io
diff --git a/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml b/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml
@@ -8,10 +8,10 @@ spec:
       containers:
         - name: csi-resizer
           imagePullPolicy: Always
-          image: quay.io/k8scsi/csi-resizer:canary
+          image: gke.gcr.io/csi-resizer:v0.2.0-gke.0
           args:
             - "--v=5"
             - "--csi-address=/csi/csi.sock"
           volumeMounts:
             - name: socket-dir
-              mountPath: /csi
+              mountPath: /csi
diff --git a/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml b/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml
@@ -8,7 +8,7 @@ spec:
       containers:
         - name: csi-snapshotter
           imagePullPolicy: Always
-          image: gke.gcr.io/csi-snapshotter:v1.0.1-gke.0
+          image: gke.gcr.io/csi-snapshotter:v1.2.0-gke.0
           args:
             - "--v=5"
             - "--csi-address=/csi/csi.sock"
diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml b/deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml
@@ -21,12 +21,12 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: csi-resizer-role
+  name: csi-controller-resizer-binding
 subjects:
   - kind: ServiceAccount
     name: csi-controller-sa
     namespace: default
 roleRef:
   kind: ClusterRole
   name: external-resizer-role
-  apiGroup: rbac.authorization.k8s.io
+  apiGroup: rbac.authorization.k8s.io
diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml b/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml
@@ -26,6 +26,9 @@ rules:
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshots"]
     verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots/status"]
+    verbs: ["update"]
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
     verbs: ["create", "list", "watch", "delete"]
