WIP New kustomization for pd driver

This can work for both linux and windows

Author: jingxu97

deploy/kubernetes/deploy-driver-new.sh

@@ -0,0 +1,131 @@
+#!/bin/bash
+
+# This script will deploy the Google Compute Engine Persistent Disk CSI Driver
+# to the currently available Kubernetes cluster
+
+# Note: setup-cluster.yaml depends on the existence of cluster-roles
+# system:csi-external-attacher and system:csi-external-provisioner
+# which are in Kubernetes version 1.10.5+
+
+# Args:
+# GCE_PD_SA_DIR: Directory the service account key has been saved in (generated by setup-project.sh)
+# GCE_PD_DRIVER_VERSION: The kustomize overlay (located in
+#   deploy/kubernetes/overlays) to deploy. Can be one of {stable, dev}
+
+set -o nounset
+set -o errexit
+set -x
+
+readonly NAMESPACE="${GCE_PD_DRIVER_NAMESPACE:-gce-pd-csi-driver}"
+readonly DEPLOY_VERSION="${GCE_PD_DRIVER_VERSION:-stable}"
+readonly DEPLOY_OS="${GCE_PD_DRIVER_OS:-linux}"
+readonly PKGDIR="${GOPATH}/src/sigs.k8s.io/gcp-compute-persistent-disk-csi-driver"
+source "${PKGDIR}/deploy/common.sh"
+
+print_usage()
+{
+    echo "deploy-driver.sh [--skip-sa-check]\n"
+    echo "\t--skip-sa-check: don't check the service account for required roles"
+    echo
+}
+
+skip_sa_check=
+while [ ! -z "${1-}" ]; do
+  case $1 in
+    --skip-sa-check ) shift
+                      skip_sa_check=true
+                      ;;
+    -h | --help )     print_usage
+                      exit 1
+                      ;;
+    * )               print_usage
+                      exit 1
+                      ;;
+  esac
+done
+
+ensure_var GCE_PD_SA_DIR
+
+function check_service_account()
+{
+	# Using bash magic to parse JSON for IAM
+	# Grepping for a line with client email returning anything quoted after the colon
+	readonly IAM_NAME=$(grep -Po '"client_email": *\K"[^"]*"' ${GCE_PD_SA_DIR}/cloud-sa.json | tr -d '"')
+	readonly PROJECT=$(grep -Po '"project_id": *\K"[^"]*"' ${GCE_PD_SA_DIR}/cloud-sa.json | tr -d '"')
+	readonly GOTTEN_BIND_ROLES=$(gcloud projects get-iam-policy ${PROJECT} --flatten="bindings[].members" --format='table(bindings.role)' --filter="bindings.members:${IAM_NAME}")
+	readonly BIND_ROLES=$(get_needed_roles)
+	MISSING_ROLES=false
+	for role in ${BIND_ROLES}
+	do
+		if ! grep -q $role <<<${GOTTEN_BIND_ROLES} ; 
+		then
+			echo "Missing role: $role"
+			MISSING_ROLES=true
+		fi
+	done
+	if [ "${MISSING_ROLES}" = true ]; 
+	then
+		echo "Cannot deploy with missing roles in service account, please run setup-project.sh to setup Service Account"
+		exit 1
+	fi
+}
+
+ensure_kustomize
+
+if [ "$skip_sa_check" != true ]; then
+  check_service_account
+fi
+
+if ! ${KUBECTL} get namespace ${NAMESPACE} -v="${VERBOSITY}";
+then
+  ${KUBECTL} create namespace ${NAMESPACE} -v="${VERBOSITY}"
+fi
+
+if ! ${KUBECTL} get secret cloud-sa -v="${VERBOSITY}" -n ${NAMESPACE};
+then
+  ${KUBECTL} create secret generic cloud-sa -v="${VERBOSITY}" --from-file="${GCE_PD_SA_DIR}/cloud-sa.json" -n ${NAMESPACE}
+fi
+
+# GKE Required Setup
+if ! ${KUBECTL} get clusterrolebinding -v="${VERBOSITY}" cluster-admin-binding;
+then
+  ${KUBECTL} create clusterrolebinding cluster-admin-binding -v="${VERBOSITY}" --clusterrole cluster-admin --user $(gcloud config get-value account)
+fi
+
+# Debug log: print ${KUBECTL} version
+${KUBECTL} version
+
+readonly tmp_spec=/tmp/gcp-compute-persistent-disk-csi-driver-specs-generated.yaml
+
+if [[ ${DEPLOY_OS} = "mixed" ]]; then
+    FIRST_OS=linux
+    SECOND_OS=windows
+else
+    FIRST_OS=${DEPLOY_OS}
+fi
+
+os_dir=$(mktemp -d -p ./ -t os-XXXXXXXXXX)
+cat <<EOF >${os_dir}/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace:
+  gce-pd-csi-driver
+bases:
+- ${PKGDIR}/deploy/kubernetes/kustomization/base_setup
+- ${PKGDIR}/deploy/kubernetes/kustomization/node_setup/${FIRST_OS}
+EOF
+
+if [[ -n ${SECOND_OS} ]]; then
+echo "- ../node_setup/${SECOND_OS}" >> ${os_dir}/kustomization.yaml
+fi
+
+image_dir=$(mktemp -d -p ./ -t image-XXXXXXXXXX) 
+cp ${PKGDIR}/deploy/kubernetes/kustomization/image_setup/${DEPLOY_VERSION}/kustomization.yaml ${image_dir} 
+cat <<EOF >>${image_dir}/kustomization.yaml
+bases:
+- ../${os_dir}
+EOF
+
+${KUSTOMIZE_PATH} build ${image_dir} | tee $tmp_spec; \
+${KUBECTL} apply -v="${VERBOSITY}" -f $tmp_spec; \
+rm -rf ${os_dir} ${image_dir}

deploy/kubernetes/deploy-driver.sh

@@ -18,6 +18,7 @@ set -x
 
 readonly NAMESPACE="${GCE_PD_DRIVER_NAMESPACE:-gce-pd-csi-driver}"
 readonly DEPLOY_VERSION="${GCE_PD_DRIVER_VERSION:-stable}"
+readonly DEPLOY_OS="${GCE_PD_DRIVER_OS:-linux}"
 readonly PKGDIR="${GOPATH}/src/sigs.k8s.io/gcp-compute-persistent-disk-csi-driver"
 source "${PKGDIR}/deploy/common.sh"
 
@@ -95,6 +96,36 @@ fi
 ${KUBECTL} version
 
 readonly tmp_spec=/tmp/gcp-compute-persistent-disk-csi-driver-specs-generated.yaml
-${KUSTOMIZE_PATH} build ${PKGDIR}/deploy/kubernetes/overlays/${DEPLOY_VERSION} | tee $tmp_spec
-${KUBECTL} apply -v="${VERBOSITY}" -f $tmp_spec
 
+if [[ ${DEPLOY_OS} = "mixed" ]]; then
+    FIRST_OS=linux
+    SECOND_OS=windows
+else
+    FIRST_OS=${DEPLOY_OS}
+fi
+
+os_dir=$(mktemp -d -p ./ -t os-XXXXXXXXXX)
+cat <<EOF >${os_dir}/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace:
+  gce-pd-csi-driver
+bases:
+- ${PKGDIR}/deploy/kubernetes/kustomization/base_setup
+- ${PKGDIR}/deploy/kubernetes/kustomization/node_setup/${FIRST_OS}
+EOF
+
+if [[ -n ${SECOND_OS} ]]; then
+echo "- ../node_setup/${SECOND_OS}" >> ${os_dir}/kustomization.yaml
+fi
+
+image_dir=$(mktemp -d -p ./ -t image-XXXXXXXXXX) 
+cp ${PKGDIR}/deploy/kubernetes/kustomization/image_setup/${DEPLOY_VERSION}/kustomization.yaml ${image_dir} 
+cat <<EOF >>${image_dir}/kustomization.yaml
+bases:
+- ../${os_dir}
+EOF
+
+${KUSTOMIZE_PATH} build ${image_dir} | tee $tmp_spec; \
+${KUBECTL} apply -v="${VERBOSITY}" -f $tmp_spec; \
+rm -rf ${os_dir} ${image_dir}

deploy/kubernetes/kustomization/base_setup/controller.yaml

@@ -0,0 +1,93 @@
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: csi-gce-pd-controller
+spec:
+  serviceName: "csi-gce-pd"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gcp-compute-persistent-disk-csi-driver
+  template:
+    metadata:
+      labels:
+        app: gcp-compute-persistent-disk-csi-driver
+    spec:
+      # Host network must be used for interaction with Workload Identity in GKE
+      # since it replaces GCE Metadata Server with GKE Metadata Server. Remove
+      # this requirement when issue is resolved and before any exposure of
+      # metrics ports
+      nodeSelector:
+        kubernetes.io/os: linux
+      hostNetwork: true
+      serviceAccountName: csi-gce-pd-controller-sa
+      priorityClassName: csi-gce-pd-controller
+      containers:
+        - name: csi-provisioner
+          image: gke.gcr.io/csi-provisioner
+          args:
+            - "--v=5"
+            - "--csi-address=/csi/csi.sock"
+            - "--feature-gates=Topology=true"
+            - "--metrics-address=:22011"
+          # - "--run-controller-service=false" # disable the controller service of the CSI driver
+          # - "--run-node-service=false"       # disable the node service of the CSI driver
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+        - name: csi-attacher
+          image: gke.gcr.io/csi-attacher
+          args:
+            - "--v=5"
+            - "--csi-address=/csi/csi.sock"
+            - "--metrics-address=:22012"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+        - name: csi-resizer
+          image: gke.gcr.io/csi-resizer
+          args:
+            - "--v=5"
+            - "--csi-address=/csi/csi.sock"
+            - "--metrics-address=:22013"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+        - name: csi-snapshotter
+          image: gke.gcr.io/csi-snapshotter
+          args:
+            - "--v=5"
+            - "--csi-address=/csi/csi.sock"
+            - "--metrics-address=:22014"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+        - name: gce-pd-driver
+          # Don't change base image without changing pdImagePlaceholder in
+          # test/k8s-integration/main.go
+          image: gke.gcr.io/gcp-compute-persistent-disk-csi-driver
+          args:
+            - "--v=5"
+            - "--endpoint=unix:/csi/csi.sock"
+          env:
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+              value: "/etc/cloud-sa/cloud-sa.json"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+            - name: cloud-sa-volume
+              readOnly: true
+              mountPath: "/etc/cloud-sa"
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
+        - name: cloud-sa-volume
+          secret:
+            secretName: cloud-sa
+      # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+      # See "special case". This will tolerate everything. Node component should
+      # be scheduled on all nodes.
+      tolerations:
+      - operator: Exists
+  # This is needed due to https://github.com/kubernetes-sigs/kustomize/issues/504
+  volumeClaimTemplates: []

deploy/kubernetes/kustomization/base_setup/kustomization.yaml

@@ -0,0 +1,7 @@
+commonLabels:
+  k8s-app: gcp-compute-persistent-disk-csi-driver
+namespace:
+  gce-pd-csi-driver
+resources:
+- controller.yaml
+- setup-cluster.yaml