Adding separate namespace; removed driver-registrar role; bumped snapshotter version; added controller and node priorityclasses

Author: verult

deploy/kubernetes/base/controller.yaml

@@ -14,6 +14,7 @@ spec:
         app: gcp-compute-persistent-disk-csi-driver
     spec:
       serviceAccountName: csi-controller-sa
+      priorityClassName: gce-pd-csi-driver-controller
       containers:
         - name: csi-provisioner
           image: gke.gcr.io/csi-provisioner

deploy/kubernetes/base/kustomization.yaml

@@ -1,7 +1,7 @@
 commonLabels:
-  app: gcp-compute-persistent-disk-csi-driver
+  k8s-app: gcp-compute-persistent-disk-csi-driver
 namespace:
-  default
+  gce-pd-csi-driver
 resources:
 - node.yaml
 - controller.yaml

deploy/kubernetes/base/node.yaml

@@ -12,6 +12,7 @@ spec:
       labels:
         app: gcp-compute-persistent-disk-csi-driver
     spec:
+      priorityClassName: gce-pd-csi-driver-node
       serviceAccountName: csi-node-sa
       containers:
         - name: csi-driver-registrar

deploy/kubernetes/base/setup-cluster.yaml

@@ -4,33 +4,6 @@ kind: ServiceAccount
 metadata:
   name: csi-node-sa
 
----
-
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: driver-registrar-role
-rules:
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["get", "list", "watch", "create", "update", "patch"]
-
-
----
-
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: driver-registrar-binding
-subjects:
-  - kind: ServiceAccount
-    name: csi-node-sa
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: driver-registrar-role
-  apiGroup: rbac.authorization.k8s.io
-
 ---
 ##### Controller Service Account, Roles, Rolebindings
 apiVersion: v1
@@ -73,7 +46,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: csi-controller-sa
-    namespace: default
+    namespace: pdcsi-serving
 roleRef:
   kind: ClusterRole
   name: external-provisioner-role
@@ -108,8 +81,28 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: csi-controller-sa
-    namespace: default
+    namespace: pdcsi-serving
 roleRef:
   kind: ClusterRole
   name: external-attacher-role
   apiGroup: rbac.authorization.k8s.io
+
+---
+
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: gce-pd-csi-driver-controller
+value: 900000000
+globalDefault: false
+description: "This priority class should be used for the GCE PD CSI driver controller deployment only."
+
+---
+
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: gce-pd-csi-driver-node
+value: 900001000
+globalDefault: false
+description: "This priority class should be used for the GCE PD CSI driver node deployment only."

deploy/kubernetes/delete-driver.sh

@@ -10,6 +10,7 @@
 set -o nounset
 set -o errexit
 
+readonly NAMESPACE="${GCE_PD_DRIVER_NAMESPACE:-default}"
 readonly DEPLOY_VERSION="${GCE_PD_DRIVER_VERSION:-stable}"
 readonly PKGDIR="${GOPATH}/src/sigs.k8s.io/gcp-compute-persistent-disk-csi-driver"
 source "${PKGDIR}/deploy/common.sh"
@@ -18,3 +19,9 @@ ensure_kustomize
 
 ${KUSTOMIZE_PATH} build ${PKGDIR}/deploy/kubernetes/overlays/${DEPLOY_VERSION} | ${KUBECTL} delete -v="${VERBOSITY}" --ignore-not-found -f -
 ${KUBECTL} delete secret cloud-sa -v="${VERBOSITY}" --ignore-not-found
+
+if [[ ${NAMESPACE} != "" && ${NAMESPACE} != "default" ]] && \
+  ${KUBECTL} get namespace ${NAMESPACE} -v="${VERBOSITY}";
+then
+    ${KUBECTL} delete namespace ${NAMESPACE} -v="${VERBOSITY}"
+fi

deploy/kubernetes/deploy-driver.sh

@@ -75,6 +75,11 @@ if [ "$skip_sa_check" != true ]; then
   check_service_account
 fi
 
+if ! ${KUBECTL} get namespace ${NAMESPACE} -v="${VERBOSITY}";
+then
+  ${KUBECTL} create namespace ${NAMESPACE} -v="${VERBOSITY}"
+fi
+
 if ! ${KUBECTL} get secret cloud-sa -v="${VERBOSITY}" -n ${NAMESPACE};
 then
   ${KUBECTL} create secret generic cloud-sa -v="${VERBOSITY}" --from-file="${GCE_PD_SA_DIR}/cloud-sa.json" -n ${NAMESPACE}

deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml

@@ -8,10 +8,10 @@ spec:
       containers:
         - name: csi-resizer
           imagePullPolicy: Always
-          image: quay.io/k8scsi/csi-resizer:canary
+          image: gke.gcr.io/csi-resizer:v0.2.0-gke.0
           args:
             - "--v=5"
             - "--csi-address=/csi/csi.sock"
           volumeMounts:
             - name: socket-dir
-              mountPath: /csi
+              mountPath: /csi

deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml

@@ -8,7 +8,7 @@ spec:
       containers:
         - name: csi-snapshotter
           imagePullPolicy: Always
-          image: gke.gcr.io/csi-snapshotter:v1.0.1-gke.0
+          image: gke.gcr.io/csi-snapshotter:v1.2.0-gke.0
           args:
             - "--v=5"
             - "--csi-address=/csi/csi.sock"

deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml

@@ -21,12 +21,12 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: csi-resizer-role
+  name: csi-controller-resizer-binding
 subjects:
   - kind: ServiceAccount
     name: csi-controller-sa
     namespace: default
 roleRef:
   kind: ClusterRole
   name: external-resizer-role
-  apiGroup: rbac.authorization.k8s.io
+  apiGroup: rbac.authorization.k8s.io

deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml

@@ -26,6 +26,9 @@ rules:
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshots"]
     verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots/status"]
+    verbs: ["update"]
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
     verbs: ["create", "list", "watch", "delete"]

examples/kubernetes/demo-pod.yaml

@@ -1,17 +1,3 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: podpvc
-spec:
-  accessModes:
-    - ReadWriteOnce
-  storageClassName: csi-gce-pd
-  resources:
-    requests:
-      storage: 6Gi
-
----
-
 apiVersion: v1
 kind: Pod
 metadata:

examples/kubernetes/demo-zonal-sc.yaml

@@ -5,4 +5,4 @@ metadata:
 provisioner: pd.csi.storage.gke.io
 parameters:
   type: pd-standard
-volumeBindingMode: WaitForFirstConsumer
+#volumeBindingMode: WaitForFirstConsumer