diff --git a/README.md b/README.md index ba046941f..b04b70ac2 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,11 @@ that represents availability by zone. See Github [Issues](https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/issues) +## Driver Deployment +As part of the deployment process, the driver is deployed in a newly created namespace by default. The namespace will be deleted as part of the cleanup process. + +Controller-level and node-level deployments will both have priorityClassName set, and the corresponding priority value is close to the maximum possible for user-created PriorityClasses. + ## Further Documentation [Local Development](docs/local-development.md) diff --git a/deploy/kubernetes/base/controller.yaml b/deploy/kubernetes/base/controller.yaml index e6408d392..73c033fd1 100644 --- a/deploy/kubernetes/base/controller.yaml +++ b/deploy/kubernetes/base/controller.yaml @@ -14,6 +14,7 @@ spec: app: gcp-compute-persistent-disk-csi-driver spec: serviceAccountName: csi-controller-sa + priorityClassName: gce-pd-csi-driver-controller containers: - name: csi-provisioner image: gke.gcr.io/csi-provisioner diff --git a/deploy/kubernetes/base/kustomization.yaml b/deploy/kubernetes/base/kustomization.yaml index 4bb4e341d..6d665c1c2 100644 --- a/deploy/kubernetes/base/kustomization.yaml +++ b/deploy/kubernetes/base/kustomization.yaml @@ -1,7 +1,7 @@ commonLabels: - app: gcp-compute-persistent-disk-csi-driver + k8s-app: gcp-compute-persistent-disk-csi-driver namespace: - default + gce-pd-csi-driver resources: - node.yaml - controller.yaml diff --git a/deploy/kubernetes/base/node.yaml b/deploy/kubernetes/base/node.yaml index 1436d1311..41cd0a1a4 100644 --- a/deploy/kubernetes/base/node.yaml +++ b/deploy/kubernetes/base/node.yaml @@ -12,6 +12,7 @@ spec: labels: app: gcp-compute-persistent-disk-csi-driver spec: + priorityClassName: gce-pd-csi-driver-node serviceAccountName: csi-node-sa containers: - name: csi-driver-registrar diff --git a/deploy/kubernetes/base/setup-cluster.yaml b/deploy/kubernetes/base/setup-cluster.yaml index 73516abb4..331318999 100644 --- a/deploy/kubernetes/base/setup-cluster.yaml +++ b/deploy/kubernetes/base/setup-cluster.yaml @@ -4,33 +4,6 @@ kind: ServiceAccount metadata: name: csi-node-sa ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: driver-registrar-role -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: driver-registrar-binding -subjects: - - kind: ServiceAccount - name: csi-node-sa - namespace: default -roleRef: - kind: ClusterRole - name: driver-registrar-role - apiGroup: rbac.authorization.k8s.io - --- ##### Controller Service Account, Roles, Rolebindings apiVersion: v1 @@ -73,7 +46,6 @@ metadata: subjects: - kind: ServiceAccount name: csi-controller-sa - namespace: default roleRef: kind: ClusterRole name: external-provisioner-role @@ -108,8 +80,27 @@ metadata: subjects: - kind: ServiceAccount name: csi-controller-sa - namespace: default roleRef: kind: ClusterRole name: external-attacher-role apiGroup: rbac.authorization.k8s.io + +--- + +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: gce-pd-csi-driver-controller +value: 900000000 +globalDefault: false +description: "This priority class should be used for the GCE PD CSI driver controller deployment only." + +--- + +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: gce-pd-csi-driver-node +value: 900001000 +globalDefault: false +description: "This priority class should be used for the GCE PD CSI driver node deployment only." diff --git a/deploy/kubernetes/delete-driver.sh b/deploy/kubernetes/delete-driver.sh index c46fa3a88..e13f4a81f 100755 --- a/deploy/kubernetes/delete-driver.sh +++ b/deploy/kubernetes/delete-driver.sh @@ -10,6 +10,7 @@ set -o nounset set -o errexit +readonly NAMESPACE="${GCE_PD_DRIVER_NAMESPACE:-gce-pd-csi-driver}" readonly DEPLOY_VERSION="${GCE_PD_DRIVER_VERSION:-stable}" readonly PKGDIR="${GOPATH}/src/sigs.k8s.io/gcp-compute-persistent-disk-csi-driver" source "${PKGDIR}/deploy/common.sh" @@ -18,3 +19,9 @@ ensure_kustomize ${KUSTOMIZE_PATH} build ${PKGDIR}/deploy/kubernetes/overlays/${DEPLOY_VERSION} | ${KUBECTL} delete -v="${VERBOSITY}" --ignore-not-found -f - ${KUBECTL} delete secret cloud-sa -v="${VERBOSITY}" --ignore-not-found + +if [[ ${NAMESPACE} != "" && ${NAMESPACE} != "default" ]] && \ + ${KUBECTL} get namespace ${NAMESPACE} -v="${VERBOSITY}"; +then + ${KUBECTL} delete namespace ${NAMESPACE} -v="${VERBOSITY}" +fi diff --git a/deploy/kubernetes/deploy-driver.sh b/deploy/kubernetes/deploy-driver.sh index 3620124af..53acec3fd 100755 --- a/deploy/kubernetes/deploy-driver.sh +++ b/deploy/kubernetes/deploy-driver.sh @@ -16,7 +16,7 @@ set -o nounset set -o errexit set -x -readonly NAMESPACE="${GCE_PD_DRIVER_NAMESPACE:-default}" +readonly NAMESPACE="${GCE_PD_DRIVER_NAMESPACE:-gce-pd-csi-driver}" readonly DEPLOY_VERSION="${GCE_PD_DRIVER_VERSION:-stable}" readonly PKGDIR="${GOPATH}/src/sigs.k8s.io/gcp-compute-persistent-disk-csi-driver" source "${PKGDIR}/deploy/common.sh" @@ -75,6 +75,11 @@ if [ "$skip_sa_check" != true ]; then check_service_account fi +if ! ${KUBECTL} get namespace ${NAMESPACE} -v="${VERBOSITY}"; +then + ${KUBECTL} create namespace ${NAMESPACE} -v="${VERBOSITY}" +fi + if ! ${KUBECTL} get secret cloud-sa -v="${VERBOSITY}" -n ${NAMESPACE}; then ${KUBECTL} create secret generic cloud-sa -v="${VERBOSITY}" --from-file="${GCE_PD_SA_DIR}/cloud-sa.json" -n ${NAMESPACE} diff --git a/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml b/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml index c336f01ae..c05881f5a 100644 --- a/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml +++ b/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml @@ -8,10 +8,10 @@ spec: containers: - name: csi-resizer imagePullPolicy: Always - image: quay.io/k8scsi/csi-resizer:canary + image: gke.gcr.io/csi-resizer:v0.2.0-gke.0 args: - "--v=5" - "--csi-address=/csi/csi.sock" volumeMounts: - name: socket-dir - mountPath: /csi \ No newline at end of file + mountPath: /csi diff --git a/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml b/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml index bd3f92c4b..212d7e233 100644 --- a/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml +++ b/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml @@ -8,7 +8,7 @@ spec: containers: - name: csi-snapshotter imagePullPolicy: Always - image: gke.gcr.io/csi-snapshotter:v1.0.1-gke.0 + image: gke.gcr.io/csi-snapshotter:v1.2.0-gke.0 args: - "--v=5" - "--csi-address=/csi/csi.sock" diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml b/deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml index 93ae01a15..3d1757c39 100644 --- a/deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml +++ b/deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml @@ -21,7 +21,7 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-resizer-role + name: csi-controller-resizer-binding subjects: - kind: ServiceAccount name: csi-controller-sa @@ -29,4 +29,4 @@ subjects: roleRef: kind: ClusterRole name: external-resizer-role - apiGroup: rbac.authorization.k8s.io \ No newline at end of file + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml b/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml index 2838e7753..c1758f3c6 100644 --- a/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml +++ b/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml @@ -26,6 +26,9 @@ rules: - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create", "list", "watch", "delete"]