Skip to content

Deployment spec cleanup #364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 12, 2019
Merged

Deployment spec cleanup #364

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,11 @@ that represents availability by zone.

See Github [Issues](https://github.com/kubernetes-sigs/gcp-compute-persistent-disk-csi-driver/issues)

## Driver Deployment
As part of the deployment process, the driver is deployed in a newly created namespace by default. The namespace will be deleted as part of the cleanup process.

Controller-level and node-level deployments will both have priorityClassName set, and the corresponding priority value is close to the maximum possible for user-created PriorityClasses.

## Further Documentation

[Local Development](docs/local-development.md)
Expand Down
1 change: 1 addition & 0 deletions deploy/kubernetes/base/controller.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ spec:
app: gcp-compute-persistent-disk-csi-driver
spec:
serviceAccountName: csi-controller-sa
priorityClassName: gce-pd-csi-driver-controller
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add to readme

Copy link
Contributor Author

@verult verult Aug 12, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think the specific priorityClassName should be documented as it could become out of sync, but I'll mention the behavior of this priorityclass

containers:
- name: csi-provisioner
image: gke.gcr.io/csi-provisioner
Expand Down
4 changes: 2 additions & 2 deletions deploy/kubernetes/base/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
commonLabels:
app: gcp-compute-persistent-disk-csi-driver
k8s-app: gcp-compute-persistent-disk-csi-driver
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add note to readme

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this needs to be documented - it's easy for the entry to be out of date with documentation, and users typically don't have to interact with this label

namespace:
default
gce-pd-csi-driver
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

add to readme

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think the specific namespace name should be documented as it could become out of sync, but I'll mention that the deployment exists in a separate namespace

resources:
- node.yaml
- controller.yaml
Expand Down
1 change: 1 addition & 0 deletions deploy/kubernetes/base/node.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ spec:
labels:
app: gcp-compute-persistent-disk-csi-driver
spec:
priorityClassName: gce-pd-csi-driver-node
serviceAccountName: csi-node-sa
containers:
- name: csi-driver-registrar
Expand Down
49 changes: 20 additions & 29 deletions deploy/kubernetes/base/setup-cluster.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,33 +4,6 @@ kind: ServiceAccount
metadata:
name: csi-node-sa

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: driver-registrar-role
rules:
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"]


---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: driver-registrar-binding
subjects:
- kind: ServiceAccount
name: csi-node-sa
namespace: default
roleRef:
kind: ClusterRole
name: driver-registrar-role
apiGroup: rbac.authorization.k8s.io

---
##### Controller Service Account, Roles, Rolebindings
apiVersion: v1
Expand Down Expand Up @@ -73,7 +46,6 @@ metadata:
subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: default
roleRef:
kind: ClusterRole
name: external-provisioner-role
Expand Down Expand Up @@ -108,8 +80,27 @@ metadata:
subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: default
roleRef:
kind: ClusterRole
name: external-attacher-role
apiGroup: rbac.authorization.k8s.io

---

apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: gce-pd-csi-driver-controller
value: 900000000
globalDefault: false
description: "This priority class should be used for the GCE PD CSI driver controller deployment only."

---

apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: gce-pd-csi-driver-node
value: 900001000
globalDefault: false
description: "This priority class should be used for the GCE PD CSI driver node deployment only."
7 changes: 7 additions & 0 deletions deploy/kubernetes/delete-driver.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
set -o nounset
set -o errexit

readonly NAMESPACE="${GCE_PD_DRIVER_NAMESPACE:-gce-pd-csi-driver}"
readonly DEPLOY_VERSION="${GCE_PD_DRIVER_VERSION:-stable}"
readonly PKGDIR="${GOPATH}/src/sigs.k8s.io/gcp-compute-persistent-disk-csi-driver"
source "${PKGDIR}/deploy/common.sh"
Expand All @@ -18,3 +19,9 @@ ensure_kustomize

${KUSTOMIZE_PATH} build ${PKGDIR}/deploy/kubernetes/overlays/${DEPLOY_VERSION} | ${KUBECTL} delete -v="${VERBOSITY}" --ignore-not-found -f -
${KUBECTL} delete secret cloud-sa -v="${VERBOSITY}" --ignore-not-found

if [[ ${NAMESPACE} != "" && ${NAMESPACE} != "default" ]] && \
${KUBECTL} get namespace ${NAMESPACE} -v="${VERBOSITY}";
then
${KUBECTL} delete namespace ${NAMESPACE} -v="${VERBOSITY}"
fi
7 changes: 6 additions & 1 deletion deploy/kubernetes/deploy-driver.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ set -o nounset
set -o errexit
set -x

readonly NAMESPACE="${GCE_PD_DRIVER_NAMESPACE:-default}"
readonly NAMESPACE="${GCE_PD_DRIVER_NAMESPACE:-gce-pd-csi-driver}"
readonly DEPLOY_VERSION="${GCE_PD_DRIVER_VERSION:-stable}"
readonly PKGDIR="${GOPATH}/src/sigs.k8s.io/gcp-compute-persistent-disk-csi-driver"
source "${PKGDIR}/deploy/common.sh"
Expand Down Expand Up @@ -75,6 +75,11 @@ if [ "$skip_sa_check" != true ]; then
check_service_account
fi

if ! ${KUBECTL} get namespace ${NAMESPACE} -v="${VERBOSITY}";
then
${KUBECTL} create namespace ${NAMESPACE} -v="${VERBOSITY}"
fi

if ! ${KUBECTL} get secret cloud-sa -v="${VERBOSITY}" -n ${NAMESPACE};
then
${KUBECTL} create secret generic cloud-sa -v="${VERBOSITY}" --from-file="${GCE_PD_SA_DIR}/cloud-sa.json" -n ${NAMESPACE}
Expand Down
4 changes: 2 additions & 2 deletions deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ spec:
containers:
- name: csi-resizer
imagePullPolicy: Always
image: quay.io/k8scsi/csi-resizer:canary
image: gke.gcr.io/csi-resizer:v0.2.0-gke.0
args:
- "--v=5"
- "--csi-address=/csi/csi.sock"
volumeMounts:
- name: socket-dir
mountPath: /csi
mountPath: /csi
2 changes: 1 addition & 1 deletion deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ spec:
containers:
- name: csi-snapshotter
imagePullPolicy: Always
image: gke.gcr.io/csi-snapshotter:v1.0.1-gke.0
image: gke.gcr.io/csi-snapshotter:v1.2.0-gke.0
args:
- "--v=5"
- "--csi-address=/csi/csi.sock"
Expand Down
4 changes: 2 additions & 2 deletions deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,12 @@ rules:
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-resizer-role
name: csi-controller-resizer-binding
subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: default
roleRef:
kind: ClusterRole
name: external-resizer-role
apiGroup: rbac.authorization.k8s.io
apiGroup: rbac.authorization.k8s.io
3 changes: 3 additions & 0 deletions deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ rules:
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["update"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create", "list", "watch", "delete"]
Expand Down