New kustomization for pd driver

deploy/kubernetes/base/setup-cluster.yaml → deploy/kubernetes/base/controller/cluster_setup.yaml

@@ -147,33 +147,6 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
 
 ---
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: csi-gce-pd-node-psp
-spec:
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  runAsUser:
-    rule: RunAsAny
-  fsGroup:
-    rule: RunAsAny
-  privileged: true
-  volumes:
-  - '*'
-  hostNetwork: true
-  allowedHostPaths:
-  - pathPrefix: "/var/lib/kubelet/plugins_registry/"
-  - pathPrefix: "/var/lib/kubelet"
-  - pathPrefix: "/var/lib/kubelet/plugins/pd.csi.storage.gke.io/"
-  - pathPrefix: "/dev"
-  - pathPrefix: "/etc/udev"
-  - pathPrefix: "/lib/udev"
-  - pathPrefix: "/run/udev"
-  - pathPrefix: "/sys"
----
 
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -187,6 +160,18 @@ rules:
     - csi-gce-pd-node-psp
 ---
 
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-gce-pd-node-deploy-win
+rules:
+  - apiGroups: ['policy']
+    resources: ['podsecuritypolicies']
+    verbs:     ['use']
+    resourceNames:
+    - csi-gce-pd-node-psp-win
+---
+
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -196,9 +181,35 @@ roleRef:
   kind: ClusterRole
   name: csi-gce-pd-node-deploy
 subjects:
+- kind: ServiceAccount
+  name: csi-gce-pd-node-sa
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: csi-gce-pd-node-win
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: csi-gce-pd-node-deploy-win
+subjects:
 - kind: ServiceAccount
   name: csi-gce-pd-node-sa
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: csi-gce-pd-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: csi-gce-pd-node-deploy
+subjects:
+- kind: ServiceAccount
+  name: csi-gce-pd-controller-sa
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -231,7 +242,6 @@ roleRef:
   kind: ClusterRole
   name: csi-gce-pd-snapshotter-role
   apiGroup: rbac.authorization.k8s.io
-
 ---
 
 kind: Role
@@ -262,3 +272,4 @@ roleRef:
   kind: Role
   name: csi-gce-pd-leaderelection-role
   apiGroup: rbac.authorization.k8s.io
+

deploy/kubernetes/base/controller.yaml → deploy/kubernetes/base/controller/controller.yaml

@@ -17,6 +17,8 @@ spec:
       # this requirement when issue is resolved and before any exposure of
       # metrics ports
       hostNetwork: true
+      nodeSelector:
+        kubernetes.io/os: linux
       serviceAccountName: csi-gce-pd-controller-sa
       priorityClassName: csi-gce-pd-controller
       containers:

deploy/kubernetes/base/controller/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace:
+  gce-pd-csi-driver
+resources:
+- cluster_setup.yaml
+- controller.yaml

deploy/kubernetes/base/kustomization.yaml

@@ -1,8 +1,8 @@
-commonLabels:
-  k8s-app: gcp-compute-persistent-disk-csi-driver
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 namespace:
   gce-pd-csi-driver
 resources:
-- node.yaml
-- controller.yaml
-- setup-cluster.yaml
+- controller
+- node_linux
+- node_windows

deploy/kubernetes/base/node_linux/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace:
+  gce-pd-csi-driver
+resources:
+- node.yaml
+- psp.yaml

deploy/kubernetes/base/node.yaml → deploy/kubernetes/base/node_linux/node.yaml

@@ -19,17 +19,15 @@ spec:
       hostNetwork: true
       priorityClassName: csi-gce-pd-node
       serviceAccountName: csi-gce-pd-node-sa
+      nodeSelector:
+        kubernetes.io/os: linux
       containers:
         - name: csi-driver-registrar
           image: gke.gcr.io/csi-node-driver-registrar
           args:
             - "--v=5"
             - "--csi-address=/csi/csi.sock"
             - "--kubelet-registration-path=/var/lib/kubelet/plugins/pd.csi.storage.gke.io/csi.sock"
-          lifecycle:
-            preStop:
-              exec:
-                command: ["/bin/sh", "-c", "rm -rf /registration/pd.csi.storage.gke.io /registration/pd.csi.storage.gke.io-reg.sock"]
           env:
             - name: KUBE_NODE_NAME
               valueFrom:
@@ -41,14 +39,14 @@ spec:
             - name: registration-dir
               mountPath: /registration
         - name: gce-pd-driver
-          securityContext:
-            privileged: true
           # Don't change base image without changing pdImagePlaceholder in
           # test/k8s-integration/main.go
           image: gke.gcr.io/gcp-compute-persistent-disk-csi-driver
           args:
             - "--v=5"
             - "--endpoint=unix:/csi/csi.sock"
+          securityContext:
+            privileged: true
           volumeMounts:
             - name: kubelet-dir
               mountPath: /var/lib/kubelet
@@ -67,8 +65,6 @@ spec:
               mountPath: /run/udev
             - name: sys
               mountPath: /sys
-      nodeSelector:
-        kubernetes.io/os: linux
       volumes:
         - name: registration-dir
           hostPath:

deploy/kubernetes/base/node_linux/psp.yaml

@@ -0,0 +1,27 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: csi-gce-pd-node-psp
+spec:
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  runAsUser:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  privileged: true
+  volumes:
+  - '*'
+  hostNetwork: true
+  allowedHostPaths:
+  - pathPrefix: "/var/lib/kubelet/plugins_registry/"
+  - pathPrefix: "/var/lib/kubelet"
+  - pathPrefix: "/var/lib/kubelet/plugins/pd.csi.storage.gke.io/"
+  - pathPrefix: "/dev"
+  - pathPrefix: "/etc/udev"
+  - pathPrefix: "/lib/udev"
+  - pathPrefix: "/run/udev"
+  - pathPrefix: "/sys"
+

deploy/kubernetes/base/node_windows/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace:
+  gce-pd-csi-driver
+resources:
+- node.yaml
+- psp.yaml

deploy/kubernetes/base/node_windows/node.yaml

@@ -0,0 +1,85 @@
+#TODO(#40): Force DaemonSet to not run on master.
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: csi-gce-pd-node-win
+spec:
+  selector:
+    matchLabels:
+      app: gcp-compute-persistent-disk-csi-driver-win
+  template:
+    metadata:
+      labels:
+        app: gcp-compute-persistent-disk-csi-driver-win
+    spec:
+      # Host network must be used for interaction with Workload Identity in GKE
+      # since it replaces GCE Metadata Server with GKE Metadata Server. Remove
+      # this requirement when issue is resolved and before any exposure of
+      # metrics ports. But hostNetwork is not working for Windows, might be an issue
+      # when deploying on GKE Windows node.
+      # hostNetwork: true
+      priorityClassName: csi-gce-pd-node
+      serviceAccountName: csi-gce-pd-node-sa
+      nodeSelector:
+        kubernetes.io/os: windows
+      containers:
+        - name: csi-driver-registrar
+          image: gke.gcr.io/k8s-staging-csi/csi-node-driver-registrar-win
+          args:
+            - --v=5
+            - --csi-address=unix://C:\\csi\\csi.sock
+            - --kubelet-registration-path=C:\\var\\lib\\kubelet\\plugins\\pd.csi.storage.gke.io\\csi.sock
+          env:
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /csi
+            - name: registration-dir
+              mountPath: /registration
+        - name: gce-pd-driver
+          # Don't change base image without changing pdImagePlaceholder in
+          # test/k8s-integration/main.go
+          image: gke.gcr.io/gcp-compute-persistent-disk-csi-driver-win
+          args:
+            - "--v=5"
+            - "--endpoint=unix:/csi/csi.sock"
+          volumeMounts:
+            - name: kubelet-dir
+              mountPath: C:\var\lib\kubelet
+              mountPropagation: "None"
+            - name: plugin-dir
+              mountPath: C:\csi
+            - name: csi-proxy-disk-pipe
+              mountPath: \\.\pipe\csi-proxy-disk-v1alpha1
+            - name: csi-proxy-volume-pipe
+              mountPath: \\.\pipe\csi-proxy-volume-v1alpha1
+            - name: csi-proxy-filesystem-pipe
+              mountPath: \\.\pipe\csi-proxy-filesystem-v1alpha1
+      volumes:
+      - name: csi-proxy-disk-pipe
+        hostPath:
+          path: \\.\pipe\csi-proxy-disk-v1alpha1
+          type: ""
+      - name: csi-proxy-volume-pipe
+        hostPath:
+          path: \\.\pipe\csi-proxy-volume-v1alpha1
+          type: ""
+      - name: csi-proxy-filesystem-pipe
+        hostPath:
+          path: \\.\pipe\csi-proxy-filesystem-v1alpha1
+          type: ""
+      - name: registration-dir
+        hostPath:
+          path: \var\lib\kubelet\plugins_registry
+          type: Directory
+      - name: kubelet-dir
+        hostPath:
+          path: \var\lib\kubelet
+          type: Directory
+      - name: plugin-dir
+        hostPath:
+          path: \var\lib\kubelet\plugins\pd.csi.storage.gke.io
+          type: DirectoryOrCreate

deploy/kubernetes/base/node_windows/psp.yaml

@@ -0,0 +1,24 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: csi-gce-pd-node-psp-win
+spec:
+  supplementalGroups:
+    rule: RunAsAny
+  runAsUser:
+    rule: RunAsAny
+  fsGroup:
+    rule: RunAsAny
+  seLinux:
+    rule: RunAsAny
+  volumes:
+  - '*'
+  hostNetwork: true
+  allowedHostPaths:
+  - pathPrefix: \var\lib\kubelet
+  - pathPrefix: \var\lib\kubelet\plugins_registry
+  - pathPrefix: \var\lib\kubelet\plugins\pd.csi.storage.gke.io
+  - pathPrefix: \\.\pipe\csi-proxy-disk-v1alpha1
+  - pathPrefix: \\.\pipe\csi-proxy-volume-v1alpha1
+  - pathPrefix: \\.\pipe\csi-proxy-filesystem-v1alpha1
+

deploy/kubernetes/deploy-driver.sh

@@ -97,4 +97,3 @@ ${KUBECTL} version
 readonly tmp_spec=/tmp/gcp-compute-persistent-disk-csi-driver-specs-generated.yaml
 ${KUSTOMIZE_PATH} build ${PKGDIR}/deploy/kubernetes/overlays/${DEPLOY_VERSION} | tee $tmp_spec
 ${KUBECTL} apply -v="${VERBOSITY}" -f $tmp_spec
-

deploy/kubernetes/images/alpha/image.yaml

@@ -0,0 +1,18 @@
+apiVersion: builtin
+kind: ImageTagTransformer
+metadata:
+  name: imagetag-gcepd-driver-alpha-win
+imageTag:
+  name: gke.gcr.io/gcp-compute-persistent-disk-csi-driver-win
+  newName: gcr.io/jing-k8s-dev/gce-pd-windows-2019
+  newTag: "0.2.0"
+---
+
+apiVersion: builtin
+kind: ImageTagTransformer
+metadata:
+  name: imagetag-node-registrar-win
+imageTag:
+  name: gke.gcr.io/k8s-staging-csi/csi-node-driver-registrar-win
+  newName: gcr.io/k8s-staging-csi/csi-node-driver-registrar
+  newTag: "amd64-windows-v20200428-v1.3.0-26-g510710d5"

deploy/kubernetes/images/alpha/kustomization.yaml

@@ -0,0 +1,5 @@
+namespace:
+  gce-pd-csi-driver
+resources:
+- ../stable/
+- image.yaml

deploy/kubernetes/images/dev/image.yaml

@@ -0,0 +1,8 @@
+apiVersion: builtin
+kind: ImageTagTransformer
+metadata:
+  name: imagetag-gcepd-driver-dev
+imageTag:
+  name: gke.gcr.io/gcp-compute-persistent-disk-csi-driver
+  newName: gcr.io/dyzz-csi-staging/csi/gce-pd-driver
+  newTag: "latest"

deploy/kubernetes/images/dev/kustomization.yaml

@@ -0,0 +1,5 @@
+namespace:
+  gce-pd-csi-driver
+resources:
+- ../alpha/
+- image.yaml