From 2c5b3d41209891b3bb2dbfecd6a8b307f1e669c8 Mon Sep 17 00:00:00 2001 From: Matthew Cary Date: Tue, 17 May 2022 18:07:03 -0700 Subject: [PATCH] Update deployment for 1.24 and 1.25 Change-Id: I694842d570567faf879897d35c4516b2bfd74759 --- .../base/controller/kustomization.yaml | 1 - .../base/node_linux/kustomization.yaml | 1 - .../base/node_windows/kustomization.yaml | 1 - deploy/kubernetes/deploy-driver.sh | 4 +- .../kubernetes/images/stable-1-24/image.yaml | 56 +++++++++++++++++++ .../images/stable-1-24/kustomization.yaml | 4 ++ .../overlays/stable-1-21/kustomization.yaml | 3 + .../stable-1-21/psp_controller.yaml} | 0 .../stable-1-21/psp_linux.yaml} | 0 .../stable-1-21/psp_windows.yaml} | 0 .../overlays/stable-1-22/kustomization.yaml | 3 + .../overlays/stable-1-22/psp_controller.yaml | 17 ++++++ .../overlays/stable-1-22/psp_linux.yaml | 27 +++++++++ .../overlays/stable-1-22/psp_windows.yaml | 30 ++++++++++ .../overlays/stable-1-23/kustomization.yaml | 3 + .../overlays/stable-1-23/psp_controller.yaml | 17 ++++++ .../overlays/stable-1-23/psp_linux.yaml | 27 +++++++++ .../overlays/stable-1-23/psp_windows.yaml | 30 ++++++++++ .../overlays/stable-1-24/kustomization.yaml | 11 ++++ .../overlays/stable-1-24/psp_controller.yaml | 17 ++++++ .../overlays/stable-1-24/psp_linux.yaml | 27 +++++++++ .../overlays/stable-1-24/psp_windows.yaml | 30 ++++++++++ 22 files changed, 304 insertions(+), 5 deletions(-) create mode 100644 deploy/kubernetes/images/stable-1-24/image.yaml create mode 100644 deploy/kubernetes/images/stable-1-24/kustomization.yaml rename deploy/kubernetes/{base/controller/psp.yaml => overlays/stable-1-21/psp_controller.yaml} (100%) rename deploy/kubernetes/{base/node_linux/psp.yaml => overlays/stable-1-21/psp_linux.yaml} (100%) rename deploy/kubernetes/{base/node_windows/psp.yaml => overlays/stable-1-21/psp_windows.yaml} (100%) create mode 100644 deploy/kubernetes/overlays/stable-1-22/psp_controller.yaml create mode 100644 deploy/kubernetes/overlays/stable-1-22/psp_linux.yaml create mode 100644 deploy/kubernetes/overlays/stable-1-22/psp_windows.yaml create mode 100644 deploy/kubernetes/overlays/stable-1-23/psp_controller.yaml create mode 100644 deploy/kubernetes/overlays/stable-1-23/psp_linux.yaml create mode 100644 deploy/kubernetes/overlays/stable-1-23/psp_windows.yaml create mode 100644 deploy/kubernetes/overlays/stable-1-24/kustomization.yaml create mode 100644 deploy/kubernetes/overlays/stable-1-24/psp_controller.yaml create mode 100644 deploy/kubernetes/overlays/stable-1-24/psp_linux.yaml create mode 100644 deploy/kubernetes/overlays/stable-1-24/psp_windows.yaml diff --git a/deploy/kubernetes/base/controller/kustomization.yaml b/deploy/kubernetes/base/controller/kustomization.yaml index e300499c8..7d1c5065c 100644 --- a/deploy/kubernetes/base/controller/kustomization.yaml +++ b/deploy/kubernetes/base/controller/kustomization.yaml @@ -5,5 +5,4 @@ namespace: resources: - cluster_setup.yaml - controller.yaml -- psp.yaml - v1_csidriver.yaml diff --git a/deploy/kubernetes/base/node_linux/kustomization.yaml b/deploy/kubernetes/base/node_linux/kustomization.yaml index 661921d55..f87fb5166 100644 --- a/deploy/kubernetes/base/node_linux/kustomization.yaml +++ b/deploy/kubernetes/base/node_linux/kustomization.yaml @@ -4,4 +4,3 @@ namespace: gce-pd-csi-driver resources: - node.yaml -- psp.yaml diff --git a/deploy/kubernetes/base/node_windows/kustomization.yaml b/deploy/kubernetes/base/node_windows/kustomization.yaml index 661921d55..f87fb5166 100644 --- a/deploy/kubernetes/base/node_windows/kustomization.yaml +++ b/deploy/kubernetes/base/node_windows/kustomization.yaml @@ -4,4 +4,3 @@ namespace: gce-pd-csi-driver resources: - node.yaml -- psp.yaml diff --git a/deploy/kubernetes/deploy-driver.sh b/deploy/kubernetes/deploy-driver.sh index 4f6443eed..3c4a893cd 100755 --- a/deploy/kubernetes/deploy-driver.sh +++ b/deploy/kubernetes/deploy-driver.sh @@ -10,8 +10,8 @@ # Args: # GCE_PD_SA_DIR: Directory the service account key has been saved in (generated # by setup-project.sh). Ignored if GCE_PD_DRIVER_VERSION == noauth. -# GCE_PD_DRIVER_VERSION: The kustomize overlay (located in -# deploy/kubernetes/overlays) to deploy. Can be one of {stable, dev} +# GCE_PD_DRIVER_VERSION: The kustomize overlay to deploy. See +# `deploy/kubernetes/overlays` for your choices. set -o nounset set -o errexit diff --git a/deploy/kubernetes/images/stable-1-24/image.yaml b/deploy/kubernetes/images/stable-1-24/image.yaml new file mode 100644 index 000000000..110e6ee67 --- /dev/null +++ b/deploy/kubernetes/images/stable-1-24/image.yaml @@ -0,0 +1,56 @@ +apiVersion: builtin +kind: ImageTagTransformer +metadata: + name: imagetag-csi-provisioner +imageTag: + name: k8s.gcr.io/sig-storage/csi-provisioner + newTag: "v3.1.0" + +--- +apiVersion: builtin +kind: ImageTagTransformer +metadata: + name: imagetag-csi-attacher +imageTag: + name: k8s.gcr.io/sig-storage/csi-attacher + newTag: "v3.4.0" +--- + +apiVersion: builtin +kind: ImageTagTransformer +metadata: + name: imagetag-csi-resizer +imageTag: + name: k8s.gcr.io/sig-storage/csi-resizer + newTag: "v1.4.0" +--- + +apiVersion: builtin +kind: ImageTagTransformer +metadata: + name: imagetag-csi-snapshotter +imageTag: + name: k8s.gcr.io/sig-storage/csi-snapshotter + newTag: "v4.0.1" +--- + +apiVersion: builtin +kind: ImageTagTransformer +metadata: + name: imagetag-csi-node-registrar +imageTag: + name: k8s.gcr.io/sig-storage/csi-node-driver-registrar + newTag: "v2.5.0" +--- + +apiVersion: builtin +kind: ImageTagTransformer +metadata: + name: imagetag-gcepd-driver +imageTag: + name: gke.gcr.io/gcp-compute-persistent-disk-csi-driver + # Don't change stable image without changing pdImagePlaceholder in + # test/k8s-integration/main.go + newName: k8s.gcr.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver + newTag: "v1.4.0" +--- diff --git a/deploy/kubernetes/images/stable-1-24/kustomization.yaml b/deploy/kubernetes/images/stable-1-24/kustomization.yaml new file mode 100644 index 000000000..f16988f1b --- /dev/null +++ b/deploy/kubernetes/images/stable-1-24/kustomization.yaml @@ -0,0 +1,4 @@ +namespace: + gce-pd-csi-driver +resources: +- image.yaml diff --git a/deploy/kubernetes/overlays/stable-1-21/kustomization.yaml b/deploy/kubernetes/overlays/stable-1-21/kustomization.yaml index 6665a3e9d..131348a9c 100644 --- a/deploy/kubernetes/overlays/stable-1-21/kustomization.yaml +++ b/deploy/kubernetes/overlays/stable-1-21/kustomization.yaml @@ -4,5 +4,8 @@ namespace: gce-pd-csi-driver resources: - ../../base/ +- psp_controller.yaml +- psp_linux.yaml +- psp_windows.yaml transformers: - ../../images/stable-1-21 diff --git a/deploy/kubernetes/base/controller/psp.yaml b/deploy/kubernetes/overlays/stable-1-21/psp_controller.yaml similarity index 100% rename from deploy/kubernetes/base/controller/psp.yaml rename to deploy/kubernetes/overlays/stable-1-21/psp_controller.yaml diff --git a/deploy/kubernetes/base/node_linux/psp.yaml b/deploy/kubernetes/overlays/stable-1-21/psp_linux.yaml similarity index 100% rename from deploy/kubernetes/base/node_linux/psp.yaml rename to deploy/kubernetes/overlays/stable-1-21/psp_linux.yaml diff --git a/deploy/kubernetes/base/node_windows/psp.yaml b/deploy/kubernetes/overlays/stable-1-21/psp_windows.yaml similarity index 100% rename from deploy/kubernetes/base/node_windows/psp.yaml rename to deploy/kubernetes/overlays/stable-1-21/psp_windows.yaml diff --git a/deploy/kubernetes/overlays/stable-1-22/kustomization.yaml b/deploy/kubernetes/overlays/stable-1-22/kustomization.yaml index 6665a3e9d..131348a9c 100644 --- a/deploy/kubernetes/overlays/stable-1-22/kustomization.yaml +++ b/deploy/kubernetes/overlays/stable-1-22/kustomization.yaml @@ -4,5 +4,8 @@ namespace: gce-pd-csi-driver resources: - ../../base/ +- psp_controller.yaml +- psp_linux.yaml +- psp_windows.yaml transformers: - ../../images/stable-1-21 diff --git a/deploy/kubernetes/overlays/stable-1-22/psp_controller.yaml b/deploy/kubernetes/overlays/stable-1-22/psp_controller.yaml new file mode 100644 index 000000000..2e3a18385 --- /dev/null +++ b/deploy/kubernetes/overlays/stable-1-22/psp_controller.yaml @@ -0,0 +1,17 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: csi-gce-pd-controller-psp +spec: + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - "emptyDir" + - "secret" + hostNetwork: true diff --git a/deploy/kubernetes/overlays/stable-1-22/psp_linux.yaml b/deploy/kubernetes/overlays/stable-1-22/psp_linux.yaml new file mode 100644 index 000000000..079b28226 --- /dev/null +++ b/deploy/kubernetes/overlays/stable-1-22/psp_linux.yaml @@ -0,0 +1,27 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: csi-gce-pd-node-psp +spec: + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + privileged: true + volumes: + - '*' + hostNetwork: true + allowedHostPaths: + - pathPrefix: "/var/lib/kubelet/plugins_registry/" + - pathPrefix: "/var/lib/kubelet" + - pathPrefix: "/var/lib/kubelet/plugins/pd.csi.storage.gke.io/" + - pathPrefix: "/dev" + - pathPrefix: "/etc/udev" + - pathPrefix: "/lib/udev" + - pathPrefix: "/run/udev" + - pathPrefix: "/sys" + diff --git a/deploy/kubernetes/overlays/stable-1-22/psp_windows.yaml b/deploy/kubernetes/overlays/stable-1-22/psp_windows.yaml new file mode 100644 index 000000000..557660a00 --- /dev/null +++ b/deploy/kubernetes/overlays/stable-1-22/psp_windows.yaml @@ -0,0 +1,30 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: csi-gce-pd-node-psp-win +spec: + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + seLinux: + rule: RunAsAny + volumes: + - '*' + hostNetwork: true + allowedHostPaths: + - pathPrefix: \var\lib\kubelet + - pathPrefix: \var\lib\kubelet\plugins_registry + - pathPrefix: \var\lib\kubelet\plugins\pd.csi.storage.gke.io + - pathPrefix: \\.\pipe\csi-proxy-disk-v1 + - pathPrefix: \\.\pipe\csi-proxy-volume-v1 + - pathPrefix: \\.\pipe\csi-proxy-filesystem-v1 + # these paths are allowed only for compatibility mode if the PD CSI driver + # is using the CSI Proxy v1 client and the node is still using the + # beta version of the CSI proxy + - pathPrefix: \\.\pipe\csi-proxy-disk-v1beta2 + - pathPrefix: \\.\pipe\csi-proxy-volume-v1beta1 + - pathPrefix: \\.\pipe\csi-proxy-filesystem-v1beta1 + diff --git a/deploy/kubernetes/overlays/stable-1-23/kustomization.yaml b/deploy/kubernetes/overlays/stable-1-23/kustomization.yaml index e95118c9f..5b76e3288 100644 --- a/deploy/kubernetes/overlays/stable-1-23/kustomization.yaml +++ b/deploy/kubernetes/overlays/stable-1-23/kustomization.yaml @@ -4,5 +4,8 @@ namespace: gce-pd-csi-driver resources: - ../../base/ +- psp_controller.yaml +- psp_linux.yaml +- psp_windows.yaml transformers: - ../../images/stable-1-23 diff --git a/deploy/kubernetes/overlays/stable-1-23/psp_controller.yaml b/deploy/kubernetes/overlays/stable-1-23/psp_controller.yaml new file mode 100644 index 000000000..2e3a18385 --- /dev/null +++ b/deploy/kubernetes/overlays/stable-1-23/psp_controller.yaml @@ -0,0 +1,17 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: csi-gce-pd-controller-psp +spec: + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - "emptyDir" + - "secret" + hostNetwork: true diff --git a/deploy/kubernetes/overlays/stable-1-23/psp_linux.yaml b/deploy/kubernetes/overlays/stable-1-23/psp_linux.yaml new file mode 100644 index 000000000..079b28226 --- /dev/null +++ b/deploy/kubernetes/overlays/stable-1-23/psp_linux.yaml @@ -0,0 +1,27 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: csi-gce-pd-node-psp +spec: + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + privileged: true + volumes: + - '*' + hostNetwork: true + allowedHostPaths: + - pathPrefix: "/var/lib/kubelet/plugins_registry/" + - pathPrefix: "/var/lib/kubelet" + - pathPrefix: "/var/lib/kubelet/plugins/pd.csi.storage.gke.io/" + - pathPrefix: "/dev" + - pathPrefix: "/etc/udev" + - pathPrefix: "/lib/udev" + - pathPrefix: "/run/udev" + - pathPrefix: "/sys" + diff --git a/deploy/kubernetes/overlays/stable-1-23/psp_windows.yaml b/deploy/kubernetes/overlays/stable-1-23/psp_windows.yaml new file mode 100644 index 000000000..557660a00 --- /dev/null +++ b/deploy/kubernetes/overlays/stable-1-23/psp_windows.yaml @@ -0,0 +1,30 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: csi-gce-pd-node-psp-win +spec: + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + seLinux: + rule: RunAsAny + volumes: + - '*' + hostNetwork: true + allowedHostPaths: + - pathPrefix: \var\lib\kubelet + - pathPrefix: \var\lib\kubelet\plugins_registry + - pathPrefix: \var\lib\kubelet\plugins\pd.csi.storage.gke.io + - pathPrefix: \\.\pipe\csi-proxy-disk-v1 + - pathPrefix: \\.\pipe\csi-proxy-volume-v1 + - pathPrefix: \\.\pipe\csi-proxy-filesystem-v1 + # these paths are allowed only for compatibility mode if the PD CSI driver + # is using the CSI Proxy v1 client and the node is still using the + # beta version of the CSI proxy + - pathPrefix: \\.\pipe\csi-proxy-disk-v1beta2 + - pathPrefix: \\.\pipe\csi-proxy-volume-v1beta1 + - pathPrefix: \\.\pipe\csi-proxy-filesystem-v1beta1 + diff --git a/deploy/kubernetes/overlays/stable-1-24/kustomization.yaml b/deploy/kubernetes/overlays/stable-1-24/kustomization.yaml new file mode 100644 index 000000000..70a57aac4 --- /dev/null +++ b/deploy/kubernetes/overlays/stable-1-24/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: + gce-pd-csi-driver +resources: +- ../../base +- psp_controller.yaml +- psp_linux.yaml +- psp_windows.yaml +transformers: +- ../../images/stable-1-24 diff --git a/deploy/kubernetes/overlays/stable-1-24/psp_controller.yaml b/deploy/kubernetes/overlays/stable-1-24/psp_controller.yaml new file mode 100644 index 000000000..2e3a18385 --- /dev/null +++ b/deploy/kubernetes/overlays/stable-1-24/psp_controller.yaml @@ -0,0 +1,17 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: csi-gce-pd-controller-psp +spec: + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + volumes: + - "emptyDir" + - "secret" + hostNetwork: true diff --git a/deploy/kubernetes/overlays/stable-1-24/psp_linux.yaml b/deploy/kubernetes/overlays/stable-1-24/psp_linux.yaml new file mode 100644 index 000000000..079b28226 --- /dev/null +++ b/deploy/kubernetes/overlays/stable-1-24/psp_linux.yaml @@ -0,0 +1,27 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: csi-gce-pd-node-psp +spec: + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + privileged: true + volumes: + - '*' + hostNetwork: true + allowedHostPaths: + - pathPrefix: "/var/lib/kubelet/plugins_registry/" + - pathPrefix: "/var/lib/kubelet" + - pathPrefix: "/var/lib/kubelet/plugins/pd.csi.storage.gke.io/" + - pathPrefix: "/dev" + - pathPrefix: "/etc/udev" + - pathPrefix: "/lib/udev" + - pathPrefix: "/run/udev" + - pathPrefix: "/sys" + diff --git a/deploy/kubernetes/overlays/stable-1-24/psp_windows.yaml b/deploy/kubernetes/overlays/stable-1-24/psp_windows.yaml new file mode 100644 index 000000000..557660a00 --- /dev/null +++ b/deploy/kubernetes/overlays/stable-1-24/psp_windows.yaml @@ -0,0 +1,30 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: csi-gce-pd-node-psp-win +spec: + supplementalGroups: + rule: RunAsAny + runAsUser: + rule: RunAsAny + fsGroup: + rule: RunAsAny + seLinux: + rule: RunAsAny + volumes: + - '*' + hostNetwork: true + allowedHostPaths: + - pathPrefix: \var\lib\kubelet + - pathPrefix: \var\lib\kubelet\plugins_registry + - pathPrefix: \var\lib\kubelet\plugins\pd.csi.storage.gke.io + - pathPrefix: \\.\pipe\csi-proxy-disk-v1 + - pathPrefix: \\.\pipe\csi-proxy-volume-v1 + - pathPrefix: \\.\pipe\csi-proxy-filesystem-v1 + # these paths are allowed only for compatibility mode if the PD CSI driver + # is using the CSI Proxy v1 client and the node is still using the + # beta version of the CSI proxy + - pathPrefix: \\.\pipe\csi-proxy-disk-v1beta2 + - pathPrefix: \\.\pipe\csi-proxy-volume-v1beta1 + - pathPrefix: \\.\pipe\csi-proxy-filesystem-v1beta1 +