Skip to content

Update deployment for 1.24 and 1.25 #989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 18, 2022
Merged

Update deployment for 1.24 and 1.25 #989

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion deploy/kubernetes/base/controller/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,4 @@ namespace:
resources:
- cluster_setup.yaml
- controller.yaml
- psp.yaml
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this change in base also means stable-1.23, stable-1.22, stable-1.21 wont have the psp. in this PR we are adding psp to the 1.24 overlay. should we consistent (i.e either remove psp from all 1.21 and beyond or keep psp in 1.21, 1.22, 1.23, 1.24 and removed from 1.25) ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Arg, you're absolutely right, good catch.

I think we should add it to the old ones so that stable-master is most simple.

- v1_csidriver.yaml
1 change: 0 additions & 1 deletion deploy/kubernetes/base/node_linux/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,3 @@ namespace:
gce-pd-csi-driver
resources:
- node.yaml
- psp.yaml
1 change: 0 additions & 1 deletion deploy/kubernetes/base/node_windows/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,3 @@ namespace:
gce-pd-csi-driver
resources:
- node.yaml
- psp.yaml
4 changes: 2 additions & 2 deletions deploy/kubernetes/deploy-driver.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@
# Args:
# GCE_PD_SA_DIR: Directory the service account key has been saved in (generated
# by setup-project.sh). Ignored if GCE_PD_DRIVER_VERSION == noauth.
# GCE_PD_DRIVER_VERSION: The kustomize overlay (located in
# deploy/kubernetes/overlays) to deploy. Can be one of {stable, dev}
# GCE_PD_DRIVER_VERSION: The kustomize overlay to deploy. See
# `deploy/kubernetes/overlays` for your choices.

set -o nounset
set -o errexit
Expand Down
56 changes: 56 additions & 0 deletions deploy/kubernetes/images/stable-1-24/image.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
apiVersion: builtin
kind: ImageTagTransformer
metadata:
name: imagetag-csi-provisioner
imageTag:
name: k8s.gcr.io/sig-storage/csi-provisioner
newTag: "v3.1.0"

---
apiVersion: builtin
kind: ImageTagTransformer
metadata:
name: imagetag-csi-attacher
imageTag:
name: k8s.gcr.io/sig-storage/csi-attacher
newTag: "v3.4.0"
---

apiVersion: builtin
kind: ImageTagTransformer
metadata:
name: imagetag-csi-resizer
imageTag:
name: k8s.gcr.io/sig-storage/csi-resizer
newTag: "v1.4.0"
---

apiVersion: builtin
kind: ImageTagTransformer
metadata:
name: imagetag-csi-snapshotter
imageTag:
name: k8s.gcr.io/sig-storage/csi-snapshotter
newTag: "v4.0.1"
---

apiVersion: builtin
kind: ImageTagTransformer
metadata:
name: imagetag-csi-node-registrar
imageTag:
name: k8s.gcr.io/sig-storage/csi-node-driver-registrar
newTag: "v2.5.0"
---

apiVersion: builtin
kind: ImageTagTransformer
metadata:
name: imagetag-gcepd-driver
imageTag:
name: gke.gcr.io/gcp-compute-persistent-disk-csi-driver
# Don't change stable image without changing pdImagePlaceholder in
# test/k8s-integration/main.go
newName: k8s.gcr.io/cloud-provider-gcp/gcp-compute-persistent-disk-csi-driver
newTag: "v1.4.0"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's use the updated image?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah.. good point. But which version? Go back to 1.3.6 or up to 1.6.0 which still has the node death problem?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can keep it as is. We will soon cut a new release with fix (1.7)

---
4 changes: 4 additions & 0 deletions deploy/kubernetes/images/stable-1-24/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
namespace:
gce-pd-csi-driver
resources:
- image.yaml
3 changes: 3 additions & 0 deletions deploy/kubernetes/overlays/stable-1-21/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,8 @@ namespace:
gce-pd-csi-driver
resources:
- ../../base/
- psp_controller.yaml
- psp_linux.yaml
- psp_windows.yaml
transformers:
- ../../images/stable-1-21
0 deploy/kubernetes/base/controller/psp.yaml → .../overlays/stable-1-21/psp_controller.yaml
View file
Open in desktop
File renamed without changes.
0 deploy/kubernetes/base/node_linux/psp.yaml → ...netes/overlays/stable-1-21/psp_linux.yaml
View file
Open in desktop
File renamed without changes.
0 deploy/kubernetes/base/node_windows/psp.yaml → ...tes/overlays/stable-1-21/psp_windows.yaml
View file
Open in desktop
File renamed without changes.
3 changes: 3 additions & 0 deletions deploy/kubernetes/overlays/stable-1-22/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,8 @@ namespace:
gce-pd-csi-driver
resources:
- ../../base/
- psp_controller.yaml
- psp_linux.yaml
- psp_windows.yaml
transformers:
- ../../images/stable-1-21
17 changes: 17 additions & 0 deletions deploy/kubernetes/overlays/stable-1-22/psp_controller.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-gce-pd-controller-psp
spec:
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
volumes:
- "emptyDir"
- "secret"
hostNetwork: true
27 changes: 27 additions & 0 deletions deploy/kubernetes/overlays/stable-1-22/psp_linux.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-gce-pd-node-psp
spec:
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
privileged: true
volumes:
- '*'
hostNetwork: true
allowedHostPaths:
- pathPrefix: "/var/lib/kubelet/plugins_registry/"
- pathPrefix: "/var/lib/kubelet"
- pathPrefix: "/var/lib/kubelet/plugins/pd.csi.storage.gke.io/"
- pathPrefix: "/dev"
- pathPrefix: "/etc/udev"
- pathPrefix: "/lib/udev"
- pathPrefix: "/run/udev"
- pathPrefix: "/sys"

30 changes: 30 additions & 0 deletions deploy/kubernetes/overlays/stable-1-22/psp_windows.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-gce-pd-node-psp-win
spec:
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
seLinux:
rule: RunAsAny
volumes:
- '*'
hostNetwork: true
allowedHostPaths:
- pathPrefix: \var\lib\kubelet
- pathPrefix: \var\lib\kubelet\plugins_registry
- pathPrefix: \var\lib\kubelet\plugins\pd.csi.storage.gke.io
- pathPrefix: \\.\pipe\csi-proxy-disk-v1
- pathPrefix: \\.\pipe\csi-proxy-volume-v1
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1
# these paths are allowed only for compatibility mode if the PD CSI driver
# is using the CSI Proxy v1 client and the node is still using the
# beta version of the CSI proxy
- pathPrefix: \\.\pipe\csi-proxy-disk-v1beta2
- pathPrefix: \\.\pipe\csi-proxy-volume-v1beta1
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1beta1

3 changes: 3 additions & 0 deletions deploy/kubernetes/overlays/stable-1-23/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,8 @@ namespace:
gce-pd-csi-driver
resources:
- ../../base/
- psp_controller.yaml
- psp_linux.yaml
- psp_windows.yaml
transformers:
- ../../images/stable-1-23
17 changes: 17 additions & 0 deletions deploy/kubernetes/overlays/stable-1-23/psp_controller.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-gce-pd-controller-psp
spec:
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
volumes:
- "emptyDir"
- "secret"
hostNetwork: true
27 changes: 27 additions & 0 deletions deploy/kubernetes/overlays/stable-1-23/psp_linux.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-gce-pd-node-psp
spec:
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
privileged: true
volumes:
- '*'
hostNetwork: true
allowedHostPaths:
- pathPrefix: "/var/lib/kubelet/plugins_registry/"
- pathPrefix: "/var/lib/kubelet"
- pathPrefix: "/var/lib/kubelet/plugins/pd.csi.storage.gke.io/"
- pathPrefix: "/dev"
- pathPrefix: "/etc/udev"
- pathPrefix: "/lib/udev"
- pathPrefix: "/run/udev"
- pathPrefix: "/sys"

30 changes: 30 additions & 0 deletions deploy/kubernetes/overlays/stable-1-23/psp_windows.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-gce-pd-node-psp-win
spec:
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
seLinux:
rule: RunAsAny
volumes:
- '*'
hostNetwork: true
allowedHostPaths:
- pathPrefix: \var\lib\kubelet
- pathPrefix: \var\lib\kubelet\plugins_registry
- pathPrefix: \var\lib\kubelet\plugins\pd.csi.storage.gke.io
- pathPrefix: \\.\pipe\csi-proxy-disk-v1
- pathPrefix: \\.\pipe\csi-proxy-volume-v1
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1
# these paths are allowed only for compatibility mode if the PD CSI driver
# is using the CSI Proxy v1 client and the node is still using the
# beta version of the CSI proxy
- pathPrefix: \\.\pipe\csi-proxy-disk-v1beta2
- pathPrefix: \\.\pipe\csi-proxy-volume-v1beta1
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1beta1

11 changes: 11 additions & 0 deletions deploy/kubernetes/overlays/stable-1-24/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace:
gce-pd-csi-driver
resources:
- ../../base
- psp_controller.yaml
- psp_linux.yaml
- psp_windows.yaml
transformers:
- ../../images/stable-1-24
17 changes: 17 additions & 0 deletions deploy/kubernetes/overlays/stable-1-24/psp_controller.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-gce-pd-controller-psp
spec:
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
volumes:
- "emptyDir"
- "secret"
hostNetwork: true
27 changes: 27 additions & 0 deletions deploy/kubernetes/overlays/stable-1-24/psp_linux.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-gce-pd-node-psp
spec:
seLinux:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
privileged: true
volumes:
- '*'
hostNetwork: true
allowedHostPaths:
- pathPrefix: "/var/lib/kubelet/plugins_registry/"
- pathPrefix: "/var/lib/kubelet"
- pathPrefix: "/var/lib/kubelet/plugins/pd.csi.storage.gke.io/"
- pathPrefix: "/dev"
- pathPrefix: "/etc/udev"
- pathPrefix: "/lib/udev"
- pathPrefix: "/run/udev"
- pathPrefix: "/sys"

30 changes: 30 additions & 0 deletions deploy/kubernetes/overlays/stable-1-24/psp_windows.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: csi-gce-pd-node-psp-win
spec:
supplementalGroups:
rule: RunAsAny
runAsUser:
rule: RunAsAny
fsGroup:
rule: RunAsAny
seLinux:
rule: RunAsAny
volumes:
- '*'
hostNetwork: true
allowedHostPaths:
- pathPrefix: \var\lib\kubelet
- pathPrefix: \var\lib\kubelet\plugins_registry
- pathPrefix: \var\lib\kubelet\plugins\pd.csi.storage.gke.io
- pathPrefix: \\.\pipe\csi-proxy-disk-v1
- pathPrefix: \\.\pipe\csi-proxy-volume-v1
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1
# these paths are allowed only for compatibility mode if the PD CSI driver
# is using the CSI Proxy v1 client and the node is still using the
# beta version of the CSI proxy
- pathPrefix: \\.\pipe\csi-proxy-disk-v1beta2
- pathPrefix: \\.\pipe\csi-proxy-volume-v1beta1
- pathPrefix: \\.\pipe\csi-proxy-filesystem-v1beta1