This repository has been archived by the owner on Jun 29, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 49
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Changes the helm chart into the one from upstream, and moves IAM role setup to the controllers instead of the workers. In addition, the setup of the roles has been made optional with the `set_csi_driver_iam_role` variable on the cluster config.
- Loading branch information
1 parent
ca02e77
commit a559e06
Showing
27 changed files
with
704 additions
and
198 deletions.
There are no files selected for viewing
3 changes: 3 additions & 0 deletions
3
assets/components/aws-ebs-csi-driver/manifests/templates/NOTES.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
To verify that aws-ebs-csi-driver has started, run: | ||
|
||
kubectl get pod -n kube-system -l "app.kubernetes.io/name={{ include "aws-ebs-csi-driver.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" |
69 changes: 69 additions & 0 deletions
69
assets/components/aws-ebs-csi-driver/manifests/templates/_helpers.tpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
{{/* vim: set filetype=mustache: */}} | ||
{{/* | ||
Expand the name of the chart. | ||
*/}} | ||
{{- define "aws-ebs-csi-driver.name" -}} | ||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create a default fully qualified app name. | ||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). | ||
If release name contains chart name it will be used as a full name. | ||
*/}} | ||
{{- define "aws-ebs-csi-driver.fullname" -}} | ||
{{- if .Values.fullnameOverride -}} | ||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- $name := default .Chart.Name .Values.nameOverride -}} | ||
{{- if contains $name .Release.Name -}} | ||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}} | ||
{{- else -}} | ||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
{{- end -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Create chart name and version as used by the chart label. | ||
*/}} | ||
{{- define "aws-ebs-csi-driver.chart" -}} | ||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} | ||
{{- end -}} | ||
|
||
{{/* | ||
Common labels | ||
*/}} | ||
{{- define "aws-ebs-csi-driver.labels" -}} | ||
{{ include "aws-ebs-csi-driver.selectorLabels" . }} | ||
{{- if ne .Release.Name "kustomize" }} | ||
helm.sh/chart: {{ include "aws-ebs-csi-driver.chart" . }} | ||
{{- if .Chart.AppVersion }} | ||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | ||
{{- end }} | ||
app.kubernetes.io/managed-by: {{ .Release.Service }} | ||
{{- end }} | ||
{{- end -}} | ||
|
||
{{/* | ||
Common selector labels | ||
*/}} | ||
{{- define "aws-ebs-csi-driver.selectorLabels" -}} | ||
app.kubernetes.io/name: {{ include "aws-ebs-csi-driver.name" . }} | ||
{{- if ne .Release.Name "kustomize" }} | ||
app.kubernetes.io/instance: {{ .Release.Name }} | ||
{{- end }} | ||
{{- end -}} | ||
|
||
{{/* | ||
Convert the `--extra-volume-tags` command line arg from a map. | ||
*/}} | ||
{{- define "aws-ebs-csi-driver.extra-volume-tags" -}} | ||
{{- $result := dict "pairs" (list) -}} | ||
{{- range $key, $value := .Values.extraVolumeTags -}} | ||
{{- $noop := printf "%s=%s" $key $value | append $result.pairs | set $result "pairs" -}} | ||
{{- end -}} | ||
{{- if gt (len $result.pairs) 0 -}} | ||
{{- printf "%s=%s" "- --extra-volume-tags" (join "," $result.pairs) -}} | ||
{{- end -}} | ||
{{- end -}} |
20 changes: 20 additions & 0 deletions
20
assets/components/aws-ebs-csi-driver/manifests/templates/clusterrole-attacher.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
--- | ||
kind: ClusterRole | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: ebs-external-attacher-role | ||
labels: | ||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} | ||
rules: | ||
- apiGroups: [""] | ||
resources: ["persistentvolumes"] | ||
verbs: ["get", "list", "watch", "update"] | ||
- apiGroups: [""] | ||
resources: ["nodes"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: ["csi.storage.k8s.io"] | ||
resources: ["csinodeinfos"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: ["storage.k8s.io"] | ||
resources: ["volumeattachments"] | ||
verbs: ["get", "list", "watch", "update"] |
35 changes: 35 additions & 0 deletions
35
assets/components/aws-ebs-csi-driver/manifests/templates/clusterrole-provisioner.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
--- | ||
kind: ClusterRole | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: ebs-external-provisioner-role | ||
labels: | ||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} | ||
rules: | ||
- apiGroups: [""] | ||
resources: ["persistentvolumes"] | ||
verbs: ["get", "list", "watch", "create", "delete"] | ||
- apiGroups: [""] | ||
resources: ["persistentvolumeclaims"] | ||
verbs: ["get", "list", "watch", "update"] | ||
- apiGroups: ["storage.k8s.io"] | ||
resources: ["storageclasses"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: [""] | ||
resources: ["events"] | ||
verbs: ["list", "watch", "create", "update", "patch"] | ||
- apiGroups: ["snapshot.storage.k8s.io"] | ||
resources: ["volumesnapshots"] | ||
verbs: ["get", "list"] | ||
- apiGroups: ["snapshot.storage.k8s.io"] | ||
resources: ["volumesnapshotcontents"] | ||
verbs: ["get", "list"] | ||
- apiGroups: ["storage.k8s.io"] | ||
resources: ["csinodes"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: [""] | ||
resources: ["nodes"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: ["coordination.k8s.io"] | ||
resources: ["leases"] | ||
verbs: ["get", "watch", "list", "delete", "update", "create"] |
31 changes: 31 additions & 0 deletions
31
assets/components/aws-ebs-csi-driver/manifests/templates/clusterrole-resizer.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{{- if .Values.enableVolumeResizing }} | ||
--- | ||
kind: ClusterRole | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: ebs-external-resizer-role | ||
labels: | ||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} | ||
rules: | ||
# The following rule should be uncommented for plugins that require secrets | ||
# for provisioning. | ||
# - apiGroups: [""] | ||
# resources: ["secrets"] | ||
# verbs: ["get", "list", "watch"] | ||
- apiGroups: [""] | ||
resources: ["persistentvolumes"] | ||
verbs: ["get", "list", "watch", "update", "patch"] | ||
- apiGroups: [""] | ||
resources: ["persistentvolumeclaims"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: [""] | ||
resources: ["persistentvolumeclaims/status"] | ||
verbs: ["update", "patch"] | ||
- apiGroups: ["storage.k8s.io"] | ||
resources: ["storageclasses"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: [""] | ||
resources: ["events"] | ||
verbs: ["list", "watch", "create", "update", "patch"] | ||
|
||
{{- end}} |
35 changes: 35 additions & 0 deletions
35
...ts/components/aws-ebs-csi-driver/manifests/templates/clusterrole-snapshot-controller.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
{{- if .Values.enableVolumeSnapshot }} | ||
--- | ||
kind: ClusterRole | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: ebs-snapshot-controller-role | ||
labels: | ||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} | ||
rules: | ||
- apiGroups: [""] | ||
resources: ["persistentvolumes"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: [""] | ||
resources: ["persistentvolumeclaims"] | ||
verbs: ["get", "list", "watch", "update"] | ||
- apiGroups: ["storage.k8s.io"] | ||
resources: ["storageclasses"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: [""] | ||
resources: ["events"] | ||
verbs: ["list", "watch", "create", "update", "patch"] | ||
- apiGroups: ["snapshot.storage.k8s.io"] | ||
resources: ["volumesnapshotclasses"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: ["snapshot.storage.k8s.io"] | ||
resources: ["volumesnapshotcontents"] | ||
verbs: ["create", "get", "list", "watch", "update", "delete"] | ||
- apiGroups: ["snapshot.storage.k8s.io"] | ||
resources: ["volumesnapshots"] | ||
verbs: ["get", "list", "watch", "update"] | ||
- apiGroups: ["snapshot.storage.k8s.io"] | ||
resources: ["volumesnapshots/status"] | ||
verbs: ["update"] | ||
|
||
{{- end }} |
25 changes: 25 additions & 0 deletions
25
assets/components/aws-ebs-csi-driver/manifests/templates/clusterrole-snapshotter.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
{{- if .Values.enableVolumeSnapshot }} | ||
--- | ||
kind: ClusterRole | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: ebs-external-snapshotter-role | ||
labels: | ||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} | ||
rules: | ||
- apiGroups: [""] | ||
resources: ["events"] | ||
verbs: ["list", "watch", "create", "update", "patch"] | ||
- apiGroups: [""] | ||
resources: ["secrets"] | ||
verbs: ["get", "list"] | ||
- apiGroups: ["snapshot.storage.k8s.io"] | ||
resources: ["volumesnapshotclasses"] | ||
verbs: ["get", "list", "watch"] | ||
- apiGroups: ["snapshot.storage.k8s.io"] | ||
resources: ["volumesnapshotcontents"] | ||
verbs: ["create", "get", "list", "watch", "update", "delete"] | ||
- apiGroups: ["snapshot.storage.k8s.io"] | ||
resources: ["volumesnapshotcontents/status"] | ||
verbs: ["update"] | ||
{{- end }} |
15 changes: 15 additions & 0 deletions
15
assets/components/aws-ebs-csi-driver/manifests/templates/clusterrolebinding-attacher.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
--- | ||
kind: ClusterRoleBinding | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: ebs-csi-attacher-binding | ||
labels: | ||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} | ||
subjects: | ||
- kind: ServiceAccount | ||
name: ebs-csi-controller-sa | ||
namespace: kube-system | ||
roleRef: | ||
kind: ClusterRole | ||
name: ebs-external-attacher-role | ||
apiGroup: rbac.authorization.k8s.io |
15 changes: 15 additions & 0 deletions
15
assets/components/aws-ebs-csi-driver/manifests/templates/clusterrolebinding-provisioner.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
--- | ||
kind: ClusterRoleBinding | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: ebs-csi-provisioner-binding | ||
labels: | ||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} | ||
subjects: | ||
- kind: ServiceAccount | ||
name: ebs-csi-controller-sa | ||
namespace: kube-system | ||
roleRef: | ||
kind: ClusterRole | ||
name: ebs-external-provisioner-role | ||
apiGroup: rbac.authorization.k8s.io |
18 changes: 18 additions & 0 deletions
18
assets/components/aws-ebs-csi-driver/manifests/templates/clusterrolebinding-resizer.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
{{- if .Values.enableVolumeResizing }} | ||
--- | ||
kind: ClusterRoleBinding | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: ebs-csi-resizer-binding | ||
labels: | ||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} | ||
subjects: | ||
- kind: ServiceAccount | ||
name: ebs-csi-controller-sa | ||
namespace: kube-system | ||
roleRef: | ||
kind: ClusterRole | ||
name: ebs-external-resizer-role | ||
apiGroup: rbac.authorization.k8s.io | ||
|
||
{{- end}} |
18 changes: 18 additions & 0 deletions
18
...onents/aws-ebs-csi-driver/manifests/templates/clusterrolebinding-snapshot-controller.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
{{- if .Values.enableVolumeSnapshot }} | ||
--- | ||
kind: ClusterRoleBinding | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: ebs-csi-snapshot-controller-binding | ||
labels: | ||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} | ||
subjects: | ||
- kind: ServiceAccount | ||
name: ebs-snapshot-controller | ||
namespace: kube-system | ||
roleRef: | ||
kind: ClusterRole | ||
name: ebs-snapshot-controller-role | ||
apiGroup: rbac.authorization.k8s.io | ||
|
||
{{- end }} |
18 changes: 18 additions & 0 deletions
18
assets/components/aws-ebs-csi-driver/manifests/templates/clusterrolebinding-snapshotter.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
{{- if .Values.enableVolumeSnapshot }} | ||
--- | ||
kind: ClusterRoleBinding | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: ebs-csi-snapshotter-binding | ||
labels: | ||
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} | ||
subjects: | ||
- kind: ServiceAccount | ||
name: ebs-csi-controller-sa | ||
namespace: kube-system | ||
roleRef: | ||
kind: ClusterRole | ||
name: ebs-external-snapshotter-role | ||
apiGroup: rbac.authorization.k8s.io | ||
|
||
{{- end }} |
Oops, something went wrong.