From 3a713d1587c13f9a18a30e8e724e9745a19f59cf Mon Sep 17 00:00:00 2001 From: Cheng Pan Date: Sun, 18 Aug 2019 20:57:58 -0700 Subject: [PATCH] Switch to use kustomize --- deploy/kubernetes/base/controller.yaml | 96 ++++++ deploy/kubernetes/base/csidriver.yaml | 9 + deploy/kubernetes/base/kustomization.yaml | 8 + deploy/kubernetes/base/node.yaml | 99 ++++++ deploy/kubernetes/base/rbac.yaml | 83 +++++ deploy/kubernetes/manifest.yaml | 289 ------------------ .../alpha/controller_add_resizer.yaml | 21 ++ .../alpha/controller_add_snapshotter.yaml | 20 ++ .../overlays/alpha/kustomization.yaml | 10 + .../overlays/alpha/rbac_add_resizer.yaml | 43 +++ .../overlays/alpha/rbac_add_snapshotter.yaml | 51 ++++ .../overlays/dev/kustomization.yaml | 7 + .../overlays/stable/kustomization.yaml | 21 ++ 13 files changed, 468 insertions(+), 289 deletions(-) create mode 100644 deploy/kubernetes/base/controller.yaml create mode 100644 deploy/kubernetes/base/csidriver.yaml create mode 100644 deploy/kubernetes/base/kustomization.yaml create mode 100644 deploy/kubernetes/base/node.yaml create mode 100644 deploy/kubernetes/base/rbac.yaml delete mode 100644 deploy/kubernetes/manifest.yaml create mode 100644 deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml create mode 100644 deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml create mode 100644 deploy/kubernetes/overlays/alpha/kustomization.yaml create mode 100644 deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml create mode 100644 deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml create mode 100644 deploy/kubernetes/overlays/dev/kustomization.yaml create mode 100644 deploy/kubernetes/overlays/stable/kustomization.yaml diff --git a/deploy/kubernetes/base/controller.yaml b/deploy/kubernetes/base/controller.yaml new file mode 100644 index 0000000000..557a480dc9 --- /dev/null +++ b/deploy/kubernetes/base/controller.yaml @@ -0,0 +1,96 @@ +--- +# Controller Service +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: ebs-csi-controller + namespace: kube-system +spec: + serviceName: ebs-csi-controller + replicas: 1 + selector: + matchLabels: + app: ebs-csi-controller + template: + metadata: + labels: + app: ebs-csi-controller + spec: + nodeSelector: + beta.kubernetes.io/os: linux + serviceAccount: ebs-csi-controller-sa + priorityClassName: system-cluster-critical + tolerations: + - key: CriticalAddonsOnly + operator: Exists + containers: + - name: ebs-plugin + image: amazon/aws-ebs-csi-driver:latest + args : + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: aws-secret + key: key_id + optional: true + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: aws-secret + key: access_key + optional: true + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.3.0 + args: + - --provisioner=ebs.csi.aws.com + - --csi-address=$(ADDRESS) + - --v=5 + - --feature-gates=Topology=true + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v1.2.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v1.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + volumes: + - name: socket-dir + emptyDir: {} diff --git a/deploy/kubernetes/base/csidriver.yaml b/deploy/kubernetes/base/csidriver.yaml new file mode 100644 index 0000000000..03c42368a7 --- /dev/null +++ b/deploy/kubernetes/base/csidriver.yaml @@ -0,0 +1,9 @@ +--- + +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: ebs.csi.aws.com +spec: + attachRequired: true + podInfoOnMount: false diff --git a/deploy/kubernetes/base/kustomization.yaml b/deploy/kubernetes/base/kustomization.yaml new file mode 100644 index 0000000000..92a8c4a1b1 --- /dev/null +++ b/deploy/kubernetes/base/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kube-system +resources: +- controller.yaml +- node.yaml +- rbac.yaml +- csidriver.yaml diff --git a/deploy/kubernetes/base/node.yaml b/deploy/kubernetes/base/node.yaml new file mode 100644 index 0000000000..4e91a581b3 --- /dev/null +++ b/deploy/kubernetes/base/node.yaml @@ -0,0 +1,99 @@ +--- +# Node Service +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: ebs-csi-node + namespace: kube-system +spec: + selector: + matchLabels: + app: ebs-csi-node + template: + metadata: + labels: + app: ebs-csi-node + spec: + nodeSelector: + beta.kubernetes.io/os: linux + hostNetwork: true + priorityClassName: system-node-critical + tolerations: + - key: CriticalAddonsOnly + operator: Exists + containers: + - name: ebs-plugin + securityContext: + privileged: true + image: amazon/aws-ebs-csi-driver:latest + args: + - --endpoint=$(CSI_ENDPOINT) + - --logtostderr + - --v=5 + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /csi + - name: device-dir + mountPath: /dev + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + - name: node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=5 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:v1.1.0 + args: + - --csi-address=/csi/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory diff --git a/deploy/kubernetes/base/rbac.yaml b/deploy/kubernetes/base/rbac.yaml new file mode 100644 index 0000000000..4ababeb474 --- /dev/null +++ b/deploy/kubernetes/base/rbac.yaml @@ -0,0 +1,83 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ebs-csi-controller-sa + namespace: kube-system + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-provisioner-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-attacher-binding +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-attacher-role + apiGroup: rbac.authorization.k8s.io + + diff --git a/deploy/kubernetes/manifest.yaml b/deploy/kubernetes/manifest.yaml deleted file mode 100644 index 998fe18cd3..0000000000 --- a/deploy/kubernetes/manifest.yaml +++ /dev/null @@ -1,289 +0,0 @@ -# Controller Service -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ebs-csi-controller-sa - namespace: kube-system - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ebs-external-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ebs-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: ebs-external-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ebs-external-attacher-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: ebs-csi-attacher-binding -subjects: - - kind: ServiceAccount - name: ebs-csi-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: ebs-external-attacher-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: ebs-csi-controller - namespace: kube-system -spec: - serviceName: ebs-csi-controller - replicas: 1 - selector: - matchLabels: - app: ebs-csi-controller - template: - metadata: - labels: - app: ebs-csi-controller - spec: - nodeSelector: - beta.kubernetes.io/os: linux - serviceAccount: ebs-csi-controller-sa - priorityClassName: system-cluster-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - containers: - - name: ebs-plugin - image: amazon/aws-ebs-csi-driver:v0.4.0 - args: - - --endpoint=$(CSI_ENDPOINT) - - --logtostderr - - --v=5 - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: aws-secret - key: key_id - optional: true - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: aws-secret - key: access_key - optional: true - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - ports: - - name: healthz - containerPort: 9808 - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 10 - failureThreshold: 5 - - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v1.3.0 - args: - - --provisioner=ebs.csi.aws.com - - --csi-address=$(ADDRESS) - - --v=5 - - --feature-gates=Topology=true - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v1.2.0 - args: - - --csi-address=$(ADDRESS) - - --v=5 - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: liveness-probe - image: quay.io/k8scsi/livenessprobe:v1.1.0 - args: - - --csi-address=/csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - volumes: - - name: socket-dir - emptyDir: {} - ---- -# Node Service -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: ebs-csi-node - namespace: kube-system -spec: - selector: - matchLabels: - app: ebs-csi-node - template: - metadata: - labels: - app: ebs-csi-node - spec: - nodeSelector: - beta.kubernetes.io/os: linux - hostNetwork: true - priorityClassName: system-node-critical - tolerations: - - key: CriticalAddonsOnly - operator: Exists - containers: - - name: ebs-plugin - securityContext: - privileged: true - image: amazon/aws-ebs-csi-driver:v0.4.0 - args: - - --endpoint=$(CSI_ENDPOINT) - - --logtostderr - - --v=5 - env: - - name: CSI_ENDPOINT - value: unix:/csi/csi.sock - volumeMounts: - - name: kubelet-dir - mountPath: /var/lib/kubelet - mountPropagation: "Bidirectional" - - name: plugin-dir - mountPath: /csi - - name: device-dir - mountPath: /dev - ports: - - name: healthz - containerPort: 9808 - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 10 - failureThreshold: 5 - - name: node-driver-registrar - image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=5 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - - name: liveness-probe - image: quay.io/k8scsi/livenessprobe:v1.1.0 - args: - - --csi-address=/csi/csi.sock - volumeMounts: - - name: plugin-dir - mountPath: /csi - volumes: - - name: kubelet-dir - hostPath: - path: /var/lib/kubelet - type: Directory - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ - type: DirectoryOrCreate - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: Directory - - name: device-dir - hostPath: - path: /dev - type: Directory - ---- - -apiVersion: storage.k8s.io/v1beta1 -kind: CSIDriver -metadata: - name: ebs.csi.aws.com -spec: - attachRequired: true - podInfoOnMount: false diff --git a/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml b/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml new file mode 100644 index 0000000000..26ebab88cd --- /dev/null +++ b/deploy/kubernetes/overlays/alpha/controller_add_resizer.yaml @@ -0,0 +1,21 @@ +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: ebs-csi-controller + namespace: kube-system +spec: + template: + spec: + containers: + - name: csi-resizer + image: quay.io/k8scsi/csi-resizer:v0.2.0 + args: + - --csi-address=$(ADDRESS) + - --v=5 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + diff --git a/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml b/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml new file mode 100644 index 0000000000..ca03e3d47a --- /dev/null +++ b/deploy/kubernetes/overlays/alpha/controller_add_snapshotter.yaml @@ -0,0 +1,20 @@ +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: ebs-csi-controller + namespace: kube-system +spec: + template: + spec: + containers: + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v1.1.0 + args: + - --csi-address=$(ADDRESS) + - --connection-timeout=15s + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ diff --git a/deploy/kubernetes/overlays/alpha/kustomization.yaml b/deploy/kubernetes/overlays/alpha/kustomization.yaml new file mode 100644 index 0000000000..a3e3a15240 --- /dev/null +++ b/deploy/kubernetes/overlays/alpha/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +patches: +- controller_add_snapshotter.yaml +- controller_add_resizer.yaml +resources: +- rbac_add_snapshotter.yaml +- rbac_add_resizer.yaml diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml b/deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml new file mode 100644 index 0000000000..dfc65fb57a --- /dev/null +++ b/deploy/kubernetes/overlays/alpha/rbac_add_resizer.yaml @@ -0,0 +1,43 @@ +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-resizer-role +rules: + # The following rule should be uncommented for plugins that require secrets + # for provisioning. + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-resizer-binding +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-resizer-role + apiGroup: rbac.authorization.k8s.io + diff --git a/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml b/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml new file mode 100644 index 0000000000..afafd245a4 --- /dev/null +++ b/deploy/kubernetes/overlays/alpha/rbac_add_snapshotter.yaml @@ -0,0 +1,51 @@ +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-external-snapshotter-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-snapshotter-binding +subjects: + - kind: ServiceAccount + name: ebs-csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ebs-external-snapshotter-role + apiGroup: rbac.authorization.k8s.io + + diff --git a/deploy/kubernetes/overlays/dev/kustomization.yaml b/deploy/kubernetes/overlays/dev/kustomization.yaml new file mode 100644 index 0000000000..59595ac644 --- /dev/null +++ b/deploy/kubernetes/overlays/dev/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +images: +- name: amazon/aws-ebs-csi-driver + newTag: latest diff --git a/deploy/kubernetes/overlays/stable/kustomization.yaml b/deploy/kubernetes/overlays/stable/kustomization.yaml new file mode 100644 index 0000000000..95a4ea5d1a --- /dev/null +++ b/deploy/kubernetes/overlays/stable/kustomization.yaml @@ -0,0 +1,21 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: +- ../../base +images: +- name: amazon/aws-ebs-csi-driver + newName: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/aws-ebs-csi-driver + newTag: v0.4.0 +- name: quay.io/k8scsi/csi-provisioner + newName: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/csi-provisioner + newTag: v1.3.0 +- name: quay.io/k8scsi/csi-attacher + newName: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/csi-attacher + newTag: v1.2.0 +- name: quay.io/k8scsi/livenessprobe + newName: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/csi-liveness-probe + newTag: v1.1.0 +- name: quay.io/k8scsi/csi-node-driver-registrar + newName: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/csi-node-driver-registrar + newTag: v1.1.0 +