From a87bbd8c9ecce62ef9c992d997d008576ba9212d Mon Sep 17 00:00:00 2001 From: Benjamin Elder Date: Thu, 12 Dec 2024 13:55:37 -0800 Subject: [PATCH] update local-path-provisioner with changes from v0.0.24 to v0.30.0 in usptream yaml, document the changes we apply --- pkg/build/nodeimage/const_storage.go | 58 ++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 12 deletions(-) diff --git a/pkg/build/nodeimage/const_storage.go b/pkg/build/nodeimage/const_storage.go index 2466ffbb67..b0dd3a9530 100644 --- a/pkg/build/nodeimage/const_storage.go +++ b/pkg/build/nodeimage/const_storage.go @@ -23,6 +23,7 @@ NOTE: we have customized it in the following ways: - our own image and helper image - schedule to linux nodes only - install as the default storage class +- tolerate control plane scheduling taints */ const storageProvisionerImage = "docker.io/kindest/local-path-provisioner:v20241108-5c6d2daf" @@ -44,24 +45,50 @@ metadata: name: local-path-provisioner-service-account namespace: local-path-storage +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: local-path-provisioner-role + namespace: local-path-storage +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "create", "patch", "update", "delete"] + --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: local-path-provisioner-role rules: - - apiGroups: [ "" ] - resources: [ "nodes", "persistentvolumeclaims", "configmaps" ] - verbs: [ "get", "list", "watch" ] - - apiGroups: [ "" ] - resources: [ "endpoints", "persistentvolumes", "pods" ] - verbs: [ "*" ] - - apiGroups: [ "" ] - resources: [ "events" ] - verbs: [ "create", "patch" ] - - apiGroups: [ "storage.k8s.io" ] - resources: [ "storageclasses" ] - verbs: [ "get", "list", "watch" ] + - apiGroups: [""] + resources: ["nodes", "persistentvolumeclaims", "configmaps", "pods", "pods/log"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "patch", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: local-path-provisioner-bind + namespace: local-path-storage +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: local-path-provisioner-role +subjects: + - kind: ServiceAccount + name: local-path-provisioner-service-account + namespace: local-path-storage --- apiVersion: rbac.authorization.k8s.io/v1 @@ -126,6 +153,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: CONFIG_MOUNT_PATH + value: /etc/config/ volumes: - name: config-volume configMap: @@ -173,6 +202,11 @@ data: metadata: name: helper-pod spec: + priorityClassName: system-node-critical + tolerations: + - key: node.kubernetes.io/disk-pressure + operator: Exists + effect: NoSchedule containers: - name: helper-pod image: ` + storageHelperImage + `