diff --git a/Dockerfile b/Dockerfile index d8234863..682e7be1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.20.6 as builder +FROM golang:1.21.8 as builder WORKDIR /workspace # Copy the Go Modules manifests diff --git a/go.mod b/go.mod index c0d3e658..2f871ba5 100644 --- a/go.mod +++ b/go.mod @@ -19,9 +19,9 @@ require ( k8s.io/component-base v0.28.4 k8s.io/klog/v2 v2.100.1 k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 - sigs.k8s.io/cluster-api v1.6.0 - sigs.k8s.io/cluster-api/test v1.6.0 - sigs.k8s.io/controller-runtime v0.16.3 + sigs.k8s.io/cluster-api v1.6.3 + sigs.k8s.io/cluster-api/test v1.6.3 + sigs.k8s.io/controller-runtime v0.16.5 sigs.k8s.io/kind v0.20.0 ) @@ -40,7 +40,7 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/cloudflare/circl v1.3.3 // indirect + github.com/cloudflare/circl v1.3.7 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.5.0 // indirect github.com/docker/distribution v2.8.3+incompatible // indirect @@ -107,13 +107,13 @@ require ( github.com/valyala/fastjson v1.6.4 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.25.0 // indirect - golang.org/x/crypto v0.15.0 // indirect + golang.org/x/crypto v0.17.0 // indirect golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect golang.org/x/net v0.18.0 // indirect golang.org/x/oauth2 v0.14.0 // indirect golang.org/x/sync v0.4.0 // indirect - golang.org/x/sys v0.14.0 // indirect - golang.org/x/term v0.14.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/term v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.14.0 // indirect @@ -121,7 +121,7 @@ require ( google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 // indirect - google.golang.org/protobuf v1.31.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 7fe193d6..3f76af71 100644 --- a/go.sum +++ b/go.sum @@ -76,8 +76,8 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= -github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -390,8 +390,8 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA= -golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -540,13 +540,13 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.14.0 h1:LGK9IlZ8T9jvdy6cTdfKUCltatMFOehAQo9SRC46UQ8= -golang.org/x/term v0.14.0/go.mod h1:TySc+nGkYR6qt8km8wUhuFRTVSMIX3XPR58y2lC8vww= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -718,8 +718,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -772,10 +772,10 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/cluster-api v1.6.0 h1:2bhVSnUbtWI8taCjd9lGiHExsRUpKf7Z1fXqi/IwYx4= sigs.k8s.io/cluster-api v1.6.0/go.mod h1:LB7u/WxiWj4/bbpHNOa1oQ8nq0MQ5iYlD0pGfRSBGLI= -sigs.k8s.io/cluster-api/test v1.6.0 h1:hvqUpSYxXCvs4FiEfsDpFZAfZ7i4kkP/59mVdFHlzSI= -sigs.k8s.io/cluster-api/test v1.6.0/go.mod h1:DJtbkrnrH77cd3PnXeKCQDMtCGVCrHZHPOjMvEsLB2U= -sigs.k8s.io/controller-runtime v0.16.3 h1:2TuvuokmfXvDUamSx1SuAOO3eTyye+47mJCigwG62c4= -sigs.k8s.io/controller-runtime v0.16.3/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= +sigs.k8s.io/cluster-api/test v1.6.3 h1:ZCboLCTpKWzSbf+f7MpQT7EN8aeH9DNhJC1T9/vAuAM= +sigs.k8s.io/cluster-api/test v1.6.3/go.mod h1:AKs25dgW6AnyGaQBoWuXfWnBs+FT7vJmAI/aox64DEI= +sigs.k8s.io/controller-runtime v0.16.5 h1:yr1cEJbX08xsTW6XEIzT13KHHmIyX8Umvme2cULvFZw= +sigs.k8s.io/controller-runtime v0.16.5/go.mod h1:j7bialYoSn142nv9sCOJmQgDXQXxnroFU4VnX/brVJ0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kind v0.20.0 h1:f0sc3v9mQbGnjBUaqSFST1dwIuiikKVGgoTwpoP33a8= diff --git a/templates/cluster-template-oci-addons.yaml b/templates/cluster-template-oci-addons.yaml index 3f3829c0..5df24f02 100644 --- a/templates/cluster-template-oci-addons.yaml +++ b/templates/cluster-template-oci-addons.yaml @@ -219,10 +219,10 @@ data: - key: node.cloudprovider.kubernetes.io/uninitialized value: "true" effect: NoSchedule - - key: node-role.kubernetes.io/master + - key: node-role.kubernetes.io/control-plane operator: Exists effect: NoSchedule - - key: node-role.kubernetes.io/control-plane + - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule volumes: @@ -234,12 +234,13 @@ data: path: /etc/kubernetes containers: - name: oci-cloud-controller-manager - image: ghcr.io/oracle/cloud-provider-oci:v1.26.0 + image: ghcr.io/oracle/cloud-provider-oci:v1.28.0 command: ["/usr/local/bin/oci-cloud-controller-manager"] args: - --cloud-config=/etc/oci/cloud-provider.yaml - --cloud-provider=oci - - --leader-elect-resource-lock=configmapsleases + - --leader-elect-resource-lock=leases + - --concurrent-service-syncs=3 - --v=2 volumeMounts: - name: cfg @@ -284,7 +285,7 @@ data: - list - watch - patch - + - get - apiGroups: - "" resources: @@ -380,6 +381,9 @@ data: - serviceaccounts verbs: - create + - list + - get + - watch - apiGroups: - "" resources: @@ -465,7 +469,7 @@ data: node-role.kubernetes.io/control-plane: "" containers: - name: csi-volume-provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v3.5.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.0 args: - --csi-address=/var/run/shared-tmpfs/csi.sock - --volume-name-prefix=csi @@ -480,7 +484,7 @@ data: - mountPath: /var/run/shared-tmpfs name: shared-tmpfs - name: csi-fss-volume-provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v3.5.0 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.0 args: - --csi-address=/var/run/shared-tmpfs/csi-fss.sock - --volume-name-prefix=csi-fss @@ -495,7 +499,7 @@ data: - mountPath: /var/run/shared-tmpfs name: shared-tmpfs - name: csi-attacher - image: k8s.gcr.io/sig-storage/csi-attacher:v4.2.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.4.0 args: - --csi-address=/var/run/shared-tmpfs/csi.sock - --timeout=120s @@ -508,7 +512,24 @@ data: - mountPath: /var/run/shared-tmpfs name: shared-tmpfs - name: csi-resizer - image: k8s.gcr.io/sig-storage/csi-resizer:v1.7.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.9.0 + args: + - --csi-address=/var/run/shared-tmpfs/csi.sock + - --leader-election + imagePullPolicy: "IfNotPresent" + volumeMounts: + - mountPath: /var/run/shared-tmpfs + name: shared-tmpfs + - name: snapshot-controller + image: registry.k8s.io/sig-storage/snapshot-controller:v6.2.0 + args: + - --leader-election + imagePullPolicy: "IfNotPresent" + volumeMounts: + - mountPath: /var/run/shared-tmpfs + name: shared-tmpfs + - name: csi-snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.2.0 args: - --csi-address=/var/run/shared-tmpfs/csi.sock - --leader-election @@ -522,7 +543,7 @@ data: - --fss-csi-endpoint=unix://var/run/shared-tmpfs/csi-fss.sock command: - /usr/local/bin/oci-csi-controller-driver - image: ghcr.io/oracle/cloud-provider-oci:v1.26.0 + image: ghcr.io/oracle/cloud-provider-oci:v1.28.0 imagePullPolicy: IfNotPresent volumeMounts: - name: config @@ -673,7 +694,7 @@ data: fieldPath: spec.nodeName - name: PATH value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/host/usr/bin:/host/sbin - image: ghcr.io/oracle/cloud-provider-oci:v1.26.0 + image: ghcr.io/oracle/cloud-provider-oci:v1.28.0 securityContext: privileged: true volumeMounts: @@ -687,6 +708,7 @@ data: - mountPath: /dev name: device-dir - mountPath: /host + mountPropagation: HostToContainer name: host-root - mountPath: /sbin/iscsiadm name: chroot-iscsiadm @@ -707,7 +729,7 @@ data: args: - --csi-address=/csi/csi.sock - --kubelet-registration-path=/var/lib/kubelet/plugins/blockvolume.csi.oraclecloud.com/csi.sock - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1 securityContext: privileged: true lifecycle: @@ -726,7 +748,7 @@ data: args: - --csi-address=/fss/csi.sock - --kubelet-registration-path=/var/lib/kubelet/plugins/fss.csi.oraclecloud.com/csi.sock - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.0 securityContext: privileged: true lifecycle: @@ -805,65 +827,65 @@ data: name: csi-oci namespace: kube-system rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["volume.oci.oracle.com"] - resources: ["blockscsiinfos"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update", "create"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes"] - verbs: ["get", "list", "watch", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get", "watch", "create", "update"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["patch"] - - apiGroups: [ "snapshot.storage.k8s.io" ] - resources: [ "volumesnapshotclasses" ] - verbs: [ "get", "list", "watch" ] - - apiGroups: [ "snapshot.storage.k8s.io" ] - resources: [ "volumesnapshotcontents" ] - verbs: [ "create", "get", "list", "watch", "update", "delete", "patch" ] - - apiGroups: [ "snapshot.storage.k8s.io" ] - resources: [ "volumesnapshotcontents/status" ] - verbs: [ "update", "patch" ] - - apiGroups: [ "snapshot.storage.k8s.io" ] - resources: [ "volumesnapshots" ] - verbs: [ "get", "list", "watch", "update", "patch" ] - - apiGroups: [ "snapshot.storage.k8s.io" ] - resources: [ "volumesnapshots/status" ] - verbs: [ "update", "patch" ] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["volume.oci.oracle.com"] + resources: ["blockscsiinfos"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update", "create"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "watch", "create", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["patch"] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotclasses" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotcontents" ] + verbs: [ "create", "get", "list", "watch", "update", "delete", "patch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotcontents/status" ] + verbs: [ "update", "patch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshots" ] + verbs: [ "get", "list", "watch", "update", "patch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshots/status" ] + verbs: [ "update", "patch" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-oci-binding + name: csi-oci-binding subjects: - - kind: ServiceAccount - name: csi-oci-node-sa - namespace: kube-system + - kind: ServiceAccount + name: csi-oci-node-sa + namespace: kube-system roleRef: - kind: ClusterRole - name: csi-oci - apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-oci + apiGroup: rbac.authorization.k8s.io --- kind: StorageClass apiVersion: storage.k8s.io/v1 diff --git a/test/e2e/config/e2e_conf.yaml b/test/e2e/config/e2e_conf.yaml index be1296af..caacef37 100644 --- a/test/e2e/config/e2e_conf.yaml +++ b/test/e2e/config/e2e_conf.yaml @@ -8,8 +8,8 @@ providers: - name: cluster-api type: CoreProvider versions: - - name: v1.6.0 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.0/core-components.yaml + - name: v1.6.3 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.3/core-components.yaml type: url files: - sourcePath: "../data/shared/v1beta1/metadata.yaml" @@ -21,8 +21,8 @@ providers: - name: kubeadm type: BootstrapProvider versions: - - name: v1.6.0 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.0/bootstrap-components.yaml + - name: v1.6.3 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.3/bootstrap-components.yaml type: url files: - sourcePath: "../data/shared/v1beta1/metadata.yaml" @@ -34,8 +34,8 @@ providers: - name: kubeadm type: ControlPlaneProvider versions: - - name: v1.6.0 - value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.0/control-plane-components.yaml + - name: v1.6.3 + value: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.6.3/control-plane-components.yaml type: url files: - sourcePath: "../data/shared/v1beta1/metadata.yaml" @@ -80,9 +80,9 @@ providers: - sourcePath: "../data/infrastructure-oci/v1beta2/metadata.yaml" variables: - KUBERNETES_VERSION: "v1.26.6" - OCI_MANAGED_KUBERNETES_VERSION: "v1.25.4" - OCI_MANAGED_KUBERNETES_VERSION_UPGRADE: "v1.26.2" + KUBERNETES_VERSION: "v1.28.7" + OCI_MANAGED_KUBERNETES_VERSION: "v1.27.2" + OCI_MANAGED_KUBERNETES_VERSION_UPGRADE: "v1.28.2" EXP_MACHINE_POOL: "true" EXP_CLUSTER_RESOURCE_SET: "true" NODE_DRAIN_TIMEOUT: "60s" @@ -92,8 +92,8 @@ variables: CCM_PATH: "${PWD}/test/e2e/data/ccm/ccm.yaml" CONFORMANCE_WORKER_MACHINE_COUNT: "2" CONFORMANCE_CONTROL_PLANE_MACHINE_COUNT: "1" - KUBERNETES_VERSION_UPGRADE_TO: "v1.26.6" - KUBERNETES_VERSION_UPGRADE_FROM: "v1.25.6" + KUBERNETES_VERSION_UPGRADE_TO: "v1.28.7" + KUBERNETES_VERSION_UPGRADE_FROM: "v1.27.1" KUBERNETES_UPGRADE_OCI_IMAGE_ID: "${KUBERNETES_UPGRADE_OCI_IMAGE_ID}" IP_FAMILY: "IPv4" CLUSTER_TOPOLOGY: "true" diff --git a/test/e2e/data/ccm/ccm.yaml b/test/e2e/data/ccm/ccm.yaml index a8b50b77..0a754315 100644 --- a/test/e2e/data/ccm/ccm.yaml +++ b/test/e2e/data/ccm/ccm.yaml @@ -63,12 +63,13 @@ spec: path: /etc/kubernetes containers: - name: oci-cloud-controller-manager - image: ghcr.io/oracle/cloud-provider-oci:v1.26.0 + image: ghcr.io/oracle/cloud-provider-oci:v1.28.0 command: ["/usr/local/bin/oci-cloud-controller-manager"] args: - --cloud-config=/etc/oci/cloud-provider.yaml - --cloud-provider=oci - - --leader-elect-resource-lock=configmapsleases + - --leader-elect-resource-lock=leases + - --concurrent-service-syncs=3 - --v=2 volumeMounts: - name: cfg @@ -114,7 +115,7 @@ rules: - list - watch - patch - + - get - apiGroups: - "" resources: @@ -210,6 +211,9 @@ rules: - serviceaccounts verbs: - create + - list + - get + - watch - apiGroups: - "" resources: @@ -284,7 +288,7 @@ spec: node-role.kubernetes.io/control-plane: "" containers: - name: csi-volume-provisioner - image: k8s.gcr.io/sig-storage/csi-provisioner:v3.2.1 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.0 args: - --csi-address=/var/run/shared-tmpfs/csi.sock - --volume-name-prefix=csi @@ -299,7 +303,7 @@ spec: - mountPath: /var/run/shared-tmpfs name: shared-tmpfs - name: csi-fss-volume-provisioner - image: k8s.gcr.io/sig-storage/csi-provisioner:v3.2.1 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.0 args: - --csi-address=/var/run/shared-tmpfs/csi-fss.sock - --volume-name-prefix=csi-fss @@ -314,7 +318,7 @@ spec: - mountPath: /var/run/shared-tmpfs name: shared-tmpfs - name: csi-attacher - image: k8s.gcr.io/sig-storage/csi-attacher:v4.2.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.4.0 args: - --csi-address=/var/run/shared-tmpfs/csi.sock - --timeout=120s @@ -327,7 +331,24 @@ spec: - mountPath: /var/run/shared-tmpfs name: shared-tmpfs - name: csi-resizer - image: k8s.gcr.io/sig-storage/csi-resizer:v1.7.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.9.0 + args: + - --csi-address=/var/run/shared-tmpfs/csi.sock + - --leader-election + imagePullPolicy: "IfNotPresent" + volumeMounts: + - mountPath: /var/run/shared-tmpfs + name: shared-tmpfs + - name: snapshot-controller + image: registry.k8s.io/sig-storage/snapshot-controller:v6.2.0 + args: + - --leader-election + imagePullPolicy: "IfNotPresent" + volumeMounts: + - mountPath: /var/run/shared-tmpfs + name: shared-tmpfs + - name: csi-snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.2.0 args: - --csi-address=/var/run/shared-tmpfs/csi.sock - --leader-election @@ -341,7 +362,7 @@ spec: - --fss-csi-endpoint=unix://var/run/shared-tmpfs/csi-fss.sock command: - /usr/local/bin/oci-csi-controller-driver - image: ghcr.io/oracle/cloud-provider-oci:v1.26.0 + image: ghcr.io/oracle/cloud-provider-oci:v1.28.0 imagePullPolicy: IfNotPresent volumeMounts: - name: config @@ -500,7 +521,7 @@ spec: fieldPath: spec.nodeName - name: PATH value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/host/usr/bin:/host/sbin - image: ghcr.io/oracle/cloud-provider-oci:v1.26.0 + image: ghcr.io/oracle/cloud-provider-oci:v1.28.0 securityContext: privileged: true volumeMounts: @@ -515,6 +536,7 @@ spec: name: device-dir - mountPath: /host name: host-root + mountPropagation: HostToContainer - mountPath: /sbin/iscsiadm name: chroot-iscsiadm subPath: iscsiadm @@ -534,7 +556,7 @@ spec: args: - --csi-address=/csi/csi.sock - --kubelet-registration-path=/var/lib/kubelet/plugins/blockvolume.csi.oraclecloud.com/csi.sock - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1 securityContext: privileged: true lifecycle: @@ -553,7 +575,7 @@ spec: args: - --csi-address=/fss/csi.sock - --kubelet-registration-path=/var/lib/kubelet/plugins/fss.csi.oraclecloud.com/csi.sock - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.0 securityContext: privileged: true lifecycle: @@ -631,51 +653,51 @@ metadata: name: csi-oci namespace: kube-system rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["volume.oci.oracle.com"] - resources: ["blockscsiinfos"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update", "create"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes"] - verbs: ["get", "list", "watch", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get", "watch", "create", "update"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["patch"] - - apiGroups: [ "snapshot.storage.k8s.io" ] - resources: [ "volumesnapshotclasses" ] - verbs: [ "get", "list", "watch" ] - - apiGroups: [ "snapshot.storage.k8s.io" ] - resources: [ "volumesnapshotcontents" ] - verbs: [ "create", "get", "list", "watch", "update", "delete", "patch" ] - - apiGroups: [ "snapshot.storage.k8s.io" ] - resources: [ "volumesnapshotcontents/status" ] - verbs: [ "update", "patch" ] - - apiGroups: [ "snapshot.storage.k8s.io" ] - resources: [ "volumesnapshots" ] - verbs: [ "get", "list", "watch", "update", "patch" ] - - apiGroups: [ "snapshot.storage.k8s.io" ] - resources: [ "volumesnapshots/status" ] - verbs: [ "update", "patch" ] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["volume.oci.oracle.com"] + resources: ["blockscsiinfos"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update", "create"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "watch", "create", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["patch"] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotclasses" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotcontents" ] + verbs: [ "create", "get", "list", "watch", "update", "delete", "patch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotcontents/status" ] + verbs: [ "update", "patch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshots" ] + verbs: [ "get", "list", "watch", "update", "patch" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshots/status" ] + verbs: [ "update", "patch" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/test/e2e/data/infrastructure-oci/bases/ccm.yaml b/test/e2e/data/infrastructure-oci/bases/ccm.yaml index 3870385c..ef7c7228 100644 --- a/test/e2e/data/infrastructure-oci/bases/ccm.yaml +++ b/test/e2e/data/infrastructure-oci/bases/ccm.yaml @@ -94,12 +94,13 @@ data: path: /etc/kubernetes containers: - name: oci-cloud-controller-manager - image: ghcr.io/oracle/cloud-provider-oci:v1.26.0 + image: ghcr.io/oracle/cloud-provider-oci:v1.28.0 command: ["/usr/local/bin/oci-cloud-controller-manager"] args: - --cloud-config=/etc/oci/cloud-provider.yaml - --cloud-provider=oci - - --leader-elect-resource-lock=configmapsleases + - --leader-elect-resource-lock=leases + - --concurrent-service-syncs=3 - --v=2 volumeMounts: - name: cfg @@ -145,7 +146,7 @@ data: - list - watch - patch - + - get - apiGroups: - "" resources: @@ -242,6 +243,9 @@ data: - serviceaccounts verbs: - create + - list + - get + - watch - apiGroups: - "" resources: @@ -272,7 +276,7 @@ data: - kind: ServiceAccount name: cloud-controller-manager namespace: kube-system - + kind: ConfigMap metadata: annotations: @@ -328,7 +332,7 @@ data: node-role.kubernetes.io/control-plane: "" containers: - name: csi-volume-provisioner - image: k8s.gcr.io/sig-storage/csi-provisioner:v3.2.1 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.0 args: - --csi-address=/var/run/shared-tmpfs/csi.sock - --volume-name-prefix=csi @@ -343,7 +347,7 @@ data: - mountPath: /var/run/shared-tmpfs name: shared-tmpfs - name: csi-fss-volume-provisioner - image: k8s.gcr.io/sig-storage/csi-provisioner:v3.2.1 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.0 args: - --csi-address=/var/run/shared-tmpfs/csi-fss.sock - --volume-name-prefix=csi-fss @@ -358,7 +362,7 @@ data: - mountPath: /var/run/shared-tmpfs name: shared-tmpfs - name: csi-attacher - image: k8s.gcr.io/sig-storage/csi-attacher:v4.2.0 + image: registry.k8s.io/sig-storage/csi-attacher:v4.4.0 args: - --csi-address=/var/run/shared-tmpfs/csi.sock - --timeout=120s @@ -371,7 +375,7 @@ data: - mountPath: /var/run/shared-tmpfs name: shared-tmpfs - name: csi-resizer - image: k8s.gcr.io/sig-storage/csi-resizer:v1.7.0 + image: registry.k8s.io/sig-storage/csi-resizer:v1.9.0 args: - --csi-address=/var/run/shared-tmpfs/csi.sock - --leader-election @@ -379,13 +383,26 @@ data: volumeMounts: - mountPath: /var/run/shared-tmpfs name: shared-tmpfs + - name: snapshot-controller + image: registry.k8s.io/sig-storage/snapshot-controller:v6.2.0 + args: + - --leader-election + imagePullPolicy: "IfNotPresent" + volumeMounts: + - mountPath: /var/run/shared-tmpfs + name: shared-tmpfs + - name: csi-snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.2.0 + args: + - --csi-address=/var/run/shared-tmpfs/csi.sock + - --leader-election - name: oci-csi-controller-driver args: - --endpoint=unix://var/run/shared-tmpfs/csi.sock - --fss-csi-endpoint=unix://var/run/shared-tmpfs/csi-fss.sock command: - /usr/local/bin/oci-csi-controller-driver - image: ghcr.io/oracle/cloud-provider-oci:v1.26.0 + image: ghcr.io/oracle/cloud-provider-oci:v1.28.0 imagePullPolicy: IfNotPresent volumeMounts: - name: config @@ -536,7 +553,7 @@ data: fieldPath: spec.nodeName - name: PATH value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/host/usr/bin:/host/sbin - image: ghcr.io/oracle/cloud-provider-oci:v1.26.0 + image: ghcr.io/oracle/cloud-provider-oci:v1.28.0 securityContext: privileged: true volumeMounts: @@ -551,6 +568,7 @@ data: name: device-dir - mountPath: /host name: host-root + mountPropagation: HostToContainer - mountPath: /sbin/iscsiadm name: chroot-iscsiadm subPath: iscsiadm @@ -570,7 +588,7 @@ data: args: - --csi-address=/csi/csi.sock - --kubelet-registration-path=/var/lib/kubelet/plugins/blockvolume.csi.oraclecloud.com/csi.sock - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1 securityContext: privileged: true lifecycle: @@ -589,7 +607,7 @@ data: args: - --csi-address=/fss/csi.sock - --kubelet-registration-path=/var/lib/kubelet/plugins/fss.csi.oraclecloud.com/csi.sock - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.0 securityContext: privileged: true lifecycle: @@ -669,36 +687,36 @@ data: name: csi-oci namespace: kube-system rules: - - apiGroups: [ "" ] - resources: [ "events" ] - verbs: [ "get", "list", "watch", "create", "update", "patch" ] - - apiGroups: [ "" ] - resources: [ "nodes" ] - verbs: [ "get", "list", "watch" ] - - apiGroups: [ "volume.oci.oracle.com" ] - resources: [ "blockscsiinfos" ] - verbs: [ "get", "list", "watch", "create", "delete", "update", "patch" ] - - apiGroups: [ "" ] - resources: [ "persistentvolumes" ] - verbs: [ "get", "list", "watch", "create", "delete", "patch" ] - - apiGroups: [ "" ] - resources: [ "persistentvolumeclaims" ] - verbs: [ "get", "list", "watch", "update", "create" ] - - apiGroups: [ "storage.k8s.io" ] - resources: [ "storageclasses", "volumeattachments", "volumeattachments/status", "csinodes" ] - verbs: [ "get", "list", "watch", "patch" ] - - apiGroups: [ "coordination.k8s.io" ] - resources: [ "leases" ] - verbs: [ "get", "list", "watch", "create", "delete", "update", "patch" ] - - apiGroups: [ "" ] - resources: [ "endpoints" ] - verbs: [ "get", "watch", "create", "update" ] - - apiGroups: [ "" ] - resources: [ "pods" ] - verbs: [ "get", "list", "watch" ] - - apiGroups: [ "" ] - resources: [ "persistentvolumeclaims/status" ] - verbs: [ "patch" ] + - apiGroups: [ "" ] + resources: [ "events" ] + verbs: [ "get", "list", "watch", "create", "update", "patch" ] + - apiGroups: [ "" ] + resources: [ "nodes" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "volume.oci.oracle.com" ] + resources: [ "blockscsiinfos" ] + verbs: [ "get", "list", "watch", "create", "delete", "update", "patch" ] + - apiGroups: [ "" ] + resources: [ "persistentvolumes" ] + verbs: [ "get", "list", "watch", "create", "delete", "patch" ] + - apiGroups: [ "" ] + resources: [ "persistentvolumeclaims" ] + verbs: [ "get", "list", "watch", "update", "create" ] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "storageclasses", "volumeattachments", "volumeattachments/status", "csinodes" ] + verbs: [ "get", "list", "watch", "patch" ] + - apiGroups: [ "coordination.k8s.io" ] + resources: [ "leases" ] + verbs: [ "get", "list", "watch", "create", "delete", "update", "patch" ] + - apiGroups: [ "" ] + resources: [ "endpoints" ] + verbs: [ "get", "watch", "create", "update" ] + - apiGroups: [ "" ] + resources: [ "pods" ] + verbs: [ "get", "list", "watch" ] + - apiGroups: [ "" ] + resources: [ "persistentvolumeclaims/status" ] + verbs: [ "patch" ] --- kind: ClusterRoleBinding