internet/synology-csi
4
0
Fork 0
mirror of https://github.com/cristicalin/synology-csi.git synced 2026-03-26 19:03:12 +00:00
Code Issues Projects Releases Wiki Activity

update to latest csi plugins

Browse Source
This commit is contained in:
CALIN Cristian Andrei
2021-09-13 17:31:11 +03:00
parent ecf94e6e7c
commit 092448e125
1 changed files with 61 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
deploy/kubernetes/v1.22/controller.yml
View File

@@ -46,6 +46,14 @@ rules:
- apiGroups: ["snapshot.storage.k8s.io"] - apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"] resources: ["volumesnapshotcontents"]
verbs: ["get", "list"] verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
# The following rule should be uncommented for plugins that require secrets
# for provisioning.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "watch"]
--- ---
kind: ClusterRoleBinding kind: ClusterRoleBinding
@@ -62,6 +70,54 @@ roleRef:
name: synology-csi-controller-role name: synology-csi-controller-role
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
---
# Provisioner must be able to work with endpoints in current namespace
# if (and only if) leadership election is enabled
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: synology-csi
name: synology-provisioner-cfg
rules:
# Only one of the following rules for endpoints or leases is required based on
# what is set for `--leader-election-type`. Endpoints are deprecated in favor of Leases.
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
# Permissions for CSIStorageCapacity are only needed enabling the publishing
# of storage capacity information.
- apiGroups: ["storage.k8s.io"]
resources: ["csistoragecapacities"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# The GET permissions below are needed for walking up the ownership chain
# for CSIStorageCapacity. They are sufficient for deployment via
# StatefulSet (only needs to get Pod) and Deployment (needs to get
# Pod and then ReplicaSet to find the Deployment).
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["get"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: synology-csi-provisioner-role-cfg
namespace: synology-csi
subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: synology-csi
roleRef:
kind: Role
name: synology-provisioner-cfg
apiGroup: rbac.authorization.k8s.io
--- ---
kind: StatefulSet kind: StatefulSet
apiVersion: apps/v1 apiVersion: apps/v1
@@ -88,10 +144,13 @@ spec:
capabilities: capabilities:
add: ["SYS_ADMIN"] add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true allowPrivilegeEscalation: true
image: quay.io/k8scsi/csi-provisioner:v1.6.0 image: quay.io/k8scsi/csi-provisioner:v2.1.2
args: args:
- --timeout=60s - --timeout=60s
- --csi-address=$(ADDRESS) - --csi-address=$(ADDRESS)
- --leader-election
- --enable-capacity
- --capacity-ownerref-level=2
- --v=5 - --v=5
env: env:
- name: ADDRESS - name: ADDRESS
@@ -123,7 +182,7 @@ spec:
capabilities: capabilities:
add: ["SYS_ADMIN"] add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true allowPrivilegeEscalation: true
image: quay.io/k8scsi/csi-resizer:v0.5.0 image: quay.io/k8scsi/csi-resizer:v1.1.0
args: args:
- --v=5 - --v=5
- --csi-address=$(ADDRESS) - --csi-address=$(ADDRESS)