From 6e864c36c5b9e1e43a954bc4ad7e1cf01cc46e1f Mon Sep 17 00:00:00 2001 From: CALIN Cristian Andrei Date: Mon, 13 Sep 2021 21:43:57 +0300 Subject: [PATCH] update snapshotter * fix snapshotter port * update snapshotter rbac --- .../v1.22/snapshotter/snapshotter.yaml | 57 ++++++++++++++++++- 1 file changed, 54 insertions(+), 3 deletions(-) diff --git a/deploy/kubernetes/v1.22/snapshotter/snapshotter.yaml b/deploy/kubernetes/v1.22/snapshotter/snapshotter.yaml index e1ae0c4..1689f37 100644 --- a/deploy/kubernetes/v1.22/snapshotter/snapshotter.yaml +++ b/deploy/kubernetes/v1.22/snapshotter/snapshotter.yaml @@ -13,6 +13,9 @@ rules: - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] verbs: ["get", "list", "watch"] @@ -22,6 +25,9 @@ rules: - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents/status"] verbs: ["update"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] --- kind: ClusterRoleBinding @@ -38,6 +44,32 @@ roleRef: name: synology-csi-snapshotter-role apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: synology-csi + name: synology-csi-snapshotter-cfg +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: synology-csi + name: synology-csi-snapshotter-role-cfg +subjects: + - kind: ServiceAccount + name: csi-snapshotter-sa + namespace: synology-csi +roleRef: + kind: Role + name: synology-csi-snapshotter-cfg + apiGroup: rbac.authorization.k8s.io + --- kind: StatefulSet apiVersion: apps/v1 @@ -64,10 +96,12 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: quay.io/k8scsi/csi-snapshotter:v3.0.3 + image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.2.1 args: - - --v=5 + - --v=1 - --csi-address=$(ADDRESS) + - --leader-election + - --http-endpoint=:8083 env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -75,6 +109,18 @@ spec: volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ + ports: + - containerPort: 8083 + name: snap-port + protocol: TCP + livenessProbe: + failureThreshold: 1 + httpGet: + path: /healthz/leader-election + port: snap-port + initialDelaySeconds: 10 + timeoutSeconds: 10 + periodSeconds: 20 - name: csi-plugin securityContext: privileged: true @@ -83,7 +129,7 @@ spec: allowPrivilegeEscalation: true image: cristicalin/synology-csi:v1.0.0 args: - - --nodeid=NotUsed + - --nodeid=$(KUBE_NODE_NAME) - --endpoint=$(CSI_ENDPOINT) - --client-info - /etc/synology/client-info.yml @@ -91,6 +137,11 @@ spec: env: - name: CSI_ENDPOINT value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName imagePullPolicy: IfNotPresent volumeMounts: - name: socket-dir