Skip to content

Commit

Permalink
Synchronize Helm charts related to CSI driver, CCM and storage classes
Browse files Browse the repository at this point in the history
NotTheEvilOne committed Feb 14, 2022
1 parent 5aae95d commit 0e7faa2
Showing 8 changed files with 42 additions and 37 deletions.
12 changes: 11 additions & 1 deletion charts/gardener-extension-provider-ionos/templates/rbac.yaml
Original file line number Diff line number Diff line change
@@ -9,9 +9,17 @@ rules:
- apiGroups:
- extensions.gardener.cloud
resources:
- backupbuckets
- backupbuckets/status
- backupentries
- backupentries/status
- bastions
- bastions/status
- clusters
- controlplanes
- controlplanes/status
- dnsrecords
- dnsrecords/status
- infrastructures
- infrastructures/status
- workers
@@ -51,6 +59,7 @@ rules:
- rbac.authorization.k8s.io
- admissionregistration.k8s.io
- apiextensions.k8s.io
- networking.k8s.io
- storage.k8s.io
resources:
- namespaces
@@ -64,14 +73,15 @@ rules:
- serviceaccounts
- clusterroles
- clusterrolebindings
- csidrivers
- roles
- rolebindings
- jobs
- pods
- pods/log
- mutatingwebhookconfigurations
- customresourcedefinitions
- csidrivers
- networkpolicies
verbs:
- "*"
- apiGroups:
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{- if eq .Values.gardener.seed.provider "ionos" }}
apiVersion: storage.k8s.io/v1
apiVersion: {{ include "storageclassversion" . }}
kind: StorageClass
metadata:
name: {{ .Values.config.etcd.storage.className }}
Original file line number Diff line number Diff line change
@@ -49,7 +49,7 @@ spec:
spec:
automountServiceAccountToken: false
containers:
- name: ionos-csi-attacher
- name: csi-attacher
image: {{ index .Values.images "csi-attacher" }}
args:
- "--v=4"
@@ -70,7 +70,7 @@ spec:
- name: csi-attacher
mountPath: /var/lib/csi-attacher
{{- if .Values.resizerEnabled }}
- name: ionos-csi-resizer
- name: csi-resizer
image: {{ index .Values.images "csi-resizer" }}
args:
- "--v=4"
@@ -119,7 +119,7 @@ spec:
- mountPath: /etc/ie-csi/clouds
name: clouds-dir
readOnly: true
- name: ionos-csi-provisioner
- name: csi-provisioner
image: {{ index .Values.images "csi-provisioner" }}
args:
- "--v=4"
Original file line number Diff line number Diff line change
@@ -9,13 +9,16 @@ rules:
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "update", "patch"]
verbs: ["get", "list", "watch"]
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
Original file line number Diff line number Diff line change
@@ -4,11 +4,14 @@ kind: ClusterRole
metadata:
name: {{ include "csi-driver-node.extensionsGroup" . }}:{{ include "csi-driver-node.name" . }}:csi-provisioner
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
verbs: ["get", "list", "watch", "create", "delete", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
resources: ["persistentvolumeclaims", "persistentvolumeclaims/status"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
@@ -22,9 +25,3 @@ rules:
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["get", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
Original file line number Diff line number Diff line change
@@ -5,14 +5,5 @@ metadata:
name: {{ include "csi-driver-node.extensionsGroup" . }}:{{ include "csi-driver-node.name" . }}:csi-resizer
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["update", "patch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
Original file line number Diff line number Diff line change
@@ -27,12 +27,8 @@ spec:
- effect: NoExecute
operator: Exists
containers:
- name: node-driver-registrar
- name: csi-node-driver-registrar
image: {{ index .Values.images "csi-node-driver-registrar" }}
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "rm -rf /registration/csi.hetzner.cloud-reg.sock /csi/csi.sock /var/lib/kubelet/plugins_registry/csi.hetzner.cloud-reg.sock"]
args:
- "--v=5"
- "--csi-address=$(ADDRESS)"
@@ -41,7 +37,7 @@ spec:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: /var/lib/kubelet/plugins_registry/csi.hetzner.cloud/csi.sock
value: /var/lib/kubelet/plugins_registry/csi.ionos.com/csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
@@ -54,7 +50,7 @@ spec:
mountPath: /csi
- name: registration-dir
mountPath: /registration
- name: ionos-csi-node
- name: ionos-csi-driver
image: {{ index .Values.images "csi-driver-node" }}
env:
- name: NODE_NAME
@@ -116,7 +112,7 @@ spec:
type: DirectoryOrCreate
- name: plugin-dir
hostPath:
path: /var/lib/kubelet/plugins_registry/csi.hetzner.cloud
path: /var/lib/kubelet/plugins_registry/csi.ionos.com
type: DirectoryOrCreate
- name: pods-mount-dir
hostPath:
Original file line number Diff line number Diff line change
@@ -36,7 +36,16 @@ rules:
- services/status
verbs:
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
# Service statuses need be updated when a load balancer IP changed.
- apiGroups:
- ""
@@ -69,8 +78,7 @@ rules:
resources:
- persistentvolumes
verbs:
- list
- watch
- '*'
- apiGroups:
- coordination.k8s.io
resources:

0 comments on commit 0e7faa2

Please sign in to comment.