diff --git a/docs/vsphere-csi.md b/docs/vsphere-csi.md index d312bf3f9..514dbec33 100644 --- a/docs/vsphere-csi.md +++ b/docs/vsphere-csi.md @@ -37,6 +37,7 @@ You need to source the vSphere credentials you use to deploy your machines that | vsphere_csi_aggressive_node_drain | FALSE | boolean | | false | Enable aggressive node drain strategy | | vsphere_csi_aggressive_node_unreachable_timeout | FALSE | int | 300 | | Timeout till node will be drained when it in an unreachable state | | vsphere_csi_aggressive_node_not_ready_timeout | FALSE | int | 300 | | Timeout till node will be drained when it in not-ready state | +| vsphere_csi_namespace | TRUE | string | | "vmware-system-csi" | vSphere CSI namespace to use ## Usage example diff --git a/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml index 93beca307..62d49cfcb 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml +++ b/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml @@ -14,6 +14,8 @@ vsphere_csi_node_driver_registrar_image_tag: "v2.5.0" vsphere_csi_driver_image_tag: "v2.5.1" vsphere_csi_resizer_tag: "v1.4.0" +vsphere_csi_namespace: "vmware-system-csi" + vsphere_csi_controller_replicas: 1 csi_endpoint: '{% if external_vsphere_version >= "7.0u1" %}/csi{% else %}/var/lib/csi/sockets/pluginproxy{% endif %}' diff --git a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml index c2cf62ab9..5983fa095 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml @@ -16,6 +16,7 @@ dest: "{{ kube_config_dir }}/{{ item }}" mode: 0644 with_items: + - vsphere-csi-namespace.yml - vsphere-csi-driver.yml - vsphere-csi-controller-rbac.yml - vsphere-csi-node-rbac.yml @@ -27,7 +28,7 @@ when: inventory_hostname == groups['kube_control_plane'][0] - name: vSphere CSI Driver | Generate a CSI secret manifest - command: "{{ kubectl }} create secret generic vsphere-config-secret --from-file=csi-vsphere.conf={{ kube_config_dir }}/vsphere-csi-cloud-config -n kube-system --dry-run --save-config -o yaml" + command: "{{ kubectl }} create secret generic vsphere-config-secret --from-file=csi-vsphere.conf={{ kube_config_dir }}/vsphere-csi-cloud-config -n {{ vsphere_csi_namespace }} --dry-run --save-config -o yaml" register: vsphere_csi_secret_manifest when: inventory_hostname == groups['kube_control_plane'][0] no_log: "{{ not (unsafe_show_logs|bool) }}" diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 index 56a28d0b3..3e16ae1b0 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 @@ -21,4 +21,4 @@ data: kind: ConfigMap metadata: name: internal-feature-states.csi.vsphere.vmware.com - namespace: kube-system + namespace: "{{ vsphere_csi_namespace }}" diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 index 97be182c2..1c1de2f8f 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 @@ -2,7 +2,7 @@ kind: Deployment apiVersion: apps/v1 metadata: name: vsphere-csi-controller - namespace: kube-system + namespace: "{{ vsphere_csi_namespace }}" spec: replicas: {{ vsphere_csi_controller_replicas }} strategy: @@ -90,8 +90,8 @@ spec: image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/driver:{{ vsphere_csi_controller }} args: - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" - - "--fss-namespace=kube-system" - - "--supervisor-fss-namespace=kube-system" + - "--fss-namespace={{ vsphere_csi_namespace }}" + - "--supervisor-fss-namespace={{ vsphere_csi_namespace }}" - "--use-gocsi=false" imagePullPolicy: {{ k8s_image_pull_policy }} env: @@ -150,8 +150,8 @@ spec: args: - "--leader-election" - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" - - "--fss-namespace=kube-system" - - "--supervisor-fss-namespace=kube-system" + - "--fss-namespace={{ vsphere_csi_namespace }}" + - "--supervisor-fss-namespace={{ vsphere_csi_namespace }}" imagePullPolicy: {{ k8s_image_pull_policy }} ports: - containerPort: 2113 diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 index 80797063a..fd614f9a4 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 @@ -2,7 +2,7 @@ kind: ServiceAccount apiVersion: v1 metadata: name: vsphere-csi-controller - namespace: kube-system + namespace: "{{ vsphere_csi_namespace }}" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -79,7 +79,7 @@ metadata: subjects: - kind: ServiceAccount name: vsphere-csi-controller - namespace: kube-system + namespace: "{{ vsphere_csi_namespace }}" roleRef: kind: ClusterRole name: vsphere-csi-controller-role diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-service.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-service.yml.j2 index ccded9b72..75967ba5d 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-service.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-service.yml.j2 @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: name: vsphere-csi-controller - namespace: kube-system + namespace: "{{ vsphere_csi_namespace }}" labels: app: vsphere-csi-controller spec: diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-namespace.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-namespace.yml.j2 new file mode 100644 index 000000000..0a28bda12 --- /dev/null +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-namespace.yml.j2 @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: "{{ vsphere_csi_namespace }}" \ No newline at end of file diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2 index c4c172d60..42896e140 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2 @@ -3,7 +3,7 @@ kind: ServiceAccount apiVersion: v1 metadata: name: vsphere-csi-node - namespace: kube-system + namespace: "{{ vsphere_csi_namespace }}" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -24,7 +24,7 @@ metadata: subjects: - kind: ServiceAccount name: vsphere-csi-node - namespace: kube-system + namespace: "{{ vsphere_csi_namespace }}" roleRef: kind: ClusterRole name: vsphere-csi-node-cluster-role @@ -34,7 +34,7 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: vsphere-csi-node-role - namespace: kube-system + namespace: "{{ vsphere_csi_namespace }}" rules: - apiGroups: [""] resources: ["configmaps"] @@ -44,11 +44,11 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: vsphere-csi-node-binding - namespace: kube-system + namespace: "{{ vsphere_csi_namespace }}" subjects: - kind: ServiceAccount name: vsphere-csi-node - namespace: kube-system + namespace: "{{ vsphere_csi_namespace }}" roleRef: kind: Role name: vsphere-csi-node-role diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 index 322267199..fa5620e22 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 @@ -2,7 +2,7 @@ kind: DaemonSet apiVersion: apps/v1 metadata: name: vsphere-csi-node - namespace: kube-system + namespace: "{{ vsphere_csi_namespace }}" spec: selector: matchLabels: @@ -57,8 +57,8 @@ spec: imagePullPolicy: {{ k8s_image_pull_policy }} args: - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" - - "--fss-namespace=kube-system" - - "--supervisor-fss-namespace=kube-system" + - "--fss-namespace={{ vsphere_csi_namespace }}" + - "--supervisor-fss-namespace={{ vsphere_csi_namespace }}" - "--use-gocsi=false" imagePullPolicy: "Always" env: