From cefd1339fcfb9bc82d9b1ad7b2023ad15a22a54e Mon Sep 17 00:00:00 2001 From: Cristian Calin <6627509+cristicalin@users.noreply.github.com> Date: Mon, 4 Apr 2022 11:08:11 +0300 Subject: [PATCH] [vsphere_csi] update to 2.5.1 and make external_vsphere_version 7.0u1 by default (#8676) --- .../csi_driver/vsphere/defaults/main.yml | 19 +++++++-------- .../vsphere-csi-controller-config.yml.j2 | 5 ++++ .../vsphere-csi-controller-deployment.yml.j2 | 23 ++++++++++++++++--- .../vsphere-csi-controller-rbac.yml.j2 | 7 ++++-- .../templates/vsphere-csi-node-rbac.yml.j2 | 2 +- .../vsphere/templates/vsphere-csi-node.yml.j2 | 2 ++ 6 files changed, 43 insertions(+), 15 deletions(-) diff --git a/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml index d708019c3..95a2c5e9b 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml +++ b/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml @@ -2,16 +2,17 @@ external_vsphere_vcenter_port: "443" external_vsphere_insecure: "true" external_vsphere_kubernetes_cluster_id: "kubernetes-cluster-id" -external_vsphere_version: "6.7u3" +external_vsphere_version: "7.0u1" -vsphere_syncer_image_tag: "v2.4.0" -vsphere_csi_attacher_image_tag: "v3.3.0" -vsphere_csi_controller: "v2.4.0" -vsphere_csi_liveness_probe_image_tag: "v2.4.0" -vsphere_csi_provisioner_image_tag: "v3.0.0" -vsphere_csi_node_driver_registrar_image_tag: "v2.3.0" -vsphere_csi_driver_image_tag: "v2.4.0" -vsphere_csi_resizer_tag: "v1.3.0" +vsphere_syncer_image_tag: "v2.5.1" +vsphere_csi_attacher_image_tag: "v3.4.0" +vsphere_csi_controller: "v2.5.1" +vsphere_csi_liveness_probe_image_tag: "v2.6.0" +vsphere_csi_provisioner_image_tag: "v3.1.0" +vsphere_csi_snapshotter_image_tag: "v5.0.1" +vsphere_csi_node_driver_registrar_image_tag: "v2.5.0" +vsphere_csi_driver_image_tag: "v2.5.1" +vsphere_csi_resizer_tag: "v1.4.0" vsphere_csi_controller_replicas: 1 diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 index abf784100..deb47d240 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 @@ -9,6 +9,11 @@ data: "improved-volume-topology": "true" "block-volume-snapshot": "false" "csi-windows-support": "false" +{% if vsphere_csi_controller is version('v2.5.0', '>=') %} + "use-csinode-id": "true" + "pv-to-backingdiskobjectid-mapping": "false" + "cnsmgr-suspend-create-volume": "false" +{% endif %} kind: ConfigMap metadata: name: internal-feature-states.csi.vsphere.vmware.com diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 index d6e8f6003..a7ff4ffbf 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 @@ -75,10 +75,10 @@ spec: - "--v=4" - "--timeout=300s" - "--csi-address=$(ADDRESS)" - - "--leader-election" - "--handle-volume-inuse-error=false" - "--kube-api-qps=100" - "--kube-api-burst=100" + - "--leader-election" env: - name: ADDRESS value: /csi/csi.sock @@ -190,12 +190,12 @@ spec: - "--v=4" - "--timeout=300s" - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--default-fstype=ext4" {% if vsphere_csi_controller is version('v2.2.0', '>=') %} - "--kube-api-qps=100" - "--kube-api-burst=100" {% endif %} + - "--leader-election" + - "--default-fstype=ext4" # needed only for topology aware setup #- "--feature-gates=Topology=true" #- "--strict-topology" @@ -205,6 +205,23 @@ spec: volumeMounts: - mountPath: /csi name: socket-dir +{% if vsphere_csi_controller is version('v2.5.0', '>=') %} + - name: csi-snapshotter + image: {{ kube_image_repo }}/sig-storage/csi-snapshotter:{{ vsphere_csi_snapshotter_image_tag }} + args: + - "--v=4" + - "--kube-api-qps=100" + - "--kube-api-burst=100" + - "--timeout=300s" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + env: + - name: ADDRESS + value: /csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir +{% endif %} volumes: - name: vsphere-config-volume secret: diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 index ad5569185..b7c331698 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 @@ -10,8 +10,11 @@ metadata: name: vsphere-csi-controller-role rules: - apiGroups: [""] - resources: ["nodes", "persistentvolumeclaims", "pods", "configmaps"] + resources: ["nodes", "pods", "configmaps"] verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] {% if external_vsphere_version >= "7.0" %} - apiGroups: [""] resources: ["persistentvolumeclaims/status"] @@ -66,7 +69,7 @@ rules: verbs: [ "watch", "get", "list" ] - apiGroups: [ "snapshot.storage.k8s.io" ] resources: [ "volumesnapshotcontents" ] - verbs: [ "create", "get", "list", "watch", "update", "delete" ] + verbs: [ "create", "get", "list", "watch", "update", "delete", "patch" ] - apiGroups: [ "snapshot.storage.k8s.io" ] resources: [ "volumesnapshotcontents/status" ] verbs: [ "update", "patch" ] diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2 index 98e06529a..c4c172d60 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2 @@ -12,7 +12,7 @@ metadata: rules: - apiGroups: ["cns.vmware.com"] resources: ["csinodetopologies"] - verbs: ["create", "watch"] + verbs: ["create", "watch", "get", "patch" ] - apiGroups: [""] resources: ["nodes"] verbs: ["get"] diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 index 3fae91e3d..c0ec36c21 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 @@ -77,6 +77,8 @@ spec: value: "false" - name: X_CSI_DEBUG value: "true" + - name: X_CSI_SPEC_DISABLE_LEN_CHECK + value: "true" - name: LOGGER_LEVEL value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION {% if external_vsphere_version >= "7.0u1" %}