Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Upgrade external-snapshotter to version v8.2.0 #3137

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

WIP: Upgrade external-snapshotter to version v8.2.0 #3137

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ require (
github.com/google/uuid v1.6.0
github.com/hashicorp/go-version v1.6.0
github.com/kubernetes-csi/csi-proxy/client v1.1.3
github.com/kubernetes-csi/external-snapshotter/client/v6 v6.1.0
github.com/kubernetes-csi/external-snapshotter/client/v8 v8.2.0
github.com/onsi/ginkgo/v2 v2.19.0
github.com/onsi/gomega v1.33.1
github.com/pkg/sftp v1.13.6
Expand Down
8 changes: 4 additions & 4 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,8 +132,8 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/euank/go-kmsg-parser v2.0.0+incompatible h1:cHD53+PLQuuQyLZeriD1V/esuG4MuU0Pjs5y6iknohY=
github.com/euank/go-kmsg-parser v2.0.0+incompatible/go.mod h1:MhmAMZ8V4CYH4ybgdRwPr2TU5ThnS43puaKEMpja1uw=
github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84=
github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=
github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM=
Expand Down Expand Up @@ -306,8 +306,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/kubernetes-csi/csi-proxy/client v1.1.3 h1:FdGU7NtxGhQX2wTfnuscmThG920hq0OaVVpuJW9t2k0=
github.com/kubernetes-csi/csi-proxy/client v1.1.3/go.mod h1:SfK4HVKQdMH5KrffivddAWgX5hl3P5KmnuOTBbDNboU=
github.com/kubernetes-csi/external-snapshotter/client/v6 v6.1.0 h1:yeuon3bOuOADwiWl2CyYrU4vbmYbAzGLCTscE1yLNHk=
github.com/kubernetes-csi/external-snapshotter/client/v6 v6.1.0/go.mod h1:eVY6gNtSrhsblGAqKFDG3CrkCLFAjsDvOpPpt+EaS6k=
github.com/kubernetes-csi/external-snapshotter/client/v8 v8.2.0 h1:Q3jQ1NkFqv5o+F8dMmHd8SfEmlcwNeo1immFApntEwE=
github.com/kubernetes-csi/external-snapshotter/client/v8 v8.2.0/go.mod h1:E3vdYxHj2C2q6qo8/Da4g7P+IcwqRZyy3gJBzYybV9Y=
github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
Expand Down
99 changes: 0 additions & 99 deletions manifests/vanilla/csi-snapshot-validatingwebhook.yaml
View file
Open in desktop

This file was deleted.

77 changes: 11 additions & 66 deletions manifests/vanilla/deploy-csi-snapshot-components.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,11 @@ Ensure that block-volume-snapshot feature is enabled.
1. Deploys the VolumeSnapshot CRDs
2. Creates RBAC rules to support VolumeSnapshot
3. Deploys snapshot-controller in kube-system namespace
4. Deploys the snapshot validation webhook
4. Cleans up the snapshot validation webhook deployment if previously deployed, since it is removed from snapshotter version v8.2.0
5. Patches vSphere CSI driver to deploy the csi-snapshotter sidecar

The script fails if there is existing snapshot-controller or snapshot validation webhook with unqualified versions
Deleting the unqualified snapshot-controller or snapshot validation webhook running the script again deploys the qualified version
The script fails if there is an existing snapshot-controller with unqualified versions
Deleting the unqualified snapshot-controller and running the script again deploys the qualified version

The script fails if incorrect version VolumeSnapshot CRDs exists. Deleting the CRDs will deploy the correct version
of the CRDs.
Expand All @@ -50,7 +50,7 @@ if ! command -v kubectl > /dev/null; then
exit 1
fi

qualified_version="v7.0.2"
qualified_version="v8.2.0"
volumesnapshotclasses_crd="volumesnapshotclasses.snapshot.storage.k8s.io"
volumesnapshotcontents_crd="volumesnapshotcontents.snapshot.storage.k8s.io"
volumesnapshots_crd="volumesnapshots.snapshot.storage.k8s.io"
Expand Down Expand Up @@ -160,66 +160,18 @@ deploy_snapshot_controller(){
echo -e "\n✅ Successfully deployed snapshot-controller\n"
}

deploy_validation_webhook() {
remove_validation_webhook() {
service=snapshot-validation-service
secret=snapshot-webhook-certs
namespace=kube-system
if [ ! -x "$(command -v openssl)" ]; then
echo "❌ ERROR: openssl not found"
exit 1
fi
tmpdir=$(mktemp -d)
echo "creating certs in tmpdir ${tmpdir} "
cat <<EOF >> "${tmpdir}"/server.conf
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
prompt = no
[req_distinguished_name]
CN = ${service}.${namespace}.svc
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = ${service}
DNS.2 = ${service}.${namespace}
DNS.3 = ${service}.${namespace}.svc
EOF

# Default webhook server and ca certificate validity
validity=180

openssl req -nodes -new -x509 -keyout "${tmpdir}"/ca.key -days ${validity} -out "${tmpdir}"/ca.crt -subj "/CN=vSphere CSI Admission Controller Webhook CA"
openssl genrsa -out "${tmpdir}"/webhook-server-tls.key 2048
openssl req -new -key "${tmpdir}"/webhook-server-tls.key -subj "/CN=${service}.${namespace}.svc" -config "${tmpdir}"/server.conf \
| openssl x509 -req -CA "${tmpdir}"/ca.crt -CAkey "${tmpdir}"/ca.key -days $((validity-1)) -CAcreateserial -out "${tmpdir}"/webhook-server-tls.crt -extensions v3_req -extfile "${tmpdir}"/server.conf
cat <<EOF >"${tmpdir}"/webhook.config
[WebHookConfig]
port = "8443"
cert-file = "/run/secrets/tls/tls.crt"
key-file = "/run/secrets/tls/tls.key"
EOF
kubectl delete secret ${secret} --namespace "${namespace}" 2>/dev/null || true
# create the secret with CA cert and server cert/key
kubectl create secret generic "${secret}" \
--from-file=tls.key="${tmpdir}"/webhook-server-tls.key \
--from-file=tls.crt="${tmpdir}"/webhook-server-tls.crt \
--from-file=webhook.config="${tmpdir}"/webhook.config \
--dry-run=client -o yaml |
kubectl -n "${namespace}" apply -f -
CA_BUNDLE="$(openssl base64 -A <"${tmpdir}/ca.crt")"

# clean-up previously created service and validatingwebhookconfiguration.
kubectl delete service "${service}" --namespace "${namespace}" 2>/dev/null || true
kubectl delete validation-webhook.snapshot.storage.k8s.io --namespace "${namespace}" 2>/dev/null || true
kubectl delete deployment snapshot-validation-deployment --namespace "${namespace}" 2>/dev/null || true
# patch csi-snapshot-validatingwebhook.yaml with CA_BUNDLE and create service and validatingwebhookconfiguration
curl https://raw.githubusercontent.com/kubernetes-sigs/vsphere-csi-driver/master/manifests/vanilla/csi-snapshot-validatingwebhook.yaml | sed "s/caBundle: .*$/caBundle: ${CA_BUNDLE}/g" | kubectl apply -f -
kubectl patch deployment -n kube-system snapshot-validation-deployment --patch '{"spec": {"template": {"spec": {"nodeSelector": {"node-role.kubernetes.io/control-plane": ""}, "tolerations": [{"key":"node-role.kubernetes.io/master","operator":"Exists", "effect":"NoSchedule"},{"key":"node-role.kubernetes.io/control-plane","operator":"Exists", "effect":"NoSchedule"}]}}}}'
kubectl -n kube-system rollout status deploy/snapshot-validation-deployment
echo -e "\n✅ Successfully deployed snapshot-validation-deployment\n"
kubectl delete validatingwebhookconfiguration validation-webhook.snapshot.storage.k8s.io 2>/dev/null || true
kubectl delete clusterrole snapshot-webhook-runner 2>/dev/null || true
echo -e "\n✅ Successfully cleaned-up snapshot validating webhook deployment\n"
}

patch_vsphere_csi_driver(){
Expand Down Expand Up @@ -305,15 +257,8 @@ else
deploy_snapshot_controller
fi

snap_validation_webhook_available=$(is_deployment_available snapshot-validation-deployment kube-system)
if [ "$snap_validation_webhook_available" = "true" ]
then
echo -e "snapshot-validation-deployment Deployment already exists, verifying version.."
validate_version snapshot-validation-deployment kube-system
else
echo -e "No existing snapshot-validation-deployment Deployment found, deploying it now.."
deploy_validation_webhook
fi
# Snapshot validating webhook has been deprecated and removed from v8.2.0, hence remove the webhook
remove_validation_webhook

# Check if vSphere CSI Driver has the snapshotter sidecar, if not patch the deployment
# Check if vSphere CSI Driver has the snapshotter sidecar with correct version, if not patch the deployment
check_snapshotter_sidecar
2 changes: 1 addition & 1 deletion manifests/vanilla/vsphere-csi-driver.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -397,7 +397,7 @@ spec:
- mountPath: /csi
name: socket-dir
- name: csi-snapshotter
image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.2
image: registry.k8s.io/sig-storage/csi-snapshotter:v8.2.0
args:
- "--v=4"
- "--kube-api-qps=100"
Expand Down
4 changes: 2 additions & 2 deletions pkg/csi/service/common/common_controller_helper.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ import (
"strings"
"time"

snap "github.com/kubernetes-csi/external-snapshotter/client/v6/apis/volumesnapshot/v1"
snapshotterClientSet "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned"
snap "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
snapshotterClientSet "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/wait"
Expand Down
2 changes: 1 addition & 1 deletion pkg/csi/service/common/commonco/k8sorchestrator/k8sorchestrator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ import (
"sync/atomic"
"time"

snapshotterClientSet "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned"
snapshotterClientSet "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned"
cnstypes "github.com/vmware/govmomi/cns/types"
pbmtypes "github.com/vmware/govmomi/pbm/types"
"google.golang.org/grpc/codes"
Expand Down
2 changes: 1 addition & 1 deletion pkg/csi/service/wcpguest/controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ import (
"github.com/davecgh/go-spew/spew"
"github.com/fsnotify/fsnotify"
"github.com/golang/protobuf/ptypes/wrappers"
snapshotterClientSet "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned"
snapshotterClientSet "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned"
"github.com/prometheus/client_golang/prometheus/promhttp"
vmoperatortypes "github.com/vmware-tanzu/vm-operator/api/v1alpha1"
"google.golang.org/grpc/codes"
Expand Down
2 changes: 1 addition & 1 deletion pkg/csi/service/wcpguest/controller_helper.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ import (
"google.golang.org/protobuf/types/known/timestamppb"

"github.com/container-storage-interface/spec/lib/go/csi"
snap "github.com/kubernetes-csi/external-snapshotter/client/v6/apis/volumesnapshot/v1"
snap "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
"google.golang.org/grpc/codes"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
Expand Down
2 changes: 1 addition & 1 deletion pkg/kubernetes/kubernetes.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
apiutils "sigs.k8s.io/controller-runtime/pkg/client/apiutil"

snapshotterClientSet "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned"
snapshotterClientSet "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned"
storagev1 "k8s.io/api/storage/v1"

cnsoperatorv1alpha1 "sigs.k8s.io/vsphere-csi-driver/v3/pkg/apis/cnsoperator"
Expand Down
2 changes: 1 addition & 1 deletion pkg/syncer/admissionhandler/validatepvc.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import (

"k8s.io/apimachinery/pkg/api/resource"

snapshotv1 "github.com/kubernetes-csi/external-snapshotter/client/v6/apis/volumesnapshot/v1"
snapshotv1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
admissionv1 "k8s.io/api/admission/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand Down
6 changes: 3 additions & 3 deletions pkg/syncer/admissionhandler/validatepvc_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ import (
"k8s.io/client-go/kubernetes/fake"

"github.com/agiledragon/gomonkey/v2"
snapshotv1 "github.com/kubernetes-csi/external-snapshotter/client/v6/apis/volumesnapshot/v1"
snapshotterClientSet "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned"
snapshotclientfake "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned/fake"
snapshotv1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
snapshotterClientSet "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned"
snapshotclientfake "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned/fake"
"github.com/stretchr/testify/assert"
admissionv1 "k8s.io/api/admission/v1"
corev1 "k8s.io/api/core/v1"
Expand Down
2 changes: 1 addition & 1 deletion pkg/syncer/admissionhandler/validatesnapshotoperation.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import (
"sigs.k8s.io/vsphere-csi-driver/v3/pkg/csi/service/logger"
k8s "sigs.k8s.io/vsphere-csi-driver/v3/pkg/kubernetes"

snap "github.com/kubernetes-csi/external-snapshotter/client/v6/apis/volumesnapshot/v1"
snap "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
)

const (
Expand Down
6 changes: 3 additions & 3 deletions pkg/syncer/admissionhandler/validatesnapshotoperation_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@ import (
"testing"

"github.com/agiledragon/gomonkey/v2"
snap "github.com/kubernetes-csi/external-snapshotter/client/v6/apis/volumesnapshot/v1"
snapshotterClientSet "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned"
snapshotclientfake "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned/fake"
snap "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
snapshotterClientSet "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned"
snapshotclientfake "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned/fake"
v1 "k8s.io/api/admission/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
Expand Down
4 changes: 2 additions & 2 deletions tests/e2e/crypto_snapshot.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ import (
"os"

"github.com/go-logr/zapr"
snapV1 "github.com/kubernetes-csi/external-snapshotter/client/v6/apis/volumesnapshot/v1"
snapc "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned"
snapV1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
snapc "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned"
"github.com/onsi/ginkgo/v2"
"github.com/onsi/gomega"
vmopv1 "github.com/vmware-tanzu/vm-operator/api/v1alpha1"
Expand Down
4 changes: 2 additions & 2 deletions tests/e2e/csi_snapshot_basic.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ import (
fss "k8s.io/kubernetes/test/e2e/framework/statefulset"
admissionapi "k8s.io/pod-security-admission/api"

snapV1 "github.com/kubernetes-csi/external-snapshotter/client/v6/apis/volumesnapshot/v1"
snapclient "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned"
snapV1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
snapclient "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned"
)

var _ = ginkgo.Describe("Volume Snapshot Basic Test", func() {
Expand Down
4 changes: 2 additions & 2 deletions tests/e2e/csi_snapshot_file_volume.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ import (
fnodes "k8s.io/kubernetes/test/e2e/framework/node"
fpv "k8s.io/kubernetes/test/e2e/framework/pv"

snapV1 "github.com/kubernetes-csi/external-snapshotter/client/v6/apis/volumesnapshot/v1"
snapclient "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned"
snapV1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
snapclient "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned"
)

var _ = ginkgo.Describe("[file-vanilla-snapshot] Volume Snapshot file volume Test", func() {
Expand Down
4 changes: 2 additions & 2 deletions tests/e2e/csi_snapshot_negative.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ import (
fpv "k8s.io/kubernetes/test/e2e/framework/pv"
admissionapi "k8s.io/pod-security-admission/api"

snapV1 "github.com/kubernetes-csi/external-snapshotter/client/v6/apis/volumesnapshot/v1"
snapclient "github.com/kubernetes-csi/external-snapshotter/client/v6/clientset/versioned"
snapV1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1"
snapclient "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned"
)

var _ = ginkgo.Describe("[block-snapshot-negative] Volume Snapshot Fault-Injection Test", func() {
Expand Down
Loading