diff --git a/pkg/model/components/hetznercloudcontrollermanager.go b/pkg/model/components/hetznercloudcontrollermanager.go index cefd3df95bc50..4818d390339e7 100644 --- a/pkg/model/components/hetznercloudcontrollermanager.go +++ b/pkg/model/components/hetznercloudcontrollermanager.go @@ -55,7 +55,7 @@ func (b *HetznerCloudControllerManagerOptionsBuilder) BuildOptions(o interface{} eccm.ConfigureCloudRoutes = fi.PtrTo(false) if eccm.Image == "" { - eccm.Image = "hetznercloud/hcloud-cloud-controller-manager:v1.16.0" + eccm.Image = "hetznercloud/hcloud-cloud-controller-manager:v1.19.0" } return nil diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_cluster-completed.spec_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_cluster-completed.spec_content index e0642faff1809..c620b893df9e2 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_cluster-completed.spec_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_cluster-completed.spec_content @@ -18,7 +18,7 @@ spec: cloudProvider: hcloud clusterCIDR: 100.96.0.0/11 configureCloudRoutes: false - image: hetznercloud/hcloud-cloud-controller-manager:v1.16.0 + image: hetznercloud/hcloud-cloud-controller-manager:v1.19.0 leaderElection: leaderElect: false cloudProvider: hetzner diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-bootstrap_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-bootstrap_content index 81a2b77240211..058d78c381b0e 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-bootstrap_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-bootstrap_content @@ -34,14 +34,14 @@ spec: version: 9.99.0 - id: k8s-1.22 manifest: hcloud-cloud-controller.addons.k8s.io/k8s-1.22.yaml - manifestHash: 6afe8a04e648a1df0a64e22dfe70f7f2b6b82a121c6595a3078f9bdcebbb7cd1 + manifestHash: 734a1bfdeb92881a6fee5079b13805bb25a519ab7dc2b13f8b192c9107b1faa4 name: hcloud-cloud-controller.addons.k8s.io selector: k8s-addon: hcloud-cloud-controller.addons.k8s.io version: 9.99.0 - id: k8s-1.22 manifest: hcloud-csi-driver.addons.k8s.io/k8s-1.22.yaml - manifestHash: f86445654ced20b614f6031d14a5fea5cf61fdc98f39968407af67a0ddb258e9 + manifestHash: 17957f9bc33c605a2dca8ce3ff59844023fc8079bb1a4f08025eb5e18d0c2968 name: hcloud-csi-driver.addons.k8s.io selector: k8s-addon: hcloud-csi-driver.addons.k8s.io diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-hcloud-cloud-controller.addons.k8s.io-k8s-1.22_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-hcloud-cloud-controller.addons.k8s.io-k8s-1.22_content index 366500d295152..961724ce2c0bb 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-hcloud-cloud-controller.addons.k8s.io-k8s-1.22_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-hcloud-cloud-controller.addons.k8s.io-k8s-1.22_content @@ -22,7 +22,7 @@ metadata: addon.kops.k8s.io/name: hcloud-cloud-controller.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: hcloud-cloud-controller.addons.k8s.io - name: cloud-controller-manager + name: hcloud-cloud-controller-manager namespace: kube-system --- @@ -35,14 +35,14 @@ metadata: addon.kops.k8s.io/name: hcloud-cloud-controller.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: hcloud-cloud-controller.addons.k8s.io - name: system:cloud-controller-manager + name: system:hcloud-cloud-controller-manager roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount - name: cloud-controller-manager + name: hcloud-cloud-controller-manager namespace: kube-system --- @@ -82,10 +82,6 @@ spec: - --v=2 - --use-service-account-credentials=true env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - name: HCLOUD_TOKEN valueFrom: secretKeyRef: @@ -96,7 +92,7 @@ spec: secretKeyRef: key: network name: hcloud - image: hetznercloud/hcloud-cloud-controller-manager:v1.16.0 + image: hetznercloud/hcloud-cloud-controller-manager:v1.19.0 name: hcloud-cloud-controller-manager ports: - containerPort: 8233 @@ -107,7 +103,7 @@ spec: memory: 50Mi dnsPolicy: Default priorityClassName: system-cluster-critical - serviceAccountName: cloud-controller-manager + serviceAccountName: hcloud-cloud-controller-manager tolerations: - effect: NoSchedule key: node.cloudprovider.kubernetes.io/uninitialized diff --git a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-hcloud-csi-driver.addons.k8s.io-k8s-1.22_content b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-hcloud-csi-driver.addons.k8s.io-k8s-1.22_content index 8f41db04fb67c..ecf9a994c75fa 100644 --- a/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-hcloud-csi-driver.addons.k8s.io-k8s-1.22_content +++ b/tests/integration/update_cluster/minimal_hetzner/data/aws_s3_object_minimal.example.com-addons-hcloud-csi-driver.addons.k8s.io-k8s-1.22_content @@ -13,33 +13,38 @@ stringData: --- -allowVolumeExpansion: true -apiVersion: storage.k8s.io/v1 -kind: StorageClass +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount metadata: - annotations: - storageclass.kubernetes.io/is-default-class: "true" creationTimestamp: null labels: addon.kops.k8s.io/name: hcloud-csi-driver.addons.k8s.io + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: hcloud-csi k8s-addon: hcloud-csi-driver.addons.k8s.io - name: hcloud-volumes -provisioner: csi.hetzner.cloud -volumeBindingMode: WaitForFirstConsumer + name: hcloud-csi-controller + namespace: kube-system --- -apiVersion: v1 -kind: ServiceAccount +allowVolumeExpansion: true +apiVersion: storage.k8s.io/v1 +kind: StorageClass metadata: + annotations: + storageclass.kubernetes.io/is-default-class: "true" creationTimestamp: null labels: addon.kops.k8s.io/name: hcloud-csi-driver.addons.k8s.io app.kubernetes.io/managed-by: kops k8s-addon: hcloud-csi-driver.addons.k8s.io - name: hcloud-csi-controller - namespace: kube-system + name: hcloud-volumes +provisioner: csi.hetzner.cloud +reclaimPolicy: Delete +volumeBindingMode: WaitForFirstConsumer --- @@ -49,7 +54,10 @@ metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: hcloud-csi-driver.addons.k8s.io + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: hcloud-csi k8s-addon: hcloud-csi-driver.addons.k8s.io name: hcloud-csi-controller rules: @@ -192,7 +200,10 @@ metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: hcloud-csi-driver.addons.k8s.io + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: hcloud-csi k8s-addon: hcloud-csi-driver.addons.k8s.io name: hcloud-csi-controller roleRef: @@ -212,8 +223,10 @@ metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: hcloud-csi-driver.addons.k8s.io - app: hcloud-csi-controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: hcloud-csi k8s-addon: hcloud-csi-driver.addons.k8s.io name: hcloud-csi-controller-metrics namespace: kube-system @@ -221,9 +234,10 @@ spec: ports: - name: metrics port: 9189 - targetPort: metrics selector: - app: hcloud-csi-controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/name: hcloud-csi --- @@ -233,8 +247,10 @@ metadata: creationTimestamp: null labels: addon.kops.k8s.io/name: hcloud-csi-driver.addons.k8s.io - app: hcloud-csi + app.kubernetes.io/component: node + app.kubernetes.io/instance: hcloud-csi app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: hcloud-csi k8s-addon: hcloud-csi-driver.addons.k8s.io name: hcloud-csi-node-metrics namespace: kube-system @@ -242,104 +258,10 @@ spec: ports: - name: metrics port: 9189 - targetPort: metrics selector: - app: hcloud-csi - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - addon.kops.k8s.io/name: hcloud-csi-driver.addons.k8s.io - app.kubernetes.io/managed-by: kops - k8s-addon: hcloud-csi-driver.addons.k8s.io - name: hcloud-csi-controller - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - app: hcloud-csi-controller - template: - metadata: - creationTimestamp: null - labels: - app: hcloud-csi-controller - kops.k8s.io/managed-by: kops - spec: - containers: - - args: - - --default-fstype=ext4 - image: registry.k8s.io/sig-storage/csi-attacher:v4.1.0 - name: csi-attacher - volumeMounts: - - mountPath: /run/csi - name: socket-dir - - image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 - name: csi-resizer - volumeMounts: - - mountPath: /run/csi - name: socket-dir - - args: - - --feature-gates=Topology=true - - --default-fstype=ext4 - image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 - name: csi-provisioner - volumeMounts: - - mountPath: /run/csi - name: socket-dir - - command: - - /bin/hcloud-csi-driver-controller - env: - - name: CSI_ENDPOINT - value: unix:///run/csi/socket - - name: METRICS_ENDPOINT - value: 0.0.0.0:9189 - - name: ENABLE_METRICS - value: "true" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: HCLOUD_TOKEN - valueFrom: - secretKeyRef: - key: token - name: hcloud-csi - image: hetznercloud/hcloud-csi-driver:v2.3.2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 2 - timeoutSeconds: 3 - name: hcloud-csi-driver - ports: - - containerPort: 9189 - name: metrics - - containerPort: 9808 - name: healthz - protocol: TCP - volumeMounts: - - mountPath: /run/csi - name: socket-dir - - image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 - imagePullPolicy: Always - name: liveness-probe - volumeMounts: - - mountPath: /run/csi - name: socket-dir - serviceAccountName: hcloud-csi-controller - volumes: - - emptyDir: {} - name: socket-dir + app.kubernetes.io/component: node + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/name: hcloud-csi --- @@ -350,7 +272,10 @@ metadata: labels: addon.kops.k8s.io/name: hcloud-csi-driver.addons.k8s.io app: hcloud-csi + app.kubernetes.io/component: node + app.kubernetes.io/instance: hcloud-csi app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: hcloud-csi k8s-addon: hcloud-csi-driver.addons.k8s.io name: hcloud-csi-node namespace: kube-system @@ -363,6 +288,9 @@ spec: creationTimestamp: null labels: app: hcloud-csi + app.kubernetes.io/component: node + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/name: hcloud-csi kops.k8s.io/managed-by: kops spec: affinity: @@ -378,12 +306,25 @@ spec: - args: - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 + imagePullPolicy: IfNotPresent name: csi-node-driver-registrar + resources: + limits: {} + requests: {} volumeMounts: - mountPath: /run/csi name: plugin-dir - mountPath: /registration name: registration-dir + - image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + imagePullPolicy: IfNotPresent + name: liveness-probe + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: plugin-dir - command: - /bin/hcloud-csi-driver-node env: @@ -393,8 +334,8 @@ spec: value: 0.0.0.0:9189 - name: ENABLE_METRICS value: "true" - image: hetznercloud/hcloud-csi-driver:v2.3.2 - imagePullPolicy: Always + image: docker.io/hetznercloud/hcloud-csi-driver:v2.6.0 + imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 5 httpGet: @@ -402,6 +343,7 @@ spec: port: healthz initialDelaySeconds: 10 periodSeconds: 2 + successThreshold: 1 timeoutSeconds: 3 name: hcloud-csi-driver ports: @@ -410,6 +352,9 @@ spec: - containerPort: 9808 name: healthz protocol: TCP + resources: + limits: {} + requests: {} securityContext: privileged: true volumeMounts: @@ -420,12 +365,9 @@ spec: name: plugin-dir - mountPath: /dev name: device-dir - - image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 - imagePullPolicy: Always - name: liveness-probe - volumeMounts: - - mountPath: /run/csi - name: plugin-dir + initContainers: null + securityContext: + fsGroup: 1001 tolerations: - effect: NoExecute operator: Exists @@ -450,6 +392,134 @@ spec: path: /dev type: Directory name: device-dir + updateStrategy: + type: RollingUpdate + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + creationTimestamp: null + labels: + addon.kops.k8s.io/name: hcloud-csi-driver.addons.k8s.io + app: hcloud-csi-controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: kops + app.kubernetes.io/name: hcloud-csi + k8s-addon: hcloud-csi-driver.addons.k8s.io + name: hcloud-csi-controller + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app: hcloud-csi-controller + strategy: + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + app: hcloud-csi-controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/name: hcloud-csi + kops.k8s.io/managed-by: kops + spec: + containers: + - args: + - --default-fstype=ext4 + image: registry.k8s.io/sig-storage/csi-attacher:v4.1.0 + imagePullPolicy: IfNotPresent + name: csi-attacher + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + - image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 + imagePullPolicy: IfNotPresent + name: csi-resizer + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + - args: + - --feature-gates=Topology=true + - --default-fstype=ext4 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 + imagePullPolicy: IfNotPresent + name: csi-provisioner + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + - image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + imagePullPolicy: IfNotPresent + name: liveness-probe + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + - command: + - /bin/hcloud-csi-driver-controller + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: METRICS_ENDPOINT + value: 0.0.0.0:9189 + - name: ENABLE_METRICS + value: "true" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: HCLOUD_TOKEN + valueFrom: + secretKeyRef: + key: token + name: hcloud-csi + image: docker.io/hetznercloud/hcloud-csi-driver:v2.6.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + name: hcloud-csi-driver + ports: + - containerPort: 9189 + name: metrics + - containerPort: 9808 + name: healthz + protocol: TCP + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + initContainers: null + securityContext: + fsGroup: 1001 + serviceAccountName: hcloud-csi-controller + volumes: + - emptyDir: {} + name: socket-dir --- diff --git a/upup/models/cloudup/resources/addons/hcloud-cloud-controller.addons.k8s.io/k8s-1.22.yaml.template b/upup/models/cloudup/resources/addons/hcloud-cloud-controller.addons.k8s.io/k8s-1.22.yaml.template index 58a903725cc04..cec945ac3385f 100644 --- a/upup/models/cloudup/resources/addons/hcloud-cloud-controller.addons.k8s.io/k8s-1.22.yaml.template +++ b/upup/models/cloudup/resources/addons/hcloud-cloud-controller.addons.k8s.io/k8s-1.22.yaml.template @@ -10,25 +10,28 @@ stringData: network: "{{ HCLOUD_NETWORK }}" token: "{{ HCLOUD_TOKEN }}" --- +# Source: hcloud-cloud-controller-manager/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: - name: cloud-controller-manager + name: hcloud-cloud-controller-manager namespace: kube-system --- -apiVersion: rbac.authorization.k8s.io/v1 +# Source: hcloud-cloud-controller-manager/templates/clusterrolebinding.yaml kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: system:cloud-controller-manager + name: "system:hcloud-cloud-controller-manager" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: -- kind: ServiceAccount - name: cloud-controller-manager - namespace: kube-system + - kind: ServiceAccount + name: hcloud-cloud-controller-manager + namespace: kube-system --- +# Source: hcloud-cloud-controller-manager/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: @@ -45,50 +48,50 @@ spec: labels: app: hcloud-cloud-controller-manager spec: - containers: - - command: - - /bin/hcloud-cloud-controller-manager - {{- range $arg := CloudControllerConfigArgv }} - - "{{ $arg }}" - {{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: HCLOUD_TOKEN - valueFrom: - secretKeyRef: - key: token - name: hcloud - - name: HCLOUD_NETWORK - valueFrom: - secretKeyRef: - key: network - name: hcloud - image: '{{ .ExternalCloudControllerManager.Image }}' - name: hcloud-cloud-controller-manager - ports: - - containerPort: 8233 - name: metrics - resources: - requests: - cpu: 100m - memory: 50Mi + serviceAccountName: hcloud-cloud-controller-manager dnsPolicy: Default - priorityClassName: system-cluster-critical - serviceAccountName: cloud-controller-manager tolerations: - - effect: NoSchedule - key: node.cloudprovider.kubernetes.io/uninitialized - value: "true" - - key: CriticalAddonsOnly - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - operator: Exists - - effect: NoExecute - key: node.kubernetes.io/not-ready + # Allow HCCM itself to schedule on nodes that have not yet been initialized by HCCM. + - key: "node.cloudprovider.kubernetes.io/uninitialized" + value: "true" + effect: "NoSchedule" + - key: "CriticalAddonsOnly" + operator: "Exists" + + # Allow HCCM to schedule on control plane nodes. + - key: "node-role.kubernetes.io/master" + effect: NoSchedule + operator: Exists + - key: "node-role.kubernetes.io/control-plane" + effect: NoSchedule + operator: Exists + + - key: "node.kubernetes.io/not-ready" + effect: "NoExecute" + containers: + - name: hcloud-cloud-controller-manager + command: + - "/bin/hcloud-cloud-controller-manager" + {{- range $arg := CloudControllerConfigArgv }} + - "{{ $arg }}" + {{- end }} + env: + - name: HCLOUD_TOKEN + valueFrom: + secretKeyRef: + key: token + name: hcloud + - name: HCLOUD_NETWORK + valueFrom: + secretKeyRef: + key: network + name: hcloud + image: '{{ .ExternalCloudControllerManager.Image }}' + ports: + - name: metrics + containerPort: 8233 + resources: + requests: + cpu: 100m + memory: 50Mi + priorityClassName: system-cluster-critical diff --git a/upup/models/cloudup/resources/addons/hcloud-csi-driver.addons.k8s.io/k8s-1.22.yaml.template b/upup/models/cloudup/resources/addons/hcloud-csi-driver.addons.k8s.io/k8s-1.22.yaml.template index 7aafba3de4aa5..19fd42cf0bd05 100644 --- a/upup/models/cloudup/resources/addons/hcloud-csi-driver.addons.k8s.io/k8s-1.22.yaml.template +++ b/upup/models/cloudup/resources/addons/hcloud-csi-driver.addons.k8s.io/k8s-1.22.yaml.template @@ -8,303 +8,172 @@ metadata: stringData: token: '{{ HCLOUD_TOKEN }}' --- -allowVolumeExpansion: true -apiVersion: storage.k8s.io/v1 +# Source: hcloud-csi/templates/controller/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hcloud-csi-controller + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller +automountServiceAccountToken: true +--- +# Source: hcloud-csi/templates/core/storageclass.yaml kind: StorageClass +apiVersion: storage.k8s.io/v1 metadata: + name: hcloud-volumes annotations: storageclass.kubernetes.io/is-default-class: "true" - name: hcloud-volumes provisioner: csi.hetzner.cloud volumeBindingMode: WaitForFirstConsumer +allowVolumeExpansion: true +reclaimPolicy: "Delete" --- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: hcloud-csi-controller - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 +# Source: hcloud-csi/templates/controller/clusterrole.yaml kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hcloud-csi-controller + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - csi.storage.k8s.io - resources: - - csinodeinfos - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - create - - delete - - patch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - persistentvolumeclaims/status - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - list -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - get - - list -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create - - update - - patch +# attacher +- apiGroups: [""] + resources: [persistentvolumes] + verbs: [get, list, watch, update, patch] +- apiGroups: [""] + resources: [nodes] + verbs: [get, list, watch] +- apiGroups: [csi.storage.k8s.io] + resources: [csinodeinfos] + verbs: [get, list, watch] +- apiGroups: [storage.k8s.io] + resources: [csinodes] + verbs: [get, list, watch] +- apiGroups: [storage.k8s.io] + resources: [volumeattachments] + verbs: [get, list, watch, update, patch] +- apiGroups: [storage.k8s.io] + resources: [volumeattachments/status] + verbs: [patch] +# provisioner +- apiGroups: [""] + resources: [secrets] + verbs: [get, list] +- apiGroups: [""] + resources: [persistentvolumes] + verbs: [get, list, watch, create, delete, patch] +- apiGroups: [""] + resources: [persistentvolumeclaims, persistentvolumeclaims/status] + verbs: [get, list, watch, update, patch] +- apiGroups: [storage.k8s.io] + resources: [storageclasses] + verbs: [get, list, watch] +- apiGroups: [""] + resources: [events] + verbs: [list, watch, create, update, patch] +- apiGroups: [snapshot.storage.k8s.io] + resources: [volumesnapshots] + verbs: [get, list] +- apiGroups: [snapshot.storage.k8s.io] + resources: [volumesnapshotcontents] + verbs: [get, list] +# resizer +- apiGroups: [""] + resources: [pods] + verbs: [get, list, watch] +# node +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch, create, update, patch] --- -apiVersion: rbac.authorization.k8s.io/v1 +# Source: hcloud-csi/templates/controller/clusterrolebinding.yaml kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hcloud-csi-controller + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: hcloud-csi-controller subjects: -- kind: ServiceAccount - name: hcloud-csi-controller - namespace: kube-system + - kind: ServiceAccount + name: hcloud-csi-controller + namespace: "kube-system" --- +# Source: hcloud-csi/templates/controller/service.yaml apiVersion: v1 kind: Service metadata: - labels: - app: hcloud-csi-controller name: hcloud-csi-controller-metrics - namespace: kube-system + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller spec: ports: - - name: metrics - port: 9189 - targetPort: metrics + - name: metrics + port: 9189 selector: - app: hcloud-csi-controller + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller --- +# Source: hcloud-csi/templates/node/service.yaml apiVersion: v1 kind: Service metadata: - labels: - app: hcloud-csi name: hcloud-csi-node-metrics - namespace: kube-system + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: node spec: ports: - - name: metrics - port: 9189 - targetPort: metrics - selector: - app: hcloud-csi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: hcloud-csi-controller - namespace: kube-system -spec: - replicas: 1 + - name: metrics + port: 9189 selector: - matchLabels: - app: hcloud-csi-controller - template: - metadata: - labels: - app: hcloud-csi-controller - spec: - containers: - - args: - - --default-fstype=ext4 - image: registry.k8s.io/sig-storage/csi-attacher:v4.1.0 - name: csi-attacher - volumeMounts: - - mountPath: /run/csi - name: socket-dir - - image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 - name: csi-resizer - volumeMounts: - - mountPath: /run/csi - name: socket-dir - - args: - - --feature-gates=Topology=true - - --default-fstype=ext4 - image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 - name: csi-provisioner - volumeMounts: - - mountPath: /run/csi - name: socket-dir - - command: - - /bin/hcloud-csi-driver-controller - env: - - name: CSI_ENDPOINT - value: unix:///run/csi/socket - - name: METRICS_ENDPOINT - value: 0.0.0.0:9189 - - name: ENABLE_METRICS - value: "true" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: HCLOUD_TOKEN - valueFrom: - secretKeyRef: - key: token - name: hcloud-csi - image: hetznercloud/hcloud-csi-driver:v2.3.2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 2 - timeoutSeconds: 3 - name: hcloud-csi-driver - ports: - - containerPort: 9189 - name: metrics - - containerPort: 9808 - name: healthz - protocol: TCP - volumeMounts: - - mountPath: /run/csi - name: socket-dir - - image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 - imagePullPolicy: Always - name: liveness-probe - volumeMounts: - - mountPath: /run/csi - name: socket-dir - serviceAccountName: hcloud-csi-controller - volumes: - - emptyDir: {} - name: socket-dir + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: node --- +# Source: hcloud-csi/templates/node/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: + name: hcloud-csi-node + namespace: "kube-system" labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: node app: hcloud-csi - name: hcloud-csi-node - namespace: kube-system spec: + updateStrategy: + type: RollingUpdate selector: matchLabels: app: hcloud-csi template: metadata: labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: node app: hcloud-csi spec: + affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -314,83 +183,221 @@ spec: operator: NotIn values: - "true" - containers: - - args: - - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 - name: csi-node-driver-registrar - volumeMounts: - - mountPath: /run/csi - name: plugin-dir - - mountPath: /registration - name: registration-dir - - command: - - /bin/hcloud-csi-driver-node - env: - - name: CSI_ENDPOINT - value: unix:///run/csi/socket - - name: METRICS_ENDPOINT - value: 0.0.0.0:9189 - - name: ENABLE_METRICS - value: "true" - image: hetznercloud/hcloud-csi-driver:v2.3.2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 2 - timeoutSeconds: 3 - name: hcloud-csi-driver - ports: - - containerPort: 9189 - name: metrics - - containerPort: 9808 - name: healthz - protocol: TCP - securityContext: - privileged: true - volumeMounts: - - mountPath: /var/lib/kubelet - mountPropagation: Bidirectional - name: kubelet-dir - - mountPath: /run/csi - name: plugin-dir - - mountPath: /dev - name: device-dir - - image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 - imagePullPolicy: Always - name: liveness-probe - volumeMounts: - - mountPath: /run/csi - name: plugin-dir tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + securityContext: + fsGroup: 1001 + initContainers: + containers: + - name: csi-node-driver-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 + imagePullPolicy: IfNotPresent + args: + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket + volumeMounts: + - name: plugin-dir + mountPath: /run/csi + - name: registration-dir + mountPath: /registration + resources: + limits: {} + requests: {} + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /run/csi + name: plugin-dir + resources: + limits: {} + requests: {} + - name: hcloud-csi-driver + image: docker.io/hetznercloud/hcloud-csi-driver:v2.6.0 # x-release-please-version + imagePullPolicy: IfNotPresent + command: [/bin/hcloud-csi-driver-node] + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /run/csi + - name: device-dir + mountPath: /dev + securityContext: + privileged: true + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: METRICS_ENDPOINT + value: "0.0.0.0:9189" + - name: ENABLE_METRICS + value: "true" + ports: + - containerPort: 9189 + name: metrics + - name: healthz + protocol: TCP + containerPort: 9808 + resources: + limits: {} + requests: {} + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + httpGet: + path: /healthz + port: healthz + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hetzner.cloud/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory +--- +# Source: hcloud-csi/templates/controller/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hcloud-csi-controller + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller + app: hcloud-csi-controller +spec: + replicas: 1 + strategy: + type: RollingUpdate + selector: + matchLabels: + app: hcloud-csi-controller + template: + metadata: + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller + app: hcloud-csi-controller + spec: + serviceAccountName: hcloud-csi-controller + + securityContext: + fsGroup: 1001 + initContainers: + containers: + - name: csi-attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.1.0 + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + args: + - --default-fstype=ext4 + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + args: + - --feature-gates=Topology=true + - --default-fstype=ext4 + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + + - name: hcloud-csi-driver + image: docker.io/hetznercloud/hcloud-csi-driver:v2.6.0 # x-release-please-version + imagePullPolicy: IfNotPresent + command: [/bin/hcloud-csi-driver-controller] + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: METRICS_ENDPOINT + value: "0.0.0.0:9189" + - name: ENABLE_METRICS + value: "true" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: HCLOUD_TOKEN + valueFrom: + secretKeyRef: + name: hcloud-csi + key: token + resources: + limits: {} + requests: {} + ports: + - name: metrics + containerPort: 9189 + - name: healthz + protocol: TCP + containerPort: 9808 + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + httpGet: + path: /healthz + port: healthz + volumeMounts: + - name: socket-dir + mountPath: /run/csi + volumes: - - hostPath: - path: /var/lib/kubelet - type: Directory - name: kubelet-dir - - hostPath: - path: /var/lib/kubelet/plugins/csi.hetzner.cloud/ - type: DirectoryOrCreate - name: plugin-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: Directory - name: registration-dir - - hostPath: - path: /dev - type: Directory - name: device-dir + - name: socket-dir + emptyDir: {} --- +# Source: hcloud-csi/templates/core/csidriver.yaml apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: