Merge pull request #1393 from kinvolk/surajssd/aws-ebs-driver-affinit…

…y-tolerations AWS EBS CSI Driver: Add `node_affinity` and `tolerations`.
kinvolk · Feb 23, 2021 · 072cefc · 072cefc
2 parents 95894db + 53341f1
commit 072cefc
Show file tree

Hide file tree

Showing 23 changed files with 537 additions and 162 deletions.
diff --git a/assets/charts/components/aws-ebs-csi-driver/.helmignore b/assets/charts/components/aws-ebs-csi-driver/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/assets/charts/components/aws-ebs-csi-driver/Chart.yaml b/assets/charts/components/aws-ebs-csi-driver/Chart.yaml
@@ -1,16 +1,18 @@
 apiVersion: v1
-appVersion: "0.7.0"
-name: aws-ebs-csi-driver
+appVersion: 0.9.0
 description: A Helm chart for AWS EBS CSI Driver
-version: 0.6.0
-kubeVersion: ">=1.13.0-0"
 home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver
-sources:
-  - https://github.com/kubernetes-sigs/aws-ebs-csi-driver
 keywords:
-  - aws
-  - ebs
-  - csi
+- aws
+- ebs
+- csi
+kubeVersion: '>=1.17.0-0'
 maintainers:
-  - name: leakingtapan
-    email: chengpan@amazon.com
+- email: chengpan@amazon.com
+  name: leakingtapan
+- name: krmichel
+  url: https://github.com/krmichel
+name: aws-ebs-csi-driver
+sources:
+- https://github.com/kubernetes-sigs/aws-ebs-csi-driver
+version: 0.9.8
diff --git a/assets/charts/components/aws-ebs-csi-driver/templates/clusterrole-attacher.yaml b/assets/charts/components/aws-ebs-csi-driver/templates/clusterrole-attacher.yaml
@@ -8,7 +8,7 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "update"]
+    verbs: ["get", "list", "watch", "update", "patch"]
   - apiGroups: [""]
     resources: ["nodes"]
     verbs: ["get", "list", "watch"]
@@ -17,4 +17,7 @@ rules:
     verbs: ["get", "list", "watch"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "update"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "volumeattachments/status" ]
+    verbs: [ "patch" ]
diff --git a/assets/charts/components/aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml b/assets/charts/components/aws-ebs-csi-driver/templates/clusterrole-provisioner.yaml
@@ -6,30 +6,33 @@ metadata:
   labels:
     {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
 rules:
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "create", "delete"]
-  - apiGroups: [""]
-    resources: ["persistentvolumeclaims"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["storageclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["list", "watch", "create", "update", "patch"]
-  - apiGroups: ["snapshot.storage.k8s.io"]
-    resources: ["volumesnapshots"]
-    verbs: ["get", "list"]
-  - apiGroups: ["snapshot.storage.k8s.io"]
-    resources: ["volumesnapshotcontents"]
-    verbs: ["get", "list"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["csinodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  - apiGroups: [ "" ]
+    resources: [ "persistentvolumes" ]
+    verbs: [ "get", "list", "watch", "create", "delete" ]
+  - apiGroups: [ "" ]
+    resources: [ "persistentvolumeclaims" ]
+    verbs: [ "get", "list", "watch", "update" ]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "storageclasses" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "" ]
+    resources: [ "events" ]
+    verbs: [ "list", "watch", "create", "update", "patch" ]
+  - apiGroups: [ "snapshot.storage.k8s.io" ]
+    resources: [ "volumesnapshots" ]
+    verbs: [ "get", "list" ]
+  - apiGroups: [ "snapshot.storage.k8s.io" ]
+    resources: [ "volumesnapshotcontents" ]
+    verbs: [ "get", "list" ]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "csinodes" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "" ]
+    resources: [ "nodes" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "coordination.k8s.io" ]
+    resources: [ "leases" ]
+    verbs: [ "get", "watch", "list", "delete", "update", "create" ]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "volumeattachments" ]
+    verbs: [ "get", "list", "watch" ]
diff --git a/assets/charts/components/aws-ebs-csi-driver/templates/clusterrole-resizer.yaml b/assets/charts/components/aws-ebs-csi-driver/templates/clusterrole-resizer.yaml
@@ -27,5 +27,7 @@ rules:
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["list", "watch", "create", "update", "patch"]
-
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch"]
 {{- end}}
diff --git a/assets/charts/components/aws-ebs-csi-driver/templates/clusterrolebinding-attacher.yaml b/assets/charts/components/aws-ebs-csi-driver/templates/clusterrolebinding-attacher.yaml
@@ -7,7 +7,7 @@ metadata:
     {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
 subjects:
   - kind: ServiceAccount
-    name: ebs-csi-controller-sa
+    name: {{ .Values.serviceAccount.controller.name }}
     namespace: kube-system
 roleRef:
   kind: ClusterRole

diff --git a/assets/charts/components/aws-ebs-csi-driver/templates/clusterrolebinding-provisioner.yaml b/assets/charts/components/aws-ebs-csi-driver/templates/clusterrolebinding-provisioner.yaml
@@ -7,7 +7,7 @@ metadata:
     {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
 subjects:
   - kind: ServiceAccount
-    name: ebs-csi-controller-sa
+    name: {{ .Values.serviceAccount.controller.name }}
     namespace: kube-system
 roleRef:
   kind: ClusterRole

diff --git a/assets/charts/components/aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml b/assets/charts/components/aws-ebs-csi-driver/templates/clusterrolebinding-resizer.yaml
@@ -8,7 +8,7 @@ metadata:
     {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
 subjects:
   - kind: ServiceAccount
-    name: ebs-csi-controller-sa
+    name: {{ .Values.serviceAccount.controller.name }}
     namespace: kube-system
 roleRef:
   kind: ClusterRole

diff --git a/...harts/components/aws-ebs-csi-driver/templates/clusterrolebinding-snapshot-controller.yaml b/...harts/components/aws-ebs-csi-driver/templates/clusterrolebinding-snapshot-controller.yaml
@@ -8,7 +8,7 @@ metadata:
     {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
 subjects:
   - kind: ServiceAccount
-    name: ebs-snapshot-controller
+    name: {{ .Values.serviceAccount.snapshot.name }}
     namespace: kube-system
 roleRef:
   kind: ClusterRole

diff --git a/assets/charts/components/aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml b/assets/charts/components/aws-ebs-csi-driver/templates/clusterrolebinding-snapshotter.yaml
@@ -8,7 +8,7 @@ metadata:
     {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
 subjects:
   - kind: ServiceAccount
-    name: ebs-csi-controller-sa
+    name: {{ .Values.serviceAccount.controller.name }}
     namespace: kube-system
 roleRef:
   kind: ClusterRole

diff --git a/assets/charts/components/aws-ebs-csi-driver/templates/controller.yaml b/assets/charts/components/aws-ebs-csi-driver/templates/controller.yaml
@@ -26,16 +26,18 @@ spec:
         {{- with .Values.nodeSelector }}
 {{ toYaml . | indent 8 }}
         {{- end }}
-      serviceAccountName: ebs-csi-controller-sa
-      priorityClassName: system-cluster-critical
+      serviceAccountName: {{ .Values.serviceAccount.controller.name }}
+      priorityClassName: {{ .Values.priorityClassName | default "system-cluster-critical" }}
       {{- with .Values.affinity }}
       affinity: {{ toYaml . | nindent 8 }}
       {{- end }}
       tolerations:
+        {{- if .Values.tolerateAllTaints }}
         - operator: Exists
-      {{- with .Values.tolerations }}
+        {{- end }}
+        {{- with .Values.tolerations }}
 {{ toYaml . | indent 8 }}
-      {{- end }}
+        {{- end }}
       containers:
         - name: ebs-plugin
           image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
@@ -50,6 +52,9 @@ spec:
             {{- if .Values.extraVolumeTags }}
               {{- include "aws-ebs-csi-driver.extra-volume-tags" . | nindent 12 }}
             {{- end }}
+            {{- if .Values.k8sTagClusterId }}
+            - --k8s-tag-cluster-id={{ .Values.k8sTagClusterId }}
+            {{- end }}
             - --logtostderr
             - --v=5
           env:
@@ -97,27 +102,35 @@ spec:
             {{- if .Values.enableVolumeScheduling }}
             - --feature-gates=Topology=true
             {{- end}}
-            - --enable-leader-election
-            - --leader-election-type=leases
+            {{- if .Values.extraCreateMetadata }}
+            - --extra-create-metadata
+            {{- end}}
+            - --leader-election=true
+            - --default-fstype=ext4
           env:
             - name: ADDRESS
               value: /var/lib/csi/sockets/pluginproxy/csi.sock
           volumeMounts:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
+          {{- with .Values.resources }}
+          resources: {{ toYaml . | nindent 12 }}
+          {{- end }}
         - name: csi-attacher
           image: {{ printf "%s:%s" .Values.sidecars.attacherImage.repository .Values.sidecars.attacherImage.tag }}
           args:
             - --csi-address=$(ADDRESS)
             - --v=5
             - --leader-election=true
-            - --leader-election-type=leases
           env:
             - name: ADDRESS
               value: /var/lib/csi/sockets/pluginproxy/csi.sock
           volumeMounts:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
+          {{- with .Values.resources }}
+          resources: {{ toYaml . | nindent 12 }}
+          {{- end }}
         {{- if .Values.enableVolumeSnapshot }}
         - name: csi-snapshotter
           image: {{ printf "%s:%s" .Values.sidecars.snapshotterImage.repository .Values.sidecars.snapshotterImage.tag }}
@@ -130,6 +143,9 @@ spec:
           volumeMounts:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
+          {{- with .Values.resources }}
+          resources: {{ toYaml . | nindent 12 }}
+          {{- end }}
         {{- end }}
         {{- if .Values.enableVolumeResizing }}
         - name: csi-resizer
@@ -144,6 +160,9 @@ spec:
           volumeMounts:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
+          {{- with .Values.resources }}
+          resources: {{ toYaml . | nindent 12 }}
+          {{- end }}
         {{- end }}
         - name: liveness-probe
           image: {{ printf "%s:%s" .Values.sidecars.livenessProbeImage.repository .Values.sidecars.livenessProbeImage.tag }}
@@ -152,6 +171,9 @@ spec:
           volumeMounts:
             - name: socket-dir
               mountPath: /csi
+          {{- with .Values.resources }}
+          resources: {{ toYaml . | nindent 12 }}
+          {{- end }}
       volumes:
         - name: socket-dir
           emptyDir: {}
diff --git a/assets/charts/components/aws-ebs-csi-driver/templates/node.yaml b/assets/charts/components/aws-ebs-csi-driver/templates/node.yaml
@@ -31,10 +31,16 @@ spec:
                 - fargate
       nodeSelector:
         kubernetes.io/os: linux
+        {{- with .Values.node.nodeSelector }}
+{{ toYaml . | indent 8 }}
+        {{- end }}
       hostNetwork: true
-      priorityClassName: system-node-critical
+      serviceAccountName: {{ .Values.serviceAccount.node.name }}
+      priorityClassName: {{ .Values.node.priorityClassName | default "system-cluster-critical" }}
       tolerations:
+        {{- if .Values.node.tolerateAllTaints }}
         - operator: Exists
+        {{- end }}
         {{- with .Values.node.tolerations }}
 {{ toYaml . | indent 8 }}
         {{- end }}
@@ -46,6 +52,9 @@ spec:
           args:
             - node
             - --endpoint=$(CSI_ENDPOINT)
+            {{- if .Values.volumeAttachLimit }}
+            - --volume-attach-limit={{ .Values.volumeAttachLimit }}
+            {{- end }}
             - --logtostderr
             - --v=5
           env:
@@ -71,6 +80,15 @@ spec:
             timeoutSeconds: 3
             periodSeconds: 10
             failureThreshold: 5
+          {{- if .Values.node.resources }}
+          {{- with .Values.node.resources }}
+          resources: {{ toYaml . | nindent 12 }}
+          {{- end }}
+          {{- else }}
+          {{- with .Values.resources }}
+          resources: {{ toYaml . | nindent 12 }}
+          {{- end }}
+          {{- end }}
         - name: node-driver-registrar
           image: {{ printf "%s:%s" .Values.sidecars.nodeDriverRegistrarImage.repository .Values.sidecars.nodeDriverRegistrarImage.tag }}
           args:
@@ -91,13 +109,31 @@ spec:
               mountPath: /csi
             - name: registration-dir
               mountPath: /registration
+          {{- if .Values.node.resources }}
+          {{- with .Values.node.resources }}
+          resources: {{ toYaml . | nindent 12 }}
+          {{- end }}
+          {{- else }}
+          {{- with .Values.resources }}
+          resources: {{ toYaml . | nindent 12 }}
+          {{- end }}
+          {{- end }}
         - name: liveness-probe
           image: {{ printf "%s:%s" .Values.sidecars.livenessProbeImage.repository .Values.sidecars.livenessProbeImage.tag }}
           args:
             - --csi-address=/csi/csi.sock
           volumeMounts:
             - name: plugin-dir
               mountPath: /csi
+          {{- if .Values.node.resources }}
+          {{- with .Values.node.resources }}
+          resources: {{ toYaml . | nindent 12 }}
+          {{- end }}
+          {{- else }}
+          {{- with .Values.resources }}
+          resources: {{ toYaml . | nindent 12 }}
+          {{- end }}
+          {{- end }}
       volumes:
         - name: kubelet-dir
           hostPath:

diff --git a/...mponents/aws-ebs-csi-driver/templates/rolebinding-snapshot-controller-leaderelection.yaml b/...mponents/aws-ebs-csi-driver/templates/rolebinding-snapshot-controller-leaderelection.yaml
@@ -3,17 +3,17 @@
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: snapshot-controller-leaderelection
+  name: ebs-snapshot-controller-leaderelection
   namespace: kube-system
   labels:
     {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
 subjects:
   - kind: ServiceAccount
-    name: ebs-snapshot-controller
+    name: {{ .Values.serviceAccount.snapshot.name }}
     namespace: kube-system
 roleRef:
   kind: Role
-  name: snapshot-controller-leaderelection
+  name: ebs-snapshot-controller-leaderelection
   apiGroup: rbac.authorization.k8s.io
 
 {{- end }}
diff --git a/assets/charts/components/aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml b/assets/charts/components/aws-ebs-csi-driver/templates/serviceaccount-csi-controller.yaml
@@ -1,7 +1,8 @@
+{{- if .Values.serviceAccount.controller.create -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: ebs-csi-controller-sa
+  name: {{ .Values.serviceAccount.controller.name }}
   namespace: kube-system
   labels:
     {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
@@ -13,3 +14,4 @@ metadata:
   #annotations:
   #  eks.amazonaws.com/role-arn: arn:aws:iam::586565787010:role/ebs-csi-role
   {{- end }}
+{{- end -}}