Merge pull request #84312 from davidz627/tests/pd

Add updated v0.6.0 stable PD driver specs - enable block tests for PD
This commit is contained in:
Kubernetes Prow Robot 2019-10-25 20:41:23 -07:00 committed by GitHub
commit 2bb35caa18
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 120 additions and 57 deletions

View File

@ -389,13 +389,16 @@ func InitGcePDCSIDriver() testsuites.TestDriver {
SupportedMountOption: sets.NewString("debug", "nouid32"),
Capabilities: map[testsuites.Capability]bool{
testsuites.CapPersistence: true,
testsuites.CapBlock: true,
testsuites.CapFsGroup: true,
testsuites.CapExec: true,
testsuites.CapMultiPODs: true,
// GCE supports volume limits, but the test creates large
// number of volumes and times out test suites.
testsuites.CapVolumeLimits: false,
testsuites.CapTopology: true,
testsuites.CapVolumeLimits: false,
testsuites.CapTopology: true,
testsuites.CapControllerExpansion: true,
testsuites.CapNodeExpansion: true,
},
RequiredAccessModes: []v1.PersistentVolumeAccessMode{v1.ReadWriteOnce},
TopologyKeys: []string{GCEPDCSIZoneTopologyKey},

View File

@ -13,11 +13,10 @@ spec:
labels:
app: gcp-compute-persistent-disk-csi-driver
spec:
serviceAccountName: csi-controller-sa
serviceAccountName: csi-gce-pd-controller-sa
containers:
- name: csi-provisioner
# TODO: replace with official 1.4.0 release when ready
image: quay.io/k8scsi/csi-provisioner:v1.4.0-rc1
image: gcr.io/gke-release/csi-provisioner:v1.4.0-gke.0
args:
- "--v=5"
- "--csi-address=/csi/csi.sock"
@ -26,7 +25,15 @@ spec:
- name: socket-dir
mountPath: /csi
- name: csi-attacher
image: gcr.io/gke-release/csi-attacher:v1.2.0-gke.0
image: gcr.io/gke-release/csi-attacher:v2.0.0-gke.0
args:
- "--v=5"
- "--csi-address=/csi/csi.sock"
volumeMounts:
- name: socket-dir
mountPath: /csi
- name: csi-resizer
image: gcr.io/gke-release/csi-resizer:v0.3.0-gke.0
args:
- "--v=5"
- "--csi-address=/csi/csi.sock"
@ -34,7 +41,7 @@ spec:
- name: socket-dir
mountPath: /csi
- name: gce-pd-driver
image: gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver:v0.5.2-gke.0
image: gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver:v0.6.0-gke.0
args:
- "--v=5"
- "--endpoint=unix:/csi/csi.sock"

View File

@ -1,64 +1,117 @@
##### Controller Service Account, Roles, Rolebindings
apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-controller-sa
name: csi-gce-pd-controller-sa
---
# xref: https://github.com/kubernetes-csi/external-provisioner/blob/master/deploy/kubernetes/rbac.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-gce-pd-provisioner-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-gce-pd-controller-provisioner-binding
subjects:
- kind: ServiceAccount
name: csi-gce-pd-controller-sa
roleRef:
kind: ClusterRole
name: csi-gce-pd-provisioner-role
apiGroup: rbac.authorization.k8s.io
---
# xref: https://github.com/kubernetes-csi/external-attacher/blob/master/deploy/kubernetes/rbac.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-gce-pd-attacher-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-gce-pd-controller-attacher-binding
subjects:
- kind: ServiceAccount
name: csi-gce-pd-controller-sa
roleRef:
kind: ClusterRole
name: csi-gce-pd-attacher-role
apiGroup: rbac.authorization.k8s.io
---
# Resizer must be able to work with PVCs, PVs, SCs.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-gce-pd-resizer-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["update", "patch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-controller-attacher-role
name: csi-gce-pd-resizer-binding
subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: default
name: csi-gce-pd-controller-sa
roleRef:
kind: ClusterRole
name: external-attacher-runner
name: csi-gce-pd-resizer-role
apiGroup: rbac.authorization.k8s.io
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-controller-attacher-role-cfg
namespace: default
subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: default
roleRef:
kind: Role
name: external-attacher-cfg
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-controller-provisioner-role
subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: default
roleRef:
kind: ClusterRole
name: external-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-controller-provisioner-role-cfg
namespace: default
subjects:
- kind: ServiceAccount
name: csi-controller-sa
namespace: default
roleRef:
kind: Role
name: external-provisioner-cfg
---
# priviledged Pod Security Policy, previously defined via PrivilegedTestPSPClusterRoleBinding()
kind: ClusterRoleBinding
@ -67,7 +120,7 @@ metadata:
name: psp-csi-controller-driver-registrar-role
subjects:
- kind: ServiceAccount
name: csi-controller-sa
name: csi-gce-pd-controller-sa
namespace: default
roleRef:
kind: ClusterRole

View File

@ -13,7 +13,7 @@ spec:
spec:
containers:
- name: csi-driver-registrar
image: gcr.io/gke-release/csi-node-driver-registrar:v1.1.0-gke.0
image: gcr.io/gke-release/csi-node-driver-registrar:v1.2.0-gke.0
args:
- "--v=5"
- "--csi-address=/csi/csi.sock"
@ -35,7 +35,7 @@ spec:
- name: gce-pd-driver
securityContext:
privileged: true
image: gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver:v0.5.2-gke.0
image: gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver:v0.6.0-gke.0
args:
- "--v=5"
- "--endpoint=unix:/csi/csi.sock"