mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 04:33:26 +00:00
Merge pull request #84312 from davidz627/tests/pd
Add updated v0.6.0 stable PD driver specs - enable block tests for PD
This commit is contained in:
commit
2bb35caa18
@ -389,13 +389,16 @@ func InitGcePDCSIDriver() testsuites.TestDriver {
|
||||
SupportedMountOption: sets.NewString("debug", "nouid32"),
|
||||
Capabilities: map[testsuites.Capability]bool{
|
||||
testsuites.CapPersistence: true,
|
||||
testsuites.CapBlock: true,
|
||||
testsuites.CapFsGroup: true,
|
||||
testsuites.CapExec: true,
|
||||
testsuites.CapMultiPODs: true,
|
||||
// GCE supports volume limits, but the test creates large
|
||||
// number of volumes and times out test suites.
|
||||
testsuites.CapVolumeLimits: false,
|
||||
testsuites.CapTopology: true,
|
||||
testsuites.CapVolumeLimits: false,
|
||||
testsuites.CapTopology: true,
|
||||
testsuites.CapControllerExpansion: true,
|
||||
testsuites.CapNodeExpansion: true,
|
||||
},
|
||||
RequiredAccessModes: []v1.PersistentVolumeAccessMode{v1.ReadWriteOnce},
|
||||
TopologyKeys: []string{GCEPDCSIZoneTopologyKey},
|
||||
|
@ -13,11 +13,10 @@ spec:
|
||||
labels:
|
||||
app: gcp-compute-persistent-disk-csi-driver
|
||||
spec:
|
||||
serviceAccountName: csi-controller-sa
|
||||
serviceAccountName: csi-gce-pd-controller-sa
|
||||
containers:
|
||||
- name: csi-provisioner
|
||||
# TODO: replace with official 1.4.0 release when ready
|
||||
image: quay.io/k8scsi/csi-provisioner:v1.4.0-rc1
|
||||
image: gcr.io/gke-release/csi-provisioner:v1.4.0-gke.0
|
||||
args:
|
||||
- "--v=5"
|
||||
- "--csi-address=/csi/csi.sock"
|
||||
@ -26,7 +25,15 @@ spec:
|
||||
- name: socket-dir
|
||||
mountPath: /csi
|
||||
- name: csi-attacher
|
||||
image: gcr.io/gke-release/csi-attacher:v1.2.0-gke.0
|
||||
image: gcr.io/gke-release/csi-attacher:v2.0.0-gke.0
|
||||
args:
|
||||
- "--v=5"
|
||||
- "--csi-address=/csi/csi.sock"
|
||||
volumeMounts:
|
||||
- name: socket-dir
|
||||
mountPath: /csi
|
||||
- name: csi-resizer
|
||||
image: gcr.io/gke-release/csi-resizer:v0.3.0-gke.0
|
||||
args:
|
||||
- "--v=5"
|
||||
- "--csi-address=/csi/csi.sock"
|
||||
@ -34,7 +41,7 @@ spec:
|
||||
- name: socket-dir
|
||||
mountPath: /csi
|
||||
- name: gce-pd-driver
|
||||
image: gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver:v0.5.2-gke.0
|
||||
image: gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver:v0.6.0-gke.0
|
||||
args:
|
||||
- "--v=5"
|
||||
- "--endpoint=unix:/csi/csi.sock"
|
||||
|
@ -1,64 +1,117 @@
|
||||
##### Controller Service Account, Roles, Rolebindings
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: csi-controller-sa
|
||||
name: csi-gce-pd-controller-sa
|
||||
|
||||
---
|
||||
# xref: https://github.com/kubernetes-csi/external-provisioner/blob/master/deploy/kubernetes/rbac.yaml
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: csi-gce-pd-provisioner-role
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumes"]
|
||||
verbs: ["get", "list", "watch", "create", "delete"]
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumeclaims"]
|
||||
verbs: ["get", "list", "watch", "update"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["storageclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["events"]
|
||||
verbs: ["list", "watch", "create", "update", "patch"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["csinodes"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
|
||||
---
|
||||
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: csi-gce-pd-controller-provisioner-binding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: csi-gce-pd-controller-sa
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: csi-gce-pd-provisioner-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
---
|
||||
# xref: https://github.com/kubernetes-csi/external-attacher/blob/master/deploy/kubernetes/rbac.yaml
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: csi-gce-pd-attacher-role
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumes"]
|
||||
verbs: ["get", "list", "watch", "update", "patch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["csinodes"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["volumeattachments"]
|
||||
verbs: ["get", "list", "watch", "update", "patch"]
|
||||
|
||||
---
|
||||
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: csi-gce-pd-controller-attacher-binding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: csi-gce-pd-controller-sa
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: csi-gce-pd-attacher-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
---
|
||||
|
||||
# Resizer must be able to work with PVCs, PVs, SCs.
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: csi-gce-pd-resizer-role
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumes"]
|
||||
verbs: ["get", "list", "watch", "update", "patch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumeclaims"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumeclaims/status"]
|
||||
verbs: ["update", "patch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["events"]
|
||||
verbs: ["list", "watch", "create", "update", "patch"]
|
||||
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: csi-controller-attacher-role
|
||||
name: csi-gce-pd-resizer-binding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: csi-controller-sa
|
||||
namespace: default
|
||||
name: csi-gce-pd-controller-sa
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: external-attacher-runner
|
||||
name: csi-gce-pd-resizer-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: csi-controller-attacher-role-cfg
|
||||
namespace: default
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: csi-controller-sa
|
||||
namespace: default
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: external-attacher-cfg
|
||||
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: csi-controller-provisioner-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: csi-controller-sa
|
||||
namespace: default
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: external-provisioner-runner
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: csi-controller-provisioner-role-cfg
|
||||
namespace: default
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: csi-controller-sa
|
||||
namespace: default
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: external-provisioner-cfg
|
||||
|
||||
---
|
||||
# priviledged Pod Security Policy, previously defined via PrivilegedTestPSPClusterRoleBinding()
|
||||
kind: ClusterRoleBinding
|
||||
@ -67,7 +120,7 @@ metadata:
|
||||
name: psp-csi-controller-driver-registrar-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: csi-controller-sa
|
||||
name: csi-gce-pd-controller-sa
|
||||
namespace: default
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
|
@ -13,7 +13,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: csi-driver-registrar
|
||||
image: gcr.io/gke-release/csi-node-driver-registrar:v1.1.0-gke.0
|
||||
image: gcr.io/gke-release/csi-node-driver-registrar:v1.2.0-gke.0
|
||||
args:
|
||||
- "--v=5"
|
||||
- "--csi-address=/csi/csi.sock"
|
||||
@ -35,7 +35,7 @@ spec:
|
||||
- name: gce-pd-driver
|
||||
securityContext:
|
||||
privileged: true
|
||||
image: gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver:v0.5.2-gke.0
|
||||
image: gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver:v0.6.0-gke.0
|
||||
args:
|
||||
- "--v=5"
|
||||
- "--endpoint=unix:/csi/csi.sock"
|
||||
|
Loading…
Reference in New Issue
Block a user