diff --git a/test/e2e/storage/drivers/csi.go b/test/e2e/storage/drivers/csi.go index db633339e9f..86dadab2f39 100644 --- a/test/e2e/storage/drivers/csi.go +++ b/test/e2e/storage/drivers/csi.go @@ -161,12 +161,8 @@ func InitHostPathCSIDriver() storageframework.TestDriver { "test/e2e/testing-manifests/storage-csi/external-snapshotter/csi-snapshotter/rbac-csi-snapshotter.yaml", "test/e2e/testing-manifests/storage-csi/external-health-monitor/external-health-monitor-controller/rbac.yaml", "test/e2e/testing-manifests/storage-csi/external-resizer/rbac.yaml", - "test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-attacher.yaml", "test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-driverinfo.yaml", "test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-plugin.yaml", - "test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-provisioner.yaml", - "test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-resizer.yaml", - "test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-snapshotter.yaml", "test/e2e/testing-manifests/storage-csi/hostpath/hostpath/e2e-test-rbac.yaml", ) } diff --git a/test/e2e/testing-manifests/storage-csi/external-attacher/rbac.yaml b/test/e2e/testing-manifests/storage-csi/external-attacher/rbac.yaml index 9111dc30c77..0d84f62d50e 100644 --- a/test/e2e/testing-manifests/storage-csi/external-attacher/rbac.yaml +++ b/test/e2e/testing-manifests/storage-csi/external-attacher/rbac.yaml @@ -1,5 +1,5 @@ -# Do not edit, downloaded from https://github.com/kubernetes-csi/external-attacher/raw/v3.1.0/deploy/kubernetes//rbac.yaml -# for csi-driver-host-path v1.6.2 +# Do not edit, downloaded from https://github.com/kubernetes-csi/external-attacher/raw/v3.2.1/deploy/kubernetes//rbac.yaml +# for csi-driver-host-path v1.7.2 # by test/e2e/testing-manifests/storage-csi/update-hostpath.sh # # This YAML file contains all RBAC objects that are necessary to run external diff --git a/test/e2e/testing-manifests/storage-csi/external-health-monitor/external-health-monitor-agent/rbac.yaml b/test/e2e/testing-manifests/storage-csi/external-health-monitor/external-health-monitor-agent/rbac.yaml index f698e8fdaff..f847393f5f3 100644 --- a/test/e2e/testing-manifests/storage-csi/external-health-monitor/external-health-monitor-agent/rbac.yaml +++ b/test/e2e/testing-manifests/storage-csi/external-health-monitor/external-health-monitor-agent/rbac.yaml @@ -1,5 +1,5 @@ # Do not edit, downloaded from https://github.com/kubernetes-csi/external-health-monitor/raw/v0.2.0/deploy/kubernetes/external-health-monitor-agent/rbac.yaml -# for csi-driver-host-path v1.6.2 +# for csi-driver-host-path v1.7.2 # by test/e2e/testing-manifests/storage-csi/update-hostpath.sh # # This YAML file contains all RBAC objects that are necessary to run external diff --git a/test/e2e/testing-manifests/storage-csi/external-health-monitor/external-health-monitor-controller/rbac.yaml b/test/e2e/testing-manifests/storage-csi/external-health-monitor/external-health-monitor-controller/rbac.yaml index 1ec35db8cf5..387caa59358 100644 --- a/test/e2e/testing-manifests/storage-csi/external-health-monitor/external-health-monitor-controller/rbac.yaml +++ b/test/e2e/testing-manifests/storage-csi/external-health-monitor/external-health-monitor-controller/rbac.yaml @@ -1,5 +1,5 @@ -# Do not edit, downloaded from https://github.com/kubernetes-csi/external-health-monitor/raw/v0.2.0/deploy/kubernetes/external-health-monitor-controller/rbac.yaml -# for csi-driver-host-path v1.6.2 +# Do not edit, downloaded from https://github.com/kubernetes-csi/external-health-monitor/raw/v0.3.0/deploy/kubernetes/external-health-monitor-controller/rbac.yaml +# for csi-driver-host-path v1.7.2 # by test/e2e/testing-manifests/storage-csi/update-hostpath.sh # # This YAML file contains all RBAC objects that are necessary to run external diff --git a/test/e2e/testing-manifests/storage-csi/external-provisioner/rbac.yaml b/test/e2e/testing-manifests/storage-csi/external-provisioner/rbac.yaml index 68cc4c1dfac..ab151a65468 100644 --- a/test/e2e/testing-manifests/storage-csi/external-provisioner/rbac.yaml +++ b/test/e2e/testing-manifests/storage-csi/external-provisioner/rbac.yaml @@ -1,5 +1,5 @@ -# Do not edit, downloaded from https://github.com/kubernetes-csi/external-provisioner/raw/v2.1.1/deploy/kubernetes//rbac.yaml -# for csi-driver-host-path v1.6.2 +# Do not edit, downloaded from https://github.com/kubernetes-csi/external-provisioner/raw/v2.2.1/deploy/kubernetes//rbac.yaml +# for csi-driver-host-path v1.7.2 # by test/e2e/testing-manifests/storage-csi/update-hostpath.sh # # This YAML file contains all RBAC objects that are necessary to run external diff --git a/test/e2e/testing-manifests/storage-csi/external-resizer/rbac.yaml b/test/e2e/testing-manifests/storage-csi/external-resizer/rbac.yaml index 590c5420836..b071ceeb091 100644 --- a/test/e2e/testing-manifests/storage-csi/external-resizer/rbac.yaml +++ b/test/e2e/testing-manifests/storage-csi/external-resizer/rbac.yaml @@ -1,5 +1,5 @@ -# Do not edit, downloaded from https://github.com/kubernetes-csi/external-resizer/raw/v1.1.0/deploy/kubernetes//rbac.yaml -# for csi-driver-host-path v1.6.2 +# Do not edit, downloaded from https://github.com/kubernetes-csi/external-resizer/raw/v1.2.0/deploy/kubernetes//rbac.yaml +# for csi-driver-host-path v1.7.2 # by test/e2e/testing-manifests/storage-csi/update-hostpath.sh # # This YAML file contains all RBAC objects that are necessary to run external diff --git a/test/e2e/testing-manifests/storage-csi/external-snapshotter/csi-snapshotter/rbac-csi-snapshotter.yaml b/test/e2e/testing-manifests/storage-csi/external-snapshotter/csi-snapshotter/rbac-csi-snapshotter.yaml index 6577637c773..fe9b86ac874 100644 --- a/test/e2e/testing-manifests/storage-csi/external-snapshotter/csi-snapshotter/rbac-csi-snapshotter.yaml +++ b/test/e2e/testing-manifests/storage-csi/external-snapshotter/csi-snapshotter/rbac-csi-snapshotter.yaml @@ -1,5 +1,5 @@ -# Do not edit, downloaded from https://github.com/kubernetes-csi/external-snapshotter/raw/v4.0.0/deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml -# for csi-driver-host-path v1.6.2 +# Do not edit, downloaded from https://github.com/kubernetes-csi/external-snapshotter/raw/v4.1.1/deploy/kubernetes/csi-snapshotter/rbac-csi-snapshotter.yaml +# for csi-driver-host-path v1.7.2 # by test/e2e/testing-manifests/storage-csi/update-hostpath.sh # # Together with the RBAC file for external-provisioner, this YAML file diff --git a/test/e2e/testing-manifests/storage-csi/hostpath/README.md b/test/e2e/testing-manifests/storage-csi/hostpath/README.md index 2f06c7e550a..621f0a96391 100644 --- a/test/e2e/testing-manifests/storage-csi/hostpath/README.md +++ b/test/e2e/testing-manifests/storage-csi/hostpath/README.md @@ -1,4 +1,4 @@ The files in this directory are exact copys of "kubernetes-latest" in -https://github.com/kubernetes-csi/csi-driver-host-path/tree/v1.6.2/deploy/ +https://github.com/kubernetes-csi/csi-driver-host-path/tree/v1.7.2/deploy/ Do not edit manually. Run test/e2e/testing-manifests/storage-csi/update-hostpath.sh to refresh the content. diff --git a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-attacher.yaml b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-attacher.yaml deleted file mode 100644 index 6c5a14a146c..00000000000 --- a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-attacher.yaml +++ /dev/null @@ -1,46 +0,0 @@ -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: csi-hostpath-attacher -spec: - serviceName: "csi-hostpath-attacher" - replicas: 1 - selector: - matchLabels: - app: csi-hostpath-attacher - template: - metadata: - labels: - app: csi-hostpath-attacher - spec: - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - csi-hostpathplugin - topologyKey: kubernetes.io/hostname - serviceAccountName: csi-attacher - containers: - - name: csi-attacher - image: k8s.gcr.io/sig-storage/csi-attacher:v3.1.0 - args: - - --v=5 - - --csi-address=/csi/csi.sock - securityContext: - # This is necessary only for systems with SELinux, where - # non-privileged sidecar containers cannot access unix domain socket - # created by privileged CSI driver container. - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/csi-hostpath - type: DirectoryOrCreate - name: socket-dir diff --git a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-driverinfo.yaml b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-driverinfo.yaml index 6fcdad1336e..c8cf666a476 100644 --- a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-driverinfo.yaml +++ b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-driverinfo.yaml @@ -2,6 +2,11 @@ apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: hostpath.csi.k8s.io + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: hostpath.csi.k8s.io + app.kubernetes.io/component: csi-driver spec: # Supports persistent and ephemeral inline volumes. volumeLifecycleModes: diff --git a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-plugin.yaml b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-plugin.yaml index 5744ea6186e..cb2e7b4f99c 100644 --- a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-plugin.yaml +++ b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-plugin.yaml @@ -1,100 +1,224 @@ -# Service defined here, plus serviceName below in StatefulSet, -# are needed only because of condition explained in -# https://github.com/kubernetes/kubernetes/issues/69608 - -kind: Service +# All of the individual sidecar RBAC roles get bound +# to this account. +kind: ServiceAccount apiVersion: v1 metadata: - name: csi-hostpathplugin + name: csi-hostpathplugin-sa + namespace: default labels: - app: csi-hostpathplugin -spec: - selector: - app: csi-hostpathplugin - ports: - - name: dummy - port: 12345 + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: serviceaccount +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: attacher-cluster-role + name: csi-hostpathplugin-attacher-cluster-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-attacher-runner +subjects: +- kind: ServiceAccount + name: csi-hostpathplugin-sa + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: health-monitor-controller-cluster-role + name: csi-hostpathplugin-health-monitor-controller-cluster-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-health-monitor-controller-runner +subjects: +- kind: ServiceAccount + name: csi-hostpathplugin-sa + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: provisioner-cluster-role + name: csi-hostpathplugin-provisioner-cluster-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-provisioner-runner +subjects: +- kind: ServiceAccount + name: csi-hostpathplugin-sa + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: resizer-cluster-role + name: csi-hostpathplugin-resizer-cluster-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-resizer-runner +subjects: +- kind: ServiceAccount + name: csi-hostpathplugin-sa + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: snapshotter-cluster-role + name: csi-hostpathplugin-snapshotter-cluster-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-snapshotter-runner +subjects: +- kind: ServiceAccount + name: csi-hostpathplugin-sa + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: attacher-role + name: csi-hostpathplugin-attacher-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: external-attacher-cfg +subjects: +- kind: ServiceAccount + name: csi-hostpathplugin-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: health-monitor-controller-role + name: csi-hostpathplugin-health-monitor-controller-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: external-health-monitor-controller-cfg +subjects: +- kind: ServiceAccount + name: csi-hostpathplugin-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: provisioner-role + name: csi-hostpathplugin-provisioner-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: external-provisioner-cfg +subjects: +- kind: ServiceAccount + name: csi-hostpathplugin-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: resizer-role + name: csi-hostpathplugin-resizer-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: external-resizer-cfg +subjects: +- kind: ServiceAccount + name: csi-hostpathplugin-sa +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: snapshotter-role + name: csi-hostpathplugin-snapshotter-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: external-snapshotter-leaderelection +subjects: +- kind: ServiceAccount + name: csi-hostpathplugin-sa --- kind: StatefulSet apiVersion: apps/v1 metadata: name: csi-hostpathplugin + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: plugin spec: serviceName: "csi-hostpathplugin" # One replica only: # Host path driver only works when everything runs - # on a single node. We achieve that by starting it once and then - # co-locate all other pods via inter-pod affinity + # on a single node. replicas: 1 selector: matchLabels: - app: csi-hostpathplugin + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: plugin template: metadata: labels: - app: csi-hostpathplugin + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpathplugin + app.kubernetes.io/component: plugin spec: - serviceAccount: csi-external-health-monitor-controller + serviceAccountName: csi-hostpathplugin-sa containers: - - name: csi-external-health-monitor-agent - image: k8s.gcr.io/sig-storage/csi-external-health-monitor-agent:v0.2.0 - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: "IfNotPresent" - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: csi-external-health-monitor-controller - image: k8s.gcr.io/sig-storage/csi-external-health-monitor-controller:v0.2.0 - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: "IfNotPresent" - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: node-driver-registrar - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 - args: - - --v=5 - - --csi-address=/csi/csi.sock - - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-hostpath/csi.sock - securityContext: - # This is necessary only for systems with SELinux, where - # non-privileged sidecar containers cannot access unix domain socket - # created by privileged CSI driver container. - privileged: true - env: - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /registration - name: registration-dir - - mountPath: /csi-data-dir - name: csi-data-dir - - name: hostpath - # WARNING: manually downgraded from 1.6.2 to 1.4.0 because 1.5.x and 1.6.x have - # a bug that causes E2E testing to fail (https://github.com/kubernetes-csi/csi-driver-host-path/pull/210#discussion_r605592438, - # https://github.com/kubernetes-csi/csi-driver-host-path/issues/251). - image: k8s.gcr.io/sig-storage/hostpathplugin:v1.4.0 + image: k8s.gcr.io/sig-storage/hostpathplugin:v1.7.1 args: - "--drivername=hostpath.csi.k8s.io" - "--v=5" @@ -135,15 +259,128 @@ spec: name: csi-data-dir - mountPath: /dev name: dev-dir + + - name: csi-external-health-monitor-agent + image: k8s.gcr.io/sig-storage/csi-external-health-monitor-agent:v0.2.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: csi-external-health-monitor-controller + image: k8s.gcr.io/sig-storage/csi-external-health-monitor-controller:v0.3.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + + - name: node-driver-registrar + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0 + args: + - --v=5 + - --csi-address=/csi/csi.sock + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-hostpath/csi.sock + securityContext: + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + privileged: true + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - mountPath: /csi-data-dir + name: csi-data-dir + - name: liveness-probe volumeMounts: - mountPath: /csi name: socket-dir - image: k8s.gcr.io/sig-storage/livenessprobe:v2.2.0 + image: k8s.gcr.io/sig-storage/livenessprobe:v2.3.0 args: - --csi-address=/csi/csi.sock - --health-port=9898 + - name: csi-attacher + image: k8s.gcr.io/sig-storage/csi-attacher:v3.2.1 + args: + - --v=5 + - --csi-address=/csi/csi.sock + securityContext: + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + + - name: csi-provisioner + image: k8s.gcr.io/sig-storage/csi-provisioner:v2.2.1 + args: + - -v=5 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + securityContext: + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + + - name: csi-resizer + image: k8s.gcr.io/sig-storage/csi-resizer:v1.2.0 + args: + - -v=5 + - -csi-address=/csi/csi.sock + securityContext: + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + + - name: csi-snapshotter + image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.1.1 + args: + - -v=5 + - --csi-address=/csi/csi.sock + securityContext: + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + volumes: - hostPath: path: /var/lib/kubelet/plugins/csi-hostpath diff --git a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-provisioner.yaml b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-provisioner.yaml deleted file mode 100644 index 0cbc9910cea..00000000000 --- a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-provisioner.yaml +++ /dev/null @@ -1,46 +0,0 @@ -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: csi-hostpath-provisioner -spec: - serviceName: "csi-hostpath-provisioner" - replicas: 1 - selector: - matchLabels: - app: csi-hostpath-provisioner - template: - metadata: - labels: - app: csi-hostpath-provisioner - spec: - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - csi-hostpathplugin - topologyKey: kubernetes.io/hostname - serviceAccountName: csi-provisioner - containers: - - name: csi-provisioner - image: k8s.gcr.io/sig-storage/csi-provisioner:v2.1.1 - args: - - -v=5 - - --csi-address=/csi/csi.sock - - --feature-gates=Topology=true - securityContext: - # This is necessary only for systems with SELinux, where - # non-privileged sidecar containers cannot access unix domain socket - # created by privileged CSI driver container. - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/csi-hostpath - type: DirectoryOrCreate - name: socket-dir diff --git a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-resizer.yaml b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-resizer.yaml deleted file mode 100644 index 524f9ed4f36..00000000000 --- a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-resizer.yaml +++ /dev/null @@ -1,45 +0,0 @@ -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: csi-hostpath-resizer -spec: - serviceName: "csi-hostpath-resizer" - replicas: 1 - selector: - matchLabels: - app: csi-hostpath-resizer - template: - metadata: - labels: - app: csi-hostpath-resizer - spec: - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - csi-hostpathplugin - topologyKey: kubernetes.io/hostname - serviceAccountName: csi-resizer - containers: - - name: csi-resizer - image: k8s.gcr.io/sig-storage/csi-resizer:v1.1.0 - args: - - -v=5 - - -csi-address=/csi/csi.sock - securityContext: - # This is necessary only for systems with SELinux, where - # non-privileged sidecar containers cannot access unix domain socket - # created by privileged CSI driver container. - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/csi-hostpath - type: DirectoryOrCreate - name: socket-dir diff --git a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-snapshotclass.yaml b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-snapshotclass.yaml new file mode 100644 index 00000000000..0382f2f678f --- /dev/null +++ b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-snapshotclass.yaml @@ -0,0 +1,13 @@ +# Usage of the v1 API implies that the cluster must have +# external-snapshotter v4.x installed. +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotClass +metadata: + name: csi-hostpath-snapclass + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpath-snapclass + app.kubernetes.io/component: volumesnapshotclass +driver: hostpath.csi.k8s.io #csi-hostpath +deletionPolicy: Delete diff --git a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-snapshotter.yaml b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-snapshotter.yaml deleted file mode 100644 index 3a61d9e14e4..00000000000 --- a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-snapshotter.yaml +++ /dev/null @@ -1,45 +0,0 @@ -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: csi-hostpath-snapshotter -spec: - serviceName: "csi-hostpath-snapshotter" - replicas: 1 - selector: - matchLabels: - app: csi-hostpath-snapshotter - template: - metadata: - labels: - app: csi-hostpath-snapshotter - spec: - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - csi-hostpathplugin - topologyKey: kubernetes.io/hostname - serviceAccount: csi-snapshotter - containers: - - name: csi-snapshotter - image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.0.0 - args: - - -v=5 - - --csi-address=/csi/csi.sock - securityContext: - # This is necessary only for systems with SELinux, where - # non-privileged sidecar containers cannot access unix domain socket - # created by privileged CSI driver container. - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/csi-hostpath - type: DirectoryOrCreate - name: socket-dir diff --git a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-testing.yaml b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-testing.yaml index 188a5bde870..4e4eb135431 100644 --- a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-testing.yaml +++ b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/csi-hostpath-testing.yaml @@ -11,10 +11,18 @@ apiVersion: v1 kind: Service metadata: name: hostpath-service + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpath-socat + app.kubernetes.io/component: socat spec: type: NodePort selector: - app: csi-hostpath-socat + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpath-socat + app.kubernetes.io/component: socat ports: - port: 10000 # fixed port inside the pod, dynamically allocated port outside --- @@ -22,26 +30,37 @@ kind: StatefulSet apiVersion: apps/v1 metadata: name: csi-hostpath-socat + labels: + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpath-socat + app.kubernetes.io/component: socat spec: serviceName: "csi-hostpath-socat" replicas: 1 selector: matchLabels: - app: csi-hostpath-socat + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpath-socat + app.kubernetes.io/component: socat template: metadata: labels: - app: csi-hostpath-socat + app.kubernetes.io/instance: hostpath.csi.k8s.io + app.kubernetes.io/part-of: csi-driver-host-path + app.kubernetes.io/name: csi-hostpath-socat + app.kubernetes.io/component: socat spec: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - - key: app + - key: app.kubernetes.io/instance operator: In values: - - csi-hostpathplugin + - hostpath.csi.k8s.io topologyKey: kubernetes.io/hostname containers: - name: socat diff --git a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/e2e-test-rbac.yaml b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/e2e-test-rbac.yaml index 3cd01df1f74..21e84f90714 100644 --- a/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/e2e-test-rbac.yaml +++ b/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/e2e-test-rbac.yaml @@ -4,6 +4,9 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: psp-csi-hostpath-role subjects: + # This list of ServiceAccount intentionally covers everything that might + # be needed. In practice, only some of these accounts are actually + # used. - kind: ServiceAccount name: csi-attacher namespace: default @@ -19,6 +22,9 @@ subjects: - kind: ServiceAccount name: csi-external-health-monitor-controller namespace: default + - kind: ServiceAccount + name: csi-hostpathplugin-sa + namespace: default roleRef: kind: ClusterRole name: e2e-test-privileged-psp diff --git a/test/e2e/testing-manifests/storage-csi/update-hostpath.sh b/test/e2e/testing-manifests/storage-csi/update-hostpath.sh index 493baedaa25..415b2cbcdaa 100755 --- a/test/e2e/testing-manifests/storage-csi/update-hostpath.sh +++ b/test/e2e/testing-manifests/storage-csi/update-hostpath.sh @@ -60,6 +60,9 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: psp-csi-hostpath-role subjects: + # This list of ServiceAccount intentionally covers everything that might + # be needed. In practice, only some of these accounts are actually + # used. - kind: ServiceAccount name: csi-attacher namespace: default @@ -75,6 +78,9 @@ subjects: - kind: ServiceAccount name: csi-external-health-monitor-controller namespace: default + - kind: ServiceAccount + name: csi-hostpathplugin-sa + namespace: default roleRef: kind: ClusterRole name: e2e-test-privileged-psp