mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-19 18:02:01 +00:00
142 lines
4.5 KiB
Bash
Executable File
142 lines
4.5 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
# Copyright 2021 The Kubernetes Authors.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# This script will update all sidecar RBAC files and the CSI hostpath
|
|
# deployment files such that they match what is in a hostpath driver
|
|
# release.
|
|
#
|
|
# Beware that this will wipe out all local modifications!
|
|
|
|
# Can be a tag or a branch.
|
|
script="$0"
|
|
hostpath_version="$1"
|
|
|
|
if ! [ "$hostpath_version" ]; then
|
|
cat >&2 <<EOF
|
|
Usage: $0 <hostpath tag or branch name>
|
|
|
|
Required parameter is missing.
|
|
EOF
|
|
exit 1
|
|
fi
|
|
|
|
set -xe
|
|
cd "$(dirname "$0")"
|
|
|
|
# Remove stale files.
|
|
rm -rf external-attacher external-provisioner external-resizer external-snapshotter external-health-monitor hostpath csi-driver-host-path
|
|
|
|
# Check out desired release.
|
|
git clone https://github.com/kubernetes-csi/csi-driver-host-path.git
|
|
(cd csi-driver-host-path && git checkout "$hostpath_version")
|
|
trap "rm -rf csi-driver-host-path" EXIT
|
|
|
|
# Main YAML files.
|
|
mkdir hostpath
|
|
cat >hostpath/README.md <<EOF
|
|
The files in this directory are exact copies of "kubernetes-latest" in
|
|
https://github.com/kubernetes-csi/csi-driver-host-path/tree/$hostpath_version/deploy/
|
|
|
|
Do not edit manually. Run $script to refresh the content.
|
|
EOF
|
|
cp -r csi-driver-host-path/deploy/kubernetes-latest/hostpath hostpath/
|
|
cat >hostpath/hostpath/e2e-test-rbac.yaml <<EOF
|
|
# privileged Pod Security Policy, previously defined just for gcePD via PrivilegedTestPSPClusterRoleBinding()
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: psp-csi-hostpath-role
|
|
subjects:
|
|
# This list of ServiceAccount intentionally covers everything that might
|
|
# be needed. In practice, only some of these accounts are actually
|
|
# used.
|
|
- kind: ServiceAccount
|
|
name: csi-attacher
|
|
namespace: default
|
|
- kind: ServiceAccount
|
|
name: csi-provisioner
|
|
namespace: default
|
|
- kind: ServiceAccount
|
|
name: csi-snapshotter
|
|
namespace: default
|
|
- kind: ServiceAccount
|
|
name: csi-resizer
|
|
namespace: default
|
|
- kind: ServiceAccount
|
|
name: csi-external-health-monitor-controller
|
|
namespace: default
|
|
- kind: ServiceAccount
|
|
name: csi-hostpathplugin-sa
|
|
namespace: default
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: e2e-test-privileged-psp
|
|
apiGroup: rbac.authorization.k8s.io
|
|
EOF
|
|
|
|
download () {
|
|
project="$1"
|
|
path="$2"
|
|
tag="$3"
|
|
rbac="$4"
|
|
|
|
mkdir -p "$project/$path"
|
|
url="https://github.com/kubernetes-csi/$project/raw/$tag/deploy/kubernetes/$path/$rbac"
|
|
cat >"$project/$path/$rbac" <<EOF
|
|
# Do not edit, downloaded from $url
|
|
# for csi-driver-host-path $hostpath_version
|
|
# by $script
|
|
#
|
|
EOF
|
|
curl --fail --location "$url" >>"$project/$path/$rbac"
|
|
}
|
|
|
|
# RBAC files for each sidecar.
|
|
# This relies on the convention that "external-something" has "csi-something" as image name.
|
|
# external-health-monitor is special, it has two images.
|
|
# The repository for each image is ignored.
|
|
images=$(grep -r '^ *image:.*csi' hostpath/hostpath | sed -e 's;.*image:.*/;;' | grep -v 'node-driver-registrar' | sort -u)
|
|
for image in $images; do
|
|
tag=$(echo "$image" | sed -e 's/.*://')
|
|
path=
|
|
rbac="rbac.yaml"
|
|
case $image in
|
|
csi-external-*)
|
|
# csi-external-health-monitor-agent:v0.2.0
|
|
project=$(echo "$image" | sed -e 's/csi-\(.*\)-[^:]*:.*/\1/')
|
|
path=$(echo "$image" | sed -e 's/csi-\([^:]*\):.*/\1/')
|
|
;;
|
|
*)
|
|
project=$(echo "$image" | sed -e 's/:.*//' -e 's/^csi/external/')
|
|
case $project in
|
|
external-snapshotter)
|
|
# Another special case...
|
|
path="csi-snapshotter"
|
|
rbac="rbac-csi-snapshotter.yaml"
|
|
;;
|
|
esac
|
|
;;
|
|
esac
|
|
download "$project" "$path" "$tag" "$rbac"
|
|
done
|
|
|
|
# Update the mock driver manifests, too.
|
|
grep -r image: hostpath/hostpath/csi-hostpath-plugin.yaml | while read -r image; do
|
|
version=$(echo "$image" | sed -e 's/.*:\(.*\)/\1/')
|
|
image=$(echo "$image" | sed -e 's/.*image: \([^:]*\).*/\1/')
|
|
sed -i -e "s;$image:.*;$image:$version;" mock/*.yaml
|
|
done
|