diff --git a/inventory/sample/group_vars/all/vsphere.yml b/inventory/sample/group_vars/all/vsphere.yml index 5b4e5f208..1c57ec645 100644 --- a/inventory/sample/group_vars/all/vsphere.yml +++ b/inventory/sample/group_vars/all/vsphere.yml @@ -14,18 +14,18 @@ ## gcr.io/cloud-provider-vsphere/cpi/release/manager # external_vsphere_cloud_controller_image_tag: "latest" ## gcr.io/cloud-provider-vsphere/csi/release/syncer -# vsphere_syncer_image_tag: "v2.2.1" -## quay.io/k8scsi/csi-attacher -# vsphere_csi_attacher_image_tag: "v3.1.0" +# vsphere_syncer_image_tag: "v2.4.0" +## k8s.gcr.io/sig-storage/csi-attacher +# vsphere_csi_attacher_image_tag: "v3.3.0" ## gcr.io/cloud-provider-vsphere/csi/release/driver -# vsphere_csi_controller: "v2.2.1" -## quay.io/k8scsi/livenessprobe -# vsphere_csi_liveness_probe_image_tag: "v2.2.0" -## quay.io/k8scsi/csi-provisioner -# vsphere_csi_provisioner_image_tag: "v2.1.0" -## quay.io/k8scsi/csi-resizer +# vsphere_csi_controller: "v2.4.0" +## k8s.gcr.io/sig-storage/livenessprobe +# vsphere_csi_liveness_probe_image_tag: "v2.4.0" +## k8s.gcr.io/sig-storage/csi-provisioner +# vsphere_csi_provisioner_image_tag: "v3.0.0" +## k8s.gcr.io/sig-storage/csi-resizer ## makes sense only for vSphere version >=7.0 -# vsphere_csi_resizer_tag: "v1.1.0" +# vsphere_csi_resizer_tag: "v1.3.0" ## To use vSphere CSI plugin to provision volumes set this value to true # vsphere_csi_enabled: true diff --git a/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml index 612ad4384..d708019c3 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml +++ b/roles/kubernetes-apps/csi_driver/vsphere/defaults/main.yml @@ -4,14 +4,14 @@ external_vsphere_insecure: "true" external_vsphere_kubernetes_cluster_id: "kubernetes-cluster-id" external_vsphere_version: "6.7u3" -vsphere_syncer_image_tag: "v1.0.2" -vsphere_csi_attacher_image_tag: "v1.1.1" -vsphere_csi_controller: "v1.0.2" -vsphere_csi_liveness_probe_image_tag: "v1.1.0" -vsphere_csi_provisioner_image_tag: "v1.2.2" -vsphere_csi_node_driver_registrar_image_tag: "v1.1.0" -vsphere_csi_driver_image_tag: "v1.0.2" -vsphere_csi_resizer_tag: "v1.0.0" +vsphere_syncer_image_tag: "v2.4.0" +vsphere_csi_attacher_image_tag: "v3.3.0" +vsphere_csi_controller: "v2.4.0" +vsphere_csi_liveness_probe_image_tag: "v2.4.0" +vsphere_csi_provisioner_image_tag: "v3.0.0" +vsphere_csi_node_driver_registrar_image_tag: "v2.3.0" +vsphere_csi_driver_image_tag: "v2.4.0" +vsphere_csi_resizer_tag: "v1.3.0" vsphere_csi_controller_replicas: 1 diff --git a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml index 2015b6326..58688ae4a 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml +++ b/roles/kubernetes-apps/csi_driver/vsphere/tasks/main.yml @@ -2,11 +2,6 @@ - include_tasks: vsphere-credentials-check.yml tags: vsphere-csi-driver -- name: vSphere CSI Driver | Choose how to deploy CSI driver based on controller version - set_fact: - controller_spec: "{% if vsphere_csi_controller is version('v2.0.0', '<') %}vsphere-csi-controller-ss.yml{% else %}vsphere-csi-controller-deployment.yml{% endif %}" - tags: vsphere-csi-driver - - name: vSphere CSI Driver | Generate CSI cloud-config template: src: "{{ item }}.j2" @@ -22,9 +17,12 @@ src: "{{ item }}.j2" dest: "{{ kube_config_dir }}/{{ item }}" with_items: + - vsphere-csi-driver.yml - vsphere-csi-controller-rbac.yml - - vsphere-csi-node-rbac.yaml - - "{{ controller_spec }}" + - vsphere-csi-node-rbac.yml + - vsphere-csi-controller-config.yml + - vsphere-csi-controller-deployment.yml + - vsphere-csi-controller-service.yml - vsphere-csi-node.yml register: vsphere_csi_manifests when: inventory_hostname == groups['kube_control_plane'][0] diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 new file mode 100644 index 000000000..abf784100 --- /dev/null +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + "csi-migration": "false" + "csi-auth-check": "true" + "online-volume-extend": "true" + "trigger-csi-fullsync": "false" + "async-query-volume": "true" + "improved-csi-idempotency": "true" + "improved-volume-topology": "true" + "block-volume-snapshot": "false" + "csi-windows-support": "false" +kind: ConfigMap +metadata: + name: internal-feature-states.csi.vsphere.vmware.com + namespace: kube-system diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 index 3e3b276b9..d6e8f6003 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 @@ -5,6 +5,11 @@ metadata: namespace: kube-system spec: replicas: {{ vsphere_csi_controller_replicas }} + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 0 selector: matchLabels: app: vsphere-csi-controller @@ -14,6 +19,16 @@ spec: app: vsphere-csi-controller role: vsphere-csi spec: + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - vsphere-csi-controller + topologyKey: "kubernetes.io/hostname" serviceAccountName: vsphere-csi-controller nodeSelector: node-role.kubernetes.io/control-plane: "" @@ -39,12 +54,14 @@ spec: dnsPolicy: "Default" containers: - name: csi-attacher - image: {{ quay_image_repo }}/k8scsi/csi-attacher:{{ vsphere_csi_attacher_image_tag }} + image: {{ kube_image_repo }}/sig-storage/csi-attacher:{{ vsphere_csi_attacher_image_tag }} args: - "--v=4" - "--timeout=300s" - "--csi-address=$(ADDRESS)" - "--leader-election" + - "--kube-api-qps=100" + - "--kube-api-burst=100" env: - name: ADDRESS value: /csi/csi.sock @@ -53,17 +70,15 @@ spec: name: socket-dir {% if external_vsphere_version >= "7.0" %} - name: csi-resizer - image: {{ quay_image_repo }}/k8scsi/csi-resizer:{{ vsphere_csi_resizer_tag }} + image: {{ kube_image_repo }}/sig-storage/csi-resizer:{{ vsphere_csi_resizer_tag }} args: - "--v=4" - "--timeout=300s" - "--csi-address=$(ADDRESS)" - "--leader-election" -{% if vsphere_csi_controller is version('v2.2.0', '>=') %} - "--handle-volume-inuse-error=false" - "--kube-api-qps=100" - "--kube-api-burst=100" -{% endif %} env: - name: ADDRESS value: /csi/csi.sock @@ -77,6 +92,7 @@ spec: args: - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" - "--fss-namespace=$(CSI_NAMESPACE)" + - "--use-gocsi=false" {% endif %} imagePullPolicy: {{ k8s_image_pull_policy }} env: @@ -84,6 +100,10 @@ spec: value: unix://{{ csi_endpoint }}/csi.sock - name: X_CSI_MODE value: "controller" + - name: X_CSI_SPEC_DISABLE_LEN_CHECK + value: "true" + - name: X_CSI_SERIAL_VOL_ACCESS_TIMEOUT + value: 3m - name: VSPHERE_CSI_CONFIG value: "/etc/cloud/csi-vsphere.conf" - name: LOGGER_LEVEL @@ -98,8 +118,6 @@ spec: fieldRef: fieldPath: metadata.namespace {% endif %} - - name: X_CSI_SERIAL_VOL_ACCESS_TIMEOUT - value: 3m volumeMounts: - mountPath: /etc/cloud name: vsphere-config-volume @@ -122,7 +140,7 @@ spec: periodSeconds: 5 failureThreshold: 3 - name: liveness-probe - image: {{ quay_image_repo }}/k8scsi/livenessprobe:{{ vsphere_csi_liveness_probe_image_tag }} + image: {{ kube_image_repo }}/sig-storage/livenessprobe:{{ vsphere_csi_liveness_probe_image_tag }} args: - "--v=4" - "--csi-address=$(ADDRESS)" @@ -167,7 +185,7 @@ spec: name: vsphere-config-volume readOnly: true - name: csi-provisioner - image: {{ quay_image_repo }}/k8scsi/csi-provisioner:{{ vsphere_csi_provisioner_image_tag }} + image: {{ kube_image_repo }}/sig-storage/csi-provisioner:{{ vsphere_csi_provisioner_image_tag }} args: - "--v=4" - "--timeout=300s" @@ -193,42 +211,3 @@ spec: secretName: vsphere-config-secret - name: socket-dir emptyDir: {} ---- -apiVersion: v1 -data: - "csi-migration": "false" # csi-migration feature is only available for vSphere 7.0U1 - "csi-auth-check": "true" - "online-volume-extend": "true" -kind: ConfigMap -metadata: - name: internal-feature-states.csi.vsphere.vmware.com - namespace: kube-system ---- -apiVersion: storage.k8s.io/v1 # For k8s 1.17 or lower use storage.k8s.io/v1beta1 -kind: CSIDriver -metadata: - name: csi.vsphere.vmware.com -spec: - attachRequired: true - podInfoOnMount: false ---- -apiVersion: v1 -kind: Service -metadata: - name: vsphere-csi-controller - namespace: kube-system - labels: - app: vsphere-csi-controller -spec: - ports: - - name: ctlr - port: 2112 - targetPort: 2112 - protocol: TCP - - name: syncer - port: 2113 - targetPort: 2113 - protocol: TCP - selector: - app: vsphere-csi-controller - diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 index d0abaf56b..ad5569185 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 @@ -39,18 +39,37 @@ rules: resources: ["volumeattachments"] verbs: ["get", "list", "watch", "patch"] {% if external_vsphere_version >= "7.0u1" %} + - apiGroups: ["cns.vmware.com"] + resources: ["triggercsifullsyncs"] + verbs: ["create", "get", "update", "watch", "list"] - apiGroups: ["cns.vmware.com"] resources: ["cnsvspherevolumemigrations"] verbs: ["create", "get", "list", "watch", "update", "delete"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] - verbs: ["get", "create"] + verbs: ["get", "create", "update"] + - apiGroups: ["cns.vmware.com"] + resources: ["cnsvolumeoperationrequests"] + verbs: ["create", "get", "list", "update", "delete"] + - apiGroups: [ "cns.vmware.com" ] + resources: [ "csinodetopologies" ] + verbs: ["get", "update", "watch", "list"] {% endif %} -{% if vsphere_csi_controller is version('v2.0.0', '>=') %} - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments/status"] verbs: ["patch"] -{% endif %} + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshots" ] + verbs: [ "get", "list" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotclasses" ] + verbs: [ "watch", "get", "list" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotcontents" ] + verbs: [ "create", "get", "list", "watch", "update", "delete" ] + - apiGroups: [ "snapshot.storage.k8s.io" ] + resources: [ "volumesnapshotcontents/status" ] + verbs: [ "update", "patch" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-service.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-service.yml.j2 new file mode 100644 index 000000000..ccded9b72 --- /dev/null +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-service.yml.j2 @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: vsphere-csi-controller + namespace: kube-system + labels: + app: vsphere-csi-controller +spec: + ports: + - name: ctlr + port: 2112 + targetPort: 2112 + protocol: TCP + - name: syncer + port: 2113 + targetPort: 2113 + protocol: TCP + selector: + app: vsphere-csi-controller diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-ss.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-ss.yml.j2 deleted file mode 100644 index 4a8a4b178..000000000 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-ss.yml.j2 +++ /dev/null @@ -1,131 +0,0 @@ -kind: StatefulSet -apiVersion: apps/v1 -metadata: - name: vsphere-csi-controller - namespace: kube-system -spec: - serviceName: vsphere-csi-controller - replicas: {{ vsphere_csi_controller_replicas }} - updateStrategy: - type: "RollingUpdate" - selector: - matchLabels: - app: vsphere-csi-controller - template: - metadata: - labels: - app: vsphere-csi-controller - role: vsphere-csi - spec: - serviceAccountName: vsphere-csi-controller - nodeSelector: - node-role.kubernetes.io/control-plane: "" - tolerations: - - operator: "Exists" - key: node-role.kubernetes.io/master - effect: NoSchedule - - operator: "Exists" - key: node-role.kubernetes.io/control-plane - effect: NoSchedule - dnsPolicy: "Default" - containers: - - name: csi-attacher - image: {{ quay_image_repo }}/k8scsi/csi-attacher:{{ vsphere_csi_attacher_image_tag }} - args: - - "--v=4" - - "--timeout=300s" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - - name: vsphere-csi-controller - image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/driver:{{ vsphere_csi_controller }} - imagePullPolicy: {{ k8s_image_pull_policy }} - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /var/lib/csi/sockets/pluginproxy/csi.vsphere.vmware.com"] - args: - - "--v=4" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: X_CSI_MODE - value: "controller" - - name: VSPHERE_CSI_CONFIG - value: "/etc/cloud/csi-vsphere.conf" - volumeMounts: - - mountPath: /etc/cloud - name: vsphere-config-volume - readOnly: true - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - ports: - - name: healthz - containerPort: 9808 - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 5 - failureThreshold: 3 - - name: liveness-probe - image: {{ quay_image_repo }}/k8scsi/livenessprobe:{{ vsphere_csi_liveness_probe_image_tag }} - args: - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - mountPath: /var/lib/csi/sockets/pluginproxy/ - name: socket-dir - - name: vsphere-syncer - image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/syncer:{{ vsphere_syncer_image_tag }} - imagePullPolicy: {{ k8s_image_pull_policy }} - args: - - "--v=2" - env: - - name: FULL_SYNC_INTERVAL_MINUTES - value: "30" - - name: VSPHERE_CSI_CONFIG - value: "/etc/cloud/csi-vsphere.conf" - volumeMounts: - - mountPath: /etc/cloud - name: vsphere-config-volume - readOnly: true - - name: csi-provisioner - image: {{ quay_image_repo }}/k8scsi/csi-provisioner:{{ vsphere_csi_provisioner_image_tag }} - args: - - "--v=4" - - "--timeout=300s" - - "--csi-address=$(ADDRESS)" - - "--feature-gates=Topology=true" - - "--strict-topology" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - volumes: - - name: vsphere-config-volume - secret: - secretName: vsphere-config-secret - - name: socket-dir - hostPath: - path: /var/lib/csi/sockets/pluginproxy/csi.vsphere.vmware.com - type: DirectoryOrCreate ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: csi.vsphere.vmware.com -spec: - attachRequired: true - podInfoOnMount: false diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-driver.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-driver.yml.j2 new file mode 100644 index 000000000..ad3260e52 --- /dev/null +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-driver.yml.j2 @@ -0,0 +1,7 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.vsphere.vmware.com +spec: + attachRequired: true + podInfoOnMount: false diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yaml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2 similarity index 50% rename from roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yaml.j2 rename to roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2 index 34aa1ed6f..98e06529a 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yaml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node-rbac.yml.j2 @@ -5,6 +5,31 @@ metadata: name: vsphere-csi-node namespace: kube-system --- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: vsphere-csi-node-cluster-role +rules: + - apiGroups: ["cns.vmware.com"] + resources: ["csinodetopologies"] + verbs: ["create", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: vsphere-csi-node-cluster-role-binding +subjects: + - kind: ServiceAccount + name: vsphere-csi-node + namespace: kube-system +roleRef: + kind: ClusterRole + name: vsphere-csi-node-cluster-role + apiGroup: rbac.authorization.k8s.io +--- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 index 9c61a0907..3fae91e3d 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 @@ -17,10 +17,14 @@ spec: app: vsphere-csi-node role: vsphere-csi spec: - dnsPolicy: "Default" + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: vsphere-csi-node + hostNetwork: true + dnsPolicy: "ClusterFirstWithHostNet" containers: - name: node-driver-registrar - image: {{ quay_image_repo }}/k8scsi/csi-node-driver-registrar:{{ vsphere_csi_node_driver_registrar_image_tag }} + image: {{ kube_image_repo }}/sig-storage/csi-node-driver-registrar:{{ vsphere_csi_node_driver_registrar_image_tag }} {% if external_vsphere_version < "7.0u1" %} lifecycle: preStop: @@ -31,34 +35,23 @@ spec: - "--v=5" - "--csi-address=$(ADDRESS)" - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" -{% if external_vsphere_version >= "7.0u1" %} - - "--health-port=9809" -{% endif %} env: - name: ADDRESS value: /csi/csi.sock - name: DRIVER_REG_SOCK_PATH value: /var/lib/kubelet/plugins/csi.vsphere.vmware.com/csi.sock -{% if vsphere_csi_controller is version('v2.2.0', '<') %} - securityContext: - privileged: true -{% endif %} volumeMounts: - name: plugin-dir mountPath: /csi - name: registration-dir mountPath: /registration -{% if external_vsphere_version >= "7.0u1" %} - ports: - - containerPort: 9809 - name: healthz livenessProbe: - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 5 - timeoutSeconds: 5 -{% endif %} + exec: + command: + - /csi-node-driver-registrar + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.vsphere.vmware.com/csi.sock + - --mode=kubelet-registration-probe + initialDelaySeconds: 3 - name: vsphere-csi-node image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/driver:{{ vsphere_csi_driver_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} @@ -66,6 +59,7 @@ spec: args: - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" - "--fss-namespace=$(CSI_NAMESPACE)" + - "--use-gocsi=false" {% endif %} imagePullPolicy: "Always" env: @@ -75,13 +69,12 @@ spec: fieldPath: spec.nodeName - name: CSI_ENDPOINT value: unix:///csi/csi.sock + - name: MAX_VOLUMES_PER_NODE + value: "59" # Maximum number of volumes that controller can publish to the node. If value is not set or zero Kubernetes decide how many volumes can be published by the controller to the node. - name: X_CSI_MODE value: "node" - name: X_CSI_SPEC_REQ_VALIDATION value: "false" - # needed only for topology aware setups - #- name: VSPHERE_CSI_CONFIG - # value: "/etc/cloud/csi-vsphere.conf" # here csi-vsphere.conf is the name of the file used for creating secret using "--from-file" flag - name: X_CSI_DEBUG value: "true" - name: LOGGER_LEVEL @@ -92,16 +85,14 @@ spec: fieldRef: fieldPath: metadata.namespace {% endif %} + - name: NODEGETINFO_WATCH_TIMEOUT_MINUTES + value: "1" securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true volumeMounts: - # needed only for topology aware setups - #- name: vsphere-config-volume - # mountPath: /etc/cloud - # readOnly: true - name: plugin-dir mountPath: /csi - name: pods-mount-dir @@ -111,12 +102,10 @@ spec: mountPropagation: "Bidirectional" - name: device-dir mountPath: /dev -{% if vsphere_csi_controller is version('v2.2.0', '>=') %} - name: blocks-dir mountPath: /sys/block - name: sys-devices-dir mountPath: /sys/devices -{% endif %} ports: - containerPort: 9808 name: healthz @@ -129,7 +118,7 @@ spec: periodSeconds: 5 failureThreshold: 3 - name: liveness-probe - image: {{ quay_image_repo }}/k8scsi/livenessprobe:{{ vsphere_csi_liveness_probe_image_tag }} + image: {{ kube_image_repo }}/sig-storage/livenessprobe:{{ vsphere_csi_liveness_probe_image_tag }} args: {% if external_vsphere_version >= "7.0u1" %} - "--v=4" @@ -139,10 +128,6 @@ spec: - name: plugin-dir mountPath: /csi volumes: - # needed only for topology aware setups - #- name: vsphere-config-volume - # secret: - # secretName: vsphere-config-secret - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry @@ -158,7 +143,6 @@ spec: - name: device-dir hostPath: path: /dev -{% if vsphere_csi_controller is version('v2.2.0', '>=') %} - name: blocks-dir hostPath: path: /sys/block @@ -167,7 +151,6 @@ spec: hostPath: path: /sys/devices type: Directory -{% endif %} tolerations: - effect: NoExecute operator: Exists