From 6b43d6aff2e74ebfc803a4f9e062f21303165c4b Mon Sep 17 00:00:00 2001 From: Steffen Becker Date: Fri, 10 Jun 2022 08:37:46 +0200 Subject: [PATCH] Proposed fix to Issue 8667 (#8944) Proposed fix to Issue 8667 Proposed fix to Issue 8667 --- inventory/sample/group_vars/all/vsphere.yml | 10 +++++----- .../templates/vsphere-csi-controller-config.yml.j2 | 4 ++++ .../templates/vsphere-csi-controller-deployment.yml.j2 | 8 ++------ .../templates/vsphere-csi-controller-rbac.yml.j2 | 2 -- .../vsphere/templates/vsphere-csi-node.yml.j2 | 4 ---- 5 files changed, 11 insertions(+), 17 deletions(-) diff --git a/inventory/sample/group_vars/all/vsphere.yml b/inventory/sample/group_vars/all/vsphere.yml index 1a9af8c56..af3cfbe28 100644 --- a/inventory/sample/group_vars/all/vsphere.yml +++ b/inventory/sample/group_vars/all/vsphere.yml @@ -14,15 +14,15 @@ ## gcr.io/cloud-provider-vsphere/cpi/release/manager # external_vsphere_cloud_controller_image_tag: "latest" ## gcr.io/cloud-provider-vsphere/csi/release/syncer -# vsphere_syncer_image_tag: "v2.4.0" +# vsphere_syncer_image_tag: "v2.5.1" ## registry.k8s.io/sig-storage/csi-attacher -# vsphere_csi_attacher_image_tag: "v3.3.0" +# vsphere_csi_attacher_image_tag: "v3.4.0" ## gcr.io/cloud-provider-vsphere/csi/release/driver -# vsphere_csi_controller: "v2.4.0" +# vsphere_csi_controller: "v2.5.1" ## registry.k8s.io/sig-storage/livenessprobe -# vsphere_csi_liveness_probe_image_tag: "v2.4.0" +# vsphere_csi_liveness_probe_image_tag: "v2.6.0" ## registry.k8s.io/sig-storage/csi-provisioner -# vsphere_csi_provisioner_image_tag: "v3.0.0" +# vsphere_csi_provisioner_image_tag: "v3.1.0" ## registry.k8s.io/sig-storage/csi-resizer ## makes sense only for vSphere version >=7.0 # vsphere_csi_resizer_tag: "v1.3.0" diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 index deb47d240..56a28d0b3 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-config.yml.j2 @@ -1,7 +1,11 @@ apiVersion: v1 data: "csi-migration": "false" +{% if external_vsphere_version >= "7.0" %} "csi-auth-check": "true" +{% else %} + "csi-auth-check": "false" +{% endif %} "online-volume-extend": "true" "trigger-csi-fullsync": "false" "async-query-volume": "true" diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 index a7ff4ffbf..e0c26496c 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-deployment.yml.j2 @@ -88,12 +88,10 @@ spec: {% endif %} - name: vsphere-csi-controller image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/driver:{{ vsphere_csi_controller }} -{% if external_vsphere_version >= "7.0u1" %} args: - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" - "--fss-namespace=$(CSI_NAMESPACE)" - "--use-gocsi=false" -{% endif %} imagePullPolicy: {{ k8s_image_pull_policy }} env: - name: CSI_ENDPOINT @@ -113,11 +111,11 @@ spec: value: "100" - name: INCLUSTER_CLIENT_BURST value: "100" +{% endif %} - name: CSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace -{% endif %} volumeMounts: - mountPath: /etc/cloud name: vsphere-config-volume @@ -154,10 +152,8 @@ spec: image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/syncer:{{ vsphere_syncer_image_tag }} args: - "--leader-election" -{% if external_vsphere_version >= "7.0u1" %} - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" - "--fss-namespace=$(CSI_NAMESPACE)" -{% endif %} imagePullPolicy: {{ k8s_image_pull_policy }} ports: - containerPort: 2113 @@ -175,11 +171,11 @@ spec: value: "100" - name: INCLUSTER_CLIENT_BURST value: "100" +{% endif %} - name: CSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace -{% endif %} volumeMounts: - mountPath: /etc/cloud name: vsphere-config-volume diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 index d2f0758ed..80797063a 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-controller-rbac.yml.j2 @@ -41,7 +41,6 @@ rules: - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "patch", "update"] -{% if external_vsphere_version >= "7.0u1" %} - apiGroups: ["cns.vmware.com"] resources: ["triggercsifullsyncs"] verbs: ["create", "get", "update", "watch", "list"] @@ -57,7 +56,6 @@ rules: - apiGroups: [ "cns.vmware.com" ] resources: [ "csinodetopologies" ] verbs: ["get", "update", "watch", "list"] -{% endif %} - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments/status"] verbs: ["patch"] diff --git a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 index c0ec36c21..53c90cd1a 100644 --- a/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 +++ b/roles/kubernetes-apps/csi_driver/vsphere/templates/vsphere-csi-node.yml.j2 @@ -55,12 +55,10 @@ spec: - name: vsphere-csi-node image: {{ gcr_image_repo }}/cloud-provider-vsphere/csi/release/driver:{{ vsphere_csi_driver_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} -{% if external_vsphere_version >= "7.0u1" %} args: - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" - "--fss-namespace=$(CSI_NAMESPACE)" - "--use-gocsi=false" -{% endif %} imagePullPolicy: "Always" env: - name: NODE_NAME @@ -81,12 +79,10 @@ spec: value: "true" - name: LOGGER_LEVEL value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION -{% if external_vsphere_version >= "7.0u1" %} - name: CSI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace -{% endif %} - name: NODEGETINFO_WATCH_TIMEOUT_MINUTES value: "1" securityContext: