From f7821abd460bfc5d6cc9b8ba5779548b95b3f76a Mon Sep 17 00:00:00 2001 From: Madhu Rajanna Date: Wed, 30 Oct 2024 14:25:35 +0100 Subject: [PATCH 1/3] remove duplicate entries in clusterrole Removed duplicate entries in the rbd clusterrole Signed-off-by: Madhu Rajanna --- config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml | 6 ------ deploy/all-in-one/install.yaml | 16 ---------------- deploy/multifile/csi-rbac.yaml | 16 ---------------- 3 files changed, 38 deletions(-) diff --git a/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml b/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml index e57fe9f6..2ef39276 100644 --- a/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml +++ b/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml @@ -54,9 +54,3 @@ rules: - apiGroups: [""] resources: ["serviceaccounts/token"] verbs: ["create"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] diff --git a/deploy/all-in-one/install.yaml b/deploy/all-in-one/install.yaml index 0e58d129..49c55cfc 100644 --- a/deploy/all-in-one/install.yaml +++ b/deploy/all-in-one/install.yaml @@ -14946,22 +14946,6 @@ rules: - serviceaccounts/token verbs: - create -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch" -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - - list - - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/deploy/multifile/csi-rbac.yaml b/deploy/multifile/csi-rbac.yaml index 264c13dd..4ae1081c 100644 --- a/deploy/multifile/csi-rbac.yaml +++ b/deploy/multifile/csi-rbac.yaml @@ -522,22 +522,6 @@ rules: - serviceaccounts/token verbs: - create -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch" -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - - list - - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole From 91f7f05a47c47bd72dd75ad47fa1a9d9568ca6c1 Mon Sep 17 00:00:00 2001 From: Madhu Rajanna Date: Wed, 30 Oct 2024 14:32:22 +0100 Subject: [PATCH 2/3] add missing rbac for cephfs/rbd adding the missing rbac for both cephfs and rbd to support all the features we have in cephcsi that is supported in Rook/cephcsi Signed-off-by: Madhu Rajanna --- .../cephfs_ctrlplugin_cluster_role.yaml | 24 ++++++ .../csi-rbac/rbd_ctrlplugin_cluster_role.yaml | 9 ++ deploy/all-in-one/install.yaml | 84 +++++++++++++++++++ deploy/multifile/csi-rbac.yaml | 84 +++++++++++++++++++ 4 files changed, 201 insertions(+) diff --git a/config/csi-rbac/cephfs_ctrlplugin_cluster_role.yaml b/config/csi-rbac/cephfs_ctrlplugin_cluster_role.yaml index 2100728f..9c3850b7 100644 --- a/config/csi-rbac/cephfs_ctrlplugin_cluster_role.yaml +++ b/config/csi-rbac/cephfs_ctrlplugin_cluster_role.yaml @@ -6,6 +6,15 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete", "patch", "update"] @@ -39,3 +48,18 @@ rules: - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents/status"] verbs: ["update", "patch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get"] + - apiGroups: [""] + resources: ["serviceaccounts/token"] + verbs: ["create"] diff --git a/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml b/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml index 2ef39276..deba2ba5 100644 --- a/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml +++ b/config/csi-rbac/rbd_ctrlplugin_cluster_role.yaml @@ -54,3 +54,12 @@ rules: - apiGroups: [""] resources: ["serviceaccounts/token"] verbs: ["create"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents/status"] + verbs: ["update", "patch"] diff --git a/deploy/all-in-one/install.yaml b/deploy/all-in-one/install.yaml index 49c55cfc..aa81e3e3 100644 --- a/deploy/all-in-one/install.yaml +++ b/deploy/all-in-one/install.yaml @@ -14135,6 +14135,28 @@ rules: verbs: - get - list +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -14228,6 +14250,43 @@ rules: verbs: - update - patch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents/status + verbs: + - update + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -14946,6 +15005,31 @@ rules: - serviceaccounts/token verbs: - create +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents/status + verbs: + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/deploy/multifile/csi-rbac.yaml b/deploy/multifile/csi-rbac.yaml index 4ae1081c..bbe62d35 100644 --- a/deploy/multifile/csi-rbac.yaml +++ b/deploy/multifile/csi-rbac.yaml @@ -107,6 +107,28 @@ rules: verbs: - get - list +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -200,6 +222,43 @@ rules: verbs: - update - patch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents/status + verbs: + - update + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -522,6 +581,31 @@ rules: - serviceaccounts/token verbs: - create +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents/status + verbs: + - update + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole From 1af4e3e99104bff3730d6be5916c7f805a48ac3e Mon Sep 17 00:00:00 2001 From: Madhu Rajanna Date: Wed, 30 Oct 2024 14:51:59 +0100 Subject: [PATCH 3/3] update images to latest release updating the images to the latest release. Signed-off-by: Madhu Rajanna --- internal/controller/defaults.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/controller/defaults.go b/internal/controller/defaults.go index 19ed50a4..2a8e39b7 100644 --- a/internal/controller/defaults.go +++ b/internal/controller/defaults.go @@ -32,9 +32,9 @@ var imageDefaults = map[string]string{ "attacher": "registry.k8s.io/sig-storage/csi-attacher:v4.6.1", "resizer": "registry.k8s.io/sig-storage/csi-resizer:v1.11.1", "snapshotter": "registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1", - "registrar": "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1", - "plugin": "quay.io/cephcsi/cephcsi:v3.11.0", - "addons": "quay.io/csiaddons/k8s-sidecar:v0.8.0", + "registrar": "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1", + "plugin": "quay.io/cephcsi/cephcsi:v3.12.2", + "addons": "quay.io/csiaddons/k8s-sidecar:v0.10.0", } const (