diff --git a/CHANGELOG.md b/CHANGELOG.md index d2f0977a8..71b5c16bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ ## unreleased +## v0.3.0 - 2018.10.29 + +* This release is intended to be used with Kubernetes `v1.12.x` and is not compatible with older versions of Kubernetes. The latest CSI changes in v1.12.x are not compatible with older version unfortunately, therefore going forward we will not support older version anymore. The requirements also has changed, please make sure to read the README.md to see what kubelet and kube-apiserver flags needs to be enabled. + [[GH-95]](https://github.com/digitalocean/csi-digitalocean/pull/95) +* Two new `CRD's` are installed: `CSINodeInfo` and `CSIDriver` to simplify node and driver discovery in Kubernetes. * Add a [tutorial](examples/kubernetes/pod-single-existing-volume/README.md) on how to re-use an existing volume. Also a new option is introduced to prevent formatting an existing volume. [[GH-87]](https://github.com/digitalocean/csi-digitalocean/pull/87) * Handle case if a volume is already attached to a droplet diff --git a/README.md b/README.md index cecceec73..bfaecd241 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Cloud Foundry. Feel free to test it on other CO's and give us a feedback. ## Releases The DigitalOcean CSI plugin follows [semantic versioning](https://semver.org/). -The current version is: **`v0.2.0`**. This means that the project is still +The current version is: **`v0.3.0`**. This means that the project is still under active development and may not be production ready. The plugin will be bumped to **`v1.0.0`** once the [DigitalOcean Kubernetes product](https://www.digitalocean.com/products/kubernetes/) is released and @@ -21,11 +21,15 @@ will continue following the rules below: ## Installing to Kubernetes +Note: The [`DigitalOcean Kubernetes`](https://www.digitalocean.com/products/kubernetes/) products comes +with the CSI driver pre-installed and no further steps are required. + **Requirements:** -* Kubernetes v1.10.5 minimum +* Kubernetes v1.12.0 minimum * `--allow-privileged` flag must be set to true for both the API server and the kubelet -* (if you use Docker) the Docker daemon of the cluster nodes must allow shared mounts +* `--feature-gates=VolumeSnapshotDataSource=true,KubeletPluginsWatcher=true,CSINodeInfo=true,CSIDriverRegistry=true` feature gate flags must be set to true for both the API server and the kubelet +* Mounr Propagation needs to be enabled. If you use Docker, the Docker daemon of the cluster nodes must allow shared mounts. ### [Rancher](https://rancher.com/) users: @@ -83,10 +87,10 @@ digitalocean Opaque 1 18h Before you continue, be sure to checkout to a [tagged release](https://github.com/digitalocean/csi-digitalocean/releases). Always use the [latest stable version](https://github.com/digitalocean/csi-digitalocean/releases/latest) -For example, to use the latest stable version (`v0.2.0`) you can execute the following command: +For example, to use the latest stable version (`v0.3.0`) you can execute the following command: ``` -$ kubectl apply -f https://raw.githubusercontent.com/digitalocean/csi-digitalocean/master/deploy/kubernetes/releases/csi-digitalocean-v0.2.0.yaml +$ kubectl apply -f https://raw.githubusercontent.com/digitalocean/csi-digitalocean/master/deploy/kubernetes/releases/csi-digitalocean-v0.3.0.yaml ``` This file will be always updated to point to the latest stable release. @@ -220,15 +224,15 @@ $ git push origin After it's merged to master, [create a new Github release](https://github.com/digitalocean/csi-digitalocean/releases/new) from -master with the version `v0.2.0` and then publish a new docker build: +master with the version `v0.3.0` and then publish a new docker build: ``` $ git checkout master $ make publish ``` -This will create a binary with version `v0.2.0` and docker image pushed to -`digitalocean/do-csi-plugin:v0.2.0` +This will create a binary with version `v0.3.0` and docker image pushed to +`digitalocean/do-csi-plugin:v0.3.0` ## Contributing diff --git a/VERSION b/VERSION index 1474d00f0..268b0334e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.2.0 +v0.3.0 diff --git a/deploy/kubernetes/releases/csi-digitalocean-v0.3.0.yaml b/deploy/kubernetes/releases/csi-digitalocean-v0.3.0.yaml new file mode 100644 index 000000000..3cb58fbc9 --- /dev/null +++ b/deploy/kubernetes/releases/csi-digitalocean-v0.3.0.yaml @@ -0,0 +1,368 @@ +# Copyright 2018 DigitalOcean +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Configuration to deploy release version of the CSI DigitalOcean +# plugin (https://github.com/digitalocean/csi-digitalocean) compatible with +# Kubernetes >=v1.12.1 +# +# example usage: kubectl create -f + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: csinodeinfos.csi.storage.k8s.io +spec: + group: csi.storage.k8s.io + names: + kind: CSINodeInfo + plural: csinodeinfos + scope: Cluster + validation: + openAPIV3Schema: + properties: + csiDrivers: + description: List of CSI drivers running on the node and their properties. + items: + properties: + driver: + description: The CSI driver that this object refers to. + type: string + nodeID: + description: The node from the driver point of view. + type: string + topologyKeys: + description: List of keys supported by the driver. + items: + type: string + type: array + type: array + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: csidrivers.csi.storage.k8s.io +spec: + group: csi.storage.k8s.io + names: + kind: CSIDriver + plural: csidrivers + scope: Cluster + validation: + openAPIV3Schema: + properties: + spec: + description: Specification of the CSI Driver. + properties: + attachRequired: + description: Indicates this CSI volume driver requires an attach operation, + and that Kubernetes should call attach and wait for any attach operation + to complete before proceeding to mount. + type: boolean + podInfoOnMountVersion: + description: Indicates this CSI volume driver requires additional pod + information (like podName, podUID, etc.) during mount operations. + type: string + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +# CSIDriverRegistry feature gate needs to be enabled +apiVersion: csi.storage.k8s.io/v1alpha1 +kind: CSIDriver +metadata: + name: csi-digitalocean +spec: + attachRequired: true + podInfoOnMountVersion: "v1" + +--- + +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: do-block-storage + namespace: kube-system + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: dobs.csi.digitalocean.com + +--- + +############################################## +########### ############ +########### Controller plugin ############ +########### ############ +############################################## + +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: csi-do-controller + namespace: kube-system +spec: + serviceName: "csi-do" + replicas: 1 + template: + metadata: + labels: + app: csi-do-controller + role: csi-do + spec: + serviceAccount: csi-do-controller-sa + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v0.4.1 + args: + - "--provisioner=dobs.csi.digitalocean.com" + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v0.4.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-do-plugin + image: digitalocean/do-csi-plugin:v0.3.0 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" + - "--url=$(DIGITALOCEAN_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: DIGITALOCEAN_API_URL + value: https://api.digitalocean.com/ + - name: DIGITALOCEAN_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-do-controller-sa + namespace: kube-system + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-controller-provisioner-binding + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: system:csi-external-provisioner + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-controller-attacher-binding + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-do-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: system:csi-external-attacher + apiGroup: rbac.authorization.k8s.io + +--- + + +######################################## +########### ############ +########### Node plugin ############ +########### ############ +######################################## + +kind: DaemonSet +apiVersion: apps/v1beta2 +metadata: + name: csi-do-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-do-node + template: + metadata: + labels: + app: csi-do-node + role: csi-do + spec: + serviceAccount: csi-do-node-sa + hostNetwork: true + containers: + - name: driver-registrar + image: quay.io/k8scsi/driver-registrar:v0.4.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--mode=node-register" + - "--driver-requires-attachment=true" + - "--pod-info-mount-version=\"v1\"" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/dobs.csi.digitalocean.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration/ + - name: csi-do-plugin + image: digitalocean/do-csi-plugin:v0.3.0 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" + - "--url=$(DIGITALOCEAN_API_URL)" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: DIGITALOCEAN_API_URL + value: https://api.digitalocean.com/ + - name: DIGITALOCEAN_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: digitalocean + key: access-token + imagePullPolicy: "Always" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins/ + type: DirectoryOrCreate + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/dobs.csi.digitalocean.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-do-node-sa + namespace: kube-system + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-driver-registrar-binding + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-do-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-do-driver-registrar-role + apiGroup: rbac.authorization.k8s.io + + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-do-driver-registrar-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +