diff --git a/templates/crs/csi/csi-controller-crs.yaml b/templates/crs/csi/csi-controller-crs.yaml index 7ab40190..b3204416 100644 --- a/templates/crs/csi/csi-controller-crs.yaml +++ b/templates/crs/csi/csi-controller-crs.yaml @@ -88,6 +88,43 @@ roleRef: name: csi-provisioner-role apiGroup: rbac.authorization.k8s.io +--- +# external resizer +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-resizer-role +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-resizer-binding +subjects: + - kind: ServiceAccount + name: csi-vcd-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-resizer-role + apiGroup: rbac.authorization.k8s.io + --- kind: Deployment apiVersion: apps/v1 @@ -134,6 +171,19 @@ spec: volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.4.0 + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=30s" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ - name: vcd-csi-plugin securityContext: privileged: true @@ -147,7 +197,6 @@ spec: - --cloud-config=/etc/kubernetes/vcloud/vcloud-csi-config.yaml - --endpoint=$(CSI_ENDPOINT) - --upgrade-rde - - --v=5 env: - name: NODE_ID valueFrom: diff --git a/templates/crs/csi/csi-node-crs.yaml b/templates/crs/csi/csi-node-crs.yaml index c056f3f2..f3088cc6 100644 --- a/templates/crs/csi/csi-node-crs.yaml +++ b/templates/crs/csi/csi-node-crs.yaml @@ -27,6 +27,7 @@ roleRef: kind: ClusterRole name: csi-nodeplugin-role apiGroup: rbac.authorization.k8s.io + --- kind: DaemonSet apiVersion: apps/v1 @@ -71,6 +72,19 @@ spec: mountPath: /csi - name: registration-dir mountPath: /registration + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.4.0 + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=30s" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ - name: vcd-csi-plugin securityContext: privileged: true @@ -84,7 +98,6 @@ spec: - --nodeid=$(NODE_ID) - --endpoint=$(CSI_ENDPOINT) - --cloud-config=/etc/kubernetes/vcloud/vcloud-csi-config.yaml - - --v=5 env: - name: NODE_ID valueFrom: @@ -110,7 +123,7 @@ spec: mountPath: /dev mountPropagation: "HostToContainer" - name: pv-dir - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi/pv + mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi mountPropagation: "Bidirectional" - name: vcloud-csi-config-volume mountPath: /etc/kubernetes/vcloud @@ -139,7 +152,7 @@ spec: type: Directory - name: pv-dir hostPath: - path: /var/lib/kubelet/plugins/kubernetes.io/csi/pv + path: /var/lib/kubelet/plugins/kubernetes.io/csi type: DirectoryOrCreate - name: vcloud-csi-config-volume configMap: @@ -147,4 +160,3 @@ spec: - name: vcloud-basic-auth-volume secret: secretName: vcloud-basic-auth ----