diff --git a/charts/index.yaml b/charts/index.yaml index 0ec29f462..4a03dd7db 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -1,27 +1,45 @@ apiVersion: v1 entries: blob-csi-driver: + - apiVersion: v1 + appVersion: v1.24.1 + created: "2024-04-12T08:55:58.602497989Z" + description: Azure Blob Storage CSI driver + digest: 82537068e57177cf6d0697c7c942aaf496de9280fbc7b96ab326776fa4db8481 + name: blob-csi-driver + urls: + - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.24.1/blob-csi-driver-v1.24.1.tgz + version: v1.24.1 - apiVersion: v1 appVersion: v1.24.0 - created: "2024-02-22T13:38:43.33899957Z" + created: "2024-04-12T08:55:58.601837129Z" description: Azure Blob Storage CSI driver - digest: c9ecca2dde77d9557f3917513c8f5adcb861c2cfa9fe1e08f5bef056ab583efd + digest: 3b3b1a4fee786f0c9445da2f35bd1e251265cec8ee03c3cf99fe9f0bf9575e09 name: blob-csi-driver urls: - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.24.0/blob-csi-driver-v1.24.0.tgz version: v1.24.0 + - apiVersion: v1 + appVersion: v1.23.4 + created: "2024-04-12T08:55:58.601188521Z" + description: Azure Blob Storage CSI driver + digest: 20d0157476ecf0a38b2d3982587b9657b27e1603b2185709faeff73b6d671ceb + name: blob-csi-driver + urls: + - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.23.4/blob-csi-driver-v1.23.4.tgz + version: v1.23.4 - apiVersion: v1 appVersion: v1.23.3 - created: "2024-02-22T13:38:43.338374858Z" + created: "2024-04-12T08:55:58.600377379Z" description: Azure Blob Storage CSI driver - digest: 4acef5e84bcbc01fa624b73f14d1331ee14b14e52b4db018f0037fd2ada015c7 + digest: 21c8355faf362c527e40ac417b17d3c28fa041941633254358387997b9bee8a6 name: blob-csi-driver urls: - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.23.3/blob-csi-driver-v1.23.3.tgz version: v1.23.3 - apiVersion: v1 appVersion: v1.23.2 - created: "2024-02-22T13:38:43.33777157Z" + created: "2024-04-12T08:55:58.598642302Z" description: Azure Blob Storage CSI driver digest: 057d6658c5879ee7e564d59275366521dc0a2e311c0527e570eaccd544622e60 name: blob-csi-driver @@ -30,7 +48,7 @@ entries: version: v1.23.2 - apiVersion: v1 appVersion: v1.23.1 - created: "2024-02-22T13:38:43.337162249Z" + created: "2024-04-12T08:55:58.598025748Z" description: Azure Blob Storage CSI driver digest: 66215f12a4e3acdcf09416d817b737e14546058b081a2cfd8bf9ef507229ca07 name: blob-csi-driver @@ -39,16 +57,25 @@ entries: version: v1.23.1 - apiVersion: v1 appVersion: v1.23.0 - created: "2024-02-22T13:38:43.336524751Z" + created: "2024-04-12T08:55:58.597382253Z" description: Azure Blob Storage CSI driver digest: 57151e21e33660522f25694bd8ae985e5e17c7ffe09904ad2af4025e8bf1da72 name: blob-csi-driver urls: - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.23.0/blob-csi-driver-v1.23.0.tgz version: v1.23.0 + - apiVersion: v1 + appVersion: v1.22.6 + created: "2024-04-12T08:55:58.596756053Z" + description: Azure Blob Storage CSI driver + digest: 82e30775aa05e093c30884f480d505b408023dfa32944cf21ebffe9d88afb1f2 + name: blob-csi-driver + urls: + - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.22.6/blob-csi-driver-v1.22.6.tgz + version: v1.22.6 - apiVersion: v1 appVersion: v1.22.5 - created: "2024-02-22T13:38:43.335903602Z" + created: "2024-04-12T08:55:58.596140123Z" description: Azure Blob Storage CSI driver digest: ff3c2c2e05dd048dd0af3e5c7d002eae2928a5d17fb269a1e4d5cadd30e8ab51 name: blob-csi-driver @@ -57,7 +84,7 @@ entries: version: v1.22.5 - apiVersion: v1 appVersion: v1.22.4 - created: "2024-02-22T13:38:43.335229669Z" + created: "2024-04-12T08:55:58.59548611Z" description: Azure Blob Storage CSI driver digest: 6c38e79d2f50616daac0658cfa5b1a569e6ff8ce8f24ed40f563e87fb1d1340a name: blob-csi-driver @@ -66,7 +93,7 @@ entries: version: v1.22.4 - apiVersion: v1 appVersion: v1.22.3 - created: "2024-02-22T13:38:43.333709892Z" + created: "2024-04-12T08:55:58.594821407Z" description: Azure Blob Storage CSI driver digest: 6cdee296d22ecd330f477f2ca6da51b07320c546c04ae46c23eef48146b772c1 name: blob-csi-driver @@ -75,7 +102,7 @@ entries: version: v1.22.3 - apiVersion: v1 appVersion: v1.22.2 - created: "2024-02-22T13:38:43.333082873Z" + created: "2024-04-12T08:55:58.594152673Z" description: Azure Blob Storage CSI driver digest: 259e66dc12db7310fe1c51e49c964398e0a6b7d511133916dd7d25f748f0b791 name: blob-csi-driver @@ -84,7 +111,7 @@ entries: version: v1.22.2 - apiVersion: v1 appVersion: v1.22.1 - created: "2024-02-22T13:38:43.332470917Z" + created: "2024-04-12T08:55:58.592491498Z" description: Azure Blob Storage CSI driver digest: 8329d477d55c82f97bb09fb172c5f39a1677bedc13c7410bd93b306194516438 name: blob-csi-driver @@ -93,7 +120,7 @@ entries: version: v1.22.1 - apiVersion: v1 appVersion: v1.21.7 - created: "2024-02-22T13:38:43.331849146Z" + created: "2024-04-12T08:55:58.591863979Z" description: Azure Blob Storage CSI driver digest: 1095721182d611e2556c611dd330758d8130fe66493db4f9189586a9219896d3 name: blob-csi-driver @@ -102,7 +129,7 @@ entries: version: v1.21.7 - apiVersion: v1 appVersion: v1.21.6 - created: "2024-02-22T13:38:43.33123788Z" + created: "2024-04-12T08:55:58.591242134Z" description: Azure Blob Storage CSI driver digest: d5ba1f92795ec45970eb6e5fc54aa13a5684f9936216c064f8a3843bf722bf54 name: blob-csi-driver @@ -111,7 +138,7 @@ entries: version: v1.21.6 - apiVersion: v1 appVersion: v1.21.5 - created: "2024-02-22T13:38:43.330670488Z" + created: "2024-04-12T08:55:58.590628223Z" description: Azure Blob Storage CSI driver digest: b403e9d49abfe076ecd83d6dd50166347ee4305f33dc840019474b2876723b9b name: blob-csi-driver @@ -120,7 +147,7 @@ entries: version: v1.21.5 - apiVersion: v1 appVersion: v1.21.4 - created: "2024-02-22T13:38:43.330079576Z" + created: "2024-04-12T08:55:58.590049005Z" description: Azure Blob Storage CSI driver digest: e4fa13670caf6b0d3e9fefa55d100daa439cd7187dabd45318ab03c7d4b17710 name: blob-csi-driver @@ -129,7 +156,7 @@ entries: version: v1.21.4 - apiVersion: v1 appVersion: v1.20.3 - created: "2024-02-22T13:38:43.329453983Z" + created: "2024-04-12T08:55:58.589465013Z" description: Azure Blob Storage CSI driver digest: 8c2c20547b2e0e1b39d2f2efd04c1bd778f14af5feae2bda86d722dac3c02643 name: blob-csi-driver @@ -138,7 +165,7 @@ entries: version: v1.20.3 - apiVersion: v1 appVersion: v1.19.6 - created: "2024-02-22T13:38:43.32837523Z" + created: "2024-04-12T08:55:58.588813646Z" description: Azure Blob Storage CSI driver digest: 0007ef225b5658d3989aa6fdc3a91a4b33696a438eee46ad9a675af615cbdf21 name: blob-csi-driver @@ -147,7 +174,7 @@ entries: version: v1.19.6 - apiVersion: v1 appVersion: v1.19.5 - created: "2024-02-22T13:38:43.327646408Z" + created: "2024-04-12T08:55:58.588220429Z" description: Azure Blob Storage CSI driver digest: 183c3e5cd84b709f1455cc7c84ed5bd573e8a24149fd6442d38999835b0a1711 name: blob-csi-driver @@ -156,7 +183,7 @@ entries: version: v1.19.5 - apiVersion: v1 appVersion: v1.18.0 - created: "2024-02-22T13:38:43.32640302Z" + created: "2024-04-12T08:55:58.587601765Z" description: Azure Blob Storage CSI driver digest: 3eac15488da5be7d1e78431929f7cda35bceb1af3fe107ffbd84606e047c9204 name: blob-csi-driver @@ -165,7 +192,7 @@ entries: version: v1.18.0 - apiVersion: v1 appVersion: v1.17.0 - created: "2024-02-22T13:38:43.325246938Z" + created: "2024-04-12T08:55:58.586876831Z" description: Azure Blob Storage CSI driver digest: 22cfa17fc5e8d771ff8edd26729266a9a8ee55c0e150df85ef15698f7fe985e9 name: blob-csi-driver @@ -174,7 +201,7 @@ entries: version: v1.17.0 - apiVersion: v1 appVersion: v1.16.0 - created: "2024-02-22T13:38:43.32465342Z" + created: "2024-04-12T08:55:58.585341647Z" description: Azure Blob Storage CSI driver digest: bf6249c0e3e3d3d009d4c79ceb7fda9a56c0565b969de753628792ea3ea5ece8 name: blob-csi-driver @@ -183,7 +210,7 @@ entries: version: v1.16.0 - apiVersion: v1 appVersion: v1.15.0 - created: "2024-02-22T13:38:43.324067023Z" + created: "2024-04-12T08:55:58.58473786Z" description: Azure Blob Storage CSI driver digest: 8daa35cd4957695cb64b45da05a15b4020df5545a8ac44c4668dad4bba82c8a9 name: blob-csi-driver @@ -192,7 +219,7 @@ entries: version: v1.15.0 - apiVersion: v1 appVersion: v1.14.0 - created: "2024-02-22T13:38:43.323452746Z" + created: "2024-04-12T08:55:58.584123662Z" description: Azure Blob Storage CSI driver digest: 442bc579b231aab626b9e474e2c0ed3f101d47d61c99aa9a7f863af7ce268d9d name: blob-csi-driver @@ -201,7 +228,7 @@ entries: version: v1.14.0 - apiVersion: v1 appVersion: v1.13.0 - created: "2024-02-22T13:38:43.322864744Z" + created: "2024-04-12T08:55:58.58353028Z" description: Azure Blob Storage CSI driver digest: b577b0b771138109aa90eb09d56fc07273ca0b584a263ee8f789e35796279f31 name: blob-csi-driver @@ -210,7 +237,7 @@ entries: version: v1.13.0 - apiVersion: v1 appVersion: v1.12.0 - created: "2024-02-22T13:38:43.322285362Z" + created: "2024-04-12T08:55:58.582895435Z" description: Azure Blob Storage CSI driver digest: 124e87af2581b374b89a39940698620c23d3eae6dcee518d302461ffea93e9a8 name: blob-csi-driver @@ -219,7 +246,7 @@ entries: version: v1.12.0 - apiVersion: v1 appVersion: v1.11.0 - created: "2024-02-22T13:38:43.321685494Z" + created: "2024-04-12T08:55:58.58228131Z" description: Azure Blob Storage CSI driver digest: 07c4d76017491b3d0bdd70de90e814096938bf7916da0c149c3805294bd57560 name: blob-csi-driver @@ -228,119 +255,20 @@ entries: version: v1.11.0 - apiVersion: v1 appVersion: v1.10.0 - created: "2024-02-22T13:38:43.32108312Z" + created: "2024-04-12T08:55:58.58165317Z" description: Azure Blob Storage CSI driver digest: 79716efa958385adf57eb3570843e1b4512d8c801e8e070625e94264f3e917a9 name: blob-csi-driver urls: - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.10.0/blob-csi-driver-v1.10.0.tgz version: v1.10.0 - - apiVersion: v1 - appVersion: v1.9.0 - created: "2024-02-22T13:38:43.344668206Z" - description: Azure Blob Storage CSI driver - digest: fca0b9215d3277346f68c643fb3ead75158971f0d1945ab01ec559196f3cf842 - name: blob-csi-driver - urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.9.0/blob-csi-driver-v1.9.0.tgz - version: v1.9.0 - - apiVersion: v1 - appVersion: v1.8.0 - created: "2024-02-22T13:38:43.344048475Z" - description: Azure Blob Storage CSI driver - digest: 3b78e2ab4f33577c54d4f57276c824717d2ad2aa3741210e938fcaf927bc751f - name: blob-csi-driver - urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.8.0/blob-csi-driver-v1.8.0.tgz - version: v1.8.0 - - apiVersion: v1 - appVersion: v1.7.0 - created: "2024-02-22T13:38:43.343397477Z" - description: Azure Blob Storage CSI driver - digest: 28da5b55c3d2689d6da85eb7da344385e9cb99bdb2af18c24fea93670abfe7ea - name: blob-csi-driver - urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.7.0/blob-csi-driver-v1.7.0.tgz - version: v1.7.0 - - apiVersion: v1 - appVersion: v1.6.0 - created: "2024-02-22T13:38:43.342587905Z" - description: Azure Blob Storage CSI driver - digest: 6f24f2e6623f6f8862e47d4fbdf13b5f351ceec6bb9a4591ef7fc2fca9fc1eef - name: blob-csi-driver - urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.6.0/blob-csi-driver-v1.6.0.tgz - version: v1.6.0 - - apiVersion: v1 - appVersion: v1.5.0 - created: "2024-02-22T13:38:43.34103753Z" - description: Azure Blob Storage CSI driver - digest: 95d14c9b70b319760d388ea47727c8c97e9287867a8852aeb67b7175b52fe8f5 - name: blob-csi-driver - urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.5.0/blob-csi-driver-v1.5.0.tgz - version: v1.5.0 - - apiVersion: v1 - appVersion: v1.4.1 - created: "2024-02-22T13:38:43.340523852Z" - description: Azure Blob Storage CSI driver - digest: 5fcf69c449f065fa1d5722e5a7fed8a28000efa790907e9ff4b552c5fbd16d22 - name: blob-csi-driver - urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.4.1/blob-csi-driver-v1.4.1.tgz - version: v1.4.1 - - apiVersion: v1 - appVersion: v1.4.0 - created: "2024-02-22T13:38:43.340000695Z" - description: Azure Blob Storage CSI driver - digest: b466543344a6411f6130ba87b093955d39ab8614c6b4ed8505a0a0c96073cb33 - name: blob-csi-driver - urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.4.0/blob-csi-driver-v1.4.0.tgz - version: v1.4.0 - - apiVersion: v1 - appVersion: v1.3.0 - created: "2024-02-22T13:38:43.339467398Z" - description: Azure Blob Storage CSI driver - digest: 58d02cb70a3a966b349d62e880b7149fb06ac009474e35e580784fd3c98a5b07 - name: blob-csi-driver - urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.3.0/blob-csi-driver-v1.3.0.tgz - version: v1.3.0 - - apiVersion: v1 - appVersion: v1.2.0 - created: "2024-02-22T13:38:43.328869209Z" - description: Azure Blob Storage CSI driver - digest: 27fb89f20b5fddc7329e6d7c2374857b22c1d61592e397a53f47121eea68c344 - name: blob-csi-driver - urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.2.0/blob-csi-driver-v1.2.0.tgz - version: v1.2.0 - - apiVersion: v1 - appVersion: v1.1.0 - created: "2024-02-22T13:38:43.320462033Z" - description: Azure Blob Storage CSI driver - digest: a251a55243de207c69ef53f72abee45e93b72fa4fc43dc204b7f1cdfd459acdb - name: blob-csi-driver - urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.1.0/blob-csi-driver-v1.1.0.tgz - version: v1.1.0 - - apiVersion: v1 - appVersion: v1.0.0 - created: "2024-02-22T13:38:43.32000298Z" - description: Azure Blob Storage CSI driver - digest: e83f037a165eafc83a978bd7e6bf6221b052ac34363aecb12e6a73607dc58b89 - name: blob-csi-driver - urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.0.0/blob-csi-driver-v1.0.0.tgz - version: v1.0.0 - apiVersion: v1 appVersion: latest - created: "2024-02-22T13:38:43.319662364Z" + created: "2024-04-12T08:55:58.580991358Z" description: Azure Blob Storage CSI driver - digest: a8a337da1fb52e80e8bf9e7cd1d6da9179de91c7577a50822547e476324efdfe + digest: c124c5652331e6b3e47e600740a65aa86b1cd31a899a586dec4002c59d51268e name: blob-csi-driver urls: - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/latest/blob-csi-driver-v0.0.0.tgz version: v0.0.0 -generated: "2024-02-22T13:38:43.318844561Z" +generated: "2024-04-12T08:55:58.580173888Z" diff --git a/charts/v1.0.0/blob-csi-driver-v1.0.0.tgz b/charts/v1.0.0/blob-csi-driver-v1.0.0.tgz deleted file mode 100644 index 56880b886..000000000 Binary files a/charts/v1.0.0/blob-csi-driver-v1.0.0.tgz and /dev/null differ diff --git a/charts/v1.0.0/blob-csi-driver/templates/_helpers.tpl b/charts/v1.0.0/blob-csi-driver/templates/_helpers.tpl deleted file mode 100755 index 0c1d51c25..000000000 --- a/charts/v1.0.0/blob-csi-driver/templates/_helpers.tpl +++ /dev/null @@ -1,21 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* labels for helm resources */}} -{{- define "blob.labels" -}} -labels: - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" - revision: "{{ .Release.Revision }}" - chart: "{{ .Chart.Name }}" - chartVersion: "{{ .Chart.Version }}" -{{- end -}} - -{{/* pull secrets for containers */}} -{{- define "blob.pullSecrets" -}} -{{- if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/v1.0.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v1.0.0/blob-csi-driver/templates/csi-blob-controller.yaml deleted file mode 100755 index 8a9f75b3e..000000000 --- a/charts/v1.0.0/blob-csi-driver/templates/csi-blob-controller.yaml +++ /dev/null @@ -1,164 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-blob-controller - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - replicas: {{ .Values.controller.replicas }} - selector: - matchLabels: - app: csi-blob-controller - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: csi-blob-controller - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: true - serviceAccountName: csi-blob-controller-sa - nodeSelector: - kubernetes.io/os: linux - {{- if .Values.controller.runOnMaster}} - kubernetes.io/role: master - {{- end}} - priorityClassName: system-cluster-critical - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Equal" - value: "true" - effect: "NoSchedule" - containers: - - name: csi-provisioner - image: {{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }} - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--enable-leader-election" - - "--leader-election-type=leases" - - "--timeout=60s" - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: liveness-probe - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29632 - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - args: - - "--v={{ .Values.controller.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}" - ports: - - containerPort: 29632 - name: healthz - protocol: TCP - - containerPort: {{ .Values.controller.metricsPort }} - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - - name: csi-resizer - image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} diff --git a/charts/v1.0.0/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v1.0.0/blob-csi-driver/templates/csi-blob-driver.yaml deleted file mode 100755 index 8162afbfb..000000000 --- a/charts/v1.0.0/blob-csi-driver/templates/csi-blob-driver.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1beta1 -kind: CSIDriver -metadata: - name: blob.csi.azure.com -spec: - attachRequired: false - podInfoOnMount: true diff --git a/charts/v1.0.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v1.0.0/blob-csi-driver/templates/csi-blob-node.yaml deleted file mode 100755 index 14762e7bf..000000000 --- a/charts/v1.0.0/blob-csi-driver/templates/csi-blob-node.yaml +++ /dev/null @@ -1,178 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-blob-node - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - selector: - matchLabels: - app: csi-blob-node - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: csi-blob-node - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: csi-blob-node-sa - nodeSelector: - kubernetes.io/os: linux - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - priorityClassName: system-node-critical - tolerations: - - operator: "Exists" - containers: - - name: liveness-probe - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29633 - - --v=2 - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: node-driver-registrar - image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ .Values.kubelet.linuxPath }}/plugins/blob.csi.azure.com/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - args: - - "--v={{ .Values.node.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP - - containerPort: {{ .Values.node.metricsPort }} - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: {{ .Values.kubelet.linuxPath }}/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - resources: - limits: - cpu: 2 - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - hostPath: - path: {{ .Values.kubelet.linuxPath }}/plugins/blob.csi.azure.com - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: {{ .Values.kubelet.linuxPath }}/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: {{ .Values.kubelet.linuxPath }}/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: /mnt - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} diff --git a/charts/v1.0.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v1.0.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml deleted file mode 100755 index 964698b6a..000000000 --- a/charts/v1.0.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,192 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-provisioner-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-provisioner-binding - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: blob-external-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-resizer-role - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-resizer-role - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: blob-external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-attacher-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-snapshotter-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-snapshotter-binding - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: blob-external-snapshotter-role - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{ .Release.Namespace }} - name: csi-blob-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-binding - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-blob-controller-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.0.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v1.0.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml deleted file mode 100755 index 49d0f4e4d..000000000 --- a/charts/v1.0.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if .Values.rbac.create -}} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{ .Release.Namespace }} - name: csi-blob-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-binding - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: csi-blob-node-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-blob-node-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.0.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.0.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml deleted file mode 100755 index 33266b1c3..000000000 --- a/charts/v1.0.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.0.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.0.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml deleted file mode 100755 index 4ca48c523..000000000 --- a/charts/v1.0.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-node-sa - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.0.0/blob-csi-driver/values.yaml b/charts/v1.0.0/blob-csi-driver/values.yaml deleted file mode 100755 index 7803188ba..000000000 --- a/charts/v1.0.0/blob-csi-driver/values.yaml +++ /dev/null @@ -1,47 +0,0 @@ -image: - blob: - repository: mcr.microsoft.com/k8s/csi/blob-csi - tag: v1.0.0 - pullPolicy: IfNotPresent - csiProvisioner: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner - tag: v1.4.0 - pullPolicy: IfNotPresent - livenessProbe: - repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe - tag: v2.2.0 - pullPolicy: IfNotPresent - nodeDriverRegistrar: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar - tag: v2.0.1 - pullPolicy: IfNotPresent - csiResizer: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer - tag: v1.1.0 - pullPolicy: IfNotPresent - -## Reference to one or more secrets to be used when pulling images -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# - name: myRegistryKeySecretName - -serviceAccount: - create: true - -rbac: - create: true - -controller: - metricsPort: 29634 - replicas: 2 - runOnMaster: false - logLevel: 5 - -node: - metricsPort: 29635 - logLevel: 5 - -kubelet: - linuxPath: /var/lib/kubelet - -cloud: AzurePublicCloud diff --git a/charts/v1.1.0/blob-csi-driver-v1.1.0.tgz b/charts/v1.1.0/blob-csi-driver-v1.1.0.tgz deleted file mode 100644 index 5b516b71f..000000000 Binary files a/charts/v1.1.0/blob-csi-driver-v1.1.0.tgz and /dev/null differ diff --git a/charts/v1.1.0/blob-csi-driver/Chart.yaml b/charts/v1.1.0/blob-csi-driver/Chart.yaml deleted file mode 100755 index 546e6e948..000000000 --- a/charts/v1.1.0/blob-csi-driver/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: v1.1.0 -description: Azure Blob Storage CSI driver -name: blob-csi-driver -version: v1.1.0 diff --git a/charts/v1.1.0/blob-csi-driver/templates/_helpers.tpl b/charts/v1.1.0/blob-csi-driver/templates/_helpers.tpl deleted file mode 100755 index 5231cd26f..000000000 --- a/charts/v1.1.0/blob-csi-driver/templates/_helpers.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* Expand the name of the chart.*/}} -{{- define "blob.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* labels for helm resources */}} -{{- define "blob.labels" -}} -labels: - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/name: "{{ template "blob.name" . }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- end -}} - -{{/* pull secrets for containers */}} -{{- define "blob.pullSecrets" -}} -{{- if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/v1.1.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v1.1.0/blob-csi-driver/templates/csi-blob-controller.yaml deleted file mode 100755 index 2cac74042..000000000 --- a/charts/v1.1.0/blob-csi-driver/templates/csi-blob-controller.yaml +++ /dev/null @@ -1,163 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-blob-controller - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - replicas: {{ .Values.controller.replicas }} - selector: - matchLabels: - app: csi-blob-controller - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: csi-blob-controller - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- with .Values.controller.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: true - serviceAccountName: csi-blob-controller-sa - nodeSelector: - kubernetes.io/os: linux - {{- if .Values.controller.runOnMaster}} - kubernetes.io/role: master - {{- end}} -{{- with .Values.controller.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Equal" - value: "true" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Equal" - value: "true" - effect: "NoSchedule" -{{- with .Values.controller.tolerations }} -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: csi-provisioner - image: {{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }} - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} - - name: liveness-probe - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29632 - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} - - name: blob - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - args: - - "--v={{ .Values.controller.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}" - ports: - - containerPort: 29632 - name: healthz - protocol: TCP - - containerPort: {{ .Values.controller.metricsPort }} - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - resources: {{- toYaml .Values.controller.resources.blob | nindent 12 }} - - name: csi-resizer - image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.1.0/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v1.1.0/blob-csi-driver/templates/csi-blob-driver.yaml deleted file mode 100755 index 8162afbfb..000000000 --- a/charts/v1.1.0/blob-csi-driver/templates/csi-blob-driver.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1beta1 -kind: CSIDriver -metadata: - name: blob.csi.azure.com -spec: - attachRequired: false - podInfoOnMount: true diff --git a/charts/v1.1.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v1.1.0/blob-csi-driver/templates/csi-blob-node.yaml deleted file mode 100755 index ea40f89de..000000000 --- a/charts/v1.1.0/blob-csi-driver/templates/csi-blob-node.yaml +++ /dev/null @@ -1,183 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-blob-node - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - selector: - matchLabels: - app: csi-blob-node - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: csi-blob-node - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: csi-blob-node-sa - nodeSelector: - kubernetes.io/os: linux -{{- with .Values.node.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - {{- if .Values.node.affinity }} -{{- toYaml .Values.node.affinity | nindent 8 }} - {{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} - tolerations: - - operator: "Exists" - {{- if .Values.node.tolerations }} -{{- toYaml .Values.node.tolerations | nindent 8 }} - {{- end }} - containers: - - name: liveness-probe - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29633 - - --v=2 - resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} - - name: node-driver-registrar - image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ .Values.kubelet.linuxPath }}/plugins/blob.csi.azure.com/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }} - - name: blob - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - args: - - "--v={{ .Values.node.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP - - containerPort: {{ .Values.node.metricsPort }} - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: {{ .Values.kubelet.linuxPath }}/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - resources: {{- toYaml .Values.node.resources.blob | nindent 12 }} - volumes: - - hostPath: - path: {{ .Values.kubelet.linuxPath }}/plugins/blob.csi.azure.com - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: {{ .Values.kubelet.linuxPath }}/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: {{ .Values.kubelet.linuxPath }}/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: {{ .Values.kubelet.BlobCachePath }} - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.1.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v1.1.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml deleted file mode 100755 index 6a4b62066..000000000 --- a/charts/v1.1.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,186 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-provisioner-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-provisioner-binding -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: blob-external-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-resizer-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-resizer-role -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: blob-external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-attacher-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-snapshotter-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-snapshotter-binding -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: blob-external-snapshotter-role - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-blob-controller-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.1.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v1.1.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml deleted file mode 100755 index 3e8a8504d..000000000 --- a/charts/v1.1.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.rbac.create -}} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{ .Release.Namespace }} - name: csi-blob-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-node-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-blob-node-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml deleted file mode 100755 index 33266b1c3..000000000 --- a/charts/v1.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml deleted file mode 100755 index 4ca48c523..000000000 --- a/charts/v1.1.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-node-sa - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.1.0/blob-csi-driver/values.yaml b/charts/v1.1.0/blob-csi-driver/values.yaml deleted file mode 100755 index e4f74696f..000000000 --- a/charts/v1.1.0/blob-csi-driver/values.yaml +++ /dev/null @@ -1,117 +0,0 @@ -image: - blob: - repository: mcr.microsoft.com/k8s/csi/blob-csi - tag: v1.1.0 - pullPolicy: IfNotPresent - csiProvisioner: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner - tag: v2.1.0 - pullPolicy: IfNotPresent - livenessProbe: - repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe - tag: v2.2.0 - pullPolicy: IfNotPresent - nodeDriverRegistrar: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar - tag: v2.1.0 - pullPolicy: IfNotPresent - csiResizer: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer - tag: v1.1.0 - pullPolicy: IfNotPresent - -## Reference to one or more secrets to be used when pulling images -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# - name: myRegistryKeySecretName - -serviceAccount: - create: true - -rbac: - create: true - -controller: - metricsPort: 29634 - replicas: 2 - runOnMaster: false - logLevel: 5 - resources: - csiProvisioner: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - csiResizer: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: [] - -node: - metricsPort: 29635 - logLevel: 5 - enableBlobfuseProxy: false - resources: - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - nodeDriverRegistrar: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: "2" - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: [] -kubelet: - linuxPath: /var/lib/kubelet - BlobCachePath: /mnt - -cloud: AzurePublicCloud - -## Collection of annotations to add to all the pods -podAnnotations: {} -## Collection of labels to add to all the pods -podLabels: {} -## Leverage a PriorityClass to ensure your pods survive resource shortages -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -priorityClassName: system-cluster-critical -## Security context give the opportunity to run container as nonroot by setting a securityContext -## by example : -## securityContext: { runAsUser: 1001 } -securityContext: {} diff --git a/charts/v1.2.0/blob-csi-driver-v1.2.0.tgz b/charts/v1.2.0/blob-csi-driver-v1.2.0.tgz deleted file mode 100644 index 0d03a7f7a..000000000 Binary files a/charts/v1.2.0/blob-csi-driver-v1.2.0.tgz and /dev/null differ diff --git a/charts/v1.2.0/blob-csi-driver/templates/_helpers.tpl b/charts/v1.2.0/blob-csi-driver/templates/_helpers.tpl deleted file mode 100755 index 5231cd26f..000000000 --- a/charts/v1.2.0/blob-csi-driver/templates/_helpers.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* Expand the name of the chart.*/}} -{{- define "blob.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* labels for helm resources */}} -{{- define "blob.labels" -}} -labels: - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/name: "{{ template "blob.name" . }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- end -}} - -{{/* pull secrets for containers */}} -{{- define "blob.pullSecrets" -}} -{{- if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/v1.2.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v1.2.0/blob-csi-driver/templates/csi-blob-controller.yaml deleted file mode 100755 index 25dd949aa..000000000 --- a/charts/v1.2.0/blob-csi-driver/templates/csi-blob-controller.yaml +++ /dev/null @@ -1,180 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-blob-controller - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - replicas: {{ .Values.controller.replicas }} - selector: - matchLabels: - app: csi-blob-controller - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: csi-blob-controller - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- with .Values.controller.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: true - serviceAccountName: csi-blob-controller-sa - nodeSelector: - kubernetes.io/os: linux - {{- if .Values.controller.runOnMaster}} - kubernetes.io/role: master - {{- end}} -{{- with .Values.controller.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Equal" - value: "true" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Equal" - value: "true" - effect: "NoSchedule" -{{- with .Values.controller.tolerations }} -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: csi-provisioner - image: {{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }} - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - - "--extra-create-metadata=true" - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} - - name: liveness-probe - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29632 - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} - - name: blob - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - args: - - "--v={{ .Values.controller.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}" - ports: - - containerPort: 29632 - name: healthz - protocol: TCP - - containerPort: {{ .Values.controller.metricsPort }} - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - {{- end }} - resources: {{- toYaml .Values.controller.resources.blob | nindent 12 }} - - name: csi-resizer - image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.2.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v1.2.0/blob-csi-driver/templates/csi-blob-node.yaml deleted file mode 100755 index b20b36461..000000000 --- a/charts/v1.2.0/blob-csi-driver/templates/csi-blob-node.yaml +++ /dev/null @@ -1,199 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-blob-node - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - selector: - matchLabels: - app: csi-blob-node - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: csi-blob-node - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: csi-blob-node-sa - nodeSelector: - kubernetes.io/os: linux -{{- with .Values.node.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - {{- if .Values.node.affinity }} -{{- toYaml .Values.node.affinity | nindent 8 }} - {{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} - tolerations: - - operator: "Exists" - {{- if .Values.node.tolerations }} -{{- toYaml .Values.node.tolerations | nindent 8 }} - {{- end }} - containers: - - name: liveness-probe - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port={{ .Values.node.livenessProbe.healthPort }} - - --v=2 - resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} - - name: node-driver-registrar - image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ .Values.linux.kubelet }}/plugins/blob.csi.azure.com/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }} - - name: blob - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - args: - - "--v={{ .Values.node.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP - - containerPort: {{ .Values.node.metricsPort }} - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: {{ .Values.linux.kubelet }}/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - {{- end }} - resources: {{- toYaml .Values.node.resources.blob | nindent 12 }} - volumes: - - hostPath: - path: {{ .Values.linux.kubelet }}/plugins/blob.csi.azure.com - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: {{ .Values.linux.kubelet }}/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: {{ .Values.linux.kubelet }}/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: {{ .Values.node.blobfuseCachePath }} - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.2.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v1.2.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml deleted file mode 100755 index c453e1dcd..000000000 --- a/charts/v1.2.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-provisioner-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-provisioner-binding -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: blob-external-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-resizer-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-resizer-role -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: blob-external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-blob-controller-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.2.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v1.2.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml deleted file mode 100755 index aa24d7089..000000000 --- a/charts/v1.2.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.rbac.create -}} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-node-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-blob-node-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml deleted file mode 100755 index 33266b1c3..000000000 --- a/charts/v1.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml deleted file mode 100755 index 4ca48c523..000000000 --- a/charts/v1.2.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-node-sa - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.2.0/blob-csi-driver/values.yaml b/charts/v1.2.0/blob-csi-driver/values.yaml deleted file mode 100755 index 154d5c02a..000000000 --- a/charts/v1.2.0/blob-csi-driver/values.yaml +++ /dev/null @@ -1,121 +0,0 @@ -image: - blob: - repository: mcr.microsoft.com/k8s/csi/blob-csi - tag: v1.2.0 - pullPolicy: IfNotPresent - csiProvisioner: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner - tag: v2.1.0 - pullPolicy: IfNotPresent - livenessProbe: - repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe - tag: v2.3.0 - pullPolicy: IfNotPresent - nodeDriverRegistrar: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar - tag: v2.2.0 - pullPolicy: IfNotPresent - csiResizer: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer - tag: v1.1.0 - pullPolicy: IfNotPresent - -## Reference to one or more secrets to be used when pulling images -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# - name: myRegistryKeySecretName - -serviceAccount: - create: true - -rbac: - create: true - -controller: - metricsPort: 29634 - replicas: 2 - runOnMaster: false - logLevel: 5 - resources: - csiProvisioner: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - csiResizer: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: [] - -node: - metricsPort: 29635 - logLevel: 5 - enableBlobfuseProxy: false - blobfuseCachePath: /mnt - resources: - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - nodeDriverRegistrar: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: "2" - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: [] - livenessProbe: - healthPort: 29633 - -linux: - kubelet: /var/lib/kubelet - distro: debian - -cloud: AzurePublicCloud - -## Collection of annotations to add to all the pods -podAnnotations: {} -## Collection of labels to add to all the pods -podLabels: {} -## Leverage a PriorityClass to ensure your pods survive resource shortages -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -priorityClassName: system-cluster-critical -## Security context give the opportunity to run container as nonroot by setting a securityContext -## by example : -## securityContext: { runAsUser: 1001 } -securityContext: {} diff --git a/charts/v1.22.6/blob-csi-driver-v1.22.6.tgz b/charts/v1.22.6/blob-csi-driver-v1.22.6.tgz new file mode 100644 index 000000000..a5c9a50a4 Binary files /dev/null and b/charts/v1.22.6/blob-csi-driver-v1.22.6.tgz differ diff --git a/charts/v1.2.0/blob-csi-driver/Chart.yaml b/charts/v1.22.6/blob-csi-driver/Chart.yaml old mode 100755 new mode 100644 similarity index 68% rename from charts/v1.2.0/blob-csi-driver/Chart.yaml rename to charts/v1.22.6/blob-csi-driver/Chart.yaml index 7b6e49f93..d9497df4b --- a/charts/v1.2.0/blob-csi-driver/Chart.yaml +++ b/charts/v1.22.6/blob-csi-driver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v1.2.0 +appVersion: v1.22.6 description: Azure Blob Storage CSI driver name: blob-csi-driver -version: v1.2.0 +version: v1.22.6 diff --git a/charts/v1.0.0/blob-csi-driver/templates/NOTES.txt b/charts/v1.22.6/blob-csi-driver/templates/NOTES.txt old mode 100755 new mode 100644 similarity index 100% rename from charts/v1.0.0/blob-csi-driver/templates/NOTES.txt rename to charts/v1.22.6/blob-csi-driver/templates/NOTES.txt diff --git a/charts/v1.7.0/blob-csi-driver/templates/_helpers.tpl b/charts/v1.22.6/blob-csi-driver/templates/_helpers.tpl similarity index 100% rename from charts/v1.7.0/blob-csi-driver/templates/_helpers.tpl rename to charts/v1.22.6/blob-csi-driver/templates/_helpers.tpl diff --git a/charts/v1.9.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v1.22.6/blob-csi-driver/templates/csi-blob-controller.yaml similarity index 88% rename from charts/v1.9.0/blob-csi-driver/templates/csi-blob-controller.yaml rename to charts/v1.22.6/blob-csi-driver/templates/csi-blob-controller.yaml index 406ae9834..6f1c552ae 100644 --- a/charts/v1.9.0/blob-csi-driver/templates/csi-blob-controller.yaml +++ b/charts/v1.22.6/blob-csi-driver/templates/csi-blob-controller.yaml @@ -17,6 +17,9 @@ spec: labels: app: {{ .Values.controller.name }} {{- include "blob.labels" . | nindent 8 }} + {{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + {{- end }} {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} @@ -38,12 +41,18 @@ spec: nodeSelector: kubernetes.io/os: linux {{- if .Values.controller.runOnMaster}} - kubernetes.io/role: master + node-role.kubernetes.io/master: "" + {{- end}} + {{- if .Values.controller.runOnControlPlane}} + node-role.kubernetes.io/control-plane: "" {{- end}} {{- with .Values.controller.nodeSelector }} {{ toYaml . | indent 8 }} {{- end }} priorityClassName: {{ .Values.priorityClassName | quote }} + securityContext: + seccompProfile: + type: RuntimeDefault {{- with .Values.controller.tolerations }} tolerations: {{ toYaml . | indent 8 }} @@ -59,8 +68,11 @@ spec: - "-v=2" - "--csi-address=$(ADDRESS)" - "--leader-election" + - "--leader-election-namespace={{ .Release.Namespace }}" - "--timeout=120s" - "--extra-create-metadata=true" + - "--kube-api-qps=50" + - "--kube-api-burst=100" env: - name: ADDRESS value: /csi/csi.sock @@ -124,6 +136,16 @@ spec: optional: true - name: CSI_ENDPOINT value: unix:///csi/csi.sock + {{- if ne .Values.driver.httpsProxy "" }} + - name: HTTPS_PROXY + value: {{ .Values.driver.httpsProxy }} + {{- end }} + {{- if ne .Values.driver.httpProxy "" }} + - name: HTTP_PROXY + value: {{ .Values.driver.httpProxy }} + {{- end }} + - name: AZURE_GO_SDK_LOG_LEVEL + value: {{ .Values.driver.azureGoSDKLogLevel }} {{- if eq .Values.cloud "AzureStackCloud" }} - name: AZURE_ENVIRONMENT_FILEPATH value: /etc/kubernetes/azurestackcloud.json @@ -158,6 +180,7 @@ spec: - "-csi-address=$(ADDRESS)" - "-v=2" - "-leader-election" + - "--leader-election-namespace={{ .Release.Namespace }}" - '-handle-volume-inuse-error=false' env: - name: ADDRESS diff --git a/charts/v1.7.0/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v1.22.6/blob-csi-driver/templates/csi-blob-driver.yaml similarity index 76% rename from charts/v1.7.0/blob-csi-driver/templates/csi-blob-driver.yaml rename to charts/v1.22.6/blob-csi-driver/templates/csi-blob-driver.yaml index 891826a62..9a6aea64a 100644 --- a/charts/v1.7.0/blob-csi-driver/templates/csi-blob-driver.yaml +++ b/charts/v1.22.6/blob-csi-driver/templates/csi-blob-driver.yaml @@ -8,9 +8,7 @@ metadata: spec: attachRequired: false podInfoOnMount: true - {{- if .Values.feature.enableFSGroupPolicy}} - fsGroupPolicy: File - {{- end}} + fsGroupPolicy: {{ .Values.feature.fsGroupPolicy }} volumeLifecycleModes: - Persistent - Ephemeral diff --git a/charts/v1.8.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v1.22.6/blob-csi-driver/templates/csi-blob-node.yaml similarity index 67% rename from charts/v1.8.0/blob-csi-driver/templates/csi-blob-node.yaml rename to charts/v1.22.6/blob-csi-driver/templates/csi-blob-node.yaml index d265db038..9fb01f844 100644 --- a/charts/v1.8.0/blob-csi-driver/templates/csi-blob-node.yaml +++ b/charts/v1.22.6/blob-csi-driver/templates/csi-blob-node.yaml @@ -20,6 +20,9 @@ spec: labels: app: {{ .Values.node.name }} {{- include "blob.labels" . | nindent 8 }} + {{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + {{- end }} {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} @@ -31,6 +34,9 @@ spec: {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if or .Values.node.enableBlobfuseProxy .Values.node.enableAznfsMount }} + hostPID: true {{- end }} hostNetwork: true dnsPolicy: Default @@ -53,9 +59,48 @@ spec: {{- toYaml .Values.node.affinity | nindent 8 }} {{- end }} priorityClassName: {{ .Values.priorityClassName | quote }} + securityContext: + seccompProfile: + type: RuntimeDefault {{- with .Values.node.tolerations }} tolerations: {{ toYaml . | indent 8 }} +{{- end }} +{{- if .Values.node.enableBlobfuseProxy }} + initContainers: + - name: install-blobfuse-proxy +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + imagePullPolicy: IfNotPresent + command: + - "/blobfuse-proxy/init.sh" + securityContext: + privileged: true + env: + - name: DEBIAN_FRONTEND + value: "noninteractive" + - name: INSTALL_BLOBFUSE + value: "{{ .Values.node.blobfuseProxy.installBlobfuse }}" + - name: BLOBFUSE_VERSION + value: "{{ .Values.node.blobfuseProxy.blobfuseVersion }}" + - name: INSTALL_BLOBFUSE2 + value: "{{ .Values.node.blobfuseProxy.installBlobfuse2 }}" + - name: BLOBFUSE2_VERSION + value: "{{ .Values.node.blobfuseProxy.blobfuse2Version }}" + - name: SET_MAX_OPEN_FILE_NUM + value: "{{ .Values.node.blobfuseProxy.setMaxOpenFileNum }}" + - name: MAX_FILE_NUM + value: "{{ .Values.node.blobfuseProxy.maxOpenFileNum }}" + - name: DISABLE_UPDATEDB + value: "{{ .Values.node.blobfuseProxy.disableUpdateDB }}" + volumeMounts: + - name: host-usr + mountPath: /host/usr + - name: host-etc + mountPath: /host/etc {{- end }} containers: - name: liveness-probe @@ -115,7 +160,6 @@ spec: - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}" - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" - "--drivername={{ .Values.driver.name }}" - "--cloud-config-secret-name={{ .Values.node.cloudConfigSecretName }}" - "--cloud-config-secret-namespace={{ .Values.node.cloudConfigSecretNamespace }}" @@ -125,6 +169,8 @@ spec: - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}" - "--append-timestamp-cache-dir={{ .Values.node.appendTimeStampInCacheDir }}" - "--mount-permissions={{ .Values.node.mountPermissions }}" + - "--allow-inline-volume-key-access-with-idenitity={{ .Values.node.allowInlineVolumeKeyAccessWithIdentity }}" + - "--enable-aznfs-mount={{ .Values.node.enableAznfsMount }}" ports: - containerPort: {{ .Values.node.livenessProbe.healthPort }} name: healthz @@ -148,11 +194,21 @@ spec: value: unix:///csi/csi.sock - name: BLOBFUSE_PROXY_ENDPOINT value: unix:///csi/blobfuse-proxy.sock + {{- if ne .Values.driver.httpsProxy "" }} + - name: HTTPS_PROXY + value: {{ .Values.driver.httpsProxy }} + {{- end }} + {{- if ne .Values.driver.httpProxy "" }} + - name: HTTP_PROXY + value: {{ .Values.driver.httpProxy }} + {{- end }} - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName + - name: AZURE_GO_SDK_LOG_LEVEL + value: {{ .Values.driver.azureGoSDKLogLevel }} {{- if eq .Values.cloud "AzureStackCloud" }} - name: AZURE_ENVIRONMENT_FILEPATH value: /etc/kubernetes/azurestackcloud.json @@ -183,8 +239,43 @@ spec: mountPath: /etc/pki/ca-trust/extracted readOnly: true {{- end }} + {{- if .Values.node.enableAznfsMount }} + - mountPath: /opt/microsoft/aznfs/data + name: aznfs-data + - mountPath: /lib/modules + name: lib-modules + readOnly: true + {{- end }} resources: {{- toYaml .Values.node.resources.blob | nindent 12 }} +{{- if .Values.node.enableAznfsMount }} + - name: aznfswatchdog +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + command: + - "aznfswatchdog" + imagePullPolicy: {{ .Values.image.blob.pullPolicy }} + securityContext: + privileged: true + resources: {{- toYaml .Values.node.resources.aznfswatchdog | nindent 12 }} + volumeMounts: + - mountPath: /opt/microsoft/aznfs/data + name: aznfs-data + - mountPath: {{ .Values.linux.kubelet }}/ + mountPropagation: Bidirectional + name: mountpoint-dir +{{- end }} volumes: +{{- if .Values.node.enableBlobfuseProxy }} + - name: host-usr + hostPath: + path: /usr + - name: host-etc + hostPath: + path: /etc +{{- end }} - hostPath: path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }} type: DirectoryOrCreate @@ -217,6 +308,16 @@ spec: hostPath: path: /etc/pki/ca-trust/extracted {{- end }} + {{- if .Values.node.enableAznfsMount }} + - hostPath: + path: /opt/microsoft/aznfs/data + type: DirectoryOrCreate + name: aznfs-data + - name: lib-modules + hostPath: + path: /lib/modules + type: DirectoryOrCreate + {{- end }} {{- if .Values.securityContext }} securityContext: {{- toYaml .Values.securityContext | nindent 8 }} {{- end }} diff --git a/charts/v1.7.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v1.22.6/blob-csi-driver/templates/rbac-csi-blob-controller.yaml similarity index 98% rename from charts/v1.7.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml rename to charts/v1.22.6/blob-csi-driver/templates/rbac-csi-blob-controller.yaml index 39619c932..833dcc640 100644 --- a/charts/v1.7.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml +++ b/charts/v1.22.6/blob-csi-driver/templates/rbac-csi-blob-controller.yaml @@ -95,7 +95,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "list", "create"] + verbs: ["get", "create"] --- kind: ClusterRoleBinding diff --git a/charts/v1.7.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v1.22.6/blob-csi-driver/templates/rbac-csi-blob-node.yaml similarity index 96% rename from charts/v1.7.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml rename to charts/v1.22.6/blob-csi-driver/templates/rbac-csi-blob-node.yaml index d269aea3d..c041cf8db 100644 --- a/charts/v1.7.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml +++ b/charts/v1.22.6/blob-csi-driver/templates/rbac-csi-blob-node.yaml @@ -9,7 +9,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "list"] + verbs: ["get"] --- kind: ClusterRoleBinding diff --git a/charts/v1.22.6/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.22.6/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml new file mode 100644 index 000000000..7433bccf1 --- /dev/null +++ b/charts/v1.22.6/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.controller }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "blob.labels" . | nindent 4 }} +{{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + annotations: + azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }} +{{- if .Values.workloadIdentity.tenantID }} + azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/v1.22.6/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.22.6/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml new file mode 100644 index 000000000..a25090e30 --- /dev/null +++ b/charts/v1.22.6/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.node }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "blob.labels" . | nindent 4 }} +{{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + annotations: + azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }} +{{- if .Values.workloadIdentity.tenantID }} + azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/v1.8.0/blob-csi-driver/values.yaml b/charts/v1.22.6/blob-csi-driver/values.yaml similarity index 80% rename from charts/v1.8.0/blob-csi-driver/values.yaml rename to charts/v1.22.6/blob-csi-driver/values.yaml index 35ca88248..a0120cf31 100644 --- a/charts/v1.8.0/blob-csi-driver/values.yaml +++ b/charts/v1.22.6/blob-csi-driver/values.yaml @@ -1,24 +1,24 @@ image: baseRepo: mcr.microsoft.com blob: - repository: /k8s/csi/blob-csi - tag: v1.8.0 + repository: /oss/kubernetes-csi/blob-csi + tag: v1.22.6 pullPolicy: IfNotPresent csiProvisioner: repository: /oss/kubernetes-csi/csi-provisioner - tag: v2.2.2 + tag: v3.5.0 pullPolicy: IfNotPresent livenessProbe: repository: /oss/kubernetes-csi/livenessprobe - tag: v2.5.0 + tag: v2.10.0 pullPolicy: IfNotPresent nodeDriverRegistrar: repository: /oss/kubernetes-csi/csi-node-driver-registrar - tag: v2.4.0 + tag: v2.8.0 pullPolicy: IfNotPresent csiResizer: repository: /oss/kubernetes-csi/csi-resizer - tag: v1.3.0 + tag: v1.8.0 pullPolicy: IfNotPresent cloud: AzurePublicCloud @@ -64,6 +64,7 @@ controller: healthPort: 29632 replicas: 2 runOnMaster: false + runOnControlPlane: false logLevel: 5 resources: csiProvisioner: @@ -99,21 +100,26 @@ controller: - key: "node-role.kubernetes.io/controlplane" operator: "Exists" effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" node: name: csi-blob-node cloudConfigSecretName: azure-cloud-provider cloudConfigSecretNamespace: kube-system allowEmptyCloudConfig: true + allowInlineVolumeKeyAccessWithIdentity: false maxUnavailable: 1 - metricsPort: 29635 livenessProbe: healthPort: 29633 logLevel: 5 enableBlobfuseProxy: false blobfuseProxy: installBlobfuse: true - blobfuseVersion: 1.4.2 + blobfuseVersion: "1.4.5" + installBlobfuse2: true + blobfuse2Version: "2.0.5" setMaxOpenFileNum: true maxOpenFileNum: "9000000" disableUpdateDB: true @@ -139,22 +145,36 @@ node: requests: cpu: 10m memory: 20Mi + aznfswatchdog: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi affinity: {} nodeSelector: {} tolerations: - operator: "Exists" - livenessProbe: - healthPort: 29633 + enableAznfsMount: true feature: - enableFSGroupPolicy: false + fsGroupPolicy: ReadWriteOnceWithFSType enableGetVolumeStats: false driver: name: blob.csi.azure.com customUserAgent: "" userAgentSuffix: "OSS-helm" + azureGoSDKLogLevel: "" # available values: ""(no logs), DEBUG, INFO, WARNING, ERROR + httpsProxy: "" + httpProxy: "" linux: kubelet: /var/lib/kubelet distro: debian + +workloadIdentity: + clientID: "" + # [optional] If the AAD application or user-assigned managed identity is not in the same tenant as the cluster + # then set tenantID with the application or user-assigned managed identity tenant ID + tenantID: "" diff --git a/charts/v1.23.4/blob-csi-driver-v1.23.4.tgz b/charts/v1.23.4/blob-csi-driver-v1.23.4.tgz new file mode 100644 index 000000000..0ea92f456 Binary files /dev/null and b/charts/v1.23.4/blob-csi-driver-v1.23.4.tgz differ diff --git a/charts/v1.0.0/blob-csi-driver/Chart.yaml b/charts/v1.23.4/blob-csi-driver/Chart.yaml old mode 100755 new mode 100644 similarity index 68% rename from charts/v1.0.0/blob-csi-driver/Chart.yaml rename to charts/v1.23.4/blob-csi-driver/Chart.yaml index 8530f9f97..28ef49829 --- a/charts/v1.0.0/blob-csi-driver/Chart.yaml +++ b/charts/v1.23.4/blob-csi-driver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v1.0.0 +appVersion: v1.23.4 description: Azure Blob Storage CSI driver name: blob-csi-driver -version: v1.0.0 +version: v1.23.4 diff --git a/charts/v1.1.0/blob-csi-driver/templates/NOTES.txt b/charts/v1.23.4/blob-csi-driver/templates/NOTES.txt old mode 100755 new mode 100644 similarity index 100% rename from charts/v1.1.0/blob-csi-driver/templates/NOTES.txt rename to charts/v1.23.4/blob-csi-driver/templates/NOTES.txt diff --git a/charts/v1.8.0/blob-csi-driver/templates/_helpers.tpl b/charts/v1.23.4/blob-csi-driver/templates/_helpers.tpl similarity index 100% rename from charts/v1.8.0/blob-csi-driver/templates/_helpers.tpl rename to charts/v1.23.4/blob-csi-driver/templates/_helpers.tpl diff --git a/charts/v1.7.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v1.23.4/blob-csi-driver/templates/csi-blob-controller.yaml similarity index 87% rename from charts/v1.7.0/blob-csi-driver/templates/csi-blob-controller.yaml rename to charts/v1.23.4/blob-csi-driver/templates/csi-blob-controller.yaml index 406ae9834..9ece72de3 100644 --- a/charts/v1.7.0/blob-csi-driver/templates/csi-blob-controller.yaml +++ b/charts/v1.23.4/blob-csi-driver/templates/csi-blob-controller.yaml @@ -17,6 +17,9 @@ spec: labels: app: {{ .Values.controller.name }} {{- include "blob.labels" . | nindent 8 }} + {{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + {{- end }} {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} @@ -38,12 +41,18 @@ spec: nodeSelector: kubernetes.io/os: linux {{- if .Values.controller.runOnMaster}} - kubernetes.io/role: master + node-role.kubernetes.io/master: "" + {{- end}} + {{- if .Values.controller.runOnControlPlane}} + node-role.kubernetes.io/control-plane: "" {{- end}} {{- with .Values.controller.nodeSelector }} {{ toYaml . | indent 8 }} {{- end }} priorityClassName: {{ .Values.priorityClassName | quote }} + securityContext: + seccompProfile: + type: RuntimeDefault {{- with .Values.controller.tolerations }} tolerations: {{ toYaml . | indent 8 }} @@ -59,8 +68,12 @@ spec: - "-v=2" - "--csi-address=$(ADDRESS)" - "--leader-election" - - "--timeout=120s" + - "--leader-election-namespace={{ .Release.Namespace }}" + - "--timeout=1200s" - "--extra-create-metadata=true" + - "--kube-api-qps=50" + - "--kube-api-burst=100" + - "--feature-gates=HonorPVReclaimPolicy=true" env: - name: ADDRESS value: /csi/csi.sock @@ -124,6 +137,16 @@ spec: optional: true - name: CSI_ENDPOINT value: unix:///csi/csi.sock + {{- if ne .Values.driver.httpsProxy "" }} + - name: HTTPS_PROXY + value: {{ .Values.driver.httpsProxy }} + {{- end }} + {{- if ne .Values.driver.httpProxy "" }} + - name: HTTP_PROXY + value: {{ .Values.driver.httpProxy }} + {{- end }} + - name: AZURE_GO_SDK_LOG_LEVEL + value: {{ .Values.driver.azureGoSDKLogLevel }} {{- if eq .Values.cloud "AzureStackCloud" }} - name: AZURE_ENVIRONMENT_FILEPATH value: /etc/kubernetes/azurestackcloud.json @@ -158,6 +181,7 @@ spec: - "-csi-address=$(ADDRESS)" - "-v=2" - "-leader-election" + - "--leader-election-namespace={{ .Release.Namespace }}" - '-handle-volume-inuse-error=false' env: - name: ADDRESS diff --git a/charts/v1.8.0/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v1.23.4/blob-csi-driver/templates/csi-blob-driver.yaml similarity index 69% rename from charts/v1.8.0/blob-csi-driver/templates/csi-blob-driver.yaml rename to charts/v1.23.4/blob-csi-driver/templates/csi-blob-driver.yaml index 891826a62..9c5de5b91 100644 --- a/charts/v1.8.0/blob-csi-driver/templates/csi-blob-driver.yaml +++ b/charts/v1.23.4/blob-csi-driver/templates/csi-blob-driver.yaml @@ -8,9 +8,9 @@ metadata: spec: attachRequired: false podInfoOnMount: true - {{- if .Values.feature.enableFSGroupPolicy}} - fsGroupPolicy: File - {{- end}} + fsGroupPolicy: {{ .Values.feature.fsGroupPolicy }} volumeLifecycleModes: - Persistent - Ephemeral + tokenRequests: + - audience: api://AzureADTokenExchange diff --git a/charts/v1.9.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v1.23.4/blob-csi-driver/templates/csi-blob-node.yaml similarity index 66% rename from charts/v1.9.0/blob-csi-driver/templates/csi-blob-node.yaml rename to charts/v1.23.4/blob-csi-driver/templates/csi-blob-node.yaml index d265db038..842f76e47 100644 --- a/charts/v1.9.0/blob-csi-driver/templates/csi-blob-node.yaml +++ b/charts/v1.23.4/blob-csi-driver/templates/csi-blob-node.yaml @@ -20,6 +20,9 @@ spec: labels: app: {{ .Values.node.name }} {{- include "blob.labels" . | nindent 8 }} + {{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + {{- end }} {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} @@ -31,6 +34,9 @@ spec: {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if or .Values.node.enableBlobfuseProxy .Values.node.enableAznfsMount }} + hostPID: true {{- end }} hostNetwork: true dnsPolicy: Default @@ -53,10 +59,51 @@ spec: {{- toYaml .Values.node.affinity | nindent 8 }} {{- end }} priorityClassName: {{ .Values.priorityClassName | quote }} + securityContext: + seccompProfile: + type: RuntimeDefault {{- with .Values.node.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} + initContainers: + - name: install-blobfuse-proxy +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + imagePullPolicy: IfNotPresent + command: + - "/blobfuse-proxy/init.sh" + securityContext: + privileged: true + env: + - name: DEBIAN_FRONTEND + value: "noninteractive" + - name: INSTALL_BLOBFUSE + value: "{{ .Values.node.blobfuseProxy.installBlobfuse }}" + - name: BLOBFUSE_VERSION + value: "{{ .Values.node.blobfuseProxy.blobfuseVersion }}" + - name: INSTALL_BLOBFUSE2 + value: "{{ .Values.node.blobfuseProxy.installBlobfuse2 }}" + - name: BLOBFUSE2_VERSION + value: "{{ .Values.node.blobfuseProxy.blobfuse2Version }}" + - name: INSTALL_BLOBFUSE_PROXY + value: "{{ .Values.node.enableBlobfuseProxy }}" + - name: SET_MAX_OPEN_FILE_NUM + value: "{{ .Values.node.blobfuseProxy.setMaxOpenFileNum }}" + - name: MAX_FILE_NUM + value: "{{ .Values.node.blobfuseProxy.maxOpenFileNum }}" + - name: DISABLE_UPDATEDB + value: "{{ .Values.node.blobfuseProxy.disableUpdateDB }}" + volumeMounts: + - name: host-usr + mountPath: /host/usr + - name: host-usr-local + mountPath: /host/usr/local + - name: host-etc + mountPath: /host/etc containers: - name: liveness-probe imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} @@ -115,7 +162,6 @@ spec: - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}" - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" - "--drivername={{ .Values.driver.name }}" - "--cloud-config-secret-name={{ .Values.node.cloudConfigSecretName }}" - "--cloud-config-secret-namespace={{ .Values.node.cloudConfigSecretNamespace }}" @@ -125,6 +171,8 @@ spec: - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}" - "--append-timestamp-cache-dir={{ .Values.node.appendTimeStampInCacheDir }}" - "--mount-permissions={{ .Values.node.mountPermissions }}" + - "--allow-inline-volume-key-access-with-idenitity={{ .Values.node.allowInlineVolumeKeyAccessWithIdentity }}" + - "--enable-aznfs-mount={{ .Values.node.enableAznfsMount }}" ports: - containerPort: {{ .Values.node.livenessProbe.healthPort }} name: healthz @@ -148,11 +196,21 @@ spec: value: unix:///csi/csi.sock - name: BLOBFUSE_PROXY_ENDPOINT value: unix:///csi/blobfuse-proxy.sock + {{- if ne .Values.driver.httpsProxy "" }} + - name: HTTPS_PROXY + value: {{ .Values.driver.httpsProxy }} + {{- end }} + {{- if ne .Values.driver.httpProxy "" }} + - name: HTTP_PROXY + value: {{ .Values.driver.httpProxy }} + {{- end }} - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName + - name: AZURE_GO_SDK_LOG_LEVEL + value: {{ .Values.driver.azureGoSDKLogLevel }} {{- if eq .Values.cloud "AzureStackCloud" }} - name: AZURE_ENVIRONMENT_FILEPATH value: /etc/kubernetes/azurestackcloud.json @@ -183,8 +241,44 @@ spec: mountPath: /etc/pki/ca-trust/extracted readOnly: true {{- end }} + {{- if .Values.node.enableAznfsMount }} + - mountPath: /opt/microsoft/aznfs/data + name: aznfs-data + - mountPath: /lib/modules + name: lib-modules + readOnly: true + {{- end }} resources: {{- toYaml .Values.node.resources.blob | nindent 12 }} +{{- if .Values.node.enableAznfsMount }} + - name: aznfswatchdog +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + command: + - "aznfswatchdog" + imagePullPolicy: {{ .Values.image.blob.pullPolicy }} + securityContext: + privileged: true + resources: {{- toYaml .Values.node.resources.aznfswatchdog | nindent 12 }} + volumeMounts: + - mountPath: /opt/microsoft/aznfs/data + name: aznfs-data + - mountPath: {{ .Values.linux.kubelet }}/ + mountPropagation: Bidirectional + name: mountpoint-dir +{{- end }} volumes: + - name: host-usr + hostPath: + path: /usr + - name: host-usr-local + hostPath: + path: /usr/local + - name: host-etc + hostPath: + path: /etc - hostPath: path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }} type: DirectoryOrCreate @@ -217,6 +311,16 @@ spec: hostPath: path: /etc/pki/ca-trust/extracted {{- end }} + {{- if .Values.node.enableAznfsMount }} + - hostPath: + path: /opt/microsoft/aznfs/data + type: DirectoryOrCreate + name: aznfs-data + - name: lib-modules + hostPath: + path: /lib/modules + type: DirectoryOrCreate + {{- end }} {{- if .Values.securityContext }} securityContext: {{- toYaml .Values.securityContext | nindent 8 }} {{- end }} diff --git a/charts/v1.8.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v1.23.4/blob-csi-driver/templates/rbac-csi-blob-controller.yaml similarity index 98% rename from charts/v1.8.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml rename to charts/v1.23.4/blob-csi-driver/templates/rbac-csi-blob-controller.yaml index 39619c932..833dcc640 100644 --- a/charts/v1.8.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml +++ b/charts/v1.23.4/blob-csi-driver/templates/rbac-csi-blob-controller.yaml @@ -95,7 +95,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "list", "create"] + verbs: ["get", "create"] --- kind: ClusterRoleBinding diff --git a/charts/v1.8.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v1.23.4/blob-csi-driver/templates/rbac-csi-blob-node.yaml similarity index 96% rename from charts/v1.8.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml rename to charts/v1.23.4/blob-csi-driver/templates/rbac-csi-blob-node.yaml index d269aea3d..c041cf8db 100644 --- a/charts/v1.8.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml +++ b/charts/v1.23.4/blob-csi-driver/templates/rbac-csi-blob-node.yaml @@ -9,7 +9,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "list"] + verbs: ["get"] --- kind: ClusterRoleBinding diff --git a/charts/v1.23.4/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.23.4/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml new file mode 100644 index 000000000..7433bccf1 --- /dev/null +++ b/charts/v1.23.4/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.controller }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "blob.labels" . | nindent 4 }} +{{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + annotations: + azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }} +{{- if .Values.workloadIdentity.tenantID }} + azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/v1.23.4/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.23.4/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml new file mode 100644 index 000000000..a25090e30 --- /dev/null +++ b/charts/v1.23.4/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.node }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "blob.labels" . | nindent 4 }} +{{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + annotations: + azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }} +{{- if .Values.workloadIdentity.tenantID }} + azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/v1.7.0/blob-csi-driver/values.yaml b/charts/v1.23.4/blob-csi-driver/values.yaml similarity index 77% rename from charts/v1.7.0/blob-csi-driver/values.yaml rename to charts/v1.23.4/blob-csi-driver/values.yaml index 8a2338068..7fd3638bf 100644 --- a/charts/v1.7.0/blob-csi-driver/values.yaml +++ b/charts/v1.23.4/blob-csi-driver/values.yaml @@ -1,35 +1,33 @@ image: baseRepo: mcr.microsoft.com blob: - repository: /k8s/csi/blob-csi - tag: v1.7.0 + repository: /oss/kubernetes-csi/blob-csi + tag: v1.23.4 pullPolicy: IfNotPresent csiProvisioner: repository: /oss/kubernetes-csi/csi-provisioner - tag: v2.2.2 + tag: v3.5.0 pullPolicy: IfNotPresent livenessProbe: repository: /oss/kubernetes-csi/livenessprobe - tag: v2.5.0 + tag: v2.10.0 pullPolicy: IfNotPresent nodeDriverRegistrar: repository: /oss/kubernetes-csi/csi-node-driver-registrar - tag: v2.4.0 + tag: v2.8.0 pullPolicy: IfNotPresent csiResizer: repository: /oss/kubernetes-csi/csi-resizer - tag: v1.3.0 + tag: v1.8.0 pullPolicy: IfNotPresent +cloud: AzurePublicCloud + ## Reference to one or more secrets to be used when pulling images ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] # - name: myRegistryKeySecretName -# -- Custom labels to add into metadata -customLabels: {} - # k8s-app: blob-csi-driver - serviceAccount: create: true # When true, service accounts will be created for you. Set to false if you want to use your own. controller: csi-blob-controller-sa # Name of Service Account to be created or used @@ -39,6 +37,22 @@ rbac: create: true name: blob +## Collection of annotations to add to all the pods +podAnnotations: {} +## Collection of labels to add to all the pods +podLabels: {} +# -- Custom labels to add into metadata +customLabels: {} + # k8s-app: blob-csi-driver + +## Leverage a PriorityClass to ensure your pods survive resource shortages +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +priorityClassName: system-cluster-critical +## Security context give the opportunity to run container as nonroot by setting a securityContext +## by example : +## securityContext: { runAsUser: 1001 } +securityContext: {} + controller: name: csi-blob-controller cloudConfigSecretName: azure-cloud-provider @@ -50,32 +64,29 @@ controller: healthPort: 29632 replicas: 2 runOnMaster: false + runOnControlPlane: false logLevel: 5 resources: csiProvisioner: limits: - cpu: 1 memory: 500Mi requests: cpu: 10m memory: 20Mi livenessProbe: limits: - cpu: 1 memory: 100Mi requests: cpu: 10m memory: 20Mi blob: limits: - cpu: 1 memory: 200Mi requests: cpu: 10m memory: 20Mi csiResizer: limits: - cpu: 1 memory: 500Mi requests: cpu: 10m @@ -89,76 +100,81 @@ controller: - key: "node-role.kubernetes.io/controlplane" operator: "Exists" effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" node: name: csi-blob-node cloudConfigSecretName: azure-cloud-provider cloudConfigSecretNamespace: kube-system allowEmptyCloudConfig: true + allowInlineVolumeKeyAccessWithIdentity: false maxUnavailable: 1 - metricsPort: 29635 livenessProbe: healthPort: 29633 logLevel: 5 - enableBlobfuseProxy: false + enableBlobfuseProxy: true blobfuseProxy: installBlobfuse: true - blobfuseVersion: 1.4.1 + blobfuseVersion: "1.4.5" + installBlobfuse2: true + blobfuse2Version: "2.1.2" setMaxOpenFileNum: true maxOpenFileNum: "9000000" + disableUpdateDB: true blobfuseCachePath: /mnt + appendTimeStampInCacheDir: false + mountPermissions: 0777 resources: livenessProbe: limits: - cpu: 1 memory: 100Mi requests: cpu: 10m memory: 20Mi nodeDriverRegistrar: limits: - cpu: 1 memory: 100Mi requests: cpu: 10m memory: 20Mi blob: limits: - cpu: 2 memory: 2100Mi requests: cpu: 10m memory: 20Mi + aznfswatchdog: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi affinity: {} nodeSelector: {} tolerations: - operator: "Exists" - livenessProbe: - healthPort: 29633 + enableAznfsMount: true feature: - enableFSGroupPolicy: false + fsGroupPolicy: ReadWriteOnceWithFSType enableGetVolumeStats: false driver: name: blob.csi.azure.com customUserAgent: "" userAgentSuffix: "OSS-helm" + azureGoSDKLogLevel: "" # available values: ""(no logs), DEBUG, INFO, WARNING, ERROR + httpsProxy: "" + httpProxy: "" linux: kubelet: /var/lib/kubelet distro: debian -cloud: AzurePublicCloud - -## Collection of annotations to add to all the pods -podAnnotations: {} -## Collection of labels to add to all the pods -podLabels: {} -## Leverage a PriorityClass to ensure your pods survive resource shortages -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -priorityClassName: system-cluster-critical -## Security context give the opportunity to run container as nonroot by setting a securityContext -## by example : -## securityContext: { runAsUser: 1001 } -securityContext: {} +workloadIdentity: + clientID: "" + # [optional] If the AAD application or user-assigned managed identity is not in the same tenant as the cluster + # then set tenantID with the application or user-assigned managed identity tenant ID + tenantID: "" diff --git a/charts/v1.24.1/blob-csi-driver-v1.24.1.tgz b/charts/v1.24.1/blob-csi-driver-v1.24.1.tgz new file mode 100644 index 000000000..cbf94c473 Binary files /dev/null and b/charts/v1.24.1/blob-csi-driver-v1.24.1.tgz differ diff --git a/charts/v1.3.0/blob-csi-driver/Chart.yaml b/charts/v1.24.1/blob-csi-driver/Chart.yaml old mode 100755 new mode 100644 similarity index 68% rename from charts/v1.3.0/blob-csi-driver/Chart.yaml rename to charts/v1.24.1/blob-csi-driver/Chart.yaml index bd26eece8..b41152991 --- a/charts/v1.3.0/blob-csi-driver/Chart.yaml +++ b/charts/v1.24.1/blob-csi-driver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: v1.3.0 +appVersion: v1.24.1 description: Azure Blob Storage CSI driver name: blob-csi-driver -version: v1.3.0 +version: v1.24.1 diff --git a/charts/v1.2.0/blob-csi-driver/templates/NOTES.txt b/charts/v1.24.1/blob-csi-driver/templates/NOTES.txt old mode 100755 new mode 100644 similarity index 78% rename from charts/v1.2.0/blob-csi-driver/templates/NOTES.txt rename to charts/v1.24.1/blob-csi-driver/templates/NOTES.txt index 9ad135dd4..c75dafbb5 --- a/charts/v1.2.0/blob-csi-driver/templates/NOTES.txt +++ b/charts/v1.24.1/blob-csi-driver/templates/NOTES.txt @@ -2,4 +2,4 @@ The Azure Blob Storage CSI driver is getting deployed to your cluster. To check Azure Blob Storage CSI driver pods status, please run: - kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch + kubectl --namespace={{ .Release.Namespace }} get pods --selector="app.kubernetes.io/name={{ .Release.Name }}" --watch diff --git a/charts/v1.9.0/blob-csi-driver/templates/_helpers.tpl b/charts/v1.24.1/blob-csi-driver/templates/_helpers.tpl similarity index 100% rename from charts/v1.9.0/blob-csi-driver/templates/_helpers.tpl rename to charts/v1.24.1/blob-csi-driver/templates/_helpers.tpl diff --git a/charts/v1.8.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v1.24.1/blob-csi-driver/templates/csi-blob-controller.yaml similarity index 84% rename from charts/v1.8.0/blob-csi-driver/templates/csi-blob-controller.yaml rename to charts/v1.24.1/blob-csi-driver/templates/csi-blob-controller.yaml index 406ae9834..38ef78cfe 100644 --- a/charts/v1.8.0/blob-csi-driver/templates/csi-blob-controller.yaml +++ b/charts/v1.24.1/blob-csi-driver/templates/csi-blob-controller.yaml @@ -17,6 +17,9 @@ spec: labels: app: {{ .Values.controller.name }} {{- include "blob.labels" . | nindent 8 }} + {{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + {{- end }} {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} @@ -38,12 +41,18 @@ spec: nodeSelector: kubernetes.io/os: linux {{- if .Values.controller.runOnMaster}} - kubernetes.io/role: master + node-role.kubernetes.io/master: "" + {{- end}} + {{- if .Values.controller.runOnControlPlane}} + node-role.kubernetes.io/control-plane: "" {{- end}} {{- with .Values.controller.nodeSelector }} {{ toYaml . | indent 8 }} {{- end }} priorityClassName: {{ .Values.priorityClassName | quote }} + securityContext: + seccompProfile: + type: RuntimeDefault {{- with .Values.controller.tolerations }} tolerations: {{ toYaml . | indent 8 }} @@ -59,8 +68,12 @@ spec: - "-v=2" - "--csi-address=$(ADDRESS)" - "--leader-election" - - "--timeout=120s" + - "--leader-election-namespace={{ .Release.Namespace }}" + - "--timeout=1200s" - "--extra-create-metadata=true" + - "--kube-api-qps=50" + - "--kube-api-burst=100" + - "--feature-gates=HonorPVReclaimPolicy=true" env: - name: ADDRESS value: /csi/csi.sock @@ -78,7 +91,7 @@ spec: args: - --csi-address=/csi/csi.sock - --probe-timeout=3s - - --health-port={{ .Values.controller.livenessProbe.healthPort }} + - --http-endpoint=localhost:{{ .Values.controller.livenessProbe.healthPort }} imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} volumeMounts: - name: socket-dir @@ -101,17 +114,15 @@ spec: - "--cloud-config-secret-namespace={{ .Values.controller.cloudConfigSecretNamespace }}" - "--allow-empty-cloud-config={{ .Values.controller.allowEmptyCloudConfig }}" ports: - - containerPort: {{ .Values.controller.livenessProbe.healthPort }} - name: healthz - protocol: TCP - containerPort: {{ .Values.controller.metricsPort }} name: metrics protocol: TCP livenessProbe: failureThreshold: 5 httpGet: + host: localhost path: /healthz - port: healthz + port: {{ .Values.controller.livenessProbe.healthPort }} initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 @@ -124,6 +135,16 @@ spec: optional: true - name: CSI_ENDPOINT value: unix:///csi/csi.sock + {{- if ne .Values.driver.httpsProxy "" }} + - name: HTTPS_PROXY + value: {{ .Values.driver.httpsProxy }} + {{- end }} + {{- if ne .Values.driver.httpProxy "" }} + - name: HTTP_PROXY + value: {{ .Values.driver.httpProxy }} + {{- end }} + - name: AZURE_GO_SDK_LOG_LEVEL + value: {{ .Values.driver.azureGoSDKLogLevel }} {{- if eq .Values.cloud "AzureStackCloud" }} - name: AZURE_ENVIRONMENT_FILEPATH value: /etc/kubernetes/azurestackcloud.json @@ -158,6 +179,7 @@ spec: - "-csi-address=$(ADDRESS)" - "-v=2" - "-leader-election" + - "--leader-election-namespace={{ .Release.Namespace }}" - '-handle-volume-inuse-error=false' env: - name: ADDRESS diff --git a/charts/v1.9.0/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v1.24.1/blob-csi-driver/templates/csi-blob-driver.yaml similarity index 69% rename from charts/v1.9.0/blob-csi-driver/templates/csi-blob-driver.yaml rename to charts/v1.24.1/blob-csi-driver/templates/csi-blob-driver.yaml index 891826a62..9c5de5b91 100644 --- a/charts/v1.9.0/blob-csi-driver/templates/csi-blob-driver.yaml +++ b/charts/v1.24.1/blob-csi-driver/templates/csi-blob-driver.yaml @@ -8,9 +8,9 @@ metadata: spec: attachRequired: false podInfoOnMount: true - {{- if .Values.feature.enableFSGroupPolicy}} - fsGroupPolicy: File - {{- end}} + fsGroupPolicy: {{ .Values.feature.fsGroupPolicy }} volumeLifecycleModes: - Persistent - Ephemeral + tokenRequests: + - audience: api://AzureADTokenExchange diff --git a/charts/v1.7.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v1.24.1/blob-csi-driver/templates/csi-blob-node.yaml similarity index 64% rename from charts/v1.7.0/blob-csi-driver/templates/csi-blob-node.yaml rename to charts/v1.24.1/blob-csi-driver/templates/csi-blob-node.yaml index 91dddcbfc..fb74de39a 100644 --- a/charts/v1.7.0/blob-csi-driver/templates/csi-blob-node.yaml +++ b/charts/v1.24.1/blob-csi-driver/templates/csi-blob-node.yaml @@ -20,6 +20,9 @@ spec: labels: app: {{ .Values.node.name }} {{- include "blob.labels" . | nindent 8 }} + {{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + {{- end }} {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} @@ -31,6 +34,9 @@ spec: {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if or .Values.node.enableBlobfuseProxy .Values.node.enableAznfsMount }} + hostPID: true {{- end }} hostNetwork: true dnsPolicy: Default @@ -53,10 +59,53 @@ spec: {{- toYaml .Values.node.affinity | nindent 8 }} {{- end }} priorityClassName: {{ .Values.priorityClassName | quote }} + securityContext: + seccompProfile: + type: RuntimeDefault {{- with .Values.node.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} + initContainers: + - name: install-blobfuse-proxy +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + imagePullPolicy: IfNotPresent + command: + - "/blobfuse-proxy/init.sh" + securityContext: + privileged: true + env: + - name: DEBIAN_FRONTEND + value: "noninteractive" + - name: INSTALL_BLOBFUSE + value: "{{ .Values.node.blobfuseProxy.installBlobfuse }}" + - name: BLOBFUSE_VERSION + value: "{{ .Values.node.blobfuseProxy.blobfuseVersion }}" + - name: INSTALL_BLOBFUSE2 + value: "{{ .Values.node.blobfuseProxy.installBlobfuse2 }}" + - name: BLOBFUSE2_VERSION + value: "{{ .Values.node.blobfuseProxy.blobfuse2Version }}" + - name: INSTALL_BLOBFUSE_PROXY + value: "{{ .Values.node.enableBlobfuseProxy }}" + - name: SET_MAX_OPEN_FILE_NUM + value: "{{ .Values.node.blobfuseProxy.setMaxOpenFileNum }}" + - name: MAX_FILE_NUM + value: "{{ .Values.node.blobfuseProxy.maxOpenFileNum }}" + - name: DISABLE_UPDATEDB + value: "{{ .Values.node.blobfuseProxy.disableUpdateDB }}" + - name: KUBELET_PATH + value: "{{ .Values.linux.kubelet }}" + volumeMounts: + - name: host-usr + mountPath: /host/usr + - name: host-usr-local + mountPath: /host/usr/local + - name: host-etc + mountPath: /host/etc containers: - name: liveness-probe imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} @@ -115,7 +164,6 @@ spec: - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}" - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" - "--drivername={{ .Values.driver.name }}" - "--cloud-config-secret-name={{ .Values.node.cloudConfigSecretName }}" - "--cloud-config-secret-namespace={{ .Values.node.cloudConfigSecretNamespace }}" @@ -123,15 +171,17 @@ spec: - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}" - "--allow-empty-cloud-config={{ .Values.node.allowEmptyCloudConfig }}" - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}" - ports: - - containerPort: {{ .Values.node.livenessProbe.healthPort }} - name: healthz - protocol: TCP + - "--append-timestamp-cache-dir={{ .Values.node.appendTimeStampInCacheDir }}" + - "--mount-permissions={{ .Values.node.mountPermissions }}" + - "--allow-inline-volume-key-access-with-idenitity={{ .Values.node.allowInlineVolumeKeyAccessWithIdentity }}" + - "--enable-aznfs-mount={{ .Values.node.enableAznfsMount }}" + - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" livenessProbe: failureThreshold: 5 httpGet: + host: localhost path: /healthz - port: healthz + port: {{ .Values.node.livenessProbe.healthPort }} initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 @@ -146,11 +196,21 @@ spec: value: unix:///csi/csi.sock - name: BLOBFUSE_PROXY_ENDPOINT value: unix:///csi/blobfuse-proxy.sock + {{- if ne .Values.driver.httpsProxy "" }} + - name: HTTPS_PROXY + value: {{ .Values.driver.httpsProxy }} + {{- end }} + {{- if ne .Values.driver.httpProxy "" }} + - name: HTTP_PROXY + value: {{ .Values.driver.httpProxy }} + {{- end }} - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName + - name: AZURE_GO_SDK_LOG_LEVEL + value: {{ .Values.driver.azureGoSDKLogLevel }} {{- if eq .Values.cloud "AzureStackCloud" }} - name: AZURE_ENVIRONMENT_FILEPATH value: /etc/kubernetes/azurestackcloud.json @@ -181,8 +241,44 @@ spec: mountPath: /etc/pki/ca-trust/extracted readOnly: true {{- end }} + {{- if .Values.node.enableAznfsMount }} + - mountPath: /opt/microsoft/aznfs/data + name: aznfs-data + - mountPath: /lib/modules + name: lib-modules + readOnly: true + {{- end }} resources: {{- toYaml .Values.node.resources.blob | nindent 12 }} +{{- if .Values.node.enableAznfsMount }} + - name: aznfswatchdog +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + command: + - "aznfswatchdog" + imagePullPolicy: {{ .Values.image.blob.pullPolicy }} + securityContext: + privileged: true + resources: {{- toYaml .Values.node.resources.aznfswatchdog | nindent 12 }} + volumeMounts: + - mountPath: /opt/microsoft/aznfs/data + name: aznfs-data + - mountPath: {{ .Values.linux.kubelet }}/ + mountPropagation: Bidirectional + name: mountpoint-dir +{{- end }} volumes: + - name: host-usr + hostPath: + path: /usr + - name: host-usr-local + hostPath: + path: /usr/local + - name: host-etc + hostPath: + path: /etc - hostPath: path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }} type: DirectoryOrCreate @@ -215,6 +311,16 @@ spec: hostPath: path: /etc/pki/ca-trust/extracted {{- end }} + {{- if .Values.node.enableAznfsMount }} + - hostPath: + path: /opt/microsoft/aznfs/data + type: DirectoryOrCreate + name: aznfs-data + - name: lib-modules + hostPath: + path: /lib/modules + type: DirectoryOrCreate + {{- end }} {{- if .Values.securityContext }} securityContext: {{- toYaml .Values.securityContext | nindent 8 }} {{- end }} diff --git a/charts/v1.9.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v1.24.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml similarity index 98% rename from charts/v1.9.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml rename to charts/v1.24.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml index 39619c932..833dcc640 100644 --- a/charts/v1.9.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml +++ b/charts/v1.24.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml @@ -95,7 +95,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "list", "create"] + verbs: ["get", "create"] --- kind: ClusterRoleBinding diff --git a/charts/v1.9.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v1.24.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml similarity index 96% rename from charts/v1.9.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml rename to charts/v1.24.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml index d269aea3d..c041cf8db 100644 --- a/charts/v1.9.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml +++ b/charts/v1.24.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml @@ -9,7 +9,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "list"] + verbs: ["get"] --- kind: ClusterRoleBinding diff --git a/charts/v1.24.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.24.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml new file mode 100644 index 000000000..7433bccf1 --- /dev/null +++ b/charts/v1.24.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.controller }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "blob.labels" . | nindent 4 }} +{{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + annotations: + azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }} +{{- if .Values.workloadIdentity.tenantID }} + azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/v1.24.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.24.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml new file mode 100644 index 000000000..a25090e30 --- /dev/null +++ b/charts/v1.24.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.node }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "blob.labels" . | nindent 4 }} +{{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + annotations: + azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }} +{{- if .Values.workloadIdentity.tenantID }} + azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/v1.9.0/blob-csi-driver/values.yaml b/charts/v1.24.1/blob-csi-driver/values.yaml similarity index 79% rename from charts/v1.9.0/blob-csi-driver/values.yaml rename to charts/v1.24.1/blob-csi-driver/values.yaml index 53800bf1c..5d5d49c4b 100644 --- a/charts/v1.9.0/blob-csi-driver/values.yaml +++ b/charts/v1.24.1/blob-csi-driver/values.yaml @@ -1,24 +1,24 @@ image: baseRepo: mcr.microsoft.com blob: - repository: /k8s/csi/blob-csi - tag: v1.9.0 + repository: /oss/kubernetes-csi/blob-csi + tag: v1.24.1 pullPolicy: IfNotPresent csiProvisioner: repository: /oss/kubernetes-csi/csi-provisioner - tag: v3.1.0 + tag: v4.0.0 pullPolicy: IfNotPresent livenessProbe: repository: /oss/kubernetes-csi/livenessprobe - tag: v2.5.0 + tag: v2.12.0 pullPolicy: IfNotPresent nodeDriverRegistrar: repository: /oss/kubernetes-csi/csi-node-driver-registrar - tag: v2.4.0 + tag: v2.10.0 pullPolicy: IfNotPresent csiResizer: repository: /oss/kubernetes-csi/csi-resizer - tag: v1.4.0 + tag: v1.9.3 pullPolicy: IfNotPresent cloud: AzurePublicCloud @@ -64,6 +64,7 @@ controller: healthPort: 29632 replicas: 2 runOnMaster: false + runOnControlPlane: false logLevel: 5 resources: csiProvisioner: @@ -99,21 +100,27 @@ controller: - key: "node-role.kubernetes.io/controlplane" operator: "Exists" effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" node: name: csi-blob-node cloudConfigSecretName: azure-cloud-provider cloudConfigSecretNamespace: kube-system allowEmptyCloudConfig: true + allowInlineVolumeKeyAccessWithIdentity: false maxUnavailable: 1 metricsPort: 29635 livenessProbe: healthPort: 29633 logLevel: 5 - enableBlobfuseProxy: false + enableBlobfuseProxy: true blobfuseProxy: installBlobfuse: true - blobfuseVersion: 1.4.3 + blobfuseVersion: "1.4.5" + installBlobfuse2: true + blobfuse2Version: "2.2.0" setMaxOpenFileNum: true maxOpenFileNum: "9000000" disableUpdateDB: true @@ -139,22 +146,36 @@ node: requests: cpu: 10m memory: 20Mi + aznfswatchdog: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi affinity: {} nodeSelector: {} tolerations: - operator: "Exists" - livenessProbe: - healthPort: 29633 + enableAznfsMount: true feature: - enableFSGroupPolicy: false + fsGroupPolicy: ReadWriteOnceWithFSType enableGetVolumeStats: false driver: name: blob.csi.azure.com customUserAgent: "" userAgentSuffix: "OSS-helm" + azureGoSDKLogLevel: "" # available values: ""(no logs), DEBUG, INFO, WARNING, ERROR + httpsProxy: "" + httpProxy: "" linux: kubelet: /var/lib/kubelet distro: debian + +workloadIdentity: + clientID: "" + # [optional] If the AAD application or user-assigned managed identity is not in the same tenant as the cluster + # then set tenantID with the application or user-assigned managed identity tenant ID + tenantID: "" diff --git a/charts/v1.3.0/blob-csi-driver-v1.3.0.tgz b/charts/v1.3.0/blob-csi-driver-v1.3.0.tgz deleted file mode 100644 index 4749a12f7..000000000 Binary files a/charts/v1.3.0/blob-csi-driver-v1.3.0.tgz and /dev/null differ diff --git a/charts/v1.3.0/blob-csi-driver/templates/NOTES.txt b/charts/v1.3.0/blob-csi-driver/templates/NOTES.txt deleted file mode 100755 index 9ad135dd4..000000000 --- a/charts/v1.3.0/blob-csi-driver/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -The Azure Blob Storage CSI driver is getting deployed to your cluster. - -To check Azure Blob Storage CSI driver pods status, please run: - - kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch diff --git a/charts/v1.3.0/blob-csi-driver/templates/_helpers.tpl b/charts/v1.3.0/blob-csi-driver/templates/_helpers.tpl deleted file mode 100755 index 5231cd26f..000000000 --- a/charts/v1.3.0/blob-csi-driver/templates/_helpers.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* Expand the name of the chart.*/}} -{{- define "blob.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* labels for helm resources */}} -{{- define "blob.labels" -}} -labels: - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/name: "{{ template "blob.name" . }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- end -}} - -{{/* pull secrets for containers */}} -{{- define "blob.pullSecrets" -}} -{{- if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/v1.3.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v1.3.0/blob-csi-driver/templates/csi-blob-controller.yaml deleted file mode 100755 index 69f551905..000000000 --- a/charts/v1.3.0/blob-csi-driver/templates/csi-blob-controller.yaml +++ /dev/null @@ -1,172 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-blob-controller - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - replicas: {{ .Values.controller.replicas }} - selector: - matchLabels: - app: csi-blob-controller - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: csi-blob-controller - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- with .Values.controller.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: true - serviceAccountName: csi-blob-controller-sa - nodeSelector: - kubernetes.io/os: linux - {{- if .Values.controller.runOnMaster}} - kubernetes.io/role: master - {{- end}} -{{- with .Values.controller.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} -{{- with .Values.controller.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: csi-provisioner - image: {{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }} - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - - "--extra-create-metadata=true" - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} - - name: liveness-probe - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29632 - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} - - name: blob - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - args: - - "--v={{ .Values.controller.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}" - ports: - - containerPort: 29632 - name: healthz - protocol: TCP - - containerPort: {{ .Values.controller.metricsPort }} - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - {{- end }} - resources: {{- toYaml .Values.controller.resources.blob | nindent 12 }} - - name: csi-resizer - image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.3.0/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v1.3.0/blob-csi-driver/templates/csi-blob-driver.yaml deleted file mode 100755 index d5cb078a0..000000000 --- a/charts/v1.3.0/blob-csi-driver/templates/csi-blob-driver.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: blob.csi.azure.com -spec: - attachRequired: false - podInfoOnMount: true - {{- if .Values.feature.enableFSGroupPolicy}} - fsGroupPolicy: File - {{- end}} - volumeLifecycleModes: - - Persistent - - Ephemeral diff --git a/charts/v1.3.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v1.3.0/blob-csi-driver/templates/csi-blob-node.yaml deleted file mode 100755 index e2ea9ce89..000000000 --- a/charts/v1.3.0/blob-csi-driver/templates/csi-blob-node.yaml +++ /dev/null @@ -1,198 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-blob-node - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - selector: - matchLabels: - app: csi-blob-node - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: csi-blob-node - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: csi-blob-node-sa - nodeSelector: - kubernetes.io/os: linux -{{- with .Values.node.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - {{- if .Values.node.affinity }} -{{- toYaml .Values.node.affinity | nindent 8 }} - {{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} -{{- with .Values.node.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: liveness-probe - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port={{ .Values.node.livenessProbe.healthPort }} - - --v=2 - resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} - - name: node-driver-registrar - image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ .Values.linux.kubelet }}/plugins/blob.csi.azure.com/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }} - - name: blob - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - args: - - "--v={{ .Values.node.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP - - containerPort: {{ .Values.node.metricsPort }} - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: {{ .Values.linux.kubelet }}/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - {{- end }} - resources: {{- toYaml .Values.node.resources.blob | nindent 12 }} - volumes: - - hostPath: - path: {{ .Values.linux.kubelet }}/plugins/blob.csi.azure.com - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: {{ .Values.linux.kubelet }}/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: {{ .Values.linux.kubelet }}/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: {{ .Values.node.blobfuseCachePath }} - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.3.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v1.3.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml deleted file mode 100755 index c453e1dcd..000000000 --- a/charts/v1.3.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-provisioner-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-provisioner-binding -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: blob-external-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-resizer-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-resizer-role -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: blob-external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-blob-controller-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.3.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v1.3.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml deleted file mode 100755 index aa24d7089..000000000 --- a/charts/v1.3.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.rbac.create -}} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-node-sa - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-blob-node-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.3.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.3.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml deleted file mode 100755 index 33266b1c3..000000000 --- a/charts/v1.3.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-controller-sa - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.3.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.3.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml deleted file mode 100755 index 4ca48c523..000000000 --- a/charts/v1.3.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-node-sa - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.3.0/blob-csi-driver/values.yaml b/charts/v1.3.0/blob-csi-driver/values.yaml deleted file mode 100755 index 89d38e786..000000000 --- a/charts/v1.3.0/blob-csi-driver/values.yaml +++ /dev/null @@ -1,133 +0,0 @@ -image: - blob: - repository: mcr.microsoft.com/k8s/csi/blob-csi - tag: v1.3.0 - pullPolicy: IfNotPresent - csiProvisioner: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner - tag: v2.1.0 - pullPolicy: IfNotPresent - livenessProbe: - repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe - tag: v2.3.0 - pullPolicy: IfNotPresent - nodeDriverRegistrar: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar - tag: v2.2.0 - pullPolicy: IfNotPresent - csiResizer: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer - tag: v1.1.0 - pullPolicy: IfNotPresent - -## Reference to one or more secrets to be used when pulling images -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# - name: myRegistryKeySecretName - -serviceAccount: - create: true - -rbac: - create: true - -controller: - metricsPort: 29634 - replicas: 2 - runOnMaster: false - logLevel: 5 - resources: - csiProvisioner: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - csiResizer: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Equal" - value: "true" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Equal" - value: "true" - effect: "NoSchedule" - -node: - metricsPort: 29635 - logLevel: 5 - enableBlobfuseProxy: false - blobfuseCachePath: /mnt - resources: - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - nodeDriverRegistrar: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: "2" - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: - - operator: "Exists" - livenessProbe: - healthPort: 29633 - -feature: - enableFSGroupPolicy: false - -linux: - kubelet: /var/lib/kubelet - distro: debian - -cloud: AzurePublicCloud - -## Collection of annotations to add to all the pods -podAnnotations: {} -## Collection of labels to add to all the pods -podLabels: {} -## Leverage a PriorityClass to ensure your pods survive resource shortages -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -priorityClassName: system-cluster-critical -## Security context give the opportunity to run container as nonroot by setting a securityContext -## by example : -## securityContext: { runAsUser: 1001 } -securityContext: {} diff --git a/charts/v1.4.0/blob-csi-driver-v1.4.0.tgz b/charts/v1.4.0/blob-csi-driver-v1.4.0.tgz deleted file mode 100644 index 11637064f..000000000 Binary files a/charts/v1.4.0/blob-csi-driver-v1.4.0.tgz and /dev/null differ diff --git a/charts/v1.4.0/blob-csi-driver/Chart.yaml b/charts/v1.4.0/blob-csi-driver/Chart.yaml deleted file mode 100755 index 1202d4e92..000000000 --- a/charts/v1.4.0/blob-csi-driver/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: v1.4.0 -description: Azure Blob Storage CSI driver -name: blob-csi-driver -version: v1.4.0 diff --git a/charts/v1.4.0/blob-csi-driver/templates/NOTES.txt b/charts/v1.4.0/blob-csi-driver/templates/NOTES.txt deleted file mode 100755 index 9ad135dd4..000000000 --- a/charts/v1.4.0/blob-csi-driver/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -The Azure Blob Storage CSI driver is getting deployed to your cluster. - -To check Azure Blob Storage CSI driver pods status, please run: - - kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch diff --git a/charts/v1.4.0/blob-csi-driver/templates/_helpers.tpl b/charts/v1.4.0/blob-csi-driver/templates/_helpers.tpl deleted file mode 100755 index 5231cd26f..000000000 --- a/charts/v1.4.0/blob-csi-driver/templates/_helpers.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* Expand the name of the chart.*/}} -{{- define "blob.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* labels for helm resources */}} -{{- define "blob.labels" -}} -labels: - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/name: "{{ template "blob.name" . }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- end -}} - -{{/* pull secrets for containers */}} -{{- define "blob.pullSecrets" -}} -{{- if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/v1.4.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v1.4.0/blob-csi-driver/templates/csi-blob-controller.yaml deleted file mode 100755 index f01ccf9eb..000000000 --- a/charts/v1.4.0/blob-csi-driver/templates/csi-blob-controller.yaml +++ /dev/null @@ -1,175 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: {{ .Values.controller.name }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - replicas: {{ .Values.controller.replicas }} - selector: - matchLabels: - app: {{ .Values.controller.name }} - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: {{ .Values.controller.name }} - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- with .Values.controller.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: {{ .Values.controller.hostNetwork }} - serviceAccountName: {{ .Values.serviceAccount.controller }} - nodeSelector: - kubernetes.io/os: linux - {{- if .Values.controller.runOnMaster}} - kubernetes.io/role: master - {{- end}} -{{- with .Values.controller.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} -{{- with .Values.controller.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: csi-provisioner - image: {{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }} - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - - "--extra-create-metadata=true" - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} - - name: liveness-probe - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port={{ .Values.controller.livenessProbe.healthPort }} - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} - - name: blob - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - args: - - "--v={{ .Values.controller.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}" - - "--drivername={{ .Values.driver.name }}" - - "--cloud-config-secret-name={{ .Values.controller.cloudConfigSecretName }}" - - "--cloud-config-secret-namespace={{ .Values.controller.cloudConfigSecretNamespace }}" - ports: - - containerPort: {{ .Values.controller.livenessProbe.healthPort }} - name: healthz - protocol: TCP - - containerPort: {{ .Values.controller.metricsPort }} - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - {{- end }} - resources: {{- toYaml .Values.controller.resources.blob | nindent 12 }} - - name: csi-resizer - image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.4.0/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v1.4.0/blob-csi-driver/templates/csi-blob-driver.yaml deleted file mode 100755 index a742b506a..000000000 --- a/charts/v1.4.0/blob-csi-driver/templates/csi-blob-driver.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: {{ .Values.driver.name }} -spec: - attachRequired: false - podInfoOnMount: true - {{- if .Values.feature.enableFSGroupPolicy}} - fsGroupPolicy: File - {{- end}} - volumeLifecycleModes: - - Persistent - - Ephemeral diff --git a/charts/v1.4.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v1.4.0/blob-csi-driver/templates/csi-blob-node.yaml deleted file mode 100755 index f95a1fcda..000000000 --- a/charts/v1.4.0/blob-csi-driver/templates/csi-blob-node.yaml +++ /dev/null @@ -1,198 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: {{ .Values.node.name }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - selector: - matchLabels: - app: {{ .Values.node.name }} - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: {{ .Values.node.name }} - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ .Values.serviceAccount.node }} - nodeSelector: - kubernetes.io/os: linux -{{- with .Values.node.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - {{- if .Values.node.affinity }} -{{- toYaml .Values.node.affinity | nindent 8 }} - {{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} -{{- with .Values.node.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: liveness-probe - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port={{ .Values.node.livenessProbe.healthPort }} - - --v=2 - resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} - - name: node-driver-registrar - image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/{{ .Values.driver.name }}-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }} - - name: blob - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - args: - - "--v={{ .Values.node.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" - - "--drivername={{ .Values.driver.name }}" - - "--cloud-config-secret-name={{ .Values.node.cloudConfigSecretName }}" - - "--cloud-config-secret-namespace={{ .Values.node.cloudConfigSecretNamespace }}" - ports: - - containerPort: {{ .Values.node.livenessProbe.healthPort }} - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: {{ .Values.linux.kubelet }}/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - {{- end }} - resources: {{- toYaml .Values.node.resources.blob | nindent 12 }} - volumes: - - hostPath: - path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }} - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: {{ .Values.linux.kubelet }}/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: {{ .Values.linux.kubelet }}/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: {{ .Values.node.blobfuseCachePath }} - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.4.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v1.4.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml deleted file mode 100755 index 575437fb8..000000000 --- a/charts/v1.4.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-external-provisioner-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-csi-provisioner-binding -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Values.rbac.name }}-external-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-external-resizer-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-csi-resizer-role -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Values.rbac.name }}-external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-controller-secret-binding -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-{{ .Values.rbac.name }}-controller-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.4.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v1.4.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml deleted file mode 100755 index b4a30373c..000000000 --- a/charts/v1.4.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.rbac.create -}} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-node-secret-binding -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.node }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-{{ .Values.rbac.name }}-node-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.4.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.4.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml deleted file mode 100755 index 93c5c0149..000000000 --- a/charts/v1.4.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.4.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.4.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml deleted file mode 100755 index ef4c7d754..000000000 --- a/charts/v1.4.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.node }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.4.0/blob-csi-driver/values.yaml b/charts/v1.4.0/blob-csi-driver/values.yaml deleted file mode 100755 index d34fdb367..000000000 --- a/charts/v1.4.0/blob-csi-driver/values.yaml +++ /dev/null @@ -1,148 +0,0 @@ -image: - blob: - repository: mcr.microsoft.com/k8s/csi/blob-csi - tag: v1.4.0 - pullPolicy: IfNotPresent - csiProvisioner: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner - tag: v2.1.0 - pullPolicy: IfNotPresent - livenessProbe: - repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe - tag: v2.3.0 - pullPolicy: IfNotPresent - nodeDriverRegistrar: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar - tag: v2.2.0 - pullPolicy: IfNotPresent - csiResizer: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer - tag: v1.1.0 - pullPolicy: IfNotPresent - -## Reference to one or more secrets to be used when pulling images -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# - name: myRegistryKeySecretName - -serviceAccount: - create: true # When true, service accounts will be created for you. Set to false if you want to use your own. - controller: csi-blob-controller-sa # Name of Service Account to be created or used - node: csi-blob-node-sa # Name of Service Account to be created or used - -rbac: - create: true - name: blob - -controller: - name: csi-blob-controller - cloudConfigSecretName: azure-cloud-provider - cloudConfigSecretNamespace: kube-system - hostNetwork: true # this setting could be disabled if controller does not depend on MSI setting - metricsPort: 29634 - livenessProbe: - healthPort: 29632 - replicas: 2 - runOnMaster: false - logLevel: 5 - resources: - csiProvisioner: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - csiResizer: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Exists" - effect: "NoSchedule" - -node: - name: csi-blob-node - cloudConfigSecretName: azure-cloud-provider - cloudConfigSecretNamespace: kube-system - metricsPort: 29635 - livenessProbe: - healthPort: 29633 - logLevel: 5 - enableBlobfuseProxy: false - blobfuseCachePath: /mnt - resources: - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - nodeDriverRegistrar: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: "2" - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: - - operator: "Exists" - livenessProbe: - healthPort: 29633 - -feature: - enableFSGroupPolicy: false - -driver: - name: blob.csi.azure.com - -linux: - kubelet: /var/lib/kubelet - distro: debian - -cloud: AzurePublicCloud - -## Collection of annotations to add to all the pods -podAnnotations: {} -## Collection of labels to add to all the pods -podLabels: {} -## Leverage a PriorityClass to ensure your pods survive resource shortages -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -priorityClassName: system-cluster-critical -## Security context give the opportunity to run container as nonroot by setting a securityContext -## by example : -## securityContext: { runAsUser: 1001 } -securityContext: {} diff --git a/charts/v1.4.1/blob-csi-driver-v1.4.1.tgz b/charts/v1.4.1/blob-csi-driver-v1.4.1.tgz deleted file mode 100644 index 4f488cd26..000000000 Binary files a/charts/v1.4.1/blob-csi-driver-v1.4.1.tgz and /dev/null differ diff --git a/charts/v1.4.1/blob-csi-driver/Chart.yaml b/charts/v1.4.1/blob-csi-driver/Chart.yaml deleted file mode 100755 index 71b770425..000000000 --- a/charts/v1.4.1/blob-csi-driver/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: v1.4.1 -description: Azure Blob Storage CSI driver -name: blob-csi-driver -version: v1.4.1 diff --git a/charts/v1.4.1/blob-csi-driver/templates/NOTES.txt b/charts/v1.4.1/blob-csi-driver/templates/NOTES.txt deleted file mode 100755 index 9ad135dd4..000000000 --- a/charts/v1.4.1/blob-csi-driver/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -The Azure Blob Storage CSI driver is getting deployed to your cluster. - -To check Azure Blob Storage CSI driver pods status, please run: - - kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch diff --git a/charts/v1.4.1/blob-csi-driver/templates/_helpers.tpl b/charts/v1.4.1/blob-csi-driver/templates/_helpers.tpl deleted file mode 100755 index 5231cd26f..000000000 --- a/charts/v1.4.1/blob-csi-driver/templates/_helpers.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* Expand the name of the chart.*/}} -{{- define "blob.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* labels for helm resources */}} -{{- define "blob.labels" -}} -labels: - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/name: "{{ template "blob.name" . }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- end -}} - -{{/* pull secrets for containers */}} -{{- define "blob.pullSecrets" -}} -{{- if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/v1.4.1/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v1.4.1/blob-csi-driver/templates/csi-blob-controller.yaml deleted file mode 100755 index f01ccf9eb..000000000 --- a/charts/v1.4.1/blob-csi-driver/templates/csi-blob-controller.yaml +++ /dev/null @@ -1,175 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: {{ .Values.controller.name }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - replicas: {{ .Values.controller.replicas }} - selector: - matchLabels: - app: {{ .Values.controller.name }} - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: {{ .Values.controller.name }} - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- with .Values.controller.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: {{ .Values.controller.hostNetwork }} - serviceAccountName: {{ .Values.serviceAccount.controller }} - nodeSelector: - kubernetes.io/os: linux - {{- if .Values.controller.runOnMaster}} - kubernetes.io/role: master - {{- end}} -{{- with .Values.controller.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} -{{- with .Values.controller.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: csi-provisioner - image: {{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }} - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - - "--extra-create-metadata=true" - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} - - name: liveness-probe - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port={{ .Values.controller.livenessProbe.healthPort }} - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} - - name: blob - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - args: - - "--v={{ .Values.controller.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}" - - "--drivername={{ .Values.driver.name }}" - - "--cloud-config-secret-name={{ .Values.controller.cloudConfigSecretName }}" - - "--cloud-config-secret-namespace={{ .Values.controller.cloudConfigSecretNamespace }}" - ports: - - containerPort: {{ .Values.controller.livenessProbe.healthPort }} - name: healthz - protocol: TCP - - containerPort: {{ .Values.controller.metricsPort }} - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - {{- end }} - resources: {{- toYaml .Values.controller.resources.blob | nindent 12 }} - - name: csi-resizer - image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.4.1/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v1.4.1/blob-csi-driver/templates/csi-blob-driver.yaml deleted file mode 100755 index a742b506a..000000000 --- a/charts/v1.4.1/blob-csi-driver/templates/csi-blob-driver.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: {{ .Values.driver.name }} -spec: - attachRequired: false - podInfoOnMount: true - {{- if .Values.feature.enableFSGroupPolicy}} - fsGroupPolicy: File - {{- end}} - volumeLifecycleModes: - - Persistent - - Ephemeral diff --git a/charts/v1.4.1/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v1.4.1/blob-csi-driver/templates/csi-blob-node.yaml deleted file mode 100755 index f95a1fcda..000000000 --- a/charts/v1.4.1/blob-csi-driver/templates/csi-blob-node.yaml +++ /dev/null @@ -1,198 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: {{ .Values.node.name }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - selector: - matchLabels: - app: {{ .Values.node.name }} - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: {{ .Values.node.name }} - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ .Values.serviceAccount.node }} - nodeSelector: - kubernetes.io/os: linux -{{- with .Values.node.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - {{- if .Values.node.affinity }} -{{- toYaml .Values.node.affinity | nindent 8 }} - {{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} -{{- with .Values.node.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: liveness-probe - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port={{ .Values.node.livenessProbe.healthPort }} - - --v=2 - resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} - - name: node-driver-registrar - image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/{{ .Values.driver.name }}-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }} - - name: blob - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - args: - - "--v={{ .Values.node.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" - - "--drivername={{ .Values.driver.name }}" - - "--cloud-config-secret-name={{ .Values.node.cloudConfigSecretName }}" - - "--cloud-config-secret-namespace={{ .Values.node.cloudConfigSecretNamespace }}" - ports: - - containerPort: {{ .Values.node.livenessProbe.healthPort }} - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: {{ .Values.linux.kubelet }}/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - {{- end }} - resources: {{- toYaml .Values.node.resources.blob | nindent 12 }} - volumes: - - hostPath: - path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }} - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: {{ .Values.linux.kubelet }}/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: {{ .Values.linux.kubelet }}/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: {{ .Values.node.blobfuseCachePath }} - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.4.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v1.4.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml deleted file mode 100755 index 575437fb8..000000000 --- a/charts/v1.4.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-external-provisioner-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-csi-provisioner-binding -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Values.rbac.name }}-external-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-external-resizer-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-csi-resizer-role -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Values.rbac.name }}-external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-controller-secret-binding -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-{{ .Values.rbac.name }}-controller-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.4.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v1.4.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml deleted file mode 100755 index b4a30373c..000000000 --- a/charts/v1.4.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.rbac.create -}} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-node-secret-binding -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.node }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-{{ .Values.rbac.name }}-node-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.4.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.4.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml deleted file mode 100755 index 93c5c0149..000000000 --- a/charts/v1.4.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.4.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.4.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml deleted file mode 100755 index ef4c7d754..000000000 --- a/charts/v1.4.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.node }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.4.1/blob-csi-driver/values.yaml b/charts/v1.4.1/blob-csi-driver/values.yaml deleted file mode 100755 index dfdd2a2c0..000000000 --- a/charts/v1.4.1/blob-csi-driver/values.yaml +++ /dev/null @@ -1,148 +0,0 @@ -image: - blob: - repository: mcr.microsoft.com/k8s/csi/blob-csi - tag: v1.4.1 - pullPolicy: IfNotPresent - csiProvisioner: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner - tag: v2.1.0 - pullPolicy: IfNotPresent - livenessProbe: - repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe - tag: v2.3.0 - pullPolicy: IfNotPresent - nodeDriverRegistrar: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar - tag: v2.2.0 - pullPolicy: IfNotPresent - csiResizer: - repository: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer - tag: v1.1.0 - pullPolicy: IfNotPresent - -## Reference to one or more secrets to be used when pulling images -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# - name: myRegistryKeySecretName - -serviceAccount: - create: true # When true, service accounts will be created for you. Set to false if you want to use your own. - controller: csi-blob-controller-sa # Name of Service Account to be created or used - node: csi-blob-node-sa # Name of Service Account to be created or used - -rbac: - create: true - name: blob - -controller: - name: csi-blob-controller - cloudConfigSecretName: azure-cloud-provider - cloudConfigSecretNamespace: kube-system - hostNetwork: true # this setting could be disabled if controller does not depend on MSI setting - metricsPort: 29634 - livenessProbe: - healthPort: 29632 - replicas: 2 - runOnMaster: false - logLevel: 5 - resources: - csiProvisioner: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - csiResizer: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Exists" - effect: "NoSchedule" - -node: - name: csi-blob-node - cloudConfigSecretName: azure-cloud-provider - cloudConfigSecretNamespace: kube-system - metricsPort: 29635 - livenessProbe: - healthPort: 29633 - logLevel: 5 - enableBlobfuseProxy: false - blobfuseCachePath: /mnt - resources: - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - nodeDriverRegistrar: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: "2" - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: - - operator: "Exists" - livenessProbe: - healthPort: 29633 - -feature: - enableFSGroupPolicy: false - -driver: - name: blob.csi.azure.com - -linux: - kubelet: /var/lib/kubelet - distro: debian - -cloud: AzurePublicCloud - -## Collection of annotations to add to all the pods -podAnnotations: {} -## Collection of labels to add to all the pods -podLabels: {} -## Leverage a PriorityClass to ensure your pods survive resource shortages -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -priorityClassName: system-cluster-critical -## Security context give the opportunity to run container as nonroot by setting a securityContext -## by example : -## securityContext: { runAsUser: 1001 } -securityContext: {} diff --git a/charts/v1.5.0/blob-csi-driver-v1.5.0.tgz b/charts/v1.5.0/blob-csi-driver-v1.5.0.tgz deleted file mode 100644 index a23a369b6..000000000 Binary files a/charts/v1.5.0/blob-csi-driver-v1.5.0.tgz and /dev/null differ diff --git a/charts/v1.5.0/blob-csi-driver/Chart.yaml b/charts/v1.5.0/blob-csi-driver/Chart.yaml deleted file mode 100755 index e13229365..000000000 --- a/charts/v1.5.0/blob-csi-driver/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: v1.5.0 -description: Azure Blob Storage CSI driver -name: blob-csi-driver -version: v1.5.0 diff --git a/charts/v1.5.0/blob-csi-driver/templates/NOTES.txt b/charts/v1.5.0/blob-csi-driver/templates/NOTES.txt deleted file mode 100644 index 9ad135dd4..000000000 --- a/charts/v1.5.0/blob-csi-driver/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -The Azure Blob Storage CSI driver is getting deployed to your cluster. - -To check Azure Blob Storage CSI driver pods status, please run: - - kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch diff --git a/charts/v1.5.0/blob-csi-driver/templates/_helpers.tpl b/charts/v1.5.0/blob-csi-driver/templates/_helpers.tpl deleted file mode 100644 index 5231cd26f..000000000 --- a/charts/v1.5.0/blob-csi-driver/templates/_helpers.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* Expand the name of the chart.*/}} -{{- define "blob.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* labels for helm resources */}} -{{- define "blob.labels" -}} -labels: - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/name: "{{ template "blob.name" . }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- end -}} - -{{/* pull secrets for containers */}} -{{- define "blob.pullSecrets" -}} -{{- if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/v1.5.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v1.5.0/blob-csi-driver/templates/csi-blob-controller.yaml deleted file mode 100644 index 25de4d691..000000000 --- a/charts/v1.5.0/blob-csi-driver/templates/csi-blob-controller.yaml +++ /dev/null @@ -1,193 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: {{ .Values.controller.name }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - replicas: {{ .Values.controller.replicas }} - selector: - matchLabels: - app: {{ .Values.controller.name }} - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: {{ .Values.controller.name }} - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- with .Values.controller.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: {{ .Values.controller.hostNetwork }} - serviceAccountName: {{ .Values.serviceAccount.controller }} - nodeSelector: - kubernetes.io/os: linux - {{- if .Values.controller.runOnMaster}} - kubernetes.io/role: master - {{- end}} -{{- with .Values.controller.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} -{{- with .Values.controller.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: csi-provisioner -{{- if hasPrefix "/" .Values.image.csiProvisioner.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}" -{{- else }} - image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}" -{{- end }} - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - - "--extra-create-metadata=true" - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} - - name: liveness-probe -{{- if hasPrefix "/" .Values.image.livenessProbe.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" -{{- else }} - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" -{{- end }} - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port={{ .Values.controller.livenessProbe.healthPort }} - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} - - name: blob -{{- if hasPrefix "/" .Values.image.blob.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- else }} - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- end }} - args: - - "--v={{ .Values.controller.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}" - - "--drivername={{ .Values.driver.name }}" - - "--custom-user-agent={{ .Values.driver.customUserAgent }}" - - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}" - - "--cloud-config-secret-name={{ .Values.controller.cloudConfigSecretName }}" - - "--cloud-config-secret-namespace={{ .Values.controller.cloudConfigSecretNamespace }}" - ports: - - containerPort: {{ .Values.controller.livenessProbe.healthPort }} - name: healthz - protocol: TCP - - containerPort: {{ .Values.controller.metricsPort }} - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - {{- end }} - resources: {{- toYaml .Values.controller.resources.blob | nindent 12 }} - - name: csi-resizer -{{- if hasPrefix "/" .Values.image.csiResizer.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" -{{- else }} - image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" -{{- end }} - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.5.0/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v1.5.0/blob-csi-driver/templates/csi-blob-driver.yaml deleted file mode 100644 index a742b506a..000000000 --- a/charts/v1.5.0/blob-csi-driver/templates/csi-blob-driver.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: {{ .Values.driver.name }} -spec: - attachRequired: false - podInfoOnMount: true - {{- if .Values.feature.enableFSGroupPolicy}} - fsGroupPolicy: File - {{- end}} - volumeLifecycleModes: - - Persistent - - Ephemeral diff --git a/charts/v1.5.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v1.5.0/blob-csi-driver/templates/csi-blob-node.yaml deleted file mode 100644 index 3e57027d3..000000000 --- a/charts/v1.5.0/blob-csi-driver/templates/csi-blob-node.yaml +++ /dev/null @@ -1,216 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: {{ .Values.node.name }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - updateStrategy: - rollingUpdate: - maxUnavailable: {{ .Values.node.maxUnavailable }} - type: RollingUpdate - selector: - matchLabels: - app: {{ .Values.node.name }} - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: {{ .Values.node.name }} - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: true - dnsPolicy: Default - serviceAccountName: {{ .Values.serviceAccount.node }} - nodeSelector: - kubernetes.io/os: linux -{{- with .Values.node.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - {{- if .Values.node.affinity }} -{{- toYaml .Values.node.affinity | nindent 8 }} - {{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} -{{- with .Values.node.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: liveness-probe - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir -{{- if hasPrefix "/" .Values.image.livenessProbe.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" -{{- else }} - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" -{{- end }} - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port={{ .Values.node.livenessProbe.healthPort }} - - --v=2 - resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} - - name: node-driver-registrar -{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" -{{- else }} - image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" -{{- end }} - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/{{ .Values.driver.name }}-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }} - - name: blob -{{- if hasPrefix "/" .Values.image.blob.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- else }} - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- end }} - args: - - "--v={{ .Values.node.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" - - "--drivername={{ .Values.driver.name }}" - - "--cloud-config-secret-name={{ .Values.node.cloudConfigSecretName }}" - - "--cloud-config-secret-namespace={{ .Values.node.cloudConfigSecretNamespace }}" - - "--custom-user-agent={{ .Values.driver.customUserAgent }}" - - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}" - ports: - - containerPort: {{ .Values.node.livenessProbe.healthPort }} - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: {{ .Values.linux.kubelet }}/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - {{- end }} - resources: {{- toYaml .Values.node.resources.blob | nindent 12 }} - volumes: - - hostPath: - path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }} - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: {{ .Values.linux.kubelet }}/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: {{ .Values.linux.kubelet }}/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: {{ .Values.node.blobfuseCachePath }} - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.5.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v1.5.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml deleted file mode 100644 index 575437fb8..000000000 --- a/charts/v1.5.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-external-provisioner-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-csi-provisioner-binding -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Values.rbac.name }}-external-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-external-resizer-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-csi-resizer-role -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Values.rbac.name }}-external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-controller-secret-binding -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-{{ .Values.rbac.name }}-controller-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.5.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v1.5.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml deleted file mode 100644 index b4a30373c..000000000 --- a/charts/v1.5.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.rbac.create -}} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-node-secret-binding -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.node }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-{{ .Values.rbac.name }}-node-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.5.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.5.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml deleted file mode 100644 index 93c5c0149..000000000 --- a/charts/v1.5.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.5.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.5.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml deleted file mode 100644 index ef4c7d754..000000000 --- a/charts/v1.5.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.node }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.5.0/blob-csi-driver/values.yaml b/charts/v1.5.0/blob-csi-driver/values.yaml deleted file mode 100755 index d501f15b1..000000000 --- a/charts/v1.5.0/blob-csi-driver/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -image: - baseRepo: mcr.microsoft.com - blob: - repository: /k8s/csi/blob-csi - tag: v1.5.0 - pullPolicy: IfNotPresent - csiProvisioner: - repository: /oss/kubernetes-csi/csi-provisioner - tag: v2.2.2 - pullPolicy: IfNotPresent - livenessProbe: - repository: /oss/kubernetes-csi/livenessprobe - tag: v2.4.0 - pullPolicy: IfNotPresent - nodeDriverRegistrar: - repository: /oss/kubernetes-csi/csi-node-driver-registrar - tag: v2.3.0 - pullPolicy: IfNotPresent - csiResizer: - repository: /oss/kubernetes-csi/csi-resizer - tag: v1.3.0 - pullPolicy: IfNotPresent - -## Reference to one or more secrets to be used when pulling images -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# - name: myRegistryKeySecretName - -serviceAccount: - create: true # When true, service accounts will be created for you. Set to false if you want to use your own. - controller: csi-blob-controller-sa # Name of Service Account to be created or used - node: csi-blob-node-sa # Name of Service Account to be created or used - -rbac: - create: true - name: blob - -controller: - name: csi-blob-controller - cloudConfigSecretName: azure-cloud-provider - cloudConfigSecretNamespace: kube-system - hostNetwork: true # this setting could be disabled if controller does not depend on MSI setting - metricsPort: 29634 - livenessProbe: - healthPort: 29632 - replicas: 2 - runOnMaster: false - logLevel: 5 - resources: - csiProvisioner: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - csiResizer: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Exists" - effect: "NoSchedule" - -node: - name: csi-blob-node - cloudConfigSecretName: azure-cloud-provider - cloudConfigSecretNamespace: kube-system - maxUnavailable: 1 - metricsPort: 29635 - livenessProbe: - healthPort: 29633 - logLevel: 5 - enableBlobfuseProxy: false - blobfuseCachePath: /mnt - resources: - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - nodeDriverRegistrar: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: "2" - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: - - operator: "Exists" - livenessProbe: - healthPort: 29633 - -feature: - enableFSGroupPolicy: false - -driver: - name: blob.csi.azure.com - customUserAgent: "" - userAgentSuffix: "OSS-helm" - -linux: - kubelet: /var/lib/kubelet - distro: debian - -cloud: AzurePublicCloud - -## Collection of annotations to add to all the pods -podAnnotations: {} -## Collection of labels to add to all the pods -podLabels: {} -## Leverage a PriorityClass to ensure your pods survive resource shortages -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -priorityClassName: system-cluster-critical -## Security context give the opportunity to run container as nonroot by setting a securityContext -## by example : -## securityContext: { runAsUser: 1001 } -securityContext: {} diff --git a/charts/v1.6.0/blob-csi-driver-v1.6.0.tgz b/charts/v1.6.0/blob-csi-driver-v1.6.0.tgz deleted file mode 100644 index 0bf41aaf6..000000000 Binary files a/charts/v1.6.0/blob-csi-driver-v1.6.0.tgz and /dev/null differ diff --git a/charts/v1.6.0/blob-csi-driver/Chart.yaml b/charts/v1.6.0/blob-csi-driver/Chart.yaml deleted file mode 100755 index 4e2744440..000000000 --- a/charts/v1.6.0/blob-csi-driver/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: v1.6.0 -description: Azure Blob Storage CSI driver -name: blob-csi-driver -version: v1.6.0 diff --git a/charts/v1.6.0/blob-csi-driver/templates/NOTES.txt b/charts/v1.6.0/blob-csi-driver/templates/NOTES.txt deleted file mode 100644 index 9ad135dd4..000000000 --- a/charts/v1.6.0/blob-csi-driver/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -The Azure Blob Storage CSI driver is getting deployed to your cluster. - -To check Azure Blob Storage CSI driver pods status, please run: - - kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch diff --git a/charts/v1.6.0/blob-csi-driver/templates/_helpers.tpl b/charts/v1.6.0/blob-csi-driver/templates/_helpers.tpl deleted file mode 100644 index 5231cd26f..000000000 --- a/charts/v1.6.0/blob-csi-driver/templates/_helpers.tpl +++ /dev/null @@ -1,26 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* Expand the name of the chart.*/}} -{{- define "blob.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* labels for helm resources */}} -{{- define "blob.labels" -}} -labels: - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/name: "{{ template "blob.name" . }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- end -}} - -{{/* pull secrets for containers */}} -{{- define "blob.pullSecrets" -}} -{{- if .Values.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- end }} -{{- end -}} \ No newline at end of file diff --git a/charts/v1.6.0/blob-csi-driver/templates/blobfuse-proxy.yaml b/charts/v1.6.0/blob-csi-driver/templates/blobfuse-proxy.yaml deleted file mode 100644 index 5008d9142..000000000 --- a/charts/v1.6.0/blob-csi-driver/templates/blobfuse-proxy.yaml +++ /dev/null @@ -1,88 +0,0 @@ -{{- if .Values.node.enableBlobfuseProxy -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: csi-blobfuse-proxy - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-blobfuse-proxy - template: - metadata: - labels: - app: csi-blobfuse-proxy - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - initContainers: - - name: prepare-binaries - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - command: ['sh', '-c', "cp /blobfuse-proxy/*.deb /tmp/"] - volumeMounts: - - mountPath: /tmp - name: tmp-dir - containers: - - command: - - nsenter - - '--target' - - '1' - - '--mount' - - '--uts' - - '--ipc' - - '--net' - - '--pid' - - '--' - - sh - - '-c' - - | - set -xe - dpkg -i /tmp/packages-microsoft-prod.deb && apt-get install -y blobfuse=1.4.1 - dpkg -i /tmp/blobfuse-proxy.deb - rm -f /tmp/packages-microsoft-prod.deb /tmp/blobfuse-proxy.deb - mkdir -p /var/lib/kubelet/plugins/blob.csi.azure.com - echo "Enabling blobfuse proxy systemctl service" - systemctl enable blobfuse-proxy - systemctl start blobfuse-proxy - echo "set max open file num" - sysctl -w fs.file-max=9000000 - echo "waiting for blobfuse-proxy service to start" - sleep 3s - # tail blobfuse proxy logs - journalctl -u blobfuse-proxy -f - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" - imagePullPolicy: IfNotPresent - name: sysctl-install-blobfuse-proxy - env: - - name: "DEBIAN_FRONTEND" - value: "noninteractive" - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 1Mi - securityContext: - privileged: true - hostNetwork: true - hostPID: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - restartPolicy: Always - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /tmp - type: DirectoryOrCreate - name: tmp-dir -{{ end }} diff --git a/charts/v1.6.0/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v1.6.0/blob-csi-driver/templates/csi-blob-controller.yaml deleted file mode 100644 index 4845f385a..000000000 --- a/charts/v1.6.0/blob-csi-driver/templates/csi-blob-controller.yaml +++ /dev/null @@ -1,187 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: {{ .Values.controller.name }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - replicas: {{ .Values.controller.replicas }} - selector: - matchLabels: - app: {{ .Values.controller.name }} - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: {{ .Values.controller.name }} - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: -{{- with .Values.controller.affinity }} - affinity: -{{ toYaml . | indent 8 }} -{{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: {{ .Values.controller.hostNetwork }} - serviceAccountName: {{ .Values.serviceAccount.controller }} - nodeSelector: - kubernetes.io/os: linux - {{- if .Values.controller.runOnMaster}} - kubernetes.io/role: master - {{- end}} -{{- with .Values.controller.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} -{{- with .Values.controller.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: csi-provisioner -{{- if hasPrefix "/" .Values.image.csiProvisioner.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}" -{{- else }} - image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}" -{{- end }} - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - - "--extra-create-metadata=true" - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} - - name: liveness-probe -{{- if hasPrefix "/" .Values.image.livenessProbe.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" -{{- else }} - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" -{{- end }} - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port={{ .Values.controller.livenessProbe.healthPort }} - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} - - name: blob -{{- if hasPrefix "/" .Values.image.blob.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- else }} - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- end }} - args: - - "--v={{ .Values.controller.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}" - - "--drivername={{ .Values.driver.name }}" - - "--custom-user-agent={{ .Values.driver.customUserAgent }}" - - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}" - - "--cloud-config-secret-name={{ .Values.controller.cloudConfigSecretName }}" - - "--cloud-config-secret-namespace={{ .Values.controller.cloudConfigSecretNamespace }}" - ports: - - containerPort: {{ .Values.controller.livenessProbe.healthPort }} - name: healthz - protocol: TCP - - containerPort: {{ .Values.controller.metricsPort }} - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - {{- end }} - resources: {{- toYaml .Values.controller.resources.blob | nindent 12 }} - - name: csi-resizer -{{- if hasPrefix "/" .Values.image.csiResizer.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" -{{- else }} - image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" -{{- end }} - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }} - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: DirectoryOrCreate - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.6.0/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v1.6.0/blob-csi-driver/templates/csi-blob-driver.yaml deleted file mode 100644 index a742b506a..000000000 --- a/charts/v1.6.0/blob-csi-driver/templates/csi-blob-driver.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: {{ .Values.driver.name }} -spec: - attachRequired: false - podInfoOnMount: true - {{- if .Values.feature.enableFSGroupPolicy}} - fsGroupPolicy: File - {{- end}} - volumeLifecycleModes: - - Persistent - - Ephemeral diff --git a/charts/v1.6.0/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v1.6.0/blob-csi-driver/templates/csi-blob-node.yaml deleted file mode 100644 index 5b3d37147..000000000 --- a/charts/v1.6.0/blob-csi-driver/templates/csi-blob-node.yaml +++ /dev/null @@ -1,218 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: {{ .Values.node.name }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -spec: - updateStrategy: - rollingUpdate: - maxUnavailable: {{ .Values.node.maxUnavailable }} - type: RollingUpdate - selector: - matchLabels: - app: {{ .Values.node.name }} - template: - metadata: -{{ include "blob.labels" . | indent 6 }} - app: {{ .Values.node.name }} - {{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} - {{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: true - dnsPolicy: Default - serviceAccountName: {{ .Values.serviceAccount.node }} - nodeSelector: - kubernetes.io/os: linux -{{- with .Values.node.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - {{- if .Values.node.affinity }} -{{- toYaml .Values.node.affinity | nindent 8 }} - {{- end }} - priorityClassName: {{ .Values.priorityClassName | quote }} -{{- with .Values.node.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} - containers: - - name: liveness-probe - imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} - volumeMounts: - - mountPath: /csi - name: socket-dir -{{- if hasPrefix "/" .Values.image.livenessProbe.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" -{{- else }} - image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" -{{- end }} - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port={{ .Values.node.livenessProbe.healthPort }} - - --v=2 - resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} - - name: node-driver-registrar -{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" -{{- else }} - image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" -{{- end }} - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/{{ .Values.driver.name }}-reg.sock /csi/csi.sock"] - livenessProbe: - exec: - command: - - /csi-node-driver-registrar - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --mode=kubelet-registration-probe - initialDelaySeconds: 30 - timeoutSeconds: 15 - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }} - - name: blob -{{- if hasPrefix "/" .Values.image.blob.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- else }} - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- end }} - args: - - "--v={{ .Values.node.logLevel }}" - - "--endpoint=$(CSI_ENDPOINT)" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" - - "--drivername={{ .Values.driver.name }}" - - "--cloud-config-secret-name={{ .Values.node.cloudConfigSecretName }}" - - "--cloud-config-secret-namespace={{ .Values.node.cloudConfigSecretNamespace }}" - - "--custom-user-agent={{ .Values.driver.customUserAgent }}" - - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}" - ports: - - containerPort: {{ .Values.node.livenessProbe.healthPort }} - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: AZURE_ENVIRONMENT_FILEPATH - value: /etc/kubernetes/azurestackcloud.json - {{- end }} - imagePullPolicy: {{ .Values.image.blob.pullPolicy }} - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: {{ .Values.linux.kubelet }}/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /mnt - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - mountPath: /etc/ssl/certs - readOnly: true - - name: ssl-pki - mountPath: /etc/pki/ca-trust/extracted - readOnly: true - {{- end }} - resources: {{- toYaml .Values.node.resources.blob | nindent 12 }} - volumes: - - hostPath: - path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }} - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: {{ .Values.linux.kubelet }}/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: {{ .Values.linux.kubelet }}/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: DirectoryOrCreate - name: azure-cred - - hostPath: - path: {{ .Values.node.blobfuseCachePath }} - name: blob-cache - {{- if eq .Values.cloud "AzureStackCloud" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - {{- end }} - {{- if eq .Values.linux.distro "fedora" }} - - name: ssl - hostPath: - path: /etc/ssl/certs - - name: ssl-pki - hostPath: - path: /etc/pki/ca-trust/extracted - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{- toYaml .Values.securityContext | nindent 8 }} - {{- end }} diff --git a/charts/v1.6.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v1.6.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml deleted file mode 100644 index 575437fb8..000000000 --- a/charts/v1.6.0/blob-csi-driver/templates/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-external-provisioner-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-csi-provisioner-binding -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Values.rbac.name }}-external-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-external-resizer-role -{{ include "blob.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.rbac.name }}-csi-resizer-role -{{ include "blob.labels" . | indent 2 }} -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Values.rbac.name }}-external-resizer-role - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-controller-secret-binding -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-{{ .Values.rbac.name }}-controller-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.6.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v1.6.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml deleted file mode 100644 index b4a30373c..000000000 --- a/charts/v1.6.0/blob-csi-driver/templates/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.rbac.create -}} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-{{ .Values.rbac.name }}-node-secret-binding -subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.node }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: csi-{{ .Values.rbac.name }}-node-secret-role - apiGroup: rbac.authorization.k8s.io -{{ end }} diff --git a/charts/v1.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml deleted file mode 100644 index 93c5c0149..000000000 --- a/charts/v1.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml deleted file mode 100644 index ef4c7d754..000000000 --- a/charts/v1.6.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.node }} - namespace: {{ .Release.Namespace }} -{{ include "blob.labels" . | indent 2 }} -{{- end -}} diff --git a/charts/v1.6.0/blob-csi-driver/values.yaml b/charts/v1.6.0/blob-csi-driver/values.yaml deleted file mode 100755 index c970b080c..000000000 --- a/charts/v1.6.0/blob-csi-driver/values.yaml +++ /dev/null @@ -1,152 +0,0 @@ -image: - baseRepo: mcr.microsoft.com - blob: - repository: /k8s/csi/blob-csi - tag: v1.6.0 - pullPolicy: IfNotPresent - csiProvisioner: - repository: /oss/kubernetes-csi/csi-provisioner - tag: v2.2.2 - pullPolicy: IfNotPresent - livenessProbe: - repository: /oss/kubernetes-csi/livenessprobe - tag: v2.4.0 - pullPolicy: IfNotPresent - nodeDriverRegistrar: - repository: /oss/kubernetes-csi/csi-node-driver-registrar - tag: v2.3.0 - pullPolicy: IfNotPresent - csiResizer: - repository: /oss/kubernetes-csi/csi-resizer - tag: v1.3.0 - pullPolicy: IfNotPresent - -## Reference to one or more secrets to be used when pulling images -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] -# - name: myRegistryKeySecretName - -serviceAccount: - create: true # When true, service accounts will be created for you. Set to false if you want to use your own. - controller: csi-blob-controller-sa # Name of Service Account to be created or used - node: csi-blob-node-sa # Name of Service Account to be created or used - -rbac: - create: true - name: blob - -controller: - name: csi-blob-controller - cloudConfigSecretName: azure-cloud-provider - cloudConfigSecretNamespace: kube-system - hostNetwork: true # this setting could be disabled if controller does not depend on MSI setting - metricsPort: 29634 - livenessProbe: - healthPort: 29632 - replicas: 2 - runOnMaster: false - logLevel: 5 - resources: - csiProvisioner: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - csiResizer: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Exists" - effect: "NoSchedule" - -node: - name: csi-blob-node - cloudConfigSecretName: azure-cloud-provider - cloudConfigSecretNamespace: kube-system - maxUnavailable: 1 - metricsPort: 29635 - livenessProbe: - healthPort: 29633 - logLevel: 5 - enableBlobfuseProxy: false - blobfuseCachePath: /mnt - resources: - livenessProbe: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - nodeDriverRegistrar: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - blob: - limits: - cpu: "2" - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - affinity: {} - nodeSelector: {} - tolerations: - - operator: "Exists" - livenessProbe: - healthPort: 29633 - -feature: - enableFSGroupPolicy: false - -driver: - name: blob.csi.azure.com - customUserAgent: "" - userAgentSuffix: "OSS-helm" - -linux: - kubelet: /var/lib/kubelet - distro: debian - -cloud: AzurePublicCloud - -## Collection of annotations to add to all the pods -podAnnotations: {} -## Collection of labels to add to all the pods -podLabels: {} -## Leverage a PriorityClass to ensure your pods survive resource shortages -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -priorityClassName: system-cluster-critical -## Security context give the opportunity to run container as nonroot by setting a securityContext -## by example : -## securityContext: { runAsUser: 1001 } -securityContext: {} diff --git a/charts/v1.7.0/blob-csi-driver-v1.7.0.tgz b/charts/v1.7.0/blob-csi-driver-v1.7.0.tgz deleted file mode 100644 index 75e8940cd..000000000 Binary files a/charts/v1.7.0/blob-csi-driver-v1.7.0.tgz and /dev/null differ diff --git a/charts/v1.7.0/blob-csi-driver/Chart.yaml b/charts/v1.7.0/blob-csi-driver/Chart.yaml deleted file mode 100644 index f522d5805..000000000 --- a/charts/v1.7.0/blob-csi-driver/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: v1.7.0 -description: Azure Blob Storage CSI driver -name: blob-csi-driver -version: v1.7.0 diff --git a/charts/v1.7.0/blob-csi-driver/templates/NOTES.txt b/charts/v1.7.0/blob-csi-driver/templates/NOTES.txt deleted file mode 100644 index 9ad135dd4..000000000 --- a/charts/v1.7.0/blob-csi-driver/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -The Azure Blob Storage CSI driver is getting deployed to your cluster. - -To check Azure Blob Storage CSI driver pods status, please run: - - kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch diff --git a/charts/v1.7.0/blob-csi-driver/templates/blobfuse-proxy.yaml b/charts/v1.7.0/blob-csi-driver/templates/blobfuse-proxy.yaml deleted file mode 100644 index 478743d89..000000000 --- a/charts/v1.7.0/blob-csi-driver/templates/blobfuse-proxy.yaml +++ /dev/null @@ -1,114 +0,0 @@ -{{- if .Values.node.enableBlobfuseProxy -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: csi-blobfuse-proxy - namespace: kube-system - labels: - {{- include "blob.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: csi-blobfuse-proxy - template: - metadata: - labels: - app: csi-blobfuse-proxy - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - initContainers: - - name: prepare-binaries -{{- if hasPrefix "/" .Values.image.blob.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- else }} - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- end }} - command: ['sh', '-c', "cp /blobfuse-proxy/*.deb /tmp/"] - volumeMounts: - - mountPath: /tmp - name: tmp-dir - containers: - - command: - - nsenter - - '--target' - - '1' - - '--mount' - - '--uts' - - '--ipc' - - '--net' - - '--pid' - - '--' - - sh - - '-c' - - | - set -xe - INSTALL_BLOBFUSE=${INSTALL_BLOBFUSE:-true} - if (( "${INSTALL_BLOBFUSE}" == "true" )) - then - dpkg -i /tmp/packages-microsoft-prod.deb && apt-get install -y blobfuse=${BLOBFUSE_VERSION} - fi - dpkg -i /tmp/blobfuse-proxy.deb - rm -f /tmp/packages-microsoft-prod.deb /tmp/blobfuse-proxy.deb - mkdir -p /var/lib/kubelet/plugins/blob.csi.azure.com - systemctl enable blobfuse-proxy - systemctl start blobfuse-proxy - - SET_MAX_FILE_NUM=${SET_MAX_OPEN_FILE_NUM:-true} - if (( "${SET_MAX_OPEN_FILE_NUM}" == "true" )) - then - sysctl -w fs.file-max=${MAX_FILE_NUM} - fi - - # "waiting for blobfuse-proxy service to start" - sleep 3s - # tail blobfuse proxy logs - journalctl -u blobfuse-proxy -f -{{- if hasPrefix "/" .Values.image.blob.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- else }} - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- end }} - imagePullPolicy: IfNotPresent - name: sysctl-install-blobfuse-proxy - env: - - name: DEBIAN_FRONTEND - value: "noninteractive" - - name: INSTALL_BLOBFUSE - value: "{{ .Values.node.blobfuseProxy.installBlobfuse }}" - - name: BLOBFUSE_VERSION - value: "{{ .Values.node.blobfuseProxy.blobfuseVersion }}" - - name: SET_MAX_OPEN_FILE_NUM - value: "{{ .Values.node.blobfuseProxy.setMaxOpenFileNum }}" - - name: MAX_FILE_NUM - value: "{{ .Values.node.blobfuseProxy.maxOpenFileNum }}" - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 1Mi - securityContext: - privileged: true - hostNetwork: true - hostPID: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - restartPolicy: Always - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /tmp - type: DirectoryOrCreate - name: tmp-dir -{{ end }} diff --git a/charts/v1.7.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.7.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml deleted file mode 100644 index 9c9fb477b..000000000 --- a/charts/v1.7.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "blob.labels" . | nindent 4 }} -{{- end -}} diff --git a/charts/v1.7.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.7.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml deleted file mode 100644 index e1dc20bd2..000000000 --- a/charts/v1.7.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.node }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "blob.labels" . | nindent 4 }} -{{- end -}} diff --git a/charts/v1.8.0/blob-csi-driver-v1.8.0.tgz b/charts/v1.8.0/blob-csi-driver-v1.8.0.tgz deleted file mode 100644 index 9e2716038..000000000 Binary files a/charts/v1.8.0/blob-csi-driver-v1.8.0.tgz and /dev/null differ diff --git a/charts/v1.8.0/blob-csi-driver/Chart.yaml b/charts/v1.8.0/blob-csi-driver/Chart.yaml deleted file mode 100644 index ac625798a..000000000 --- a/charts/v1.8.0/blob-csi-driver/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: v1.8.0 -description: Azure Blob Storage CSI driver -name: blob-csi-driver -version: v1.8.0 diff --git a/charts/v1.8.0/blob-csi-driver/templates/NOTES.txt b/charts/v1.8.0/blob-csi-driver/templates/NOTES.txt deleted file mode 100644 index 9ad135dd4..000000000 --- a/charts/v1.8.0/blob-csi-driver/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -The Azure Blob Storage CSI driver is getting deployed to your cluster. - -To check Azure Blob Storage CSI driver pods status, please run: - - kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch diff --git a/charts/v1.8.0/blob-csi-driver/templates/blobfuse-proxy.yaml b/charts/v1.8.0/blob-csi-driver/templates/blobfuse-proxy.yaml deleted file mode 100644 index c131d8316..000000000 --- a/charts/v1.8.0/blob-csi-driver/templates/blobfuse-proxy.yaml +++ /dev/null @@ -1,126 +0,0 @@ -{{- if .Values.node.enableBlobfuseProxy -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: csi-blobfuse-proxy - namespace: {{ .Release.Namespace }} - labels: - {{- include "blob.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: csi-blobfuse-proxy - template: - metadata: - labels: - app: csi-blobfuse-proxy - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - initContainers: - - name: prepare-binaries -{{- if hasPrefix "/" .Values.image.blob.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- else }} - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- end }} - command: ['sh', '-c', "cp /blobfuse-proxy/*.deb /tmp/"] - volumeMounts: - - mountPath: /tmp - name: tmp-dir - containers: - - command: - - nsenter - - '--target' - - '1' - - '--mount' - - '--uts' - - '--ipc' - - '--net' - - '--pid' - - '--' - - sh - - '-c' - - | - set -xe - INSTALL_BLOBFUSE=${INSTALL_BLOBFUSE:-true} - if (( "${INSTALL_BLOBFUSE}" == "true" )) - then - dpkg -i /tmp/packages-microsoft-prod.deb && apt update && apt-get install -y blobfuse=${BLOBFUSE_VERSION} - fi - dpkg -i /tmp/blobfuse-proxy.deb - mkdir -p /var/lib/kubelet/plugins/blob.csi.azure.com - systemctl enable blobfuse-proxy - systemctl start blobfuse-proxy - - SET_MAX_FILE_NUM=${SET_MAX_OPEN_FILE_NUM:-true} - if (( "${SET_MAX_OPEN_FILE_NUM}" == "true" )) - then - sysctl -w fs.file-max=${MAX_FILE_NUM} - fi - - updateDBConfigPath="/etc/updatedb.conf" - DISABLE_UPDATEDB=${DISABLE_UPDATEDB:-true} - if (( "${DISABLE_UPDATEDB}" == "true" )) && (( test -f ${updateDBConfigPath} )) - then - echo "before changing ${updateDBConfigPath}:" - cat ${updateDBConfigPath} - sed -i 's/PRUNEPATHS="\/tmp/PRUNEPATHS="\/mnt \/var\/lib\/kubelet \/tmp/g' ${updateDBConfigPath} - sed -i 's/PRUNEFS="NFS/PRUNEFS="fuse blobfuse NFS/g' ${updateDBConfigPath} - echo "after change:" - cat ${updateDBConfigPath} - fi - - # "waiting for blobfuse-proxy service to start" - sleep 3s - # tail blobfuse proxy logs - journalctl -u blobfuse-proxy -f -{{- if hasPrefix "/" .Values.image.blob.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- else }} - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- end }} - imagePullPolicy: IfNotPresent - name: sysctl-install-blobfuse-proxy - env: - - name: DEBIAN_FRONTEND - value: "noninteractive" - - name: INSTALL_BLOBFUSE - value: "{{ .Values.node.blobfuseProxy.installBlobfuse }}" - - name: BLOBFUSE_VERSION - value: "{{ .Values.node.blobfuseProxy.blobfuseVersion }}" - - name: SET_MAX_OPEN_FILE_NUM - value: "{{ .Values.node.blobfuseProxy.setMaxOpenFileNum }}" - - name: MAX_FILE_NUM - value: "{{ .Values.node.blobfuseProxy.maxOpenFileNum }}" - - name: DISABLE_UPDATEDB - value: "{{ .Values.node.blobfuseProxy.disableUpdateDB }}" - resources: - limits: - memory: 200Mi - requests: - cpu: 10m - memory: 1Mi - securityContext: - privileged: true - hostNetwork: true - hostPID: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - restartPolicy: Always - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /tmp - type: DirectoryOrCreate - name: tmp-dir -{{ end }} diff --git a/charts/v1.8.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.8.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml deleted file mode 100644 index 9c9fb477b..000000000 --- a/charts/v1.8.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "blob.labels" . | nindent 4 }} -{{- end -}} diff --git a/charts/v1.8.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.8.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml deleted file mode 100644 index e1dc20bd2..000000000 --- a/charts/v1.8.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.node }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "blob.labels" . | nindent 4 }} -{{- end -}} diff --git a/charts/v1.9.0/blob-csi-driver-v1.9.0.tgz b/charts/v1.9.0/blob-csi-driver-v1.9.0.tgz deleted file mode 100644 index 780358ce3..000000000 Binary files a/charts/v1.9.0/blob-csi-driver-v1.9.0.tgz and /dev/null differ diff --git a/charts/v1.9.0/blob-csi-driver/Chart.yaml b/charts/v1.9.0/blob-csi-driver/Chart.yaml deleted file mode 100644 index 11df3ab96..000000000 --- a/charts/v1.9.0/blob-csi-driver/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: v1.9.0 -description: Azure Blob Storage CSI driver -name: blob-csi-driver -version: v1.9.0 diff --git a/charts/v1.9.0/blob-csi-driver/templates/NOTES.txt b/charts/v1.9.0/blob-csi-driver/templates/NOTES.txt deleted file mode 100644 index 9ad135dd4..000000000 --- a/charts/v1.9.0/blob-csi-driver/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -The Azure Blob Storage CSI driver is getting deployed to your cluster. - -To check Azure Blob Storage CSI driver pods status, please run: - - kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch diff --git a/charts/v1.9.0/blob-csi-driver/templates/blobfuse-proxy.yaml b/charts/v1.9.0/blob-csi-driver/templates/blobfuse-proxy.yaml deleted file mode 100644 index c131d8316..000000000 --- a/charts/v1.9.0/blob-csi-driver/templates/blobfuse-proxy.yaml +++ /dev/null @@ -1,126 +0,0 @@ -{{- if .Values.node.enableBlobfuseProxy -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: csi-blobfuse-proxy - namespace: {{ .Release.Namespace }} - labels: - {{- include "blob.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: csi-blobfuse-proxy - template: - metadata: - labels: - app: csi-blobfuse-proxy - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - initContainers: - - name: prepare-binaries -{{- if hasPrefix "/" .Values.image.blob.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- else }} - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- end }} - command: ['sh', '-c', "cp /blobfuse-proxy/*.deb /tmp/"] - volumeMounts: - - mountPath: /tmp - name: tmp-dir - containers: - - command: - - nsenter - - '--target' - - '1' - - '--mount' - - '--uts' - - '--ipc' - - '--net' - - '--pid' - - '--' - - sh - - '-c' - - | - set -xe - INSTALL_BLOBFUSE=${INSTALL_BLOBFUSE:-true} - if (( "${INSTALL_BLOBFUSE}" == "true" )) - then - dpkg -i /tmp/packages-microsoft-prod.deb && apt update && apt-get install -y blobfuse=${BLOBFUSE_VERSION} - fi - dpkg -i /tmp/blobfuse-proxy.deb - mkdir -p /var/lib/kubelet/plugins/blob.csi.azure.com - systemctl enable blobfuse-proxy - systemctl start blobfuse-proxy - - SET_MAX_FILE_NUM=${SET_MAX_OPEN_FILE_NUM:-true} - if (( "${SET_MAX_OPEN_FILE_NUM}" == "true" )) - then - sysctl -w fs.file-max=${MAX_FILE_NUM} - fi - - updateDBConfigPath="/etc/updatedb.conf" - DISABLE_UPDATEDB=${DISABLE_UPDATEDB:-true} - if (( "${DISABLE_UPDATEDB}" == "true" )) && (( test -f ${updateDBConfigPath} )) - then - echo "before changing ${updateDBConfigPath}:" - cat ${updateDBConfigPath} - sed -i 's/PRUNEPATHS="\/tmp/PRUNEPATHS="\/mnt \/var\/lib\/kubelet \/tmp/g' ${updateDBConfigPath} - sed -i 's/PRUNEFS="NFS/PRUNEFS="fuse blobfuse NFS/g' ${updateDBConfigPath} - echo "after change:" - cat ${updateDBConfigPath} - fi - - # "waiting for blobfuse-proxy service to start" - sleep 3s - # tail blobfuse proxy logs - journalctl -u blobfuse-proxy -f -{{- if hasPrefix "/" .Values.image.blob.repository }} - image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- else }} - image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" -{{- end }} - imagePullPolicy: IfNotPresent - name: sysctl-install-blobfuse-proxy - env: - - name: DEBIAN_FRONTEND - value: "noninteractive" - - name: INSTALL_BLOBFUSE - value: "{{ .Values.node.blobfuseProxy.installBlobfuse }}" - - name: BLOBFUSE_VERSION - value: "{{ .Values.node.blobfuseProxy.blobfuseVersion }}" - - name: SET_MAX_OPEN_FILE_NUM - value: "{{ .Values.node.blobfuseProxy.setMaxOpenFileNum }}" - - name: MAX_FILE_NUM - value: "{{ .Values.node.blobfuseProxy.maxOpenFileNum }}" - - name: DISABLE_UPDATEDB - value: "{{ .Values.node.blobfuseProxy.disableUpdateDB }}" - resources: - limits: - memory: 200Mi - requests: - cpu: 10m - memory: 1Mi - securityContext: - privileged: true - hostNetwork: true - hostPID: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - restartPolicy: Always - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /tmp - type: DirectoryOrCreate - name: tmp-dir -{{ end }} diff --git a/charts/v1.9.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.9.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml deleted file mode 100644 index 9c9fb477b..000000000 --- a/charts/v1.9.0/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.controller }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "blob.labels" . | nindent 4 }} -{{- end -}} diff --git a/charts/v1.9.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.9.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml deleted file mode 100644 index e1dc20bd2..000000000 --- a/charts/v1.9.0/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.serviceAccount.node }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "blob.labels" . | nindent 4 }} -{{- end -}} diff --git a/deploy/v1.0.0/csi-blob-controller.yaml b/deploy/v1.0.0/csi-blob-controller.yaml deleted file mode 100644 index 170185637..000000000 --- a/deploy/v1.0.0/csi-blob-controller.yaml +++ /dev/null @@ -1,140 +0,0 @@ ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-blob-controller - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - app: csi-blob-controller - template: - metadata: - labels: - app: csi-blob-controller - spec: - hostNetwork: true - serviceAccountName: csi-blob-controller-sa - nodeSelector: - kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node - priorityClassName: system-cluster-critical - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Equal" - value: "true" - effect: "NoSchedule" - containers: - - name: csi-provisioner - image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v1.4.0 - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--enable-leader-election" - - "--leader-election-type=leases" - - "--timeout=60s" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: liveness-probe - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.2.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29632 - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.0.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:29634" - ports: - - containerPort: 29632 - name: healthz - protocol: TCP - - containerPort: 29634 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - - name: csi-resizer - image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.1.0 - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings diff --git a/deploy/v1.0.0/csi-blob-driver.yaml b/deploy/v1.0.0/csi-blob-driver.yaml deleted file mode 100644 index 8162afbfb..000000000 --- a/deploy/v1.0.0/csi-blob-driver.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1beta1 -kind: CSIDriver -metadata: - name: blob.csi.azure.com -spec: - attachRequired: false - podInfoOnMount: true diff --git a/deploy/v1.0.0/csi-blob-node.yaml b/deploy/v1.0.0/csi-blob-node.yaml deleted file mode 100644 index e4b7f05e3..000000000 --- a/deploy/v1.0.0/csi-blob-node.yaml +++ /dev/null @@ -1,160 +0,0 @@ ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-blob-node - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-blob-node - template: - metadata: - labels: - app: csi-blob-node - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: csi-blob-node-sa - nodeSelector: - kubernetes.io/os: linux - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - priorityClassName: system-node-critical - tolerations: - - operator: "Exists" - containers: - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.2.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29633 - - --v=2 - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: node-driver-registrar - image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.0.1 - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/blob.csi.azure.com/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.0.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:29635" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP - - containerPort: 29635 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - resources: - limits: - cpu: 2 - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/blob.csi.azure.com - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: /mnt - name: blob-cache ---- diff --git a/deploy/v1.0.0/rbac-csi-blob-controller.yaml b/deploy/v1.0.0/rbac-csi-blob-controller.yaml deleted file mode 100644 index 1844dc0b3..000000000 --- a/deploy/v1.0.0/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,150 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-controller-sa - namespace: kube-system ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-attacher-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-snapshotter-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-snapshotter-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-snapshotter-role - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-role - namespace: kube-system -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-binding - namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-controller-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.0.0/rbac-csi-blob-node.yaml b/deploy/v1.0.0/rbac-csi-blob-node.yaml deleted file mode 100644 index 31de8c59b..000000000 --- a/deploy/v1.0.0/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-node-sa - namespace: kube-system - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-role - namespace: kube-system -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-binding - namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-blob-node-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-node-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.1.0/csi-blob-controller.yaml b/deploy/v1.1.0/csi-blob-controller.yaml deleted file mode 100644 index 69d43568a..000000000 --- a/deploy/v1.1.0/csi-blob-controller.yaml +++ /dev/null @@ -1,143 +0,0 @@ ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-blob-controller - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - app: csi-blob-controller - template: - metadata: - labels: - app: csi-blob-controller - spec: - hostNetwork: true - serviceAccountName: csi-blob-controller-sa - nodeSelector: - kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node - priorityClassName: system-cluster-critical - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Equal" - value: "true" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Equal" - value: "true" - effect: "NoSchedule" - containers: - - name: csi-provisioner - image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v2.1.0 - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - - name: liveness-probe - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.2.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29632 - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.1.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:29634" - ports: - - containerPort: 29632 - name: healthz - protocol: TCP - - containerPort: 29634 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - - name: csi-resizer - image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.1.0 - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings diff --git a/deploy/v1.1.0/csi-blob-driver.yaml b/deploy/v1.1.0/csi-blob-driver.yaml deleted file mode 100644 index 8162afbfb..000000000 --- a/deploy/v1.1.0/csi-blob-driver.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1beta1 -kind: CSIDriver -metadata: - name: blob.csi.azure.com -spec: - attachRequired: false - podInfoOnMount: true diff --git a/deploy/v1.1.0/csi-blob-node.yaml b/deploy/v1.1.0/csi-blob-node.yaml deleted file mode 100644 index 893a38724..000000000 --- a/deploy/v1.1.0/csi-blob-node.yaml +++ /dev/null @@ -1,163 +0,0 @@ ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-blob-node - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-blob-node - template: - metadata: - labels: - app: csi-blob-node - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: csi-blob-node-sa - nodeSelector: - kubernetes.io/os: linux - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - priorityClassName: system-node-critical - tolerations: - - operator: "Exists" - containers: - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.2.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29633 - - --v=2 - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: node-driver-registrar - image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.1.0 - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/blob.csi.azure.com/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.1.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:29635" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP - - containerPort: 29635 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - resources: - limits: - cpu: 2 - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/blob.csi.azure.com - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: /mnt - name: blob-cache ---- diff --git a/deploy/v1.1.0/rbac-csi-blob-controller.yaml b/deploy/v1.1.0/rbac-csi-blob-controller.yaml deleted file mode 100644 index e722f0bc1..000000000 --- a/deploy/v1.1.0/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,148 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-controller-sa - namespace: kube-system ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-provisioner-role - apiGroup: rbac.authorization.k8s.io - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-attacher-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["csi.storage.k8s.io"] - resources: ["csinodeinfos"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-snapshotter-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["create", "get", "list", "watch", "update", "delete"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "list", "watch", "delete"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-snapshotter-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-snapshotter-role - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-controller-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.2.0/csi-blob-controller.yaml b/deploy/v1.2.0/csi-blob-controller.yaml deleted file mode 100644 index 6ffeaddad..000000000 --- a/deploy/v1.2.0/csi-blob-controller.yaml +++ /dev/null @@ -1,144 +0,0 @@ ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-blob-controller - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - app: csi-blob-controller - template: - metadata: - labels: - app: csi-blob-controller - spec: - hostNetwork: true - serviceAccountName: csi-blob-controller-sa - nodeSelector: - kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node - priorityClassName: system-cluster-critical - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Equal" - value: "true" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Equal" - value: "true" - effect: "NoSchedule" - containers: - - name: csi-provisioner - image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v2.1.0 - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - - "--extra-create-metadata=true" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - - name: liveness-probe - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.3.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29632 - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.2.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:29634" - ports: - - containerPort: 29632 - name: healthz - protocol: TCP - - containerPort: 29634 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - - name: csi-resizer - image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.1.0 - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings diff --git a/deploy/v1.2.0/csi-blob-node.yaml b/deploy/v1.2.0/csi-blob-node.yaml deleted file mode 100644 index 4b9125203..000000000 --- a/deploy/v1.2.0/csi-blob-node.yaml +++ /dev/null @@ -1,163 +0,0 @@ ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-blob-node - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-blob-node - template: - metadata: - labels: - app: csi-blob-node - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: csi-blob-node-sa - nodeSelector: - kubernetes.io/os: linux - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - priorityClassName: system-node-critical - tolerations: - - operator: "Exists" - containers: - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.3.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29633 - - --v=2 - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: node-driver-registrar - image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.2.0 - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/blob.csi.azure.com/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.2.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:29635" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP - - containerPort: 29635 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - resources: - limits: - cpu: 2 - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/blob.csi.azure.com - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: /mnt - name: blob-cache ---- diff --git a/deploy/v1.2.0/kustomization.yaml b/deploy/v1.2.0/kustomization.yaml deleted file mode 100644 index 98991889f..000000000 --- a/deploy/v1.2.0/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - csi-blob-controller.yaml - - csi-blob-driver.yaml - - csi-blob-node.yaml - - rbac-csi-blob-controller.yaml - - rbac-csi-blob-node.yaml diff --git a/deploy/v1.7.0/csi-blob-controller.yaml b/deploy/v1.22.6/csi-blob-controller.yaml similarity index 88% rename from deploy/v1.7.0/csi-blob-controller.yaml rename to deploy/v1.22.6/csi-blob-controller.yaml index ff3d3e95e..11b0119da 100644 --- a/deploy/v1.7.0/csi-blob-controller.yaml +++ b/deploy/v1.22.6/csi-blob-controller.yaml @@ -19,6 +19,9 @@ spec: nodeSelector: kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node priorityClassName: system-cluster-critical + securityContext: + seccompProfile: + type: RuntimeDefault tolerations: - key: "node-role.kubernetes.io/master" operator: "Exists" @@ -26,15 +29,21 @@ spec: - key: "node-role.kubernetes.io/controlplane" operator: "Exists" effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" containers: - name: csi-provisioner - image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v2.2.2 + image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v3.5.0 args: - "-v=2" - "--csi-address=$(ADDRESS)" - "--leader-election" + - "--leader-election-namespace=kube-system" - "--timeout=120s" - "--extra-create-metadata=true" + - "--kube-api-qps=50" + - "--kube-api-burst=100" env: - name: ADDRESS value: /csi/csi.sock @@ -43,13 +52,12 @@ spec: name: socket-dir resources: limits: - cpu: 1 memory: 500Mi requests: cpu: 10m memory: 20Mi - name: liveness-probe - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.5.0 + image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 args: - --csi-address=/csi/csi.sock - --probe-timeout=3s @@ -59,13 +67,12 @@ spec: mountPath: /csi resources: limits: - cpu: 1 memory: 100Mi requests: cpu: 10m memory: 20Mi - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.7.0 + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.6 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -103,17 +110,17 @@ spec: name: azure-cred resources: limits: - cpu: 1 memory: 200Mi requests: cpu: 10m memory: 20Mi - name: csi-resizer - image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.3.0 + image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.8.0 args: - "-csi-address=$(ADDRESS)" - "-v=2" - "-leader-election" + - "--leader-election-namespace=kube-system" - '-handle-volume-inuse-error=false' env: - name: ADDRESS @@ -123,7 +130,6 @@ spec: mountPath: /csi resources: limits: - cpu: 1 memory: 500Mi requests: cpu: 10m diff --git a/deploy/v1.2.0/csi-blob-driver.yaml b/deploy/v1.22.6/csi-blob-driver.yaml similarity index 82% rename from deploy/v1.2.0/csi-blob-driver.yaml rename to deploy/v1.22.6/csi-blob-driver.yaml index 7b216feab..d2de725d8 100644 --- a/deploy/v1.2.0/csi-blob-driver.yaml +++ b/deploy/v1.22.6/csi-blob-driver.yaml @@ -6,6 +6,7 @@ metadata: spec: attachRequired: false podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - Ephemeral diff --git a/deploy/v1.9.0/csi-blob-node.yaml b/deploy/v1.22.6/csi-blob-node.yaml similarity index 77% rename from deploy/v1.9.0/csi-blob-node.yaml rename to deploy/v1.22.6/csi-blob-node.yaml index a63d28299..6b4f4961a 100644 --- a/deploy/v1.9.0/csi-blob-node.yaml +++ b/deploy/v1.22.6/csi-blob-node.yaml @@ -18,6 +18,7 @@ spec: app: csi-blob-node spec: hostNetwork: true + hostPID: true dnsPolicy: Default serviceAccountName: csi-blob-node-sa nodeSelector: @@ -32,14 +33,49 @@ spec: values: - virtual-kubelet priorityClassName: system-node-critical + securityContext: + seccompProfile: + type: RuntimeDefault tolerations: - operator: "Exists" + initContainers: + - name: install-blobfuse-proxy + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.6 + imagePullPolicy: IfNotPresent + command: + - "/blobfuse-proxy/init.sh" + securityContext: + privileged: true + env: + - name: DEBIAN_FRONTEND + value: "noninteractive" + - name: INSTALL_BLOBFUSE_PROXY + value: "true" + - name: INSTALL_BLOBFUSE + value: "true" + - name: BLOBFUSE_VERSION + value: "1.4.5" + - name: INSTALL_BLOBFUSE2 + value: "true" + - name: BLOBFUSE2_VERSION + value: "2.0.5" + - name: SET_MAX_OPEN_FILE_NUM + value: "true" + - name: MAX_FILE_NUM + value: "9000000" + - name: DISABLE_UPDATEDB + value: "true" + volumeMounts: + - name: host-usr + mountPath: /host/usr + - name: host-etc + mountPath: /host/etc containers: - name: liveness-probe volumeMounts: - mountPath: /csi name: socket-dir - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.5.0 + image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 args: - --csi-address=/csi/csi.sock - --probe-timeout=3s @@ -52,7 +88,7 @@ spec: cpu: 10m memory: 20Mi - name: node-driver-registrar - image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.4.0 + image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 args: - --csi-address=$(ADDRESS) - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) @@ -82,7 +118,7 @@ spec: cpu: 10m memory: 20Mi - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.9.0 + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.6 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -90,7 +126,6 @@ spec: - "--enable-blobfuse-proxy=false" - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:29635" - "--user-agent-suffix=OSS-kubectl" ports: - containerPort: 29633 @@ -139,6 +174,12 @@ spec: cpu: 10m memory: 20Mi volumes: + - name: host-usr + hostPath: + path: /usr + - name: host-etc + hostPath: + path: /etc - hostPath: path: /var/lib/kubelet/plugins/blob.csi.azure.com type: DirectoryOrCreate diff --git a/deploy/v1.8.0/kustomization.yaml b/deploy/v1.22.6/kustomization.yaml similarity index 100% rename from deploy/v1.8.0/kustomization.yaml rename to deploy/v1.22.6/kustomization.yaml diff --git a/deploy/v1.2.0/rbac-csi-blob-controller.yaml b/deploy/v1.22.6/rbac-csi-blob-controller.yaml similarity index 98% rename from deploy/v1.2.0/rbac-csi-blob-controller.yaml rename to deploy/v1.22.6/rbac-csi-blob-controller.yaml index 0d6058f80..89c2f1f38 100644 --- a/deploy/v1.2.0/rbac-csi-blob-controller.yaml +++ b/deploy/v1.22.6/rbac-csi-blob-controller.yaml @@ -91,7 +91,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "list", "create"] + verbs: ["get", "create"] --- kind: ClusterRoleBinding diff --git a/deploy/v1.4.0/rbac-csi-blob-node.yaml b/deploy/v1.22.6/rbac-csi-blob-node.yaml similarity index 95% rename from deploy/v1.4.0/rbac-csi-blob-node.yaml rename to deploy/v1.22.6/rbac-csi-blob-node.yaml index fe081dba8..ce06d862c 100644 --- a/deploy/v1.4.0/rbac-csi-blob-node.yaml +++ b/deploy/v1.22.6/rbac-csi-blob-node.yaml @@ -13,7 +13,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "list"] + verbs: ["get"] --- kind: ClusterRoleBinding diff --git a/deploy/v1.8.0/csi-blob-controller.yaml b/deploy/v1.23.4/csi-blob-controller.yaml similarity index 86% rename from deploy/v1.8.0/csi-blob-controller.yaml rename to deploy/v1.23.4/csi-blob-controller.yaml index 0da397971..ccc7d8b4f 100644 --- a/deploy/v1.8.0/csi-blob-controller.yaml +++ b/deploy/v1.23.4/csi-blob-controller.yaml @@ -19,6 +19,9 @@ spec: nodeSelector: kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node priorityClassName: system-cluster-critical + securityContext: + seccompProfile: + type: RuntimeDefault tolerations: - key: "node-role.kubernetes.io/master" operator: "Exists" @@ -26,15 +29,22 @@ spec: - key: "node-role.kubernetes.io/controlplane" operator: "Exists" effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" containers: - name: csi-provisioner - image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v2.2.2 + image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v3.5.0 args: - "-v=2" - "--csi-address=$(ADDRESS)" - "--leader-election" - - "--timeout=120s" + - "--leader-election-namespace=kube-system" + - "--timeout=600s" - "--extra-create-metadata=true" + - "--kube-api-qps=50" + - "--kube-api-burst=100" + - "--feature-gates=HonorPVReclaimPolicy=true" env: - name: ADDRESS value: /csi/csi.sock @@ -48,7 +58,7 @@ spec: cpu: 10m memory: 20Mi - name: liveness-probe - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.5.0 + image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 args: - --csi-address=/csi/csi.sock - --probe-timeout=3s @@ -63,7 +73,7 @@ spec: cpu: 10m memory: 20Mi - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.8.0 + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.23.4 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -106,11 +116,12 @@ spec: cpu: 10m memory: 20Mi - name: csi-resizer - image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.3.0 + image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.8.0 args: - "-csi-address=$(ADDRESS)" - "-v=2" - "-leader-election" + - "--leader-election-namespace=kube-system" - '-handle-volume-inuse-error=false' env: - name: ADDRESS diff --git a/charts/v1.2.0/blob-csi-driver/templates/csi-blob-driver.yaml b/deploy/v1.23.4/csi-blob-driver.yaml old mode 100755 new mode 100644 similarity index 82% rename from charts/v1.2.0/blob-csi-driver/templates/csi-blob-driver.yaml rename to deploy/v1.23.4/csi-blob-driver.yaml index 7b216feab..d2de725d8 --- a/charts/v1.2.0/blob-csi-driver/templates/csi-blob-driver.yaml +++ b/deploy/v1.23.4/csi-blob-driver.yaml @@ -6,6 +6,7 @@ metadata: spec: attachRequired: false podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - Ephemeral diff --git a/deploy/v1.6.0/csi-blob-node.yaml b/deploy/v1.23.4/csi-blob-node.yaml similarity index 75% rename from deploy/v1.6.0/csi-blob-node.yaml rename to deploy/v1.23.4/csi-blob-node.yaml index 278fdedc4..af1d71979 100644 --- a/deploy/v1.6.0/csi-blob-node.yaml +++ b/deploy/v1.23.4/csi-blob-node.yaml @@ -18,6 +18,7 @@ spec: app: csi-blob-node spec: hostNetwork: true + hostPID: true dnsPolicy: Default serviceAccountName: csi-blob-node-sa nodeSelector: @@ -32,14 +33,51 @@ spec: values: - virtual-kubelet priorityClassName: system-node-critical + securityContext: + seccompProfile: + type: RuntimeDefault tolerations: - operator: "Exists" + initContainers: + - name: install-blobfuse-proxy + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.23.4 + imagePullPolicy: IfNotPresent + command: + - "/blobfuse-proxy/init.sh" + securityContext: + privileged: true + env: + - name: DEBIAN_FRONTEND + value: "noninteractive" + - name: INSTALL_BLOBFUSE_PROXY + value: "true" + - name: INSTALL_BLOBFUSE + value: "true" + - name: BLOBFUSE_VERSION + value: "1.4.5" + - name: INSTALL_BLOBFUSE2 + value: "true" + - name: BLOBFUSE2_VERSION + value: "2.1.2" + - name: SET_MAX_OPEN_FILE_NUM + value: "true" + - name: MAX_FILE_NUM + value: "9000000" + - name: DISABLE_UPDATEDB + value: "true" + volumeMounts: + - name: host-usr + mountPath: /host/usr + - name: host-usr-local + mountPath: /host/usr/local + - name: host-etc + mountPath: /host/etc containers: - name: liveness-probe volumeMounts: - mountPath: /csi name: socket-dir - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.4.0 + image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.10.0 args: - --csi-address=/csi/csi.sock - --probe-timeout=3s @@ -47,21 +85,16 @@ spec: - --v=2 resources: limits: - cpu: 100m memory: 100Mi requests: cpu: 10m memory: 20Mi - name: node-driver-registrar - image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.3.0 + image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.8.0 args: - --csi-address=$(ADDRESS) - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] livenessProbe: exec: command: @@ -82,13 +115,12 @@ spec: mountPath: /registration resources: limits: - cpu: 100m memory: 100Mi requests: cpu: 10m memory: 20Mi - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.6.0 + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.23.4 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -96,7 +128,6 @@ spec: - "--enable-blobfuse-proxy=false" - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:29635" - "--user-agent-suffix=OSS-kubectl" ports: - containerPort: 29633 @@ -140,12 +171,20 @@ spec: name: blob-cache resources: limits: - cpu: 2 memory: 2100Mi requests: cpu: 10m memory: 20Mi volumes: + - name: host-usr + hostPath: + path: /usr + - name: host-usr-local + hostPath: + path: /usr/local + - name: host-etc + hostPath: + path: /etc - hostPath: path: /var/lib/kubelet/plugins/blob.csi.azure.com type: DirectoryOrCreate diff --git a/deploy/v1.9.0/kustomization.yaml b/deploy/v1.23.4/kustomization.yaml similarity index 100% rename from deploy/v1.9.0/kustomization.yaml rename to deploy/v1.23.4/kustomization.yaml diff --git a/deploy/v1.3.0/rbac-csi-blob-controller.yaml b/deploy/v1.23.4/rbac-csi-blob-controller.yaml similarity index 98% rename from deploy/v1.3.0/rbac-csi-blob-controller.yaml rename to deploy/v1.23.4/rbac-csi-blob-controller.yaml index 0d6058f80..89c2f1f38 100644 --- a/deploy/v1.3.0/rbac-csi-blob-controller.yaml +++ b/deploy/v1.23.4/rbac-csi-blob-controller.yaml @@ -91,7 +91,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "list", "create"] + verbs: ["get", "create"] --- kind: ClusterRoleBinding diff --git a/deploy/v1.1.0/rbac-csi-blob-node.yaml b/deploy/v1.23.4/rbac-csi-blob-node.yaml similarity index 95% rename from deploy/v1.1.0/rbac-csi-blob-node.yaml rename to deploy/v1.23.4/rbac-csi-blob-node.yaml index fe081dba8..ce06d862c 100644 --- a/deploy/v1.1.0/rbac-csi-blob-node.yaml +++ b/deploy/v1.23.4/rbac-csi-blob-node.yaml @@ -13,7 +13,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "list"] + verbs: ["get"] --- kind: ClusterRoleBinding diff --git a/deploy/v1.9.0/csi-blob-controller.yaml b/deploy/v1.24.1/csi-blob-controller.yaml similarity index 84% rename from deploy/v1.9.0/csi-blob-controller.yaml rename to deploy/v1.24.1/csi-blob-controller.yaml index 389a43333..0aeaad31a 100644 --- a/deploy/v1.9.0/csi-blob-controller.yaml +++ b/deploy/v1.24.1/csi-blob-controller.yaml @@ -19,6 +19,9 @@ spec: nodeSelector: kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node priorityClassName: system-cluster-critical + securityContext: + seccompProfile: + type: RuntimeDefault tolerations: - key: "node-role.kubernetes.io/master" operator: "Exists" @@ -26,15 +29,22 @@ spec: - key: "node-role.kubernetes.io/controlplane" operator: "Exists" effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" containers: - name: csi-provisioner - image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v3.1.0 + image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v4.0.0 args: - "-v=2" - "--csi-address=$(ADDRESS)" - "--leader-election" - - "--timeout=120s" + - "--leader-election-namespace=kube-system" + - "--timeout=1200s" - "--extra-create-metadata=true" + - "--kube-api-qps=50" + - "--kube-api-burst=100" + - "--feature-gates=HonorPVReclaimPolicy=true" env: - name: ADDRESS value: /csi/csi.sock @@ -48,11 +58,11 @@ spec: cpu: 10m memory: 20Mi - name: liveness-probe - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.5.0 + image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.12.0 args: - --csi-address=/csi/csi.sock - --probe-timeout=3s - - --health-port=29632 + - --http-endpoint=localhost:29632 volumeMounts: - name: socket-dir mountPath: /csi @@ -63,7 +73,7 @@ spec: cpu: 10m memory: 20Mi - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.9.0 + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.24.1 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -71,17 +81,15 @@ spec: - "--metrics-address=0.0.0.0:29634" - "--user-agent-suffix=OSS-kubectl" ports: - - containerPort: 29632 - name: healthz - protocol: TCP - containerPort: 29634 name: metrics protocol: TCP livenessProbe: failureThreshold: 5 httpGet: + host: localhost path: /healthz - port: healthz + port: 29632 initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 @@ -106,11 +114,12 @@ spec: cpu: 10m memory: 20Mi - name: csi-resizer - image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.4.0 + image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.9.3 args: - "-csi-address=$(ADDRESS)" - "-v=2" - "-leader-election" + - "--leader-election-namespace=kube-system" - '-handle-volume-inuse-error=false' env: - name: ADDRESS diff --git a/deploy/v1.4.0/csi-blob-driver.yaml b/deploy/v1.24.1/csi-blob-driver.yaml similarity index 82% rename from deploy/v1.4.0/csi-blob-driver.yaml rename to deploy/v1.24.1/csi-blob-driver.yaml index 7b216feab..d2de725d8 100644 --- a/deploy/v1.4.0/csi-blob-driver.yaml +++ b/deploy/v1.24.1/csi-blob-driver.yaml @@ -6,6 +6,7 @@ metadata: spec: attachRequired: false podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType volumeLifecycleModes: - Persistent - Ephemeral diff --git a/deploy/v1.7.0/csi-blob-node.yaml b/deploy/v1.24.1/csi-blob-node.yaml similarity index 63% rename from deploy/v1.7.0/csi-blob-node.yaml rename to deploy/v1.24.1/csi-blob-node.yaml index 754803880..d6760a23f 100644 --- a/deploy/v1.7.0/csi-blob-node.yaml +++ b/deploy/v1.24.1/csi-blob-node.yaml @@ -18,6 +18,7 @@ spec: app: csi-blob-node spec: hostNetwork: true + hostPID: true dnsPolicy: Default serviceAccountName: csi-blob-node-sa nodeSelector: @@ -32,14 +33,51 @@ spec: values: - virtual-kubelet priorityClassName: system-node-critical + securityContext: + seccompProfile: + type: RuntimeDefault tolerations: - operator: "Exists" + initContainers: + - name: install-blobfuse-proxy + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.24.1 + imagePullPolicy: IfNotPresent + command: + - "/blobfuse-proxy/init.sh" + securityContext: + privileged: true + env: + - name: DEBIAN_FRONTEND + value: "noninteractive" + - name: INSTALL_BLOBFUSE_PROXY + value: "true" + - name: INSTALL_BLOBFUSE + value: "true" + - name: BLOBFUSE_VERSION + value: "1.4.5" + - name: INSTALL_BLOBFUSE2 + value: "true" + - name: BLOBFUSE2_VERSION + value: "2.2.0" + - name: SET_MAX_OPEN_FILE_NUM + value: "true" + - name: MAX_FILE_NUM + value: "9000000" + - name: DISABLE_UPDATEDB + value: "true" + volumeMounts: + - name: host-usr + mountPath: /host/usr + - name: host-usr-local + mountPath: /host/usr/local + - name: host-etc + mountPath: /host/etc containers: - name: liveness-probe volumeMounts: - mountPath: /csi name: socket-dir - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.5.0 + image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.12.0 args: - --csi-address=/csi/csi.sock - --probe-timeout=3s @@ -47,13 +85,12 @@ spec: - --v=2 resources: limits: - cpu: 1 memory: 100Mi requests: cpu: 10m memory: 20Mi - name: node-driver-registrar - image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.4.0 + image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.10.0 args: - --csi-address=$(ADDRESS) - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) @@ -78,13 +115,12 @@ spec: mountPath: /registration resources: limits: - cpu: 1 memory: 100Mi requests: cpu: 10m memory: 20Mi - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.7.0 + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.24.1 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -92,17 +128,15 @@ spec: - "--enable-blobfuse-proxy=false" - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:29635" - "--user-agent-suffix=OSS-kubectl" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP + - "--metrics-address=0.0.0.0:29635" + - "--enable-aznfs-mount=true" livenessProbe: failureThreshold: 5 httpGet: + host: localhost path: /healthz - port: healthz + port: 29633 initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 @@ -134,14 +168,46 @@ spec: name: azure-cred - mountPath: /mnt name: blob-cache + - mountPath: /opt/microsoft/aznfs/data + name: aznfs-data + - mountPath: /lib/modules + name: lib-modules + readOnly: true resources: limits: - cpu: 2 memory: 2100Mi requests: cpu: 10m memory: 20Mi + - name: aznfswatchdog + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.24.1 + command: + - "aznfswatchdog" + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + resources: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + volumeMounts: + - mountPath: /opt/microsoft/aznfs/data + name: aznfs-data + - mountPath: /var/lib/kubelet/ + mountPropagation: Bidirectional + name: mountpoint-dir volumes: + - name: host-usr + hostPath: + path: /usr + - name: host-usr-local + hostPath: + path: /usr/local + - name: host-etc + hostPath: + path: /etc - hostPath: path: /var/lib/kubelet/plugins/blob.csi.azure.com type: DirectoryOrCreate @@ -162,4 +228,12 @@ spec: path: /mnt type: DirectoryOrCreate name: blob-cache + - hostPath: + path: /opt/microsoft/aznfs/data + type: DirectoryOrCreate + name: aznfs-data + - name: lib-modules + hostPath: + path: /lib/modules + type: DirectoryOrCreate --- diff --git a/deploy/v1.1.0/kustomization.yaml b/deploy/v1.24.1/kustomization.yaml similarity index 90% rename from deploy/v1.1.0/kustomization.yaml rename to deploy/v1.24.1/kustomization.yaml index 98991889f..8b7f5fcac 100644 --- a/deploy/v1.1.0/kustomization.yaml +++ b/deploy/v1.24.1/kustomization.yaml @@ -7,3 +7,4 @@ resources: - csi-blob-node.yaml - rbac-csi-blob-controller.yaml - rbac-csi-blob-node.yaml + - blobfuse-proxy.yaml diff --git a/deploy/v1.4.0/rbac-csi-blob-controller.yaml b/deploy/v1.24.1/rbac-csi-blob-controller.yaml similarity index 98% rename from deploy/v1.4.0/rbac-csi-blob-controller.yaml rename to deploy/v1.24.1/rbac-csi-blob-controller.yaml index 0d6058f80..89c2f1f38 100644 --- a/deploy/v1.4.0/rbac-csi-blob-controller.yaml +++ b/deploy/v1.24.1/rbac-csi-blob-controller.yaml @@ -91,7 +91,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "list", "create"] + verbs: ["get", "create"] --- kind: ClusterRoleBinding diff --git a/deploy/v1.2.0/rbac-csi-blob-node.yaml b/deploy/v1.24.1/rbac-csi-blob-node.yaml similarity index 95% rename from deploy/v1.2.0/rbac-csi-blob-node.yaml rename to deploy/v1.24.1/rbac-csi-blob-node.yaml index fe081dba8..ce06d862c 100644 --- a/deploy/v1.2.0/rbac-csi-blob-node.yaml +++ b/deploy/v1.24.1/rbac-csi-blob-node.yaml @@ -13,7 +13,7 @@ metadata: rules: - apiGroups: [""] resources: ["secrets"] - verbs: ["get", "list"] + verbs: ["get"] --- kind: ClusterRoleBinding diff --git a/deploy/v1.3.0/csi-blob-controller.yaml b/deploy/v1.3.0/csi-blob-controller.yaml deleted file mode 100644 index 2c75d1877..000000000 --- a/deploy/v1.3.0/csi-blob-controller.yaml +++ /dev/null @@ -1,144 +0,0 @@ ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-blob-controller - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - app: csi-blob-controller - template: - metadata: - labels: - app: csi-blob-controller - spec: - hostNetwork: true - serviceAccountName: csi-blob-controller-sa - nodeSelector: - kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node - priorityClassName: system-cluster-critical - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Equal" - value: "true" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Equal" - value: "true" - effect: "NoSchedule" - containers: - - name: csi-provisioner - image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v2.1.0 - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - - "--extra-create-metadata=true" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - - name: liveness-probe - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.3.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29632 - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.3.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:29634" - ports: - - containerPort: 29632 - name: healthz - protocol: TCP - - containerPort: 29634 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - - name: csi-resizer - image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.1.0 - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings diff --git a/deploy/v1.3.0/csi-blob-driver.yaml b/deploy/v1.3.0/csi-blob-driver.yaml deleted file mode 100644 index 7b216feab..000000000 --- a/deploy/v1.3.0/csi-blob-driver.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: blob.csi.azure.com -spec: - attachRequired: false - podInfoOnMount: true - volumeLifecycleModes: - - Persistent - - Ephemeral diff --git a/deploy/v1.3.0/csi-blob-node.yaml b/deploy/v1.3.0/csi-blob-node.yaml deleted file mode 100644 index 0b8fb6f6c..000000000 --- a/deploy/v1.3.0/csi-blob-node.yaml +++ /dev/null @@ -1,163 +0,0 @@ ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-blob-node - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-blob-node - template: - metadata: - labels: - app: csi-blob-node - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: csi-blob-node-sa - nodeSelector: - kubernetes.io/os: linux - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - priorityClassName: system-node-critical - tolerations: - - operator: "Exists" - containers: - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.3.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29633 - - --v=2 - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: node-driver-registrar - image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.2.0 - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/blob.csi.azure.com/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.3.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:29635" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP - - containerPort: 29635 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - resources: - limits: - cpu: 2 - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/blob.csi.azure.com - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: /mnt - name: blob-cache ---- diff --git a/deploy/v1.3.0/kustomization.yaml b/deploy/v1.3.0/kustomization.yaml deleted file mode 100644 index 98991889f..000000000 --- a/deploy/v1.3.0/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - csi-blob-controller.yaml - - csi-blob-driver.yaml - - csi-blob-node.yaml - - rbac-csi-blob-controller.yaml - - rbac-csi-blob-node.yaml diff --git a/deploy/v1.3.0/rbac-csi-blob-node.yaml b/deploy/v1.3.0/rbac-csi-blob-node.yaml deleted file mode 100644 index fe081dba8..000000000 --- a/deploy/v1.3.0/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-node-sa - namespace: kube-system - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-node-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-node-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.4.0/csi-blob-controller.yaml b/deploy/v1.4.0/csi-blob-controller.yaml deleted file mode 100644 index 797712575..000000000 --- a/deploy/v1.4.0/csi-blob-controller.yaml +++ /dev/null @@ -1,142 +0,0 @@ ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-blob-controller - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - app: csi-blob-controller - template: - metadata: - labels: - app: csi-blob-controller - spec: - hostNetwork: true - serviceAccountName: csi-blob-controller-sa - nodeSelector: - kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node - priorityClassName: system-cluster-critical - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Exists" - effect: "NoSchedule" - containers: - - name: csi-provisioner - image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v2.1.0 - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - - "--extra-create-metadata=true" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - - name: liveness-probe - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.3.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29632 - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.4.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:29634" - ports: - - containerPort: 29632 - name: healthz - protocol: TCP - - containerPort: 29634 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - - name: csi-resizer - image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.1.0 - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings diff --git a/deploy/v1.4.0/csi-blob-node.yaml b/deploy/v1.4.0/csi-blob-node.yaml deleted file mode 100644 index 7470873a5..000000000 --- a/deploy/v1.4.0/csi-blob-node.yaml +++ /dev/null @@ -1,160 +0,0 @@ ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-blob-node - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-blob-node - template: - metadata: - labels: - app: csi-blob-node - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: csi-blob-node-sa - nodeSelector: - kubernetes.io/os: linux - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - priorityClassName: system-node-critical - tolerations: - - operator: "Exists" - containers: - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.3.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29633 - - --v=2 - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: node-driver-registrar - image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.2.0 - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/blob.csi.azure.com/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.4.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:29635" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - resources: - limits: - cpu: 2 - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/blob.csi.azure.com - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: /mnt - name: blob-cache ---- diff --git a/deploy/v1.4.0/kustomization.yaml b/deploy/v1.4.0/kustomization.yaml deleted file mode 100644 index 98991889f..000000000 --- a/deploy/v1.4.0/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - csi-blob-controller.yaml - - csi-blob-driver.yaml - - csi-blob-node.yaml - - rbac-csi-blob-controller.yaml - - rbac-csi-blob-node.yaml diff --git a/deploy/v1.4.1/csi-blob-controller.yaml b/deploy/v1.4.1/csi-blob-controller.yaml deleted file mode 100644 index 0f055dc6e..000000000 --- a/deploy/v1.4.1/csi-blob-controller.yaml +++ /dev/null @@ -1,142 +0,0 @@ ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-blob-controller - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - app: csi-blob-controller - template: - metadata: - labels: - app: csi-blob-controller - spec: - hostNetwork: true - serviceAccountName: csi-blob-controller-sa - nodeSelector: - kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node - priorityClassName: system-cluster-critical - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Exists" - effect: "NoSchedule" - containers: - - name: csi-provisioner - image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v2.1.0 - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - - "--extra-create-metadata=true" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - - name: liveness-probe - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.3.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29632 - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.4.1 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:29634" - ports: - - containerPort: 29632 - name: healthz - protocol: TCP - - containerPort: 29634 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - - name: csi-resizer - image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.1.0 - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings diff --git a/deploy/v1.4.1/csi-blob-driver.yaml b/deploy/v1.4.1/csi-blob-driver.yaml deleted file mode 100644 index 7b216feab..000000000 --- a/deploy/v1.4.1/csi-blob-driver.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: blob.csi.azure.com -spec: - attachRequired: false - podInfoOnMount: true - volumeLifecycleModes: - - Persistent - - Ephemeral diff --git a/deploy/v1.4.1/csi-blob-node.yaml b/deploy/v1.4.1/csi-blob-node.yaml deleted file mode 100644 index ca370521d..000000000 --- a/deploy/v1.4.1/csi-blob-node.yaml +++ /dev/null @@ -1,160 +0,0 @@ ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-blob-node - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-blob-node - template: - metadata: - labels: - app: csi-blob-node - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: csi-blob-node-sa - nodeSelector: - kubernetes.io/os: linux - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - priorityClassName: system-node-critical - tolerations: - - operator: "Exists" - containers: - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.3.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29633 - - --v=2 - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: node-driver-registrar - image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.2.0 - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/blob.csi.azure.com/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.4.1 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:29635" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - resources: - limits: - cpu: 2 - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/blob.csi.azure.com - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: /mnt - name: blob-cache ---- diff --git a/deploy/v1.4.1/kustomization.yaml b/deploy/v1.4.1/kustomization.yaml deleted file mode 100644 index 98991889f..000000000 --- a/deploy/v1.4.1/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - csi-blob-controller.yaml - - csi-blob-driver.yaml - - csi-blob-node.yaml - - rbac-csi-blob-controller.yaml - - rbac-csi-blob-node.yaml diff --git a/deploy/v1.4.1/rbac-csi-blob-controller.yaml b/deploy/v1.4.1/rbac-csi-blob-controller.yaml deleted file mode 100644 index 0d6058f80..000000000 --- a/deploy/v1.4.1/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,108 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-controller-sa - namespace: kube-system ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-provisioner-role - apiGroup: rbac.authorization.k8s.io ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-resizer-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-resizer-role -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-resizer-role - apiGroup: rbac.authorization.k8s.io ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-controller-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.4.1/rbac-csi-blob-node.yaml b/deploy/v1.4.1/rbac-csi-blob-node.yaml deleted file mode 100644 index fe081dba8..000000000 --- a/deploy/v1.4.1/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-node-sa - namespace: kube-system - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-node-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-node-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.5.0/csi-blob-controller.yaml b/deploy/v1.5.0/csi-blob-controller.yaml deleted file mode 100644 index 1149d9951..000000000 --- a/deploy/v1.5.0/csi-blob-controller.yaml +++ /dev/null @@ -1,143 +0,0 @@ ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-blob-controller - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - app: csi-blob-controller - template: - metadata: - labels: - app: csi-blob-controller - spec: - hostNetwork: true - serviceAccountName: csi-blob-controller-sa - nodeSelector: - kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node - priorityClassName: system-cluster-critical - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Exists" - effect: "NoSchedule" - containers: - - name: csi-provisioner - image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v2.2.2 - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - - "--extra-create-metadata=true" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - - name: liveness-probe - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.4.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29632 - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.5.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:29634" - - "--user-agent-suffix=OSS-kubectl" - ports: - - containerPort: 29632 - name: healthz - protocol: TCP - - containerPort: 29634 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - - name: csi-resizer - image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.3.0 - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: Directory - - name: msi - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings diff --git a/deploy/v1.5.0/csi-blob-driver.yaml b/deploy/v1.5.0/csi-blob-driver.yaml deleted file mode 100644 index 7b216feab..000000000 --- a/deploy/v1.5.0/csi-blob-driver.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: blob.csi.azure.com -spec: - attachRequired: false - podInfoOnMount: true - volumeLifecycleModes: - - Persistent - - Ephemeral diff --git a/deploy/v1.5.0/csi-blob-node.yaml b/deploy/v1.5.0/csi-blob-node.yaml deleted file mode 100644 index 52c834b23..000000000 --- a/deploy/v1.5.0/csi-blob-node.yaml +++ /dev/null @@ -1,166 +0,0 @@ ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-blob-node - namespace: kube-system -spec: - updateStrategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: csi-blob-node - template: - metadata: - labels: - app: csi-blob-node - spec: - hostNetwork: true - dnsPolicy: Default - serviceAccountName: csi-blob-node-sa - nodeSelector: - kubernetes.io/os: linux - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - priorityClassName: system-node-critical - tolerations: - - operator: "Exists" - containers: - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.4.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29633 - - --v=2 - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: node-driver-registrar - image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.3.0 - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/blob.csi.azure.com-reg.sock /csi/csi.sock"] - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/blob.csi.azure.com/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.5.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--enable-blobfuse-proxy=false" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:29635" - - "--user-agent-suffix=OSS-kubectl" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /var/lib/waagent/ManagedIdentity-Settings - readOnly: true - name: msi - - mountPath: /mnt - name: blob-cache - resources: - limits: - cpu: 2 - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/blob.csi.azure.com - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: Directory - name: azure-cred - - hostPath: - path: /var/lib/waagent/ManagedIdentity-Settings - name: msi - - hostPath: - path: /mnt - name: blob-cache ---- diff --git a/deploy/v1.5.0/kustomization.yaml b/deploy/v1.5.0/kustomization.yaml deleted file mode 100644 index 98991889f..000000000 --- a/deploy/v1.5.0/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - csi-blob-controller.yaml - - csi-blob-driver.yaml - - csi-blob-node.yaml - - rbac-csi-blob-controller.yaml - - rbac-csi-blob-node.yaml diff --git a/deploy/v1.5.0/rbac-csi-blob-controller.yaml b/deploy/v1.5.0/rbac-csi-blob-controller.yaml deleted file mode 100644 index 0d6058f80..000000000 --- a/deploy/v1.5.0/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,108 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-controller-sa - namespace: kube-system ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-provisioner-role - apiGroup: rbac.authorization.k8s.io ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-resizer-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-resizer-role -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-resizer-role - apiGroup: rbac.authorization.k8s.io ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-controller-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.5.0/rbac-csi-blob-node.yaml b/deploy/v1.5.0/rbac-csi-blob-node.yaml deleted file mode 100644 index fe081dba8..000000000 --- a/deploy/v1.5.0/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-node-sa - namespace: kube-system - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-node-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-node-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.6.0/blobfuse-proxy.yaml b/deploy/v1.6.0/blobfuse-proxy.yaml deleted file mode 100644 index 2dae53ae9..000000000 --- a/deploy/v1.6.0/blobfuse-proxy.yaml +++ /dev/null @@ -1,87 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: csi-blobfuse-proxy - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-blobfuse-proxy - template: - metadata: - labels: - app: csi-blobfuse-proxy - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - initContainers: - - name: prepare-binaries - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.6.0 - command: ['sh', '-c', "cp /blobfuse-proxy/*.deb /tmp/"] - volumeMounts: - - mountPath: /tmp - name: tmp-dir - containers: - - command: - - nsenter - - '--target' - - '1' - - '--mount' - - '--uts' - - '--ipc' - - '--net' - - '--pid' - - '--' - - sh - - '-c' - - | - set -xe - dpkg -i /tmp/packages-microsoft-prod.deb && apt-get install -y blobfuse=1.4.1 - dpkg -i /tmp/blobfuse-proxy.deb - rm -f /tmp/packages-microsoft-prod.deb /tmp/blobfuse-proxy.deb - mkdir -p /var/lib/kubelet/plugins/blob.csi.azure.com - echo "Enabling blobfuse proxy systemctl service" - systemctl enable blobfuse-proxy - systemctl start blobfuse-proxy - echo "set max open file num" - sysctl -w fs.file-max=9000000 - echo "waiting for blobfuse-proxy service to start" - sleep 3s - # tail blobfuse proxy logs - journalctl -u blobfuse-proxy -f - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.6.0 - imagePullPolicy: IfNotPresent - name: sysctl-install-blobfuse-proxy - env: - - name: "DEBIAN_FRONTEND" - value: "noninteractive" - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 1Mi - securityContext: - privileged: true - hostNetwork: true - hostPID: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - restartPolicy: Always - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /tmp - type: DirectoryOrCreate - name: tmp-dir diff --git a/deploy/v1.6.0/csi-blob-controller.yaml b/deploy/v1.6.0/csi-blob-controller.yaml deleted file mode 100644 index 6d4889c72..000000000 --- a/deploy/v1.6.0/csi-blob-controller.yaml +++ /dev/null @@ -1,137 +0,0 @@ ---- -kind: Deployment -apiVersion: apps/v1 -metadata: - name: csi-blob-controller - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - app: csi-blob-controller - template: - metadata: - labels: - app: csi-blob-controller - spec: - hostNetwork: true - serviceAccountName: csi-blob-controller-sa - nodeSelector: - kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node - priorityClassName: system-cluster-critical - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/controlplane" - operator: "Exists" - effect: "NoSchedule" - containers: - - name: csi-provisioner - image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v2.2.2 - args: - - "-v=2" - - "--csi-address=$(ADDRESS)" - - "--leader-election" - - "--timeout=60s" - - "--extra-create-metadata=true" - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - - name: liveness-probe - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.4.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29632 - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.6.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--metrics-address=0.0.0.0:29634" - - "--user-agent-suffix=OSS-kubectl" - ports: - - containerPort: 29632 - name: healthz - protocol: TCP - - containerPort: 29634 - name: metrics - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 10m - memory: 20Mi - - name: csi-resizer - image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.3.0 - args: - - "-csi-address=$(ADDRESS)" - - "-v=2" - - "-leader-election" - - '-handle-volume-inuse-error=false' - env: - - name: ADDRESS - value: /csi/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - name: socket-dir - emptyDir: {} - - name: azure-cred - hostPath: - path: /etc/kubernetes/ - type: DirectoryOrCreate diff --git a/deploy/v1.6.0/csi-blob-driver.yaml b/deploy/v1.6.0/csi-blob-driver.yaml deleted file mode 100644 index 7b216feab..000000000 --- a/deploy/v1.6.0/csi-blob-driver.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: blob.csi.azure.com -spec: - attachRequired: false - podInfoOnMount: true - volumeLifecycleModes: - - Persistent - - Ephemeral diff --git a/deploy/v1.6.0/kustomization.yaml b/deploy/v1.6.0/kustomization.yaml deleted file mode 100644 index 98991889f..000000000 --- a/deploy/v1.6.0/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - csi-blob-controller.yaml - - csi-blob-driver.yaml - - csi-blob-node.yaml - - rbac-csi-blob-controller.yaml - - rbac-csi-blob-node.yaml diff --git a/deploy/v1.6.0/rbac-csi-blob-controller.yaml b/deploy/v1.6.0/rbac-csi-blob-controller.yaml deleted file mode 100644 index 0d6058f80..000000000 --- a/deploy/v1.6.0/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,108 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-controller-sa - namespace: kube-system ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-provisioner-role - apiGroup: rbac.authorization.k8s.io ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-resizer-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-resizer-role -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-resizer-role - apiGroup: rbac.authorization.k8s.io ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-controller-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.6.0/rbac-csi-blob-node.yaml b/deploy/v1.6.0/rbac-csi-blob-node.yaml deleted file mode 100644 index fe081dba8..000000000 --- a/deploy/v1.6.0/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-node-sa - namespace: kube-system - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-node-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-node-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.7.0/blobfuse-proxy.yaml b/deploy/v1.7.0/blobfuse-proxy.yaml deleted file mode 100644 index 542dde5e6..000000000 --- a/deploy/v1.7.0/blobfuse-proxy.yaml +++ /dev/null @@ -1,103 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: csi-blobfuse-proxy - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-blobfuse-proxy - template: - metadata: - labels: - app: csi-blobfuse-proxy - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - initContainers: - - name: prepare-binaries - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.7.0 - command: ['sh', '-c', "cp /blobfuse-proxy/*.deb /tmp/"] - volumeMounts: - - mountPath: /tmp - name: tmp-dir - containers: - - command: - - nsenter - - '--target' - - '1' - - '--mount' - - '--uts' - - '--ipc' - - '--net' - - '--pid' - - '--' - - sh - - '-c' - - | - set -xe - INSTALL_BLOBFUSE=${INSTALL_BLOBFUSE:-true} - if (( "${INSTALL_BLOBFUSE}" == "true" )) - then - dpkg -i /tmp/packages-microsoft-prod.deb && apt-get install -y blobfuse=${BLOBFUSE_VERSION} - fi - dpkg -i /tmp/blobfuse-proxy.deb - rm -f /tmp/packages-microsoft-prod.deb /tmp/blobfuse-proxy.deb - mkdir -p /var/lib/kubelet/plugins/blob.csi.azure.com - systemctl enable blobfuse-proxy - systemctl start blobfuse-proxy - - SET_MAX_FILE_NUM=${SET_MAX_OPEN_FILE_NUM:-true} - if (( "${SET_MAX_OPEN_FILE_NUM}" == "true" )) - then - sysctl -w fs.file-max=${MAX_FILE_NUM} - fi - - # "waiting for blobfuse-proxy service to start" - sleep 3s - # tail blobfuse proxy logs - journalctl -u blobfuse-proxy -f - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.7.0 - imagePullPolicy: IfNotPresent - name: sysctl-install-blobfuse-proxy - env: - - name: DEBIAN_FRONTEND - value: "noninteractive" - - name: INSTALL_BLOBFUSE - value: "true" - - name: BLOBFUSE_VERSION - value: 1.4.1 - - name: SET_MAX_OPEN_FILE_NUM - value: "true" - - name: MAX_FILE_NUM - value: "9000000" - resources: - limits: - cpu: 1 - memory: 200Mi - requests: - cpu: 10m - memory: 1Mi - securityContext: - privileged: true - hostNetwork: true - hostPID: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - restartPolicy: Always - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /tmp - type: DirectoryOrCreate - name: tmp-dir diff --git a/deploy/v1.7.0/csi-blob-driver.yaml b/deploy/v1.7.0/csi-blob-driver.yaml deleted file mode 100644 index 7b216feab..000000000 --- a/deploy/v1.7.0/csi-blob-driver.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: blob.csi.azure.com -spec: - attachRequired: false - podInfoOnMount: true - volumeLifecycleModes: - - Persistent - - Ephemeral diff --git a/deploy/v1.7.0/kustomization.yaml b/deploy/v1.7.0/kustomization.yaml deleted file mode 100644 index 98991889f..000000000 --- a/deploy/v1.7.0/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - csi-blob-controller.yaml - - csi-blob-driver.yaml - - csi-blob-node.yaml - - rbac-csi-blob-controller.yaml - - rbac-csi-blob-node.yaml diff --git a/deploy/v1.7.0/rbac-csi-blob-controller.yaml b/deploy/v1.7.0/rbac-csi-blob-controller.yaml deleted file mode 100644 index 0d6058f80..000000000 --- a/deploy/v1.7.0/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,108 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-controller-sa - namespace: kube-system ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-provisioner-role - apiGroup: rbac.authorization.k8s.io ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-resizer-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-resizer-role -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-resizer-role - apiGroup: rbac.authorization.k8s.io ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-controller-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.7.0/rbac-csi-blob-node.yaml b/deploy/v1.7.0/rbac-csi-blob-node.yaml deleted file mode 100644 index fe081dba8..000000000 --- a/deploy/v1.7.0/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-node-sa - namespace: kube-system - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-node-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-node-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.8.0/blobfuse-proxy.yaml b/deploy/v1.8.0/blobfuse-proxy.yaml deleted file mode 100644 index 1e724f346..000000000 --- a/deploy/v1.8.0/blobfuse-proxy.yaml +++ /dev/null @@ -1,115 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: csi-blobfuse-proxy - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-blobfuse-proxy - template: - metadata: - labels: - app: csi-blobfuse-proxy - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - initContainers: - - name: prepare-binaries - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.8.0 - command: ['sh', '-c', "cp /blobfuse-proxy/*.deb /tmp/"] - volumeMounts: - - mountPath: /tmp - name: tmp-dir - containers: - - command: - - nsenter - - '--target' - - '1' - - '--mount' - - '--uts' - - '--ipc' - - '--net' - - '--pid' - - '--' - - sh - - '-c' - - | - set -xe - INSTALL_BLOBFUSE=${INSTALL_BLOBFUSE:-true} - if (( "${INSTALL_BLOBFUSE}" == "true" )) - then - dpkg -i /tmp/packages-microsoft-prod.deb && apt update && apt-get install -y blobfuse=${BLOBFUSE_VERSION} - fi - dpkg -i /tmp/blobfuse-proxy.deb - mkdir -p /var/lib/kubelet/plugins/blob.csi.azure.com - systemctl enable blobfuse-proxy - systemctl start blobfuse-proxy - - SET_MAX_FILE_NUM=${SET_MAX_OPEN_FILE_NUM:-true} - if (( "${SET_MAX_OPEN_FILE_NUM}" == "true" )) - then - sysctl -w fs.file-max=${MAX_FILE_NUM} - fi - - updateDBConfigPath="/etc/updatedb.conf" - DISABLE_UPDATEDB=${DISABLE_UPDATEDB:-true} - if (( "${DISABLE_UPDATEDB}" == "true" )) && (( test -f ${updateDBConfigPath} )) - then - echo "before changing ${updateDBConfigPath}:" - cat ${updateDBConfigPath} - sed -i 's/PRUNEPATHS="\/tmp/PRUNEPATHS="\/mnt \/var\/lib\/kubelet \/tmp/g' ${updateDBConfigPath} - sed -i 's/PRUNEFS="NFS/PRUNEFS="fuse blobfuse NFS/g' ${updateDBConfigPath} - echo "after change:" - cat ${updateDBConfigPath} - fi - - # "waiting for blobfuse-proxy service to start" - sleep 3s - # tail blobfuse proxy logs - journalctl -u blobfuse-proxy -f - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.8.0 - imagePullPolicy: IfNotPresent - name: sysctl-install-blobfuse-proxy - env: - - name: DEBIAN_FRONTEND - value: "noninteractive" - - name: INSTALL_BLOBFUSE - value: "true" - - name: BLOBFUSE_VERSION - value: 1.4.2 - - name: SET_MAX_OPEN_FILE_NUM - value: "true" - - name: MAX_FILE_NUM - value: "9000000" - - name: DISABLE_UPDATEDB - value: "true" - resources: - limits: - memory: 200Mi - requests: - cpu: 10m - memory: 1Mi - securityContext: - privileged: true - hostNetwork: true - hostPID: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - restartPolicy: Always - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /tmp - type: DirectoryOrCreate - name: tmp-dir diff --git a/deploy/v1.8.0/csi-blob-driver.yaml b/deploy/v1.8.0/csi-blob-driver.yaml deleted file mode 100644 index 7b216feab..000000000 --- a/deploy/v1.8.0/csi-blob-driver.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: blob.csi.azure.com -spec: - attachRequired: false - podInfoOnMount: true - volumeLifecycleModes: - - Persistent - - Ephemeral diff --git a/deploy/v1.8.0/csi-blob-node.yaml b/deploy/v1.8.0/csi-blob-node.yaml deleted file mode 100644 index cce6b899d..000000000 --- a/deploy/v1.8.0/csi-blob-node.yaml +++ /dev/null @@ -1,162 +0,0 @@ ---- -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: csi-blob-node - namespace: kube-system -spec: - updateStrategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: csi-blob-node - template: - metadata: - labels: - app: csi-blob-node - spec: - hostNetwork: true - dnsPolicy: Default - serviceAccountName: csi-blob-node-sa - nodeSelector: - kubernetes.io/os: linux - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - priorityClassName: system-node-critical - tolerations: - - operator: "Exists" - containers: - - name: liveness-probe - volumeMounts: - - mountPath: /csi - name: socket-dir - image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.5.0 - args: - - --csi-address=/csi/csi.sock - - --probe-timeout=3s - - --health-port=29633 - - --v=2 - resources: - limits: - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: node-driver-registrar - image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.4.0 - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v=2 - livenessProbe: - exec: - command: - - /csi-node-driver-registrar - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --mode=kubelet-registration-probe - initialDelaySeconds: 30 - timeoutSeconds: 15 - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/blob.csi.azure.com/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - resources: - limits: - memory: 100Mi - requests: - cpu: 10m - memory: 20Mi - - name: blob - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.8.0 - imagePullPolicy: IfNotPresent - args: - - "--v=5" - - "--endpoint=$(CSI_ENDPOINT)" - - "--enable-blobfuse-proxy=false" - - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" - - "--nodeid=$(KUBE_NODE_NAME)" - - "--metrics-address=0.0.0.0:29635" - - "--user-agent-suffix=OSS-kubectl" - ports: - - containerPort: 29633 - name: healthz - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 30 - timeoutSeconds: 10 - periodSeconds: 30 - env: - - name: AZURE_CREDENTIAL_FILE - valueFrom: - configMapKeyRef: - name: azure-cred-file - key: path - optional: true - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: BLOBFUSE_PROXY_ENDPOINT - value: unix:///csi/blobfuse-proxy.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - securityContext: - privileged: true - volumeMounts: - - mountPath: /csi - name: socket-dir - - mountPath: /var/lib/kubelet/ - mountPropagation: Bidirectional - name: mountpoint-dir - - mountPath: /etc/kubernetes/ - name: azure-cred - - mountPath: /mnt - name: blob-cache - resources: - limits: - memory: 2100Mi - requests: - cpu: 10m - memory: 20Mi - volumes: - - hostPath: - path: /var/lib/kubelet/plugins/blob.csi.azure.com - type: DirectoryOrCreate - name: socket-dir - - hostPath: - path: /var/lib/kubelet/ - type: DirectoryOrCreate - name: mountpoint-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: DirectoryOrCreate - name: registration-dir - - hostPath: - path: /etc/kubernetes/ - type: DirectoryOrCreate - name: azure-cred - - hostPath: - path: /mnt - type: DirectoryOrCreate - name: blob-cache ---- diff --git a/deploy/v1.8.0/rbac-csi-blob-controller.yaml b/deploy/v1.8.0/rbac-csi-blob-controller.yaml deleted file mode 100644 index 0d6058f80..000000000 --- a/deploy/v1.8.0/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,108 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-controller-sa - namespace: kube-system ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-provisioner-role - apiGroup: rbac.authorization.k8s.io ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-resizer-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-resizer-role -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-resizer-role - apiGroup: rbac.authorization.k8s.io ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-controller-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.8.0/rbac-csi-blob-node.yaml b/deploy/v1.8.0/rbac-csi-blob-node.yaml deleted file mode 100644 index fe081dba8..000000000 --- a/deploy/v1.8.0/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-node-sa - namespace: kube-system - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-node-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-node-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.9.0/blobfuse-proxy.yaml b/deploy/v1.9.0/blobfuse-proxy.yaml deleted file mode 100644 index 68690b28d..000000000 --- a/deploy/v1.9.0/blobfuse-proxy.yaml +++ /dev/null @@ -1,115 +0,0 @@ ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: csi-blobfuse-proxy - namespace: kube-system -spec: - selector: - matchLabels: - app: csi-blobfuse-proxy - template: - metadata: - labels: - app: csi-blobfuse-proxy - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: type - operator: NotIn - values: - - virtual-kubelet - initContainers: - - name: prepare-binaries - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.9.0 - command: ['sh', '-c', "cp /blobfuse-proxy/*.deb /tmp/"] - volumeMounts: - - mountPath: /tmp - name: tmp-dir - containers: - - command: - - nsenter - - '--target' - - '1' - - '--mount' - - '--uts' - - '--ipc' - - '--net' - - '--pid' - - '--' - - sh - - '-c' - - | - set -xe - INSTALL_BLOBFUSE=${INSTALL_BLOBFUSE:-true} - if (( "${INSTALL_BLOBFUSE}" == "true" )) - then - dpkg -i /tmp/packages-microsoft-prod.deb && apt update && apt-get install -y blobfuse=${BLOBFUSE_VERSION} - fi - dpkg -i /tmp/blobfuse-proxy.deb - mkdir -p /var/lib/kubelet/plugins/blob.csi.azure.com - systemctl enable blobfuse-proxy - systemctl start blobfuse-proxy - - SET_MAX_FILE_NUM=${SET_MAX_OPEN_FILE_NUM:-true} - if (( "${SET_MAX_OPEN_FILE_NUM}" == "true" )) - then - sysctl -w fs.file-max=${MAX_FILE_NUM} - fi - - updateDBConfigPath="/etc/updatedb.conf" - DISABLE_UPDATEDB=${DISABLE_UPDATEDB:-true} - if (( "${DISABLE_UPDATEDB}" == "true" )) && (( test -f ${updateDBConfigPath} )) - then - echo "before changing ${updateDBConfigPath}:" - cat ${updateDBConfigPath} - sed -i 's/PRUNEPATHS="\/tmp/PRUNEPATHS="\/mnt \/var\/lib\/kubelet \/tmp/g' ${updateDBConfigPath} - sed -i 's/PRUNEFS="NFS/PRUNEFS="fuse blobfuse NFS/g' ${updateDBConfigPath} - echo "after change:" - cat ${updateDBConfigPath} - fi - - # "waiting for blobfuse-proxy service to start" - sleep 3s - # tail blobfuse proxy logs - journalctl -u blobfuse-proxy -f - image: mcr.microsoft.com/k8s/csi/blob-csi:v1.9.0 - imagePullPolicy: IfNotPresent - name: sysctl-install-blobfuse-proxy - env: - - name: DEBIAN_FRONTEND - value: "noninteractive" - - name: INSTALL_BLOBFUSE - value: "true" - - name: BLOBFUSE_VERSION - value: 1.4.3 - - name: SET_MAX_OPEN_FILE_NUM - value: "true" - - name: MAX_FILE_NUM - value: "9000000" - - name: DISABLE_UPDATEDB - value: "true" - resources: - limits: - memory: 200Mi - requests: - cpu: 10m - memory: 1Mi - securityContext: - privileged: true - hostNetwork: true - hostPID: true - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-node-critical - restartPolicy: Always - tolerations: - - operator: Exists - volumes: - - hostPath: - path: /tmp - type: DirectoryOrCreate - name: tmp-dir diff --git a/deploy/v1.9.0/csi-blob-driver.yaml b/deploy/v1.9.0/csi-blob-driver.yaml deleted file mode 100644 index 7b216feab..000000000 --- a/deploy/v1.9.0/csi-blob-driver.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: storage.k8s.io/v1 -kind: CSIDriver -metadata: - name: blob.csi.azure.com -spec: - attachRequired: false - podInfoOnMount: true - volumeLifecycleModes: - - Persistent - - Ephemeral diff --git a/deploy/v1.9.0/rbac-csi-blob-controller.yaml b/deploy/v1.9.0/rbac-csi-blob-controller.yaml deleted file mode 100644 index 0d6058f80..000000000 --- a/deploy/v1.9.0/rbac-csi-blob-controller.yaml +++ /dev/null @@ -1,108 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-controller-sa - namespace: kube-system ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-provisioner-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-provisioner-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-provisioner-role - apiGroup: rbac.authorization.k8s.io ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-external-resizer-role -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims/status"] - verbs: ["update", "patch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] ---- - -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: blob-csi-resizer-role -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: blob-external-resizer-role - apiGroup: rbac.authorization.k8s.io ---- - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "create"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-controller-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-controller-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.9.0/rbac-csi-blob-node.yaml b/deploy/v1.9.0/rbac-csi-blob-node.yaml deleted file mode 100644 index fe081dba8..000000000 --- a/deploy/v1.9.0/rbac-csi-blob-node.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-blob-node-sa - namespace: kube-system - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-role -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-blob-node-secret-binding -subjects: - - kind: ServiceAccount - name: csi-blob-node-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: csi-blob-node-secret-role - apiGroup: rbac.authorization.k8s.io diff --git a/docs/install-csi-driver-v1.0.0.md b/docs/install-csi-driver-v1.0.0.md deleted file mode 100644 index 212d98a9b..000000000 --- a/docs/install-csi-driver-v1.0.0.md +++ /dev/null @@ -1,37 +0,0 @@ -# Install Azure Blob Storage CSI driver v1.0.0 version on a kubernetes cluster - -If you have already installed Helm, you can also use it to install Azure Blob Storage CSI driver. Please see [Installation with Helm](../charts/README.md). - -## Install with kubectl - - remote install -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.0.0/deploy/install-driver.sh | bash -s v1.0.0 -- -``` - - - local install -```console -git clone https://github.com/kubernetes-sigs/blob-csi-driver.git -cd blob-csi-driver -./deploy/install-driver.sh v1.0.0 local -``` - -- check pods status: -```console -kubectl -n kube-system get pod -o wide -l app=csi-blob-controller -kubectl -n kube-system get pod -o wide -l app=csi-blob-node -``` - -example output: - -```console -NAME READY STATUS RESTARTS AGE IP NODE -csi-blob-controller-56bfddd689-dh5tk 4/4 Running 0 35s 10.240.0.19 k8s-agentpool-22533604-0 -csi-blob-controller-56bfddd689-8pgr4 4/4 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-cvgbs 3/3 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-dr4s4 3/3 Running 0 35s 10.240.0.4 k8s-agentpool-22533604-0 -``` - -- clean up Azure Blob Storage CSI driver -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.0.0/deploy/uninstall-driver.sh | bash -s v1.0.0 -- -``` diff --git a/docs/install-csi-driver-v1.1.0.md b/docs/install-csi-driver-v1.1.0.md deleted file mode 100644 index 13abfbadd..000000000 --- a/docs/install-csi-driver-v1.1.0.md +++ /dev/null @@ -1,37 +0,0 @@ -# Install Azure Blob Storage CSI driver v1.1.0 version on a kubernetes cluster - -If you have already installed Helm, you can also use it to install Azure Blob Storage CSI driver. Please see [Installation with Helm](../charts/README.md). - -## Install with kubectl - - remote install -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.1.0/deploy/install-driver.sh | bash -s v1.1.0 -- -``` - - - local install -```console -git clone https://github.com/kubernetes-sigs/blob-csi-driver.git -cd blob-csi-driver -./deploy/install-driver.sh v1.1.0 local -``` - -- check pods status: -```console -kubectl -n kube-system get pod -o wide -l app=csi-blob-controller -kubectl -n kube-system get pod -o wide -l app=csi-blob-node -``` - -example output: - -```console -NAME READY STATUS RESTARTS AGE IP NODE -csi-blob-controller-56bfddd689-dh5tk 4/4 Running 0 35s 10.240.0.19 k8s-agentpool-22533604-0 -csi-blob-controller-56bfddd689-8pgr4 4/4 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-cvgbs 3/3 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-dr4s4 3/3 Running 0 35s 10.240.0.4 k8s-agentpool-22533604-0 -``` - -- clean up Azure Blob Storage CSI driver -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.1.0/deploy/uninstall-driver.sh | bash -s v1.1.0 -- -``` diff --git a/docs/install-csi-driver-v1.2.0.md b/docs/install-csi-driver-v1.2.0.md deleted file mode 100644 index 59c22dbf7..000000000 --- a/docs/install-csi-driver-v1.2.0.md +++ /dev/null @@ -1,37 +0,0 @@ -# Install Azure Blob Storage CSI driver v1.2.0 version on a kubernetes cluster - -If you have already installed Helm, you can also use it to install Azure Blob Storage CSI driver. Please see [Installation with Helm](../charts/README.md). - -## Install with kubectl - - remote install -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.2.0/deploy/install-driver.sh | bash -s v1.2.0 -- -``` - - - local install -```console -git clone https://github.com/kubernetes-sigs/blob-csi-driver.git -cd blob-csi-driver -./deploy/install-driver.sh v1.2.0 local -``` - -- check pods status: -```console -kubectl -n kube-system get pod -o wide -l app=csi-blob-controller -kubectl -n kube-system get pod -o wide -l app=csi-blob-node -``` - -example output: - -```console -NAME READY STATUS RESTARTS AGE IP NODE -csi-blob-controller-56bfddd689-dh5tk 4/4 Running 0 35s 10.240.0.19 k8s-agentpool-22533604-0 -csi-blob-controller-56bfddd689-8pgr4 4/4 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-cvgbs 3/3 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-dr4s4 3/3 Running 0 35s 10.240.0.4 k8s-agentpool-22533604-0 -``` - -- clean up Azure Blob Storage CSI driver -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.2.0/deploy/uninstall-driver.sh | bash -s v1.2.0 -- -``` diff --git a/docs/install-csi-driver-v1.9.0.md b/docs/install-csi-driver-v1.22.6.md similarity index 82% rename from docs/install-csi-driver-v1.9.0.md rename to docs/install-csi-driver-v1.22.6.md index 806095972..ebc01c3d3 100644 --- a/docs/install-csi-driver-v1.9.0.md +++ b/docs/install-csi-driver-v1.22.6.md @@ -1,4 +1,4 @@ -# Install Azure Blob Storage CSI driver v1.9.0 version on a kubernetes cluster +# Install Azure Blob Storage CSI driver v1.22.6 version on a kubernetes cluster > `blobfuse-proxy` is only available for debian based agent nodes, remove `blobfuse-proxy` parameter in installation steps if it's not applicable. > If you have already installed Helm, you can also use it to install this driver. Please check [Installation with Helm](../charts/README.md). @@ -6,14 +6,14 @@ If you have already installed Helm, you can also use it to install this driver. ## Install with kubectl - Option#1. remote install ```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.9.0/deploy/install-driver.sh | bash -s v1.9.0 blobfuse-proxy -- +curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.22.6/deploy/install-driver.sh | bash -s v1.22.6 blobfuse-proxy -- ``` - Option#2. local install ```console git clone https://github.com/kubernetes-sigs/blob-csi-driver.git cd blob-csi-driver -./deploy/install-driver.sh v1.9.0 local,blobfuse-proxy +./deploy/install-driver.sh v1.22.6 local,blobfuse-proxy ``` - check pods status: @@ -35,13 +35,13 @@ csi-blob-node-dr4s4 3/3 Running 0 35s ### clean up Blob CSI driver - Option#1. remote uninstall ```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.9.0/deploy/uninstall-driver.sh | bash -s v1.9.0 blobfuse-proxy -- +curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.22.6/deploy/uninstall-driver.sh | bash -s v1.22.6 -- ``` - Option#2. local uninstall ```console git clone https://github.com/kubernetes-sigs/blob-csi-driver.git cd blob-csi-driver -git checkout v1.9.0 -./deploy/install-driver.sh v1.9.0 local +git checkout v1.22.6 +./deploy/uninstall-driver.sh v1.22.6 local ``` diff --git a/docs/install-csi-driver-v1.7.0.md b/docs/install-csi-driver-v1.23.4.md similarity index 61% rename from docs/install-csi-driver-v1.7.0.md rename to docs/install-csi-driver-v1.23.4.md index 0d6d37bab..1f40b2b08 100644 --- a/docs/install-csi-driver-v1.7.0.md +++ b/docs/install-csi-driver-v1.23.4.md @@ -1,19 +1,19 @@ -# Install Azure Blob Storage CSI driver v1.7.0 version on a kubernetes cluster -> `blobfuse-proxy` parameter is only available for debian based agent nodes, remove it if it's not applicable for your cluster. +# Install Azure Blob Storage CSI driver v1.23.4 version on a kubernetes cluster +> `blobfuse-proxy` is supported on CoreOS(OpenShift) from v1.23.2 > -If you have already installed Helm, you can also use it to install Azure Blob Storage CSI driver. Please see [Installation with Helm](../charts/README.md). +If you have already installed Helm, you can also use it to install this driver. Please check [Installation with Helm](../charts/README.md). ## Install with kubectl - - remote install + - Option#1. remote install ```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.7.0/deploy/install-driver.sh | bash -s v1.7.0 blobfuse-proxy -- +curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.23.4/deploy/install-driver.sh | bash -s v1.23.4 blobfuse-proxy -- ``` - - local install + - Option#2. local install ```console git clone https://github.com/kubernetes-sigs/blob-csi-driver.git cd blob-csi-driver -./deploy/install-driver.sh v1.7.0 local,blobfuse-proxy +./deploy/install-driver.sh v1.23.4 local,blobfuse-proxy ``` - check pods status: @@ -32,7 +32,16 @@ csi-blob-node-cvgbs 3/3 Running 0 35s csi-blob-node-dr4s4 3/3 Running 0 35s 10.240.0.4 k8s-agentpool-22533604-0 ``` -- clean up Azure Blob Storage CSI driver +### clean up Blob CSI driver +- Option#1. remote uninstall ```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.7.0/deploy/uninstall-driver.sh | bash -s v1.7.0 blobfuse-proxy -- +curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.23.4/deploy/uninstall-driver.sh | bash -s v1.23.4 -- +``` + + - Option#2. local uninstall +```console +git clone https://github.com/kubernetes-sigs/blob-csi-driver.git +cd blob-csi-driver +git checkout v1.23.4 +./deploy/uninstall-driver.sh v1.23.4 local ``` diff --git a/docs/install-csi-driver-v1.8.0.md b/docs/install-csi-driver-v1.24.1.md similarity index 61% rename from docs/install-csi-driver-v1.8.0.md rename to docs/install-csi-driver-v1.24.1.md index e1f354da3..ff499deae 100644 --- a/docs/install-csi-driver-v1.8.0.md +++ b/docs/install-csi-driver-v1.24.1.md @@ -1,19 +1,19 @@ -# Install Azure Blob Storage CSI driver v1.8.0 version on a kubernetes cluster -> `blobfuse-proxy` parameter is only available for debian based agent nodes, remove it if it's not applicable for your cluster. +# Install Azure Blob Storage CSI driver v1.24.1 version on a kubernetes cluster +> `blobfuse-proxy` is supported on CoreOS(OpenShift) from v1.23.2 > -If you have already installed Helm, you can also use it to install Azure Blob Storage CSI driver. Please see [Installation with Helm](../charts/README.md). +If you have already installed Helm, you can also use it to install this driver. Please check [Installation with Helm](../charts/README.md). ## Install with kubectl - - remote install + - Option#1. remote install ```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.8.0/deploy/install-driver.sh | bash -s v1.8.0 blobfuse-proxy -- +curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.24.1/deploy/install-driver.sh | bash -s v1.24.1 blobfuse-proxy -- ``` - - local install + - Option#2. local install ```console git clone https://github.com/kubernetes-sigs/blob-csi-driver.git cd blob-csi-driver -./deploy/install-driver.sh v1.8.0 local,blobfuse-proxy +./deploy/install-driver.sh v1.24.1 local,blobfuse-proxy ``` - check pods status: @@ -32,7 +32,16 @@ csi-blob-node-cvgbs 3/3 Running 0 35s csi-blob-node-dr4s4 3/3 Running 0 35s 10.240.0.4 k8s-agentpool-22533604-0 ``` -- clean up Azure Blob Storage CSI driver +### clean up Blob CSI driver +- Option#1. remote uninstall ```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.8.0/deploy/uninstall-driver.sh | bash -s v1.8.0 blobfuse-proxy -- +curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.24.1/deploy/uninstall-driver.sh | bash -s v1.24.1 -- +``` + + - Option#2. local uninstall +```console +git clone https://github.com/kubernetes-sigs/blob-csi-driver.git +cd blob-csi-driver +git checkout v1.24.1 +./deploy/uninstall-driver.sh v1.24.1 local ``` diff --git a/docs/install-csi-driver-v1.3.0.md b/docs/install-csi-driver-v1.3.0.md deleted file mode 100644 index ae86d4bef..000000000 --- a/docs/install-csi-driver-v1.3.0.md +++ /dev/null @@ -1,37 +0,0 @@ -# Install Azure Blob Storage CSI driver v1.3.0 version on a kubernetes cluster - -If you have already installed Helm, you can also use it to install Azure Blob Storage CSI driver. Please see [Installation with Helm](../charts/README.md). - -## Install with kubectl - - remote install -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.3.0/deploy/install-driver.sh | bash -s v1.3.0 -- -``` - - - local install -```console -git clone https://github.com/kubernetes-sigs/blob-csi-driver.git -cd blob-csi-driver -./deploy/install-driver.sh v1.3.0 local -``` - -- check pods status: -```console -kubectl -n kube-system get pod -o wide -l app=csi-blob-controller -kubectl -n kube-system get pod -o wide -l app=csi-blob-node -``` - -example output: - -```console -NAME READY STATUS RESTARTS AGE IP NODE -csi-blob-controller-56bfddd689-dh5tk 4/4 Running 0 35s 10.240.0.19 k8s-agentpool-22533604-0 -csi-blob-controller-56bfddd689-8pgr4 4/4 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-cvgbs 3/3 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-dr4s4 3/3 Running 0 35s 10.240.0.4 k8s-agentpool-22533604-0 -``` - -- clean up Azure Blob Storage CSI driver -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.3.0/deploy/uninstall-driver.sh | bash -s v1.3.0 -- -``` diff --git a/docs/install-csi-driver-v1.4.0.md b/docs/install-csi-driver-v1.4.0.md deleted file mode 100644 index e4cc315f4..000000000 --- a/docs/install-csi-driver-v1.4.0.md +++ /dev/null @@ -1,37 +0,0 @@ -# Install Azure Blob Storage CSI driver v1.4.0 version on a kubernetes cluster - -If you have already installed Helm, you can also use it to install Azure Blob Storage CSI driver. Please see [Installation with Helm](../charts/README.md). - -## Install with kubectl - - remote install -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.4.0/deploy/install-driver.sh | bash -s v1.4.0 -- -``` - - - local install -```console -git clone https://github.com/kubernetes-sigs/blob-csi-driver.git -cd blob-csi-driver -./deploy/install-driver.sh v1.4.0 local -``` - -- check pods status: -```console -kubectl -n kube-system get pod -o wide -l app=csi-blob-controller -kubectl -n kube-system get pod -o wide -l app=csi-blob-node -``` - -example output: - -```console -NAME READY STATUS RESTARTS AGE IP NODE -csi-blob-controller-56bfddd689-dh5tk 4/4 Running 0 35s 10.240.0.19 k8s-agentpool-22533604-0 -csi-blob-controller-56bfddd689-8pgr4 4/4 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-cvgbs 3/3 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-dr4s4 3/3 Running 0 35s 10.240.0.4 k8s-agentpool-22533604-0 -``` - -- clean up Azure Blob Storage CSI driver -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.4.0/deploy/uninstall-driver.sh | bash -s v1.4.0 -- -``` diff --git a/docs/install-csi-driver-v1.5.0.md b/docs/install-csi-driver-v1.5.0.md deleted file mode 100644 index 2c72594b9..000000000 --- a/docs/install-csi-driver-v1.5.0.md +++ /dev/null @@ -1,37 +0,0 @@ -# Install Azure Blob Storage CSI driver v1.5.0 version on a kubernetes cluster - -If you have already installed Helm, you can also use it to install Azure Blob Storage CSI driver. Please see [Installation with Helm](../charts/README.md). - -## Install with kubectl - - remote install -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.5.0/deploy/install-driver.sh | bash -s v1.5.0 -- -``` - - - local install -```console -git clone https://github.com/kubernetes-sigs/blob-csi-driver.git -cd blob-csi-driver -./deploy/install-driver.sh v1.5.0 local -``` - -- check pods status: -```console -kubectl -n kube-system get pod -o wide -l app=csi-blob-controller -kubectl -n kube-system get pod -o wide -l app=csi-blob-node -``` - -example output: - -```console -NAME READY STATUS RESTARTS AGE IP NODE -csi-blob-controller-56bfddd689-dh5tk 4/4 Running 0 35s 10.240.0.19 k8s-agentpool-22533604-0 -csi-blob-controller-56bfddd689-8pgr4 4/4 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-cvgbs 3/3 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-dr4s4 3/3 Running 0 35s 10.240.0.4 k8s-agentpool-22533604-0 -``` - -- clean up Azure Blob Storage CSI driver -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.5.0/deploy/uninstall-driver.sh | bash -s v1.5.0 -- -``` diff --git a/docs/install-csi-driver-v1.6.0.md b/docs/install-csi-driver-v1.6.0.md deleted file mode 100644 index 00620d3b8..000000000 --- a/docs/install-csi-driver-v1.6.0.md +++ /dev/null @@ -1,37 +0,0 @@ -# Install Azure Blob Storage CSI driver v1.6.0 version on a kubernetes cluster - -If you have already installed Helm, you can also use it to install Azure Blob Storage CSI driver. Please see [Installation with Helm](../charts/README.md). - -## Install with kubectl - - remote install -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.6.0/deploy/install-driver.sh | bash -s v1.6.0 -- -``` - - - local install -```console -git clone https://github.com/kubernetes-sigs/blob-csi-driver.git -cd blob-csi-driver -./deploy/install-driver.sh v1.6.0 local -``` - -- check pods status: -```console -kubectl -n kube-system get pod -o wide -l app=csi-blob-controller -kubectl -n kube-system get pod -o wide -l app=csi-blob-node -``` - -example output: - -```console -NAME READY STATUS RESTARTS AGE IP NODE -csi-blob-controller-56bfddd689-dh5tk 4/4 Running 0 35s 10.240.0.19 k8s-agentpool-22533604-0 -csi-blob-controller-56bfddd689-8pgr4 4/4 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-cvgbs 3/3 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 -csi-blob-node-dr4s4 3/3 Running 0 35s 10.240.0.4 k8s-agentpool-22533604-0 -``` - -- clean up Azure Blob Storage CSI driver -```console -curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.6.0/deploy/uninstall-driver.sh | bash -s v1.6.0 -- -```