diff --git a/charts/aws-ebs-csi-driver/CHANGELOG.md b/charts/aws-ebs-csi-driver/CHANGELOG.md index 4679d65df9..ad285b6cd9 100644 --- a/charts/aws-ebs-csi-driver/CHANGELOG.md +++ b/charts/aws-ebs-csi-driver/CHANGELOG.md @@ -1,5 +1,11 @@ # Helm chart +## v2.15.0 +* Set sensible default resource requests/limits +* Add sensible default update strategy +* Add podAntiAffinity so controller pods prefer scheduling on separate nodes if possible +* Add container registry parameter + ## v2.14.2 * Bump driver version to `v1.14.1` diff --git a/charts/aws-ebs-csi-driver/Chart.yaml b/charts/aws-ebs-csi-driver/Chart.yaml index 993a4be73f..3f48cb9f3e 100644 --- a/charts/aws-ebs-csi-driver/Chart.yaml +++ b/charts/aws-ebs-csi-driver/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 1.14.1 name: aws-ebs-csi-driver description: A Helm chart for AWS EBS CSI Driver -version: 2.14.2 +version: 2.15.0 kubeVersion: ">=1.17.0-0" home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver sources: diff --git a/charts/aws-ebs-csi-driver/templates/controller.yaml b/charts/aws-ebs-csi-driver/templates/controller.yaml index 008a97e70d..7f1e4500d6 100644 --- a/charts/aws-ebs-csi-driver/templates/controller.yaml +++ b/charts/aws-ebs-csi-driver/templates/controller.yaml @@ -10,7 +10,7 @@ spec: replicas: {{ .Values.controller.replicaCount }} {{- with .Values.controller.updateStrategy }} strategy: - {{ toYaml . | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} selector: matchLabels: @@ -63,7 +63,7 @@ spec: {{- end }} containers: - name: ebs-plugin - image: {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (.Values.image.tag | toString)) }} + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (.Values.image.tag | toString)) }} imagePullPolicy: {{ .Values.image.pullPolicy }} args: {{- if ne .Release.Name "kustomize" }} @@ -171,7 +171,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} - name: csi-provisioner - image: {{ printf "%s:%s" .Values.sidecars.provisioner.image.repository .Values.sidecars.provisioner.image.tag }} + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.provisioner.image.repository .Values.sidecars.provisioner.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.provisioner.image.pullPolicy }} args: - --csi-address=$(ADDRESS) @@ -218,7 +218,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} - name: csi-attacher - image: {{ printf "%s:%s" .Values.sidecars.attacher.image.repository .Values.sidecars.attacher.image.tag }} + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.attacher.image.repository .Values.sidecars.attacher.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.attacher.image.pullPolicy }} args: - --csi-address=$(ADDRESS) @@ -261,7 +261,7 @@ spec: {{- end }} {{- if or .Values.sidecars.snapshotter.forceEnable (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1") (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1") }} - name: csi-snapshotter - image: {{ printf "%s:%s" .Values.sidecars.snapshotter.image.repository .Values.sidecars.snapshotter.image.tag }} + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.snapshotter.image.repository .Values.sidecars.snapshotter.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.snapshotter.image.pullPolicy }} args: - --csi-address=$(ADDRESS) @@ -292,7 +292,7 @@ spec: {{- end }} {{- end }} - name: csi-resizer - image: {{ printf "%s:%s" .Values.sidecars.resizer.image.repository .Values.sidecars.resizer.image.tag }} + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.resizer.image.repository .Values.sidecars.resizer.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.resizer.image.pullPolicy }} args: - --csi-address=$(ADDRESS) @@ -323,7 +323,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} - name: liveness-probe - image: {{ printf "%s:%s" .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }} + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }} args: - --csi-address=/csi/csi.sock diff --git a/charts/aws-ebs-csi-driver/templates/node-windows.yaml b/charts/aws-ebs-csi-driver/templates/node-windows.yaml index 5c98fab2d8..7844f2f33a 100644 --- a/charts/aws-ebs-csi-driver/templates/node-windows.yaml +++ b/charts/aws-ebs-csi-driver/templates/node-windows.yaml @@ -46,7 +46,7 @@ spec: {{- end }} containers: - name: ebs-plugin - image: {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }} + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }} imagePullPolicy: {{ .Values.image.pullPolicy }} args: - node @@ -98,7 +98,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} - name: node-driver-registrar - image: {{ printf "%s:%s" .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }} + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }} args: - --csi-address=$(ADDRESS) @@ -125,7 +125,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} - name: liveness-probe - image: {{ printf "%s:%s" .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }} + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }} args: - --csi-address=unix:/csi/csi.sock diff --git a/charts/aws-ebs-csi-driver/templates/node.yaml b/charts/aws-ebs-csi-driver/templates/node.yaml index ab1db918af..3117dcec90 100644 --- a/charts/aws-ebs-csi-driver/templates/node.yaml +++ b/charts/aws-ebs-csi-driver/templates/node.yaml @@ -50,7 +50,7 @@ spec: {{- end }} containers: - name: ebs-plugin - image: {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }} + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }} imagePullPolicy: {{ .Values.image.pullPolicy }} args: - node @@ -106,7 +106,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} - name: node-driver-registrar - image: {{ printf "%s:%s" .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }} + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }} args: - --csi-address=$(ADDRESS) @@ -141,7 +141,7 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} - name: liveness-probe - image: {{ printf "%s:%s" .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }} + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }} args: - --csi-address=/csi/csi.sock diff --git a/charts/aws-ebs-csi-driver/values.yaml b/charts/aws-ebs-csi-driver/values.yaml index dd129701a1..79c5203be1 100644 --- a/charts/aws-ebs-csi-driver/values.yaml +++ b/charts/aws-ebs-csi-driver/values.yaml @@ -3,6 +3,8 @@ # Declare variables to be passed into your templates. image: + # Container registry to be used, will prefix all repositories (including sidecars) + containerRegistry: "" repository: public.ecr.aws/ebs-csi-driver/aws-ebs-csi-driver # Overrides the image tag whose default is v{{ .Chart.AppVersion }} tag: "" @@ -122,6 +124,17 @@ controller: operator: NotIn values: - fargate + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - ebs-csi-controller + topologyKey: kubernetes.io/hostname + weight: 100 # The default filesystem type of the volume to provision when fstype is unspecified in the StorageClass. # If the default is not set and fstype is unset in the StorageClass, then no fstype will be set defaultFsType: ext4 @@ -164,24 +177,21 @@ controller: # region: us-east-1 region: replicaCount: 2 - updateStrategy: {} + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 # type: RollingUpdate # rollingUpdate: # maxSurge: 0 # maxUnavailable: 1 - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # Note that you will need to set resource requests if you want the cluster autoscaler to - # scale your nodes when you increase/decrease the number of ebs-csi-controller replicas. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + resources: + requests: + cpu: 10m + memory: 40Mi + limits: + cpu: 100m + memory: 256Mi serviceAccount: # A service account will be created for you if set to true. Set to false if you want to use your own. create: true @@ -249,7 +259,13 @@ node: - operator: Exists effect: NoExecute tolerationSeconds: 300 - resources: {} + resources: + requests: + cpu: 10m + memory: 40Mi + limits: + cpu: 100m + memory: 256Mi serviceAccount: create: true name: ebs-csi-node-sa diff --git a/deploy/kubernetes/base/controller.yaml b/deploy/kubernetes/base/controller.yaml index 37c1969956..3b7366753b 100644 --- a/deploy/kubernetes/base/controller.yaml +++ b/deploy/kubernetes/base/controller.yaml @@ -9,6 +9,10 @@ metadata: app.kubernetes.io/name: aws-ebs-csi-driver spec: replicas: 2 + strategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate selector: matchLabels: app: ebs-csi-controller @@ -33,6 +37,17 @@ spec: values: - fargate weight: 1 + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - ebs-csi-controller + topologyKey: kubernetes.io/hostname + weight: 100 tolerations: - key: CriticalAddonsOnly operator: Exists @@ -102,6 +117,13 @@ spec: timeoutSeconds: 3 periodSeconds: 10 failureThreshold: 5 + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 10m + memory: 40Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -122,6 +144,13 @@ spec: volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 10m + memory: 40Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -139,6 +168,13 @@ spec: volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 10m + memory: 40Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -155,6 +191,13 @@ spec: volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 10m + memory: 40Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -172,6 +215,13 @@ spec: volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 10m + memory: 40Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -184,6 +234,13 @@ spec: volumeMounts: - name: socket-dir mountPath: /csi + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 10m + memory: 40Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/deploy/kubernetes/base/node.yaml b/deploy/kubernetes/base/node.yaml index d3df86fe91..0dea5b5ce1 100644 --- a/deploy/kubernetes/base/node.yaml +++ b/deploy/kubernetes/base/node.yaml @@ -79,6 +79,13 @@ spec: timeoutSeconds: 3 periodSeconds: 10 failureThreshold: 5 + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 10m + memory: 40Mi securityContext: privileged: true readOnlyRootFilesystem: true @@ -100,6 +107,13 @@ spec: mountPath: /csi - name: registration-dir mountPath: /registration + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 10m + memory: 40Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -112,6 +126,13 @@ spec: volumeMounts: - name: plugin-dir mountPath: /csi + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 10m + memory: 40Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true