Merge pull request #31 from vultr/csi-yaml-cleanup

Yaml Cleanup
vultr · Nov 11, 2020 · b61aefc · b61aefc
2 parents 95d8219 + a7de223
commit b61aefc
Show file tree

Hide file tree

Showing 4 changed files with 578 additions and 151 deletions.
diff --git a/cmd/csi-vultr-driver/main.go b/cmd/csi-vultr-driver/main.go
@@ -24,7 +24,7 @@ var version string
 func main() {
 
 	var (
-		endpoint   = flag.String("endpoint", "unix:///var/lib/kubelet/plugins"+driver.DefaultDriverName+"/csi.sock", "CSI endpoint")
+		endpoint   = flag.String("endpoint", "unix:///var/lib/kubelet/plugins/"+driver.DefaultDriverName+"/csi.sock", "CSI endpoint")
 		token      = flag.String("token", "", "Vultr API Token")
 		driverName = flag.String("driver-name", driver.DefaultDriverName, "Name of driver")
 	)

diff --git a/docs/releases/latest.yml b/docs/releases/latest.yml
@@ -1,3 +1,37 @@
+####################
+### Storage Classes
+####################
+apiVersion: storage.k8s.io/v1beta1
+kind: CSIDriver
+metadata:
+  name: vultrbs.csi.driver.com
+spec:
+  attachRequired: true
+  podInfoOnMount: true
+
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: vultr-block-storage
+  namespace: kube-system
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+provisioner: vultrbs.csi.driver.com
+
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: vultr-block-storage-retain
+  namespace: kube-system
+provisioner: vultrbs.csi.driver.com
+reclaimPolicy: Retain
+
+#########
+### CRDs
+#########
+---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
@@ -82,148 +116,11 @@ spec:
               description: Indicates this CSI volume driver requires additional pod
                 information (like podName, podUID, etc.) during mount operations.
               type: string
----
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: csi-node-sa
-  namespace: kube-system
-
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: driver-registrar-role
-  namespace: kube-system
-rules:
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["get", "list", "watch", "create", "update", "patch"]
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: driver-registrar-binding
-  namespace: kube-system
-subjects:
-  - kind: ServiceAccount
-    name: csi-node-sa
-    namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: driver-registrar-role
-  apiGroup: rbac.authorization.k8s.io
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: csi-controller-sa
-  namespace: kube-system
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: external-provisioner-role
-  namespace: kube-system
-rules:
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list"]
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "create", "delete"]
-  - apiGroups: [""]
-    resources: ["persistentvolumeclaims"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["storageclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["csinodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["list", "watch", "create", "update", "patch"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: csi-controller-provisioner-binding
-  namespace: kube-system
-subjects:
-  - kind: ServiceAccount
-    name: csi-controller-sa
-    namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: external-provisioner-role
-  apiGroup: rbac.authorization.k8s.io
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: external-attacher-role
-  namespace: kube-system
-rules:
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "update", "patch"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["csinodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "update", "patch"]
----
 
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: csi-controller-attacher-binding
-  namespace: kube-system
-subjects:
-  - kind: ServiceAccount
-    name: csi-controller-sa
-    namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: external-attacher-role
-  apiGroup: rbac.authorization.k8s.io
-
----
-apiVersion: storage.k8s.io/v1beta1
-kind: CSIDriver
-metadata:
-  name: vultrbs.csi.driver.com
-spec:
-  attachRequired: true
-  podInfoOnMount: true
----
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: vultr-block-storage
-  namespace: kube-system
-  annotations:
-    storageclass.kubernetes.io/is-default-class: "true"
-provisioner: vultrbs.csi.driver.com
----
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: vultr-block-storage-retain
-  namespace: kube-system
-provisioner: vultrbs.csi.driver.com
-reclaimPolicy: Retain
 
+###################
+### CSI Controller
+###################
 ---
 kind: StatefulSet
 apiVersion: apps/v1
@@ -242,7 +139,7 @@ spec:
         app: csi-vultr-controller
         role: csi-vultr
     spec:
-      serviceAccountName: csi-controller-sa
+      serviceAccountName: csi-vultr-controller-sa
       containers:
         - name: csi-provisioner
           image: quay.io/k8scsi/csi-provisioner:v1.6.0
@@ -291,6 +188,98 @@ spec:
         - name: socket-dir
           emptyDir: {}
 
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-vultr-controller-sa
+  namespace: kube-system
+
+## Attacher Role + Binding
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-vultr-attacher-role
+  namespace: kube-system
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-controller-attacher-binding
+  namespace: kube-system
+subjects:
+  - kind: ServiceAccount
+    name: csi-vultr-controller-sa
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: csi-vultr-attacher-role
+  apiGroup: rbac.authorization.k8s.io
+
+## Provisioner Role + Binding
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-vultr-provisioner-role
+  namespace: kube-system
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-controller-provisioner-binding
+  namespace: kube-system
+subjects:
+  - kind: ServiceAccount
+    name: csi-vultr-controller-sa
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: csi-vultr-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+
+
+############
+## CSI Node
+############
 ---
 kind: DaemonSet
 apiVersion: apps/v1
@@ -307,7 +296,7 @@ spec:
         app: csi-vultr-node
         role: csi-vultr
     spec:
-      serviceAccountName: csi-node-sa
+      serviceAccountName: csi-vultr-node-sa
       hostNetwork: true
       containers:
         - name: driver-registrar
@@ -334,15 +323,9 @@ spec:
           image: vultr/vultr-csi:v0.0.3
           args :
             - "--endpoint=$(CSI_ENDPOINT)"
-            - "--token=$(VULTR_API_KEY)"
           env:
             - name: CSI_ENDPOINT
               value: unix:///csi/csi.sock
-            - name: VULTR_API_KEY
-              valueFrom:
-                secretKeyRef:
-                  name: vultr-csi
-                  key: api-key
           imagePullPolicy: "Always"
           securityContext:
             privileged: true
@@ -392,4 +375,37 @@ spec:
         - name: sys
           hostPath:
             path: /sys
-            type: Directory
+            type: Directory
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-vultr-node-sa
+  namespace: kube-system
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: driver-registrar-binding
+  namespace: kube-system
+subjects:
+  - kind: ServiceAccount
+    name: csi-vultr-node-sa
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: csi-vultr-node-driver-registrar-role
+  apiGroup: rbac.authorization.k8s.io
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-vultr-node-driver-registrar-role
+  namespace: kube-system
+rules:
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]