From 1aab6e640aee95ecc76423c40bdfe5145bf9a67f Mon Sep 17 00:00:00 2001 From: andyzhangx Date: Mon, 6 Jan 2025 11:54:45 +0000 Subject: [PATCH] doc: cut v1.25.1 release --- Makefile | 2 +- README.md | 2 +- charts/README.md | 2 +- charts/index.yaml | 93 ++--- ...-1.25.0.tgz => blob-csi-driver-1.25.1.tgz} | Bin 6270 -> 6276 bytes charts/latest/blob-csi-driver/Chart.yaml | 4 +- charts/latest/blob-csi-driver/values.yaml | 2 +- charts/v1.25.1/blob-csi-driver-1.25.1.tgz | Bin 0 -> 6277 bytes charts/v1.25.1/blob-csi-driver/Chart.yaml | 5 + .../blob-csi-driver/templates/NOTES.txt | 5 + .../blob-csi-driver/templates/_helpers.tpl | 49 +++ .../templates/csi-blob-controller.yaml | 259 +++++++++++++ .../templates/csi-blob-driver.yaml | 16 + .../templates/csi-blob-node.yaml | 339 ++++++++++++++++++ .../templates/rbac-csi-blob-controller.yaml | 115 ++++++ .../templates/rbac-csi-blob-node.yaml | 29 ++ .../serviceaccount-csi-blob-controller.yaml | 17 + .../serviceaccount-csi-blob-node.yaml | 17 + charts/v1.25.1/blob-csi-driver/values.yaml | 186 ++++++++++ deploy/csi-blob-controller.yaml | 2 +- deploy/csi-blob-node.yaml | 6 +- deploy/v1.25.1/csi-blob-controller.yaml | 166 +++++++++ deploy/v1.25.1/csi-blob-driver.yaml | 14 + deploy/v1.25.1/csi-blob-node.yaml | 248 +++++++++++++ deploy/v1.25.1/kustomization.yaml | 10 + deploy/v1.25.1/rbac-csi-blob-controller.yaml | 108 ++++++ deploy/v1.25.1/rbac-csi-blob-node.yaml | 30 ++ docs/install-blob-csi-driver.md | 2 +- docs/install-csi-driver-v1.25.1.md | 47 +++ 29 files changed, 1722 insertions(+), 53 deletions(-) rename charts/latest/{blob-csi-driver-1.25.0.tgz => blob-csi-driver-1.25.1.tgz} (59%) create mode 100644 charts/v1.25.1/blob-csi-driver-1.25.1.tgz create mode 100644 charts/v1.25.1/blob-csi-driver/Chart.yaml create mode 100644 charts/v1.25.1/blob-csi-driver/templates/NOTES.txt create mode 100644 charts/v1.25.1/blob-csi-driver/templates/_helpers.tpl create mode 100644 charts/v1.25.1/blob-csi-driver/templates/csi-blob-controller.yaml create mode 100644 charts/v1.25.1/blob-csi-driver/templates/csi-blob-driver.yaml create mode 100644 charts/v1.25.1/blob-csi-driver/templates/csi-blob-node.yaml create mode 100644 charts/v1.25.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml create mode 100644 charts/v1.25.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml create mode 100644 charts/v1.25.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml create mode 100644 charts/v1.25.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml create mode 100644 charts/v1.25.1/blob-csi-driver/values.yaml create mode 100644 deploy/v1.25.1/csi-blob-controller.yaml create mode 100644 deploy/v1.25.1/csi-blob-driver.yaml create mode 100644 deploy/v1.25.1/csi-blob-node.yaml create mode 100644 deploy/v1.25.1/kustomization.yaml create mode 100644 deploy/v1.25.1/rbac-csi-blob-controller.yaml create mode 100644 deploy/v1.25.1/rbac-csi-blob-node.yaml create mode 100644 docs/install-csi-driver-v1.25.1.md diff --git a/Makefile b/Makefile index 372f1bc28..af1ba225e 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ GIT_COMMIT ?= $(shell git rev-parse HEAD) REGISTRY ?= andyzhangx REGISTRY_NAME ?= $(shell echo $(REGISTRY) | sed "s/.azurecr.io//g") IMAGE_NAME ?= blob-csi -IMAGE_VERSION ?= v1.25.0 +IMAGE_VERSION ?= v1.25.1 CLOUD ?= AzurePublicCloud # Use a custom version for E2E tests if we are in Prow ifdef CI diff --git a/README.md b/README.md index a00ded364..feabafe6d 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ Disclaimer: Deploying this driver manually is not an officially supported Micros |driver version |Image | supported k8s version | |----------------|------------------------------------------------------|-----------------------| |master branch |mcr.microsoft.com/k8s/csi/blob-csi:latest | 1.21+ | -|v1.25.0 |mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.0 | 1.21+ | +|v1.25.1 |mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.1 | 1.21+ | |v1.24.3 |mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.24.3 | 1.21+ | |v1.23.7 |mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.23.7 | 1.21+ | |v1.22.8 |mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.22.8 | 1.21+ | diff --git a/charts/README.md b/charts/README.md index 338392367..984e2e721 100644 --- a/charts/README.md +++ b/charts/README.md @@ -19,7 +19,7 @@ ### install a specific version ```console helm repo add blob-csi-driver https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts -helm install blob-csi-driver blob-csi-driver/blob-csi-driver --set node.enableBlobfuseProxy=true --namespace kube-system --version v1.25.0 +helm install blob-csi-driver blob-csi-driver/blob-csi-driver --set node.enableBlobfuseProxy=true --namespace kube-system --version v1.25.1 ``` ## install on Azure Stack diff --git a/charts/index.yaml b/charts/index.yaml index 0e0728fac..38851a00e 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -2,26 +2,35 @@ apiVersion: v1 entries: blob-csi-driver: - apiVersion: v1 - appVersion: 1.25.0 - created: "2024-10-15T03:20:58.485770998Z" + appVersion: 1.25.1 + created: "2025-01-06T11:54:16.886031238Z" description: Azure Blob Storage CSI driver - digest: 887ebe0dce803f946f7c56575dba565108fc609ac4f351a19b44e5d9b12250f2 + digest: 0e552b35e5a318a3a28e3301b33d88e9b8b78990e9f5d1b4176feca7b8a5c303 name: blob-csi-driver urls: - - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/latest/blob-csi-driver-1.25.0.tgz - version: 1.25.0 + - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/latest/blob-csi-driver-1.25.1.tgz + version: 1.25.1 + - apiVersion: v1 + appVersion: 1.25.1 + created: "2025-01-06T11:54:16.913029215Z" + description: Azure Blob Storage CSI driver + digest: 2d546ab7f2f365ddbc10667e2385773d5a3ac1465161fb7ca4fcc1c2baf1c0b8 + name: blob-csi-driver + urls: + - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.25.1/blob-csi-driver-1.25.1.tgz + version: 1.25.1 - apiVersion: v1 appVersion: 1.25.0 - created: "2024-10-15T03:20:58.518081567Z" + created: "2025-01-06T11:54:16.912368607Z" description: Azure Blob Storage CSI driver - digest: a584c68395dca6e3fec719384c732607da2dc3b936e01886f6e813d826b6965e + digest: fc06efe839820c80a80feafb6bbd1145361267dfadeed373b3be71cb2da1caf6 name: blob-csi-driver urls: - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/v1.25.0/blob-csi-driver-1.25.0.tgz version: 1.25.0 - apiVersion: v1 appVersion: v1.24.3 - created: "2024-10-15T03:20:58.517436855Z" + created: "2025-01-06T11:54:16.911675091Z" description: Azure Blob Storage CSI driver digest: d8fac26124eaa218c4e3aeb187b8204c5266b4e4a3fca0df39e76376e846c8d8 name: blob-csi-driver @@ -30,7 +39,7 @@ entries: version: v1.24.3 - apiVersion: v1 appVersion: v1.24.2 - created: "2024-10-15T03:20:58.516547607Z" + created: "2025-01-06T11:54:16.910023942Z" description: Azure Blob Storage CSI driver digest: 36567735f655d0c11a2b0247421a85577e5badd0a9413785075b29b58e2b049a name: blob-csi-driver @@ -39,7 +48,7 @@ entries: version: v1.24.2 - apiVersion: v1 appVersion: v1.24.1 - created: "2024-10-15T03:20:58.515721129Z" + created: "2025-01-06T11:54:16.909371225Z" description: Azure Blob Storage CSI driver digest: d4d98037428523005015a3f62441a7665b8a4126d39f7f0d563c474387edef0b name: blob-csi-driver @@ -48,7 +57,7 @@ entries: version: v1.24.1 - apiVersion: v1 appVersion: v1.24.0 - created: "2024-10-15T03:20:58.514811493Z" + created: "2025-01-06T11:54:16.90869743Z" description: Azure Blob Storage CSI driver digest: 183f724b7d67bf336de373b0e5ac22a50af63e42ff0e26ad73a7c11fd0ec6bfc name: blob-csi-driver @@ -57,7 +66,7 @@ entries: version: v1.24.0 - apiVersion: v1 appVersion: v1.23.7 - created: "2024-10-15T03:20:58.51390366Z" + created: "2025-01-06T11:54:16.908055151Z" description: Azure Blob Storage CSI driver digest: 95f9e01cec77cda71ba7f556cf00ba377270df264aa11caf3d99062d959c8e66 name: blob-csi-driver @@ -66,7 +75,7 @@ entries: version: v1.23.7 - apiVersion: v1 appVersion: v1.23.4 - created: "2024-10-15T03:20:58.513029779Z" + created: "2025-01-06T11:54:16.907418515Z" description: Azure Blob Storage CSI driver digest: 3ce2ee0c9255ebbd004fcdb9f3e5eb702b2203182eb7046754c9b2244c417b02 name: blob-csi-driver @@ -75,7 +84,7 @@ entries: version: v1.23.4 - apiVersion: v1 appVersion: v1.23.3 - created: "2024-10-15T03:20:58.512153589Z" + created: "2025-01-06T11:54:16.906745051Z" description: Azure Blob Storage CSI driver digest: 55b2f47774558d16dec5c93655e5625634e35424466c10244fabd471c9b2a5c6 name: blob-csi-driver @@ -84,7 +93,7 @@ entries: version: v1.23.3 - apiVersion: v1 appVersion: v1.23.2 - created: "2024-10-15T03:20:58.510487821Z" + created: "2025-01-06T11:54:16.906104918Z" description: Azure Blob Storage CSI driver digest: d85ba0c55d74c22b2b4cb964d70d8e38ede06f521cc5ca5502f57ed4b52d49f4 name: blob-csi-driver @@ -93,7 +102,7 @@ entries: version: v1.23.2 - apiVersion: v1 appVersion: v1.23.1 - created: "2024-10-15T03:20:58.50971062Z" + created: "2025-01-06T11:54:16.905428152Z" description: Azure Blob Storage CSI driver digest: 66215f12a4e3acdcf09416d817b737e14546058b081a2cfd8bf9ef507229ca07 name: blob-csi-driver @@ -102,7 +111,7 @@ entries: version: v1.23.1 - apiVersion: v1 appVersion: v1.23.0 - created: "2024-10-15T03:20:58.508851451Z" + created: "2025-01-06T11:54:16.904424512Z" description: Azure Blob Storage CSI driver digest: 57151e21e33660522f25694bd8ae985e5e17c7ffe09904ad2af4025e8bf1da72 name: blob-csi-driver @@ -111,7 +120,7 @@ entries: version: v1.23.0 - apiVersion: v1 appVersion: v1.22.8 - created: "2024-10-15T03:20:58.508046015Z" + created: "2025-01-06T11:54:16.90320892Z" description: Azure Blob Storage CSI driver digest: a2ab602708e9c3b08d01baa66ffc7937b67119c060b4b90a41bedf15b709313c name: blob-csi-driver @@ -120,7 +129,7 @@ entries: version: v1.22.8 - apiVersion: v1 appVersion: v1.22.6 - created: "2024-10-15T03:20:58.507341904Z" + created: "2025-01-06T11:54:16.902593067Z" description: Azure Blob Storage CSI driver digest: ef7b5c287fca46351903cb819b3ccc8b8b2021addda87c59bea94d9ed61015a0 name: blob-csi-driver @@ -129,7 +138,7 @@ entries: version: v1.22.6 - apiVersion: v1 appVersion: v1.22.5 - created: "2024-10-15T03:20:58.506634864Z" + created: "2025-01-06T11:54:16.90196082Z" description: Azure Blob Storage CSI driver digest: ff3c2c2e05dd048dd0af3e5c7d002eae2928a5d17fb269a1e4d5cadd30e8ab51 name: blob-csi-driver @@ -138,7 +147,7 @@ entries: version: v1.22.5 - apiVersion: v1 appVersion: v1.22.4 - created: "2024-10-15T03:20:58.505794286Z" + created: "2025-01-06T11:54:16.901280457Z" description: Azure Blob Storage CSI driver digest: 6c38e79d2f50616daac0658cfa5b1a569e6ff8ce8f24ed40f563e87fb1d1340a name: blob-csi-driver @@ -147,7 +156,7 @@ entries: version: v1.22.4 - apiVersion: v1 appVersion: v1.22.3 - created: "2024-10-15T03:20:58.504948775Z" + created: "2025-01-06T11:54:16.900620867Z" description: Azure Blob Storage CSI driver digest: 6cdee296d22ecd330f477f2ca6da51b07320c546c04ae46c23eef48146b772c1 name: blob-csi-driver @@ -156,7 +165,7 @@ entries: version: v1.22.3 - apiVersion: v1 appVersion: v1.22.2 - created: "2024-10-15T03:20:58.503181802Z" + created: "2025-01-06T11:54:16.899983766Z" description: Azure Blob Storage CSI driver digest: 259e66dc12db7310fe1c51e49c964398e0a6b7d511133916dd7d25f748f0b791 name: blob-csi-driver @@ -165,7 +174,7 @@ entries: version: v1.22.2 - apiVersion: v1 appVersion: v1.22.1 - created: "2024-10-15T03:20:58.50228603Z" + created: "2025-01-06T11:54:16.899317508Z" description: Azure Blob Storage CSI driver digest: 8329d477d55c82f97bb09fb172c5f39a1677bedc13c7410bd93b306194516438 name: blob-csi-driver @@ -174,7 +183,7 @@ entries: version: v1.22.1 - apiVersion: v1 appVersion: v1.21.7 - created: "2024-10-15T03:20:58.501421698Z" + created: "2025-01-06T11:54:16.898617884Z" description: Azure Blob Storage CSI driver digest: 1095721182d611e2556c611dd330758d8130fe66493db4f9189586a9219896d3 name: blob-csi-driver @@ -183,7 +192,7 @@ entries: version: v1.21.7 - apiVersion: v1 appVersion: v1.21.6 - created: "2024-10-15T03:20:58.500552834Z" + created: "2025-01-06T11:54:16.897474533Z" description: Azure Blob Storage CSI driver digest: d5ba1f92795ec45970eb6e5fc54aa13a5684f9936216c064f8a3843bf722bf54 name: blob-csi-driver @@ -192,7 +201,7 @@ entries: version: v1.21.6 - apiVersion: v1 appVersion: v1.21.5 - created: "2024-10-15T03:20:58.499796742Z" + created: "2025-01-06T11:54:16.896572201Z" description: Azure Blob Storage CSI driver digest: b403e9d49abfe076ecd83d6dd50166347ee4305f33dc840019474b2876723b9b name: blob-csi-driver @@ -201,7 +210,7 @@ entries: version: v1.21.5 - apiVersion: v1 appVersion: v1.21.4 - created: "2024-10-15T03:20:58.499032709Z" + created: "2025-01-06T11:54:16.895942165Z" description: Azure Blob Storage CSI driver digest: e4fa13670caf6b0d3e9fefa55d100daa439cd7187dabd45318ab03c7d4b17710 name: blob-csi-driver @@ -210,7 +219,7 @@ entries: version: v1.21.4 - apiVersion: v1 appVersion: v1.20.3 - created: "2024-10-15T03:20:58.498291755Z" + created: "2025-01-06T11:54:16.89532388Z" description: Azure Blob Storage CSI driver digest: 8c2c20547b2e0e1b39d2f2efd04c1bd778f14af5feae2bda86d722dac3c02643 name: blob-csi-driver @@ -219,7 +228,7 @@ entries: version: v1.20.3 - apiVersion: v1 appVersion: v1.19.6 - created: "2024-10-15T03:20:58.497425145Z" + created: "2025-01-06T11:54:16.894733035Z" description: Azure Blob Storage CSI driver digest: 0007ef225b5658d3989aa6fdc3a91a4b33696a438eee46ad9a675af615cbdf21 name: blob-csi-driver @@ -228,7 +237,7 @@ entries: version: v1.19.6 - apiVersion: v1 appVersion: v1.19.5 - created: "2024-10-15T03:20:58.496656586Z" + created: "2025-01-06T11:54:16.894116519Z" description: Azure Blob Storage CSI driver digest: 183c3e5cd84b709f1455cc7c84ed5bd573e8a24149fd6442d38999835b0a1711 name: blob-csi-driver @@ -237,7 +246,7 @@ entries: version: v1.19.5 - apiVersion: v1 appVersion: v1.18.0 - created: "2024-10-15T03:20:58.495882754Z" + created: "2025-01-06T11:54:16.893497445Z" description: Azure Blob Storage CSI driver digest: 3eac15488da5be7d1e78431929f7cda35bceb1af3fe107ffbd84606e047c9204 name: blob-csi-driver @@ -246,7 +255,7 @@ entries: version: v1.18.0 - apiVersion: v1 appVersion: v1.17.0 - created: "2024-10-15T03:20:58.494867238Z" + created: "2025-01-06T11:54:16.892841311Z" description: Azure Blob Storage CSI driver digest: 22cfa17fc5e8d771ff8edd26729266a9a8ee55c0e150df85ef15698f7fe985e9 name: blob-csi-driver @@ -255,7 +264,7 @@ entries: version: v1.17.0 - apiVersion: v1 appVersion: v1.16.0 - created: "2024-10-15T03:20:58.492973696Z" + created: "2025-01-06T11:54:16.892066552Z" description: Azure Blob Storage CSI driver digest: bf6249c0e3e3d3d009d4c79ceb7fda9a56c0565b969de753628792ea3ea5ece8 name: blob-csi-driver @@ -264,7 +273,7 @@ entries: version: v1.16.0 - apiVersion: v1 appVersion: v1.15.0 - created: "2024-10-15T03:20:58.491941055Z" + created: "2025-01-06T11:54:16.890454006Z" description: Azure Blob Storage CSI driver digest: 8daa35cd4957695cb64b45da05a15b4020df5545a8ac44c4668dad4bba82c8a9 name: blob-csi-driver @@ -273,7 +282,7 @@ entries: version: v1.15.0 - apiVersion: v1 appVersion: v1.14.0 - created: "2024-10-15T03:20:58.491054439Z" + created: "2025-01-06T11:54:16.889855299Z" description: Azure Blob Storage CSI driver digest: 442bc579b231aab626b9e474e2c0ed3f101d47d61c99aa9a7f863af7ce268d9d name: blob-csi-driver @@ -282,7 +291,7 @@ entries: version: v1.14.0 - apiVersion: v1 appVersion: v1.13.0 - created: "2024-10-15T03:20:58.490284857Z" + created: "2025-01-06T11:54:16.889256523Z" description: Azure Blob Storage CSI driver digest: b577b0b771138109aa90eb09d56fc07273ca0b584a263ee8f789e35796279f31 name: blob-csi-driver @@ -291,7 +300,7 @@ entries: version: v1.13.0 - apiVersion: v1 appVersion: v1.12.0 - created: "2024-10-15T03:20:58.489468411Z" + created: "2025-01-06T11:54:16.888626035Z" description: Azure Blob Storage CSI driver digest: 124e87af2581b374b89a39940698620c23d3eae6dcee518d302461ffea93e9a8 name: blob-csi-driver @@ -300,7 +309,7 @@ entries: version: v1.12.0 - apiVersion: v1 appVersion: v1.11.0 - created: "2024-10-15T03:20:58.488614952Z" + created: "2025-01-06T11:54:16.888000104Z" description: Azure Blob Storage CSI driver digest: 07c4d76017491b3d0bdd70de90e814096938bf7916da0c149c3805294bd57560 name: blob-csi-driver @@ -309,7 +318,7 @@ entries: version: v1.11.0 - apiVersion: v1 appVersion: v1.10.0 - created: "2024-10-15T03:20:58.487500941Z" + created: "2025-01-06T11:54:16.887370071Z" description: Azure Blob Storage CSI driver digest: 79716efa958385adf57eb3570843e1b4512d8c801e8e070625e94264f3e917a9 name: blob-csi-driver @@ -318,11 +327,11 @@ entries: version: v1.10.0 - apiVersion: v1 appVersion: latest - created: "2024-10-15T03:20:58.486458889Z" + created: "2025-01-06T11:54:16.886739484Z" description: Azure Blob Storage CSI driver digest: 5108fa0ce6382e1527d72fcf46c839920e6349c373fde30c24e083e728dca784 name: blob-csi-driver urls: - https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/charts/latest/blob-csi-driver-v0.0.0.tgz version: v0.0.0 -generated: "2024-10-15T03:20:58.484887297Z" +generated: "2025-01-06T11:54:16.885081336Z" diff --git a/charts/latest/blob-csi-driver-1.25.0.tgz b/charts/latest/blob-csi-driver-1.25.1.tgz similarity index 59% rename from charts/latest/blob-csi-driver-1.25.0.tgz rename to charts/latest/blob-csi-driver-1.25.1.tgz index 04a4c719252fc071b770b13a4a03f388b0249d13..11a6cdb968ec63e4c3a2c51a906ae4455805c9ea 100644 GIT binary patch delta 2345 zcmV+^3D)-hFoZFXu77m;=D5>tAAQqmAGc4Bzd^12kx+gGLSp_+>&dvXgZqUVrM(3o_t~nrVPJF5F^?naHptmlYps{2e&j6i|hsZEbjbabFD8o{< zMF!wY5BYEBbVzlv*)zuWtB( z>s~XL*vl>&PA{3f<{*H|8bY=p*PJbg(iOm~AybU&$DI;5Pa5q;YZFSBEP#R#*PKnD z8pf!Luev1gbs`$==e7$c2n*BJjZ_OmqA`vaWD54ucHskaV6|`g zTFr})=IAVSW8lxh1CCw2&-o7MD7AswLO5^;=#3NDC*5X$Q(K%~|3g7Ae97dH7Pbk`LMeQvFf0g{0d}qU6qA@s65^oeJy}v;AnWNi zo8{fy_+064Wb#l?* zW_qfd>J2r-yk0dz=yS3lF3i+IDVL6TS}I^oY_~snJM3NF{y4h2yct~fi(|ZX%BZgV z#kM4iTy?O4G`t+&^e!%L-(Fn3{qf_tFe{&ads-?|2evgbXRZ~5v<2R}@9o9l_TzQGcQfd}-3eFb^uJPM??1jBTnuh*%L@RK zh)ftdG|J@@HGDVf-3)Hu|1iEC4X&?to2=A-A%$xhVKnIVZ+kzf|Br|N*-cqwPd>~b z+?+g8?y41tb*UrOq?v7!?QiMotO`(?`GzT2Ani?1;wI}hC1ncyV|dR|SG{F*$6@!u zSGxNk+n~Z`0xhLgOE(qF#aSn{Qd*aq)xf{XlKSG0J5*rof)h>m%ibFij&d)%kmEZu1b*47}eOiiCer zKua;KHI~2WyTOc5(JW2*6cO=7YB1u?shM97BH46TrBT3Mhut_|^Rm3kZX9EE_O%Zu zy^c@zOfQkv0x=7t46Gc@)s|0nOK0(ah;#PsYvudjUS9PFx0k&SgCfkk?)#~*%SO}u zCHB{p175SU=Ih(3RAsM^32j!`<&$Ql8OW%JPe?4qSwVKZ=oIY|LiGXg+Sd~jd%k63 zdk#wd=1DC(E4~=A*4LIF9~_?pm_1p3-Bc3&$$@C#cd)du{_24BnaH_C9H2yh5}B8) zYTqkZJK_3Fb~Bt3u}x)3cH7TqCZu#H-~P8IZP-kd-nf)`nB8f#m9Kx;F!b^phH}Bv zv>DqBHEqofJCZ8Vx66*Cw3V;Uu2TZ8Q^Kd2Z^h;t=+4H~7CzWozV(OkiYPqnnfelY zrd}>V^c=gj)-6p7mwlZ1c!te?w~OBrM^}w&Jy}SC?xS7xFSp$*4alQe3!40fvhtIP zc>1roSM1L^s;^*MS#gO(c_~grc#=5g%jW8{zfJADHuYyN)1*brt$f?u<1|Ei(-MbV&ugT4^PU+6Ig3RmMtxCzJ8?&#QAZ4U`QC-B(saXm!k)CLag9$|c{)<%534UarrD#^`P^wSb=WMK z1GepE$?YAx4P02sK2&Fa$DIAJ*7|m9Nh@;~tL*qa>@eN&D&PObC)l?3@)3{?`#(>Q z-W+GY|MBLq|MPjSjI5}a-Y^FW>ks#Yn?KEG{zlA&)CMu#8V7RDIQd;0#KgYQwY$c2 z&(J-w;9df!*i9aStDyXOPE_jkd`c<&zGVrMhdljj$%O2GfrGc3m;V79yAz{S;pvBm zKkHikOI%gg|4%stX2bfweRR~xp8s@w+&QfOpX1uF{(n~eulK-wO`89O^nG$3z7|cN zJUHW7bbJ9b9JKrXuX6n#G5|IV@RUgKCjH+!J;~_*<5s(U(ErbI<#Huy|1P!!nc~kv zMY48bw!w95-2ULOEtKH4XH!)>mnwDm)4Fa3yhWVUgsi1v6U7oJu0pYCw-I#`+{32t z=O0w-U+3Ch|8Kt%*r@+c-emND=j7!0p#PuadNKVUJCp~_f6)Ag>u?>e!*#fx`TG9= P00960@5CbQ0I&c6!bQ^w delta 2339 zcmV+;3EcLCG5#=+u7A|&oE~+KPQGcikJT;I+8+t!S0E(j-?W~LD?7M9$%TFL3AiAP zcG03;!@j@z*=}@B8m*cG!sf)6`d;t%fCGB#vI!bX#_RdS zb0*kSHf-jpr!JeQRtRzMnIMw!WfwJ>5Y4+_0-S;bq4=m7F_dmB@l2@|BlqftAGq!{ zbBVp|qT%$C$!iV*sH`Dm3v$ibf+$@9yc#maxPIIzf%Bx%-i*>E3!osxHD?p3hB4~m zt1bzAoksh3GaN$79O!F78^MeS$?+BgRh>gIwRqG$O+u&AG>@~+0lozR>$8mq9RdOP zv#SaG27gw&-8s~MKF4KQR;uJvm_1vKyB|#Ldb?&SM9;@Vvu}ERF=#qCoGJ0#p>`8X ziS79)EHsKYm;1~a(kZ*5$&JIg?ZOGd!nAcG)xwZyjN=8Fg1xj|_`n=k?OVQ9^CF}< zI!oOc_;c`pV^{BUz5_Z+ZJ@Rg4jck{;{^6ew}08x7N^(0QEdnJ_8ik0d_{Vwg8WnF zz>^LHTrdAe?UPO`v;XVO$%TF0jE-T4@^8%@`z-v<0NhD!1p4@kvE*37 zEUZ~nE;*qyb23Kc&18=m$5J5i7f^Ai7C%&rha@D5i#4MZ zoPV5C)F3|8BVB)fJ?y7KW$TO76Ac|IBC8(NZbr+5ZK~51iM!UN=W0cbHsM()h0hd*1>rKlt`(nR5_3sH9Q3>=OX>?`J>6!ryqg;pe$br`+uSAr#!@)3s`23-i#l`L0i>tRkejFEO<vHZnoJ9^r8KUvv=JrGHU$ z4%jQjsqj4sl~)Zm>Fy%^knyzcjI2K~1?;mVx;SBmWY$G3xv!Od-X0YDOw2}6fQ zxqPCA??%0w!R`AW#XwKx2*0s>^}HPcOPUM zRMUR>!emn>r%5C_*Yp{U;J^03XENFqUnCwdn1B8%N2Fmk$=^{1orLO zJ}%A3H4Dw+>ZR#A3m?n**|)Fzqv5B)=yo)CcRRj1f3MAL9zvRd_gh1e@GlBzDTcMi z@;7}qm=P+Pr752xBECosM%+0y^Xow*o9?PK3fSwg8|Q0YmRH%0W30};_Ti-0@yVX) zCDK|TW?__pm7}@Z@~Lj=EPozx&c1!EeE-|atN!5jviD(7gn8F}KNWV_Xqvyo{+e>Y zYj)OreLIz^?Da9B%?i7G(u_0%85QvfiKRFz$c`7CqFq9$J^)_(dO~8)w`^?BL8;$7 zsby!y7em(i+VbOr<8uJBC(Ey!N}@kG5DokemKN4u9k4zVIk$)dlz&Jf^Kw<~dj)GJ zT%XBqhEpQ8sVvEE`}xd-l@mu2Ps&TC+3rWy@w5$H*wtJ-kc{FQ5liyHQeo_%n|26lD z{aHu#6>KXjE|DlN#fb<{632YmTz&Spsh!uR{>){Xw1~NtZ<~9ZhUk(>(_>EHLUuNz z6vMf`^+m@tdz3n#J1wRTnVNE*vme%4-)=2wW$t2?9lwViraNBc`@i@E+tyw_0LSKF^hr74^~^=0IWn;hu2wr}@m^h`Es3Af{X6K+YK_ziWe-*f+X%*O=}Zx+fOg zOW+i{$wRR9`R2RtALUAmboIx9uut@sPtirc)a$=$NPh_z{g=AG+T$5In_;5`@QH3P z16ltb)mZ zkoKyN)Eg;%TdT>5O1+*>DTUv+EMfAHr++P(kbgaJ@OJa^KVV~bVw5U8{qXQ-U8{eI ztLpmyDTlypSpT<=jyl=%pN@~)hxPw+TpQN^&#M3R9+FqUny5((a<|68Xg8U26UYPSyh|2eK)t|aZ>#g-sb{8^|-)-KF8 zxNMHw9~`!Y65RG|s%qy_r4D~u*Uf;ph?AO-wNz}PSOUdWC^qdjqE3Q)*!2DUgKGWj zT-)pa?N4%ahZ{~rJV|Nk)^ JARPd(008>6&g=jH diff --git a/charts/latest/blob-csi-driver/Chart.yaml b/charts/latest/blob-csi-driver/Chart.yaml index c6072e619..b0449fd1a 100644 --- a/charts/latest/blob-csi-driver/Chart.yaml +++ b/charts/latest/blob-csi-driver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 1.25.0 +appVersion: 1.25.1 description: Azure Blob Storage CSI driver name: blob-csi-driver -version: 1.25.0 +version: 1.25.1 diff --git a/charts/latest/blob-csi-driver/values.yaml b/charts/latest/blob-csi-driver/values.yaml index ecbfe5bb4..19705fe08 100644 --- a/charts/latest/blob-csi-driver/values.yaml +++ b/charts/latest/blob-csi-driver/values.yaml @@ -2,7 +2,7 @@ image: baseRepo: mcr.microsoft.com blob: repository: /oss/kubernetes-csi/blob-csi - tag: v1.25.0 + tag: v1.25.1 pullPolicy: IfNotPresent csiProvisioner: repository: /oss/kubernetes-csi/csi-provisioner diff --git a/charts/v1.25.1/blob-csi-driver-1.25.1.tgz b/charts/v1.25.1/blob-csi-driver-1.25.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..d1effe66807acc7e36c0543d88bcbc6e4f0913e8 GIT binary patch literal 6277 zcmV;07<%U)iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<`bK5rZ{ac>`qx9y|`;~h5m7Zq&hhnLzCXVcpob>KG9S=mV zB%Dcr1wh5B>+k*>0HpYqC|R-7p4gejB7xlnxG(H3z=_KymMw_oaIyg2yqIGy8%ylD z-|X#bwOXySlN0@KtJTW>+iIU3f73pBbA0yZiL^;!Az6`+L9vy>;0HjV0rF2Iyiu zK!$m06noG?8J4OoG5}wC$cHO&W#xZ?-2lXX6~KD=Z?}(6+FAKOIXXGW|8rc#!!zjA z5Sm~CBk)-Vc{Xo&#O6$}schKHQ%_wsQLPZ-;4?ua)XtCYgUyXfp}6 zAR`du_id(_n+~a0x*1o^c3I$rHsd;&xWv9tcWSj)uh0mlz=7I;Btwh>VjOvl0}^0! zkV4&_015;+=<^(?MnmWfX@(UF1czw{&8753rv!?G~2d+Cd)O64AP#~B+y*4(jLWLr zZ!>CxFJl4Fv(r>U;D@L!p96T>vuoD;Bt1j@M#NG`@GRR6gamHcoJeA0S79H69jMlt z-{4-NnW9w9C-Z&AWkA(K$q)}HS_vJ(0#QaeV-ii4NPv_|q_Glu4er7~Qy3;o1oznU zT|gc6JJY0t9u(}Z_$U;sw_B|?daUIeJ=SUokytTXfoLecRO;zM&sQwf9fXwvv-Cq_ zZJhGf!pAmrka{7OnZFuRyv9EFJzvf4s?Uo3=S;{U$j^-5t@MPP6S0~fn+2|;1j-=- zPh4=65{L;$4g)o>5;@=lbr7TI!*~#NuOY>;oY>-;aoIsf|2#WBDK>s{z^zhwnd9yuid&8n1)eMQZG{ni@OKDI%Z> z>RXphrh$NK&hD2hN++qi8X%!UV%Lq@$5h6xS5cFCyK&Mutrzt>TH%QM9mO4w8YhjG z=_o*c!1q@^&>x8l!@x`Q^fC|X|1>L3(=#*?AAJW)=)Fz$BQuUAy#GO%WnMf60dfS` z>COQ=WAZ!Xrs4wIbGXKG-a$=IuOhIoEX@t^U@Woc52$X^BMGbEDNpbkxJQIAep&0y zn>TqY@T_{dbOH9Vrr_wQNbv7;Dn4Ur&mA`VvLo8b929CWBZXZ>`UkyUGJIE?0+s>S zyf78-I1Bt}eW}>=XHFzsQ5%%v_;Gx*^kD_-9Y~{H#uBSlo8iTp@xVK&rAEURq@k5w z7~(MAymBYIGf>3T6^%jkdmK!skL zy8W6mrG~_J-=kjt?Z7doU)lJt1kZP|1koH`-So!| zc`u)gV^jX;q?L{To}Qf@AL75yaos2xUzgNT@;nO{q7L{jTY`?C=r~0v%8gp>h9P?n z_T2_xCa@u~48-@ycL57f%g0VF)MmDHk!8`y$2@;{K#dXTc8!(ii5?#nNd}l@iO~9- z*Rk(sTyzB~2LwGn){$jtbNRonAIjzbb`Gu&Tr{Nr#8l7*`9C^7JIToZ+36ww`#jgf zL-QYKLA;K(!c*dcT>5bCscEt2&_VxbK0elJx>^6;$JEirnTCO1ZO?VdfNuBjU?B&l zgaWE-Crh=fBP)J{16QJksWQ;A*!W~Jj;iI=0yrlQpg)u+NNsd>tp6mQ@xD;qih%)j z^xvAc+Jz1&8(Iu?iqtUmtUM2$Nti5SicM&@Q7a}~H;Iw?oKQJM^}h-0Z=#+afcZOI z$Du!T#7t?a`v28Y{kFc#V3_AIofUEik1ufU*5A<8WWNKC)A8TrX(Gc^dX2YT(g#6h^k`qc&GA&^q zBgy`aJ$Fru72?#JHDd1vuDeRhO&O2l`2rQcXFtxIC0=$+VK%*{5a&{Ex)aBA25bAF zRaQ<-Z^>xV1AA$m`!!wV_P-!SvSV4udi#HLe0+MAw*N=%R_o2d{y)ccN2t?5J?+?g zKxHji5QcqUG#Bk!l<|xsC`#5MWfHRo4b6jT6-J56T=*Iat%ZpZ>73~%un6VNhPyHs ze;`Vz15~0D)m-?Xv(0e^s~CLr+@Of8P$vwwN_&2pAhR-|MWp5}Tukzr=@`jhh(0m# zI--}NWD8oVPTUW|mCNT<rhfh^pHx2Asd2`WIq2{nb(cuu zI}l+)OwDu@rjFu~LPtecFCz3|1bQuf7uAcWV+G^!v5p$wnM`0bkQ?BhsHf*!2QSwH zir6fQqOW?dUUHSUsegv$K#Uh^we0+rHZoILN|||m-P~Q1J0KjKUcd>Rg$YPPXM-7K ztK0p1umfE@oamWm2|bhP$I7eIy0?Gta|jbinHD*rS~vQHPKYt+ylbWGZmx4ODQhws zh13Cc3NUY=JM%&+Q*5&8PbW2_G|QMe`3f`ZjP-gEp@L$ggaqcECKpKtK(^3lH6j7F zS|DC?HYF}3Sw=2>=%7(RCGntVA`xrHmq=s9h*P<(Ek+!#nPQr(M20?D#Tv559E)oX zI#STAr*(fLT{_cQME66e9S#t2fMSWwZt=}Eo&(Mx>u#?%>W|0Y6*P1KJHRan3k)~6s1VXF0HQdR z1@gRo)M|->=Ws7MwoEmp75R$iX(wydSXXOcpIE>7;{3F=uEiwaLY}uUtrhr@csF5%S$!{y2!pNBO&3d$mlJdTJ4}_ zSf<<%%)ZMq+jXKkc@rPSmCR`tTIiIrPEqGr$y7O*(uk<)J-!U}iY}0rLwL$~MpY1~ zz_Cp&Pr`;7auY6Z`zTFtsdiMCjeR^JE|COsCe`80&l}?Ic~tTG_`bJC&QoKMish>0cw?>MB;$Z2@7vcGr7Kzu{a=Z!Cdw&`F`JO^Duo_GFn6Q)Qjr&>vkR6f*qH&91-&!HR>go~ z2$s+(vjRYw`m7R)bXBX_2w|B_hLs&wVqywwUbllByLuJDukiwP>8u5wFPABNCEyF| za5IpVp3QOSYKdYhXR9zxp}P|{$vpEplgwsr2i;s;N6Mo(DzVutRU&nr#VDfNwD^4^ z-8peDtY9_Q6cab#a5Lv1=FD|W`Eh(H>-r94R_*%6W<(S{$%vc4Uk9yBcNW)vwGZ4KlXtW<`j1>UrPMvk+mM%Ls&`knIlx1+kQwi`=q z-)UuEIu(Y%{_xXabT$0YAKqxTzwX}rRI;W9X(x6SHZ_St;n9d2{}qgGo}kSx_^Mps z+1B0J&YUsXY~bH*<}VAOm`59+WTvYGP^1xx-YupMdcFAte}`Ttgh3}v8m816)u-Sv zj_co*F@X^7ngxm)f)H-g2A+!$bHL6Ob(aO|XuaSj22@Dvvyz$sZuxgvp2;Hc??}_e zmgIquO&w{oW#-jwKQTM3`;>^h>~b%81VFXebhs~Z?{VouxP|fIsO9eQ=qKW;wkE6^ zaW0HkKSvb$@75es#|6tMV~fy0fCZd0ey(@d{QYI)x6#~x?a`Z<)R&NDGYbW&r^3PO zrKaA?_wbnOQD_b~^eC`U2fou660TT2Ui8yH~;fi7KsE zwa3yNx01i&8sj0816tT7JPW1pnZmFjTn5;+;!{jwE=h=kp7&%)eSxf}+iaG1bK~o+ zOV;DrYelk}nTs`5$>HHuR&)rIL;4cyj^E%+b5iWi!vi)X7DIo9U@;syEaS z^Lo_?q0h;JxG+--rCd7VX{mrUvE5$(?Vvln{c&_Pyy*{n#WCJGWmH%GVq20$t~%I2 z8Vtub-OJ0{x0hFMfBZNu%*vcjJ7BLA zr^5FnR9-bay}`Kq_OgHb@w(T&>G$65ge!CUUn#QpAK&&b`!~1c1prAzCJY@K0I`nT_Y7~hWi*H^nuR_c(#wTv+8cYC+ppVa@yga7QNEV3sbW)N;p9w~R#3dFk9 zk!sS+Hp%w4bahq*D9wDs6fBVTCMa=}b(@kh1^zL-=cudRvby82``|0xeUNQXVKaf2 z(yFDK3g+VcD78{rmzveUzsi#O;*UF2VC;euP4~;*8xiDLuBgk7to|jiZ_oB|X-2MD zXckv5P1jlYSkBMCecc-kKJ`bpqyD?w@zuq9ZEo`r(hR)c8j6H}Q9w&EtTmRu>AS&< zP|+++`4kcHMQSkO&Z(JS41!1HmN1@z5IruT<|n)#x_GuTeHKCq)PPd zvLh*N<*T#nlz{7$@M-2-vH1qNvvIYB54M(X{b9T!3J-gxzQmrXmrD>m$8N24OVh$- zA7?(EVe{?cx5Uv^<62J^lA!x&SN+Rv_euluXx4%zzoD%Bq#~aFYwi{MvySR3*j83t zB2iw76A_*yj`^~=`s{C0JFiXsnaeb35pyfwHupFU(Iu0n$DF{0>}*CUhKW`De81c3 zG69^z4RzbjpOu`5=)+5gC`@@2rmW~8HG%cNf+5_B8B@bw6GyCSUH2}<&uemXtW&yk ztswKdcB@jd>Bj8qCPFZUYxqvJchS zF=s!lwZ7e2(#qV$Dm#7;J4|=H%J+Zq3AU}hd<0~}{?D`HHz(Qef4n*D|9qY+BP;5q zH_U;;`olfp=1=pPzY%jGwLwg`#(|tOPJY)0F|luS?XEH1GjvZZxR<~wc9Vx->+{Wb z-#^Ng7U}4Z17V-&EuW%;eyP`g)sPY{`Y&~VwZ}7bHp4~>;1k_o2D1J=s=Gw!f3>%+ z{xI{T{_>++j`B4?1K0txK18`Pdb7!`2v>R&ZxQCOh3#S?Dh{~fm|y`^?l6VnXjYTC z)39tol!4sqfSv@dNZfjTaysg?t8z3 z$$!C?q4=7ij8ogVYOxEl&4);;>`hf_Crp3jb>CAIS;Q7==DqCYeNmko9_;jI(6<#- z#GbY6lQ1;RcW$$Yb{s{qUVWNEeRl1n`1`qa(|#EIFQAk%6H!?q?NuMCH&XhxR+AHz zdOe>~3cqhz!sH=O|5`F3d*I;h=H-9D#_q%@Re1X0;m^8O{}NZ#_5V{2f!VPBZyz5Y zWzT;)IXOA3|DWU9u>OBm{jc}Hd`+7Fh4g)L9=;Y$pFB9@S#*2>GaR)0{;zWVA2I+o z4Dggl@FxA=Iy=qi|C3hx_@Muvg^FbD!fb=-IAr*+*7c#Alx30X_UCW<9cT!muOZX@a>xQ9*O&p)Wvzs|M2{@;Ejuu=b?zRBqS vqtnx~gZ_Vx>&5hc>`)#w|3UK~uETY>4%gv&=Ij3h00960W}4tS0I&c6;nrx; literal 0 HcmV?d00001 diff --git a/charts/v1.25.1/blob-csi-driver/Chart.yaml b/charts/v1.25.1/blob-csi-driver/Chart.yaml new file mode 100644 index 000000000..b0449fd1a --- /dev/null +++ b/charts/v1.25.1/blob-csi-driver/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: 1.25.1 +description: Azure Blob Storage CSI driver +name: blob-csi-driver +version: 1.25.1 diff --git a/charts/v1.25.1/blob-csi-driver/templates/NOTES.txt b/charts/v1.25.1/blob-csi-driver/templates/NOTES.txt new file mode 100644 index 000000000..c75dafbb5 --- /dev/null +++ b/charts/v1.25.1/blob-csi-driver/templates/NOTES.txt @@ -0,0 +1,5 @@ +The Azure Blob Storage CSI driver is getting deployed to your cluster. + +To check Azure Blob Storage CSI driver pods status, please run: + + kubectl --namespace={{ .Release.Namespace }} get pods --selector="app.kubernetes.io/name={{ .Release.Name }}" --watch diff --git a/charts/v1.25.1/blob-csi-driver/templates/_helpers.tpl b/charts/v1.25.1/blob-csi-driver/templates/_helpers.tpl new file mode 100644 index 000000000..d99392f32 --- /dev/null +++ b/charts/v1.25.1/blob-csi-driver/templates/_helpers.tpl @@ -0,0 +1,49 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* Expand the name of the chart.*/}} +{{- define "blob.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "blob.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common selectors. +*/}} +{{- define "blob.selectorLabels" -}} +app.kubernetes.io/name: {{ template "blob.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Common labels. +*/}} +{{- define "blob.labels" -}} +{{- include "blob.selectorLabels" . }} +app.kubernetes.io/component: csi-driver +app.kubernetes.io/part-of: {{ template "blob.name" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +helm.sh/chart: {{ template "blob.chart" . }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels }} +{{- end }} +{{- end -}} + + +{{/* pull secrets for containers */}} +{{- define "blob.pullSecrets" -}} +{{- if .Values.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/charts/v1.25.1/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/v1.25.1/blob-csi-driver/templates/csi-blob-controller.yaml new file mode 100644 index 000000000..f2c33b4e5 --- /dev/null +++ b/charts/v1.25.1/blob-csi-driver/templates/csi-blob-controller.yaml @@ -0,0 +1,259 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Values.controller.name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.controller.name }} + {{- include "blob.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.controller.replicas }} + selector: + matchLabels: + app: {{ .Values.controller.name }} + {{- include "blob.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + app: {{ .Values.controller.name }} + {{- include "blob.labels" . | nindent 8 }} + {{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + {{- end }} + {{- if .Values.podLabels }} +{{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + hostNetwork: {{ .Values.controller.hostNetwork }} + serviceAccountName: {{ .Values.serviceAccount.controller }} + nodeSelector: + kubernetes.io/os: linux + # runOnControlPlane=true or runOnMaster=true only takes effect if affinity is not set + {{- if contains (tpl "{{ .Values.controller.affinity }}" .) "nodeSelectorTerms" }} + {{- with .Values.controller.affinity }} + affinity: + {{ toYaml . | indent 8 }} + {{- end }} + {{- else if or .Values.controller.runOnControlPlane .Values.controller.runOnMaster}} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- if .Values.controller.runOnControlPlane}} + - key: node-role.kubernetes.io/control-plane + operator: Exists + {{- end}} + {{- if .Values.controller.runOnMaster}} + - key: node-role.kubernetes.io/master + operator: Exists + {{- end}} + {{- end }} +{{- with .Values.controller.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + priorityClassName: {{ .Values.priorityClassName | quote }} + securityContext: + seccompProfile: + type: RuntimeDefault +{{- with .Values.controller.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + containers: + - name: csi-provisioner +{{- if hasPrefix "/" .Values.image.csiProvisioner.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}" +{{- else }} + image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}" +{{- end }} + args: + - "-v=2" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--leader-election-namespace={{ .Release.Namespace }}" + - "--timeout=1200s" + - "--extra-create-metadata=true" + - "--kube-api-qps=50" + - "--kube-api-burst=100" + - "--feature-gates=HonorPVReclaimPolicy=true" + - "--retry-interval-max=30m" + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} + volumeMounts: + - mountPath: /csi + name: socket-dir + resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL + - name: liveness-probe +{{- if hasPrefix "/" .Values.image.livenessProbe.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" +{{- else }} + image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" +{{- end }} + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s +{{- if eq .Values.controller.hostNetwork true }} + - --http-endpoint=localhost:{{ .Values.controller.livenessProbe.healthPort }} +{{- else }} + - --health-port={{ .Values.controller.livenessProbe.healthPort }} +{{- end }} + imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL + - name: blob +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + args: + - "--v={{ .Values.controller.logLevel }}" + - "--endpoint=$(CSI_ENDPOINT)" + - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}" + - "--drivername={{ .Values.driver.name }}" + - "--custom-user-agent={{ .Values.driver.customUserAgent }}" + - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}" + - "--cloud-config-secret-name={{ .Values.controller.cloudConfigSecretName }}" + - "--cloud-config-secret-namespace={{ .Values.controller.cloudConfigSecretNamespace }}" + - "--allow-empty-cloud-config={{ .Values.controller.allowEmptyCloudConfig }}" + ports: + - containerPort: {{ .Values.controller.metricsPort }} + name: metrics + protocol: TCP +{{- if ne .Values.controller.hostNetwork true }} + - containerPort: {{ .Values.controller.livenessProbe.healthPort }} + name: healthz + protocol: TCP +{{- end }} + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz +{{- if eq .Values.controller.hostNetwork true }} + host: localhost + port: {{ .Values.controller.livenessProbe.healthPort }} +{{- else }} + port: healthz +{{- end }} + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + env: + - name: AZURE_CREDENTIAL_FILE + valueFrom: + configMapKeyRef: + name: azure-cred-file + key: path + optional: true + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + {{- if ne .Values.driver.httpsProxy "" }} + - name: HTTPS_PROXY + value: {{ .Values.driver.httpsProxy }} + {{- end }} + {{- if ne .Values.driver.httpProxy "" }} + - name: HTTP_PROXY + value: {{ .Values.driver.httpProxy }} + {{- end }} + - name: AZURE_GO_SDK_LOG_LEVEL + value: {{ .Values.driver.azureGoSDKLogLevel }} + {{- if eq .Values.cloud "AzureStackCloud" }} + - name: AZURE_ENVIRONMENT_FILEPATH + value: /etc/kubernetes/azurestackcloud.json + {{- end }} + imagePullPolicy: {{ .Values.image.blob.pullPolicy }} + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /root/.azcopy + name: azcopy-dir + - mountPath: /etc/kubernetes/ + name: azure-cred + {{- if and (eq .Values.cloud "AzureStackCloud") (ne .Values.linux.distro "fedora") }} + - name: ssl + mountPath: /etc/ssl/certs + readOnly: true + {{- end }} + {{- if eq .Values.linux.distro "fedora" }} + - name: ssl + mountPath: /etc/ssl/certs + readOnly: true + - name: ssl-pki + mountPath: /etc/pki/ca-trust/extracted + readOnly: true + {{- end }} + resources: {{- toYaml .Values.controller.resources.blob | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL + - name: csi-resizer +{{- if hasPrefix "/" .Values.image.csiResizer.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" +{{- else }} + image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}" +{{- end }} + args: + - "-csi-address=$(ADDRESS)" + - "-v=2" + - "-leader-election" + - "--leader-election-namespace={{ .Release.Namespace }}" + - '-handle-volume-inuse-error=false' + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL + volumes: + - name: socket-dir + emptyDir: {} + - name: azcopy-dir + emptyDir: {} + - name: azure-cred + hostPath: + path: /etc/kubernetes/ + type: DirectoryOrCreate + {{- if and (eq .Values.cloud "AzureStackCloud") (ne .Values.linux.distro "fedora") }} + - name: ssl + hostPath: + path: /etc/ssl/certs + {{- end }} + {{- if eq .Values.linux.distro "fedora" }} + - name: ssl + hostPath: + path: /etc/ssl/certs + - name: ssl-pki + hostPath: + path: /etc/pki/ca-trust/extracted + {{- end }} + {{- if .Values.securityContext }} + securityContext: {{- toYaml .Values.securityContext | nindent 8 }} + {{- end }} diff --git a/charts/v1.25.1/blob-csi-driver/templates/csi-blob-driver.yaml b/charts/v1.25.1/blob-csi-driver/templates/csi-blob-driver.yaml new file mode 100644 index 000000000..9c5de5b91 --- /dev/null +++ b/charts/v1.25.1/blob-csi-driver/templates/csi-blob-driver.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: {{ .Values.driver.name }} + labels: + {{- include "blob.labels" . | nindent 4 }} +spec: + attachRequired: false + podInfoOnMount: true + fsGroupPolicy: {{ .Values.feature.fsGroupPolicy }} + volumeLifecycleModes: + - Persistent + - Ephemeral + tokenRequests: + - audience: api://AzureADTokenExchange diff --git a/charts/v1.25.1/blob-csi-driver/templates/csi-blob-node.yaml b/charts/v1.25.1/blob-csi-driver/templates/csi-blob-node.yaml new file mode 100644 index 000000000..7c53b4714 --- /dev/null +++ b/charts/v1.25.1/blob-csi-driver/templates/csi-blob-node.yaml @@ -0,0 +1,339 @@ +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: {{ .Values.node.name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ .Values.node.name }} + {{- include "blob.labels" . | nindent 4 }} +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: {{ .Values.node.maxUnavailable }} + type: RollingUpdate + selector: + matchLabels: + app: {{ .Values.node.name }} + {{- include "blob.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + app: {{ .Values.node.name }} + {{- include "blob.labels" . | nindent 8 }} + {{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + {{- end }} + {{- if .Values.podLabels }} +{{- toYaml .Values.podLabels | nindent 8 }} + {{- end }} +{{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if or .Values.node.enableBlobfuseProxy .Values.node.enableAznfsMount }} + hostPID: true + {{- end }} + hostNetwork: true + dnsPolicy: Default + serviceAccountName: {{ .Values.serviceAccount.node }} + nodeSelector: + kubernetes.io/os: linux +{{- with .Values.node.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + {{- if .Values.node.affinity }} +{{- toYaml .Values.node.affinity | nindent 8 }} + {{- end }} + priorityClassName: {{ .Values.priorityClassName | quote }} + securityContext: + seccompProfile: + type: RuntimeDefault +{{- with .Values.node.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + initContainers: + - name: install-blobfuse-proxy +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + imagePullPolicy: IfNotPresent + command: + - "/blobfuse-proxy/init.sh" + securityContext: + privileged: true + capabilities: + drop: + - ALL + env: + - name: DEBIAN_FRONTEND + value: "noninteractive" + - name: INSTALL_BLOBFUSE + value: "{{ .Values.node.blobfuseProxy.installBlobfuse }}" + - name: BLOBFUSE_VERSION + value: "{{ .Values.node.blobfuseProxy.blobfuseVersion }}" + - name: INSTALL_BLOBFUSE2 + value: "{{ .Values.node.blobfuseProxy.installBlobfuse2 }}" + - name: BLOBFUSE2_VERSION + value: "{{ .Values.node.blobfuseProxy.blobfuse2Version }}" + - name: INSTALL_BLOBFUSE_PROXY + value: "{{ .Values.node.enableBlobfuseProxy }}" + - name: SET_MAX_OPEN_FILE_NUM + value: "{{ .Values.node.blobfuseProxy.setMaxOpenFileNum }}" + - name: MAX_FILE_NUM + value: "{{ .Values.node.blobfuseProxy.maxOpenFileNum }}" + - name: DISABLE_UPDATEDB + value: "{{ .Values.node.blobfuseProxy.disableUpdateDB }}" + - name: KUBELET_PATH + value: "{{ .Values.linux.kubelet }}" + - name: MIGRATE_K8S_REPO + value: "{{ .Values.node.blobfuseProxy.migrateK8sRepo }}" + - name: SET_READ_AHEAD_SIZE + value: "{{ .Values.node.blobfuseProxy.setReadAheadSize }}" + volumeMounts: + - name: host-usr + mountPath: /host/usr + - name: host-usr-local + mountPath: /host/usr/local + - name: host-etc + mountPath: /host/etc + containers: + - name: liveness-probe + imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} + volumeMounts: + - mountPath: /csi + name: socket-dir +{{- if hasPrefix "/" .Values.image.livenessProbe.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" +{{- else }} + image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" +{{- end }} + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --http-endpoint=localhost:{{ .Values.node.livenessProbe.healthPort }} + - --v=2 + resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL + - name: node-driver-registrar +{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" +{{- else }} + image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" +{{- end }} + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=2 + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }} + securityContext: + capabilities: + drop: + - ALL + - name: blob +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + args: + - "--v={{ .Values.node.logLevel }}" + - "--endpoint=$(CSI_ENDPOINT)" + - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" + - "--enable-blobfuse-proxy={{ .Values.node.enableBlobfuseProxy }}" + - "--nodeid=$(KUBE_NODE_NAME)" + - "--drivername={{ .Values.driver.name }}" + - "--cloud-config-secret-name={{ .Values.node.cloudConfigSecretName }}" + - "--cloud-config-secret-namespace={{ .Values.node.cloudConfigSecretNamespace }}" + - "--custom-user-agent={{ .Values.driver.customUserAgent }}" + - "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}" + - "--allow-empty-cloud-config={{ .Values.node.allowEmptyCloudConfig }}" + - "--enable-get-volume-stats={{ .Values.feature.enableGetVolumeStats }}" + - "--append-timestamp-cache-dir={{ .Values.node.appendTimeStampInCacheDir }}" + - "--mount-permissions={{ .Values.node.mountPermissions }}" + - "--allow-inline-volume-key-access-with-idenitity={{ .Values.node.allowInlineVolumeKeyAccessWithIdentity }}" + - "--enable-aznfs-mount={{ .Values.node.enableAznfsMount }}" + - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}" + livenessProbe: + failureThreshold: 5 + httpGet: + host: localhost + path: /healthz + port: {{ .Values.node.livenessProbe.healthPort }} + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + env: + - name: AZURE_CREDENTIAL_FILE + valueFrom: + configMapKeyRef: + name: azure-cred-file + key: path + optional: true + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: BLOBFUSE_PROXY_ENDPOINT + value: unix:///csi/blobfuse-proxy.sock + {{- if ne .Values.driver.httpsProxy "" }} + - name: HTTPS_PROXY + value: {{ .Values.driver.httpsProxy }} + {{- end }} + {{- if ne .Values.driver.httpProxy "" }} + - name: HTTP_PROXY + value: {{ .Values.driver.httpProxy }} + {{- end }} + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: AZURE_GO_SDK_LOG_LEVEL + value: {{ .Values.driver.azureGoSDKLogLevel }} + {{- if eq .Values.cloud "AzureStackCloud" }} + - name: AZURE_ENVIRONMENT_FILEPATH + value: /etc/kubernetes/azurestackcloud.json + {{- end }} + imagePullPolicy: {{ .Values.image.blob.pullPolicy }} + securityContext: + privileged: true + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: {{ .Values.linux.kubelet }}/ + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /etc/kubernetes/ + name: azure-cred + - mountPath: /mnt + name: blob-cache + {{- if and (eq .Values.cloud "AzureStackCloud") (ne .Values.linux.distro "fedora") }} + - name: ssl + mountPath: /etc/ssl/certs + readOnly: true + {{- end }} + {{- if and (eq .Values.cloud "AzureStackCloud") (ne .Values.linux.distro "fedora") }} + - name: ssl + mountPath: /etc/ssl/certs + readOnly: true + - name: ssl-pki + mountPath: /etc/pki/ca-trust/extracted + readOnly: true + {{- end }} + {{- if .Values.node.enableAznfsMount }} + - mountPath: /opt/microsoft/aznfs/data + name: aznfs-data + - mountPath: /lib/modules + name: lib-modules + readOnly: true + {{- end }} + resources: {{- toYaml .Values.node.resources.blob | nindent 12 }} +{{- if .Values.node.enableAznfsMount }} + - name: aznfswatchdog +{{- if hasPrefix "/" .Values.image.blob.repository }} + image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- else }} + image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}" +{{- end }} + command: + - "aznfswatchdog" + imagePullPolicy: {{ .Values.image.blob.pullPolicy }} + securityContext: + privileged: true + capabilities: + drop: + - ALL + resources: {{- toYaml .Values.node.resources.aznfswatchdog | nindent 12 }} + volumeMounts: + - mountPath: /opt/microsoft/aznfs/data + name: aznfs-data + - mountPath: {{ .Values.linux.kubelet }}/ + mountPropagation: Bidirectional + name: mountpoint-dir +{{- end }} + volumes: + - name: host-usr + hostPath: + path: /usr + - name: host-usr-local + hostPath: + path: /usr/local + - name: host-etc + hostPath: + path: /etc + - hostPath: + path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }} + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: {{ .Values.linux.kubelet }}/ + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: {{ .Values.linux.kubelet }}/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /etc/kubernetes/ + type: DirectoryOrCreate + name: azure-cred + - hostPath: + path: {{ .Values.node.blobfuseCachePath }} + name: blob-cache + {{- if eq .Values.cloud "AzureStackCloud" }} + - name: ssl + hostPath: + path: /etc/ssl/certs + {{- end }} + {{- if eq .Values.linux.distro "fedora" }} + - name: ssl + hostPath: + path: /etc/ssl/certs + - name: ssl-pki + hostPath: + path: /etc/pki/ca-trust/extracted + {{- end }} + {{- if .Values.node.enableAznfsMount }} + - hostPath: + path: /opt/microsoft/aznfs/data + type: DirectoryOrCreate + name: aznfs-data + - name: lib-modules + hostPath: + path: /lib/modules + type: DirectoryOrCreate + {{- end }} + {{- if .Values.securityContext }} + securityContext: {{- toYaml .Values.securityContext | nindent 8 }} + {{- end }} diff --git a/charts/v1.25.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/v1.25.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml new file mode 100644 index 000000000..8c85e4eef --- /dev/null +++ b/charts/v1.25.1/blob-csi-driver/templates/rbac-csi-blob-controller.yaml @@ -0,0 +1,115 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-external-provisioner-role + labels: + {{- include "blob.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "patch", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-csi-provisioner-binding + labels: + {{- include "blob.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Values.serviceAccount.controller }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Values.rbac.name }}-external-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-external-resizer-role + labels: + {{- include "blob.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-csi-resizer-role + labels: + {{- include "blob.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Values.serviceAccount.controller }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Values.rbac.name }}-external-resizer-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-{{ .Values.rbac.name }}-controller-secret-role + labels: + {{- include "blob.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-{{ .Values.rbac.name }}-controller-secret-binding + labels: + {{- include "blob.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Values.serviceAccount.controller }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: csi-{{ .Values.rbac.name }}-controller-secret-role + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/v1.25.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/v1.25.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml new file mode 100644 index 000000000..c041cf8db --- /dev/null +++ b/charts/v1.25.1/blob-csi-driver/templates/rbac-csi-blob-node.yaml @@ -0,0 +1,29 @@ +{{- if .Values.rbac.create -}} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-{{ .Values.rbac.name }}-node-secret-role + labels: + {{- include "blob.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-{{ .Values.rbac.name }}-node-secret-binding + labels: + {{- include "blob.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Values.serviceAccount.node }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: csi-{{ .Values.rbac.name }}-node-secret-role + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/v1.25.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/v1.25.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml new file mode 100644 index 000000000..7433bccf1 --- /dev/null +++ b/charts/v1.25.1/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.controller }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "blob.labels" . | nindent 4 }} +{{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + annotations: + azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }} +{{- if .Values.workloadIdentity.tenantID }} + azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/v1.25.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/v1.25.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml new file mode 100644 index 000000000..a25090e30 --- /dev/null +++ b/charts/v1.25.1/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.node }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "blob.labels" . | nindent 4 }} +{{- if .Values.workloadIdentity.clientID }} + azure.workload.identity/use: "true" + annotations: + azure.workload.identity/client-id: {{ .Values.workloadIdentity.clientID }} +{{- if .Values.workloadIdentity.tenantID }} + azure.workload.identity/tenant-id: {{ .Values.workloadIdentity.tenantID }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/v1.25.1/blob-csi-driver/values.yaml b/charts/v1.25.1/blob-csi-driver/values.yaml new file mode 100644 index 000000000..19705fe08 --- /dev/null +++ b/charts/v1.25.1/blob-csi-driver/values.yaml @@ -0,0 +1,186 @@ +image: + baseRepo: mcr.microsoft.com + blob: + repository: /oss/kubernetes-csi/blob-csi + tag: v1.25.1 + pullPolicy: IfNotPresent + csiProvisioner: + repository: /oss/kubernetes-csi/csi-provisioner + tag: v5.1.0 + pullPolicy: IfNotPresent + livenessProbe: + repository: /oss/kubernetes-csi/livenessprobe + tag: v2.14.0 + pullPolicy: IfNotPresent + nodeDriverRegistrar: + repository: /oss/kubernetes-csi/csi-node-driver-registrar + tag: v2.12.0 + pullPolicy: IfNotPresent + csiResizer: + repository: /oss/kubernetes-csi/csi-resizer + tag: v1.12.0 + pullPolicy: IfNotPresent + +cloud: AzurePublicCloud + +## Reference to one or more secrets to be used when pulling images +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] +# - name: myRegistryKeySecretName + +serviceAccount: + create: true # When true, service accounts will be created for you. Set to false if you want to use your own. + controller: csi-blob-controller-sa # Name of Service Account to be created or used + node: csi-blob-node-sa # Name of Service Account to be created or used + +rbac: + create: true + name: blob + +## Collection of annotations to add to all the pods +podAnnotations: {} +## Collection of labels to add to all the pods +podLabels: {} +# -- Custom labels to add into metadata +customLabels: {} + # k8s-app: blob-csi-driver + +## Leverage a PriorityClass to ensure your pods survive resource shortages +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +priorityClassName: system-cluster-critical +## Security context give the opportunity to run container as nonroot by setting a securityContext +## by example : +## securityContext: { runAsUser: 1001 } +securityContext: {} + +controller: + name: csi-blob-controller + cloudConfigSecretName: azure-cloud-provider + cloudConfigSecretNamespace: kube-system + allowEmptyCloudConfig: true + hostNetwork: true # this setting could be disabled if controller does not depend on MSI setting + metricsPort: 29634 + livenessProbe: + healthPort: 29632 + replicas: 2 + runOnMaster: false + runOnControlPlane: false + logLevel: 5 + resources: + csiProvisioner: + limits: + memory: 500Mi + requests: + cpu: 10m + memory: 20Mi + livenessProbe: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + blob: + limits: + memory: 800Mi + requests: + cpu: 10m + memory: 20Mi + csiResizer: + limits: + memory: 500Mi + requests: + cpu: 10m + memory: 20Mi + affinity: {} + nodeSelector: {} + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/controlplane" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + - key: "CriticalAddonsOnly" + operator: "Exists" + effect: "NoSchedule" + +node: + name: csi-blob-node + cloudConfigSecretName: azure-cloud-provider + cloudConfigSecretNamespace: kube-system + allowEmptyCloudConfig: true + allowInlineVolumeKeyAccessWithIdentity: false + maxUnavailable: 1 + metricsPort: 29635 + livenessProbe: + healthPort: 29633 + logLevel: 5 + enableBlobfuseProxy: true + blobfuseProxy: + installBlobfuse: false + blobfuseVersion: "1.4.5" + installBlobfuse2: true + blobfuse2Version: "2.4.0" + setMaxOpenFileNum: true + maxOpenFileNum: "9000000" + disableUpdateDB: true + migrateK8sRepo: false + setReadAheadSize: true + blobfuseCachePath: /mnt + appendTimeStampInCacheDir: false + mountPermissions: 0777 + resources: + livenessProbe: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + nodeDriverRegistrar: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + blob: + limits: + memory: 2100Mi + requests: + cpu: 10m + memory: 20Mi + aznfswatchdog: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + affinity: {} + nodeSelector: {} + tolerations: + - operator: "Exists" + enableAznfsMount: true + +feature: + fsGroupPolicy: ReadWriteOnceWithFSType + enableGetVolumeStats: false + +driver: + name: blob.csi.azure.com + customUserAgent: "" + userAgentSuffix: "OSS-helm" + azureGoSDKLogLevel: "" # available values: ""(no logs), DEBUG, INFO, WARNING, ERROR + httpsProxy: "" + httpProxy: "" + +linux: + kubelet: /var/lib/kubelet + distro: debian + +workloadIdentity: + clientID: "" + # [optional] If the AAD application or user-assigned managed identity is not in the same tenant as the cluster + # then set tenantID with the application or user-assigned managed identity tenant ID + tenantID: "" diff --git a/deploy/csi-blob-controller.yaml b/deploy/csi-blob-controller.yaml index dba8e1cae..79983d536 100644 --- a/deploy/csi-blob-controller.yaml +++ b/deploy/csi-blob-controller.yaml @@ -85,7 +85,7 @@ spec: drop: - ALL - name: blob - image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.0 + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.1 imagePullPolicy: IfNotPresent args: - "--v=5" diff --git a/deploy/csi-blob-node.yaml b/deploy/csi-blob-node.yaml index 19def0f5a..f83ccc2e6 100644 --- a/deploy/csi-blob-node.yaml +++ b/deploy/csi-blob-node.yaml @@ -40,7 +40,7 @@ spec: - operator: "Exists" initContainers: - name: install-blobfuse-proxy - image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.0 + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.1 imagePullPolicy: IfNotPresent command: - "/blobfuse-proxy/init.sh" @@ -123,7 +123,7 @@ spec: drop: - ALL - name: blob - image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.0 + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.1 imagePullPolicy: IfNotPresent args: - "--v=5" @@ -186,7 +186,7 @@ spec: cpu: 10m memory: 20Mi - name: aznfswatchdog - image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.0 + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.1 command: - "aznfswatchdog" imagePullPolicy: IfNotPresent diff --git a/deploy/v1.25.1/csi-blob-controller.yaml b/deploy/v1.25.1/csi-blob-controller.yaml new file mode 100644 index 000000000..79983d536 --- /dev/null +++ b/deploy/v1.25.1/csi-blob-controller.yaml @@ -0,0 +1,166 @@ +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: csi-blob-controller + namespace: kube-system +spec: + replicas: 2 + selector: + matchLabels: + app: csi-blob-controller + template: + metadata: + labels: + app: csi-blob-controller + spec: + hostNetwork: true + serviceAccountName: csi-blob-controller-sa + nodeSelector: + kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node + priorityClassName: system-cluster-critical + securityContext: + seccompProfile: + type: RuntimeDefault + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/controlplane" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + - key: "CriticalAddonsOnly" + operator: "Exists" + effect: "NoSchedule" + containers: + - name: csi-provisioner + image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v5.1.0 + args: + - "-v=2" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--leader-election-namespace=kube-system" + - "--timeout=1200s" + - "--extra-create-metadata=true" + - "--kube-api-qps=50" + - "--kube-api-burst=100" + - "--feature-gates=HonorPVReclaimPolicy=true" + - "--retry-interval-max=30m" + env: + - name: ADDRESS + value: /csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir + resources: + limits: + memory: 500Mi + requests: + cpu: 10m + memory: 20Mi + securityContext: + capabilities: + drop: + - ALL + - name: liveness-probe + image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.14.0 + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --http-endpoint=localhost:29632 + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + securityContext: + capabilities: + drop: + - ALL + - name: blob + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + - "--metrics-address=0.0.0.0:29634" + - "--user-agent-suffix=OSS-kubectl" + ports: + - containerPort: 29634 + name: metrics + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + host: localhost + path: /healthz + port: 29632 + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + env: + - name: AZURE_CREDENTIAL_FILE + valueFrom: + configMapKeyRef: + name: azure-cred-file + key: path + optional: true + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /root/.azcopy + name: azcopy-dir + - mountPath: /etc/kubernetes/ + name: azure-cred + resources: + limits: + memory: 800Mi + requests: + cpu: 10m + memory: 20Mi + securityContext: + capabilities: + drop: + - ALL + - name: csi-resizer + image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.12.0 + args: + - "-csi-address=$(ADDRESS)" + - "-v=2" + - "-leader-election" + - "--leader-election-namespace=kube-system" + - '-handle-volume-inuse-error=false' + env: + - name: ADDRESS + value: /csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: + limits: + memory: 500Mi + requests: + cpu: 10m + memory: 20Mi + securityContext: + capabilities: + drop: + - ALL + volumes: + - name: socket-dir + emptyDir: {} + - name: azcopy-dir + emptyDir: {} + - name: azure-cred + hostPath: + path: /etc/kubernetes/ + type: DirectoryOrCreate diff --git a/deploy/v1.25.1/csi-blob-driver.yaml b/deploy/v1.25.1/csi-blob-driver.yaml new file mode 100644 index 000000000..d13ff5f91 --- /dev/null +++ b/deploy/v1.25.1/csi-blob-driver.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: blob.csi.azure.com +spec: + attachRequired: false + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent + - Ephemeral + tokenRequests: + - audience: api://AzureADTokenExchange diff --git a/deploy/v1.25.1/csi-blob-node.yaml b/deploy/v1.25.1/csi-blob-node.yaml new file mode 100644 index 000000000..f83ccc2e6 --- /dev/null +++ b/deploy/v1.25.1/csi-blob-node.yaml @@ -0,0 +1,248 @@ +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-blob-node + namespace: kube-system +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: csi-blob-node + template: + metadata: + labels: + app: csi-blob-node + spec: + hostNetwork: true + hostPID: true + dnsPolicy: Default + serviceAccountName: csi-blob-node-sa + nodeSelector: + kubernetes.io/os: linux + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + priorityClassName: system-node-critical + securityContext: + seccompProfile: + type: RuntimeDefault + tolerations: + - operator: "Exists" + initContainers: + - name: install-blobfuse-proxy + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.1 + imagePullPolicy: IfNotPresent + command: + - "/blobfuse-proxy/init.sh" + securityContext: + privileged: true + capabilities: + drop: + - ALL + env: + - name: DEBIAN_FRONTEND + value: "noninteractive" + - name: INSTALL_BLOBFUSE_PROXY + value: "true" + - name: INSTALL_BLOBFUSE + value: "false" + - name: BLOBFUSE_VERSION + value: "1.4.5" + - name: INSTALL_BLOBFUSE2 + value: "true" + - name: BLOBFUSE2_VERSION + value: "2.4.0" + - name: SET_MAX_OPEN_FILE_NUM + value: "true" + - name: MAX_FILE_NUM + value: "9000000" + - name: DISABLE_UPDATEDB + value: "true" + volumeMounts: + - name: host-usr + mountPath: /host/usr + - name: host-usr-local + mountPath: /host/usr/local + - name: host-etc + mountPath: /host/etc + containers: + - name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.14.0 + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --http-endpoint=localhost:29633 + - --v=2 + resources: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + securityContext: + capabilities: + drop: + - ALL + - name: node-driver-registrar + image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.12.0 + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=2 + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/blob.csi.azure.com/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + securityContext: + capabilities: + drop: + - ALL + - name: blob + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + - "--enable-blobfuse-proxy=true" + - "--blobfuse-proxy-endpoint=$(BLOBFUSE_PROXY_ENDPOINT)" + - "--nodeid=$(KUBE_NODE_NAME)" + - "--user-agent-suffix=OSS-kubectl" + - "--metrics-address=0.0.0.0:29635" + - "--enable-aznfs-mount=true" + livenessProbe: + failureThreshold: 5 + httpGet: + host: localhost + path: /healthz + port: 29633 + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + env: + - name: AZURE_CREDENTIAL_FILE + valueFrom: + configMapKeyRef: + name: azure-cred-file + key: path + optional: true + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: BLOBFUSE_PROXY_ENDPOINT + value: unix:///csi/blobfuse-proxy.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + securityContext: + privileged: true + capabilities: + drop: + - ALL + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/ + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /etc/kubernetes/ + name: azure-cred + - mountPath: /mnt + name: blob-cache + - mountPath: /opt/microsoft/aznfs/data + name: aznfs-data + - mountPath: /lib/modules + name: lib-modules + readOnly: true + resources: + limits: + memory: 2100Mi + requests: + cpu: 10m + memory: 20Mi + - name: aznfswatchdog + image: mcr.microsoft.com/oss/kubernetes-csi/blob-csi:v1.25.1 + command: + - "aznfswatchdog" + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + capabilities: + drop: + - ALL + resources: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + volumeMounts: + - mountPath: /opt/microsoft/aznfs/data + name: aznfs-data + - mountPath: /var/lib/kubelet/ + mountPropagation: Bidirectional + name: mountpoint-dir + volumes: + - name: host-usr + hostPath: + path: /usr + - name: host-usr-local + hostPath: + path: /usr/local + - name: host-etc + hostPath: + path: /etc + - hostPath: + path: /var/lib/kubelet/plugins/blob.csi.azure.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/ + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /etc/kubernetes/ + type: DirectoryOrCreate + name: azure-cred + - hostPath: + path: /mnt + type: DirectoryOrCreate + name: blob-cache + - hostPath: + path: /opt/microsoft/aznfs/data + type: DirectoryOrCreate + name: aznfs-data + - name: lib-modules + hostPath: + path: /lib/modules + type: DirectoryOrCreate +--- diff --git a/deploy/v1.25.1/kustomization.yaml b/deploy/v1.25.1/kustomization.yaml new file mode 100644 index 000000000..8b7f5fcac --- /dev/null +++ b/deploy/v1.25.1/kustomization.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - csi-blob-controller.yaml + - csi-blob-driver.yaml + - csi-blob-node.yaml + - rbac-csi-blob-controller.yaml + - rbac-csi-blob-node.yaml + - blobfuse-proxy.yaml diff --git a/deploy/v1.25.1/rbac-csi-blob-controller.yaml b/deploy/v1.25.1/rbac-csi-blob-controller.yaml new file mode 100644 index 000000000..bba964e5b --- /dev/null +++ b/deploy/v1.25.1/rbac-csi-blob-controller.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-blob-controller-sa + namespace: kube-system +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-external-provisioner-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "patch", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: csi-blob-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: blob-external-provisioner-role + apiGroup: rbac.authorization.k8s.io +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-external-resizer-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: blob-csi-resizer-role +subjects: + - kind: ServiceAccount + name: csi-blob-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: blob-external-resizer-role + apiGroup: rbac.authorization.k8s.io +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-blob-controller-secret-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-blob-controller-secret-binding +subjects: + - kind: ServiceAccount + name: csi-blob-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-blob-controller-secret-role + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.25.1/rbac-csi-blob-node.yaml b/deploy/v1.25.1/rbac-csi-blob-node.yaml new file mode 100644 index 000000000..ce06d862c --- /dev/null +++ b/deploy/v1.25.1/rbac-csi-blob-node.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-blob-node-sa + namespace: kube-system + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-blob-node-secret-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-blob-node-secret-binding +subjects: + - kind: ServiceAccount + name: csi-blob-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-blob-node-secret-role + apiGroup: rbac.authorization.k8s.io diff --git a/docs/install-blob-csi-driver.md b/docs/install-blob-csi-driver.md index 67a5406a0..9d66f4341 100644 --- a/docs/install-blob-csi-driver.md +++ b/docs/install-blob-csi-driver.md @@ -4,7 +4,7 @@ > - please use helm install method for more customization, e.g. Azure Stack, RedHat OpenShift support. > - [install CSI driver master version](./install-csi-driver-master.md) (only for testing purpose) - - [install v1.25.0 CSI driver](./install-csi-driver-v1.25.0.md) + - [install v1.25.1 CSI driver](./install-csi-driver-v1.25.1.md) - [install v1.24.3 CSI driver](./install-csi-driver-v1.24.3.md) - [install v1.23.7 CSI driver](./install-csi-driver-v1.23.7.md) - [install v1.22.8 CSI driver](./install-csi-driver-v1.22.8.md) diff --git a/docs/install-csi-driver-v1.25.1.md b/docs/install-csi-driver-v1.25.1.md new file mode 100644 index 000000000..d0aca0619 --- /dev/null +++ b/docs/install-csi-driver-v1.25.1.md @@ -0,0 +1,47 @@ +# Install Azure Blob Storage CSI driver v1.25.1 version on a kubernetes cluster +> `blobfuse-proxy` is supported on CoreOS(OpenShift) from v1.23.2 +> +If you have already installed Helm, you can also use it to install this driver. Please check [Installation with Helm](../charts/README.md). + +## Install with kubectl + - Option#1. remote install +```console +curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.25.1/deploy/install-driver.sh | bash -s v1.25.1 blobfuse-proxy -- +``` + + - Option#2. local install +```console +git clone https://github.com/kubernetes-sigs/blob-csi-driver.git +cd blob-csi-driver +./deploy/install-driver.sh v1.25.1 local,blobfuse-proxy +``` + +- check pods status: +```console +kubectl -n kube-system get pod -o wide -l app=csi-blob-controller +kubectl -n kube-system get pod -o wide -l app=csi-blob-node +``` + +example output: + +```console +NAME READY STATUS RESTARTS AGE IP NODE +csi-blob-controller-56bfddd689-dh5tk 4/4 Running 0 35s 10.240.0.19 k8s-agentpool-22533604-0 +csi-blob-controller-56bfddd689-8pgr4 4/4 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 +csi-blob-node-cvgbs 3/3 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 +csi-blob-node-dr4s4 3/3 Running 0 35s 10.240.0.4 k8s-agentpool-22533604-0 +``` + +### clean up Blob CSI driver +- Option#1. remote uninstall +```console +curl -skSL https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/v1.25.1/deploy/uninstall-driver.sh | bash -s v1.25.1 -- +``` + + - Option#2. local uninstall +```console +git clone https://github.com/kubernetes-sigs/blob-csi-driver.git +cd blob-csi-driver +git checkout v1.25.1 +./deploy/uninstall-driver.sh v1.25.1 local +```