diff --git a/.gitignore b/.gitignore index adb39df..38802f7 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,5 @@ pkg/drivers/cpi/test_config.conf controllers/test_config.conf spec.yaml testbin/* +*.DS_STORE +artifacts/staging-openshift diff --git a/Makefile b/Makefile index 2bf0d68..0f3266a 100644 --- a/Makefile +++ b/Makefile @@ -25,6 +25,7 @@ ARTIFACTS_DIR ?= artifacts CRC ?= crc SPEC_FILE ?= vdo-spec.yaml CRC ?= crc +OC_CERTIFIED_LATEST_VERSION ?= 0.1.0 # Configure the golangci-lint timeout if an environment variable exists ifneq ($(origin LINT_TIMEOUT), undefined) @@ -107,12 +108,14 @@ manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRol $(KUSTOMIZE) build config/default > $(ARTIFACTS_DIR)/vanilla/vdo-spec.yaml manifests-openshift: kustomize - @mkdir -p $(ARTIFACTS_DIR)/openshift - $(KUSTOMIZE) build config/rbac > config/openshift/rbac/rbac.yaml - $(KUSTOMIZE) build config/crd > $(ARTIFACTS_DIR)/openshift/crd.yaml - cd config/openshift/rbac && $(KUSTOMIZE) edit set nameprefix vdo- - $(KUSTOMIZE) build config/openshift/rbac > $(ARTIFACTS_DIR)/openshift/rbac.yaml - @cp config/openshift/csv/vsphere-kubernetes-drivers-operator.clusterserviceversion.yaml $(ARTIFACTS_DIR)/openshift/ + @echo "** Making manifest based on the latest oc certified version $(OC_CERTIFIED_LATEST_VERSION)" + @mkdir -p $(ARTIFACTS_DIR)/staging-openshift + @cp artifacts/oc-certified/$(OC_CERTIFIED_LATEST_VERSION)/manifests/vsphere-kubernetes-drivers-operator.clusterserviceversion.yaml $(ARTIFACTS_DIR)/staging-openshift/ + @cp config/openshift/crd/vdoconfigs.vdo.vmware.com-crd.yaml $(ARTIFACTS_DIR)/staging-openshift/ + @cp config/openshift/crd/vspherecloudconfigs.vdo.vmware.com-crd.yaml $(ARTIFACTS_DIR)/staging-openshift/ + @cp config/openshift/rbac/vdo-controller-manager-metrics-service.yaml $(ARTIFACTS_DIR)/staging-openshift/ + @echo "** Staging manifest has been created in artifacts/openshift" + generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." diff --git a/artifacts/oc-certified/0.1.0/manifests/vdo-controller-manager-metrics-service-rbac.yaml b/artifacts/oc-certified/0.1.0/manifests/vdo-controller-manager-metrics-service-rbac.yaml new file mode 100644 index 0000000..d536416 --- /dev/null +++ b/artifacts/oc-certified/0.1.0/manifests/vdo-controller-manager-metrics-service-rbac.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + vdo.vmware.com/managed-by: vdo + name: vdo-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager + vdo.vmware.com/managed-by: vdo diff --git a/artifacts/openshift/crd.yaml b/artifacts/oc-certified/0.1.0/manifests/vdoconfigs.vdo.vmware.com-crd.yaml similarity index 61% rename from artifacts/openshift/crd.yaml rename to artifacts/oc-certified/0.1.0/manifests/vdoconfigs.vdo.vmware.com-crd.yaml index 1922577..a959cd1 100644 --- a/artifacts/openshift/crd.yaml +++ b/artifacts/oc-certified/0.1.0/manifests/vdoconfigs.vdo.vmware.com-crd.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -22,10 +23,10 @@ spec: description: VDOConfig is the Schema for the vdoconfigs API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. ' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase.' type: string metadata: type: object @@ -149,87 +150,3 @@ status: plural: "" conditions: [] storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - labels: - vdo.vmware.com/managed-by: vdo - name: vspherecloudconfigs.vdo.vmware.com -spec: - group: vdo.vmware.com - names: - kind: VsphereCloudConfig - listKind: VsphereCloudConfigList - plural: vspherecloudconfigs - singular: vspherecloudconfig - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: VsphereCloudConfig is the Schema for the vspherecloudconfigs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: VsphereCloudConfigSpec defines the desired state of VsphereCloudConfig - properties: - credentials: - description: Credentials refers to the name of k8s secret storing the VC creds - type: string - datacenters: - description: datacenters refers to list of datacenters on the VC which the configured user account can access - items: - type: string - type: array - insecure: - description: Insecure flag determines if connection to VC can be insecured - type: boolean - thumbprint: - description: thumbprint refers to the SSL Thumbprint to be used to establish a secure connection to VC - type: string - vcIp: - description: VCIP refers to IP of the vcenter which is used to configure for VDO - type: string - required: - - credentials - - datacenters - - insecure - - vcIp - type: object - status: - description: VsphereCloudConfigStatus defines the observed state of VsphereCloudConfig - properties: - config: - description: Config represents the verification status of VDO configuration - enum: - - verified - - failed - type: string - message: - description: Message displays text indicating the reason for failure in validating VDO config - type: string - required: - - config - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/openshift/csv/vsphere-kubernetes-drivers-operator.clusterserviceversion.yaml b/artifacts/oc-certified/0.1.0/manifests/vsphere-kubernetes-drivers-operator.clusterserviceversion.yaml similarity index 88% rename from config/openshift/csv/vsphere-kubernetes-drivers-operator.clusterserviceversion.yaml rename to artifacts/oc-certified/0.1.0/manifests/vsphere-kubernetes-drivers-operator.clusterserviceversion.yaml index f5afc0e..906ecc2 100644 --- a/config/openshift/csv/vsphere-kubernetes-drivers-operator.clusterserviceversion.yaml +++ b/artifacts/oc-certified/0.1.0/manifests/vsphere-kubernetes-drivers-operator.clusterserviceversion.yaml @@ -1,3 +1,4 @@ +--- apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: @@ -36,13 +37,12 @@ metadata: operators.operatorframework.io/builder: operator-sdk-v1.10.1 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 categories: Integration & Delivery - containerImage: "" + containerImage: projects.registry.vmware.com/vsphere_kubernetes_driver_operator/vdo@sha256:5926db110532ddf7f6eb79d3af661a9545c988def7937dbeb81f4e795482ba2f createdAt: "" description: Kubernetes operator to manage lifecycle of vSphere CSI/CPI drivers. repository: https://github.com/vmware-tanzu/vsphere-kubernetes-drivers-operator support: VMware name: vsphere-kubernetes-drivers-operator.v0.1.0 - namespace: vmware-system-vdo spec: apiservicedefinitions: {} customresourcedefinitions: @@ -55,12 +55,7 @@ spec: resources: - kind: Deployment version: v1 - - kind: ServiceAcount - version: v1 - - kind: Role - version: v1 - - kind: RoleBinding - version: v1 + name: "vdo-controller-manager" specDescriptors: - description: 'Configuration for vSphere CPI driver' displayName: 'Cloud Provider' @@ -80,12 +75,7 @@ spec: resources: - kind: Deployment version: v1 - - kind: ServiceAcount - version: v1 - - kind: Role - version: v1 - - kind: RoleBinding - version: v1 + name: "vdo-controller-manager" specDescriptors: - description: 'Credentials to connect to vcenter' displayName: 'Credentials' @@ -106,8 +96,8 @@ spec: - description: 'Informs the status of vSphere Storage Provider' displayName: 'Storage Provider' path: csi - description: 'Vsphere Kubernetes Drivers Operator helps to install/manage vsphere drivers required to run kubernetes workload on vSphere. The operator currently manages CPI and CSI vSphere drivers. The operator exposes two resources: VsphereCloudConfig - represents the connection information required to connect to vcenter. VDOConfig - represents the configuration information w.r.t CPI and CSI' - displayName: Vsphere Kubernetes Drivers Operator + description: 'Vsphere Kubernetes Drivers Operator helps to install/manage vsphere drivers required to run kubernetes workload on vSphere.' + displayName: vsphere-kubernetes-drivers-operator icon: - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA0MDAgNDAwIj48cGF0aCBkPSJNMzMxLjkyMiwwSDIyNC4wNDRsLTE2LDE2SDMzMS45MjJBNTIuMTM3LDUyLjEzNywwLDAsMSwzODQsNjguMDc4VjMzMS45MjJBNTIuMTM3LDUyLjEzNywwLDAsMSwzMzEuOTIyLDM4NEgyMjcuMzM5bC0xNiwxNkgzMzEuOTIyQTY4LjE1Niw2OC4xNTYsMCwwLDAsNDAwLDMzMS45MjJWNjguMDc4QTY4LjE1Niw2OC4xNTYsMCwwLDAsMzMxLjkyMiwwWiIgZmlsbD0iIzc4YmUyMCIvPjxwYXRoIGQ9Ik0xOTEuOTM3LDM4NEg2OC4wNzhBNTIuMTM3LDUyLjEzNywwLDAsMSwxNiwzMzEuOTIyVjY4LjA3OEE1Mi4xMzcsNTIuMTM3LDAsMCwxLDY4LjA3OCwxNkgxNzIuNjQzbDE2LTE2SDY4LjA3OEE2OC4xNTYsNjguMTU2LDAsMCwwLDAsNjguMDc4VjMzMS45MjJBNjguMTU2LDY4LjE1NiwwLDAsMCw2OC4wNzgsNDAwSDE3NS45MzdaIiBmaWxsPSIjMDBjMWQ1Ii8+PHBhdGggZD0iTTMyMC43NjMsMzUyLjY0NEgxNDcuNTQ5YTMxLjQ3NiwzMS40NzYsMCwwLDEtMzEuNDQxLTMxLjQ0VjE0My42NzNhMzEuNDc2LDMxLjQ3NiwwLDAsMSwzMS40NDEtMzEuNDQxSDMyMC43NjNhMzEuNDc2LDMxLjQ3NiwwLDAsMSwzMS40NCwzMS40NDFWMzIxLjJBMzEuNDc2LDMxLjQ3NiwwLDAsMSwzMjAuNzYzLDM1Mi42NDRaTTE0Ny41NDksMTI4LjIzMmExNS40NTksMTUuNDU5LDAsMCwwLTE1LjQ0MSwxNS40NDFWMzIxLjJhMTUuNDU4LDE1LjQ1OCwwLDAsMCwxNS40NDEsMTUuNDRIMzIwLjc2M0ExNS40NTcsMTUuNDU3LDAsMCwwLDMzNi4yLDMyMS4yVjE0My42NzNhMTUuNDU4LDE1LjQ1OCwwLDAsMC0xNS40NC0xNS40NDFabS00Ni45MzMsMTQzLjAxSDc4LjI4NEExNS40NTgsMTUuNDU4LDAsMCwxLDYyLjg0NCwyNTUuOFY3OC4yN2ExNS40NTcsMTUuNDU3LDAsMCwxLDE1LjQ0LTE1LjQ0SDI1MS41YTE1LjQ1NywxNS40NTcsMCwwLDEsMTUuNDQsMTUuNDRWOTYuMzI0aDE2Vjc4LjI3QTMxLjQ3NiwzMS40NzYsMCwwLDAsMjUxLjUsNDYuODNINzguMjg0YTMxLjQ3NiwzMS40NzYsMCwwLDAtMzEuNDQsMzEuNDRWMjU1LjhhMzEuNDc2LDMxLjQ3NiwwLDAsMCwzMS40NCwzMS40NDFoMjIuMzMyWiIgZmlsbD0iIzAwOTFkYSIvPjwvc3ZnPg== mediatype: image/svg+xml @@ -327,7 +317,7 @@ spec: - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 + image: registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:c517c5e91c22279414fc56c777e44641602f01440938cca0bee02a6929fe558e name: kube-rbac-proxy ports: - containerPort: 8443 @@ -339,25 +329,7 @@ spec: - --leader-elect command: - /manager - env: - - name: MATRIX_CONFIG_CONTENT - valueFrom: - configMapKeyRef: - key: versionConfigContent - name: compat-matrix-config - optional: true - - name: MATRIX_CONFIG_URL - valueFrom: - configMapKeyRef: - key: versionConfigURL - name: compat-matrix-config - optional: true - - name: AUTO_UPGRADE - valueFrom: - configMapKeyRef: - key: auto-upgrade - name: compat-matrix-config - image: default-route-openshift-image-registry.apps-crc.testing/vmware-system-vdo/vdo:c3d1dcd + image: projects.registry.vmware.com/vsphere_kubernetes_driver_operator/vdo@sha256:5926db110532ddf7f6eb79d3af661a9545c988def7937dbeb81f4e795482ba2f imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -388,7 +360,6 @@ spec: nodeSelector: node-role.kubernetes.io/master: "" serviceAccountName: vdo-controller-manager - serviceAccount: vdo-controller-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule @@ -459,13 +430,13 @@ spec: - OpenShift - k8s links: - - name: Vsphere Kubernetes Drivers Operator + - name: vsphere-kubernetes-drivers-operator url: https://github.com/vmware-tanzu/vsphere-kubernetes-drivers-operator maintainers: - email: vdo@vmware.com name: VDO Maintainers maturity: alpha - minKubeVersion: "1.21" + minKubeVersion: "1.21.7" provider: name: VMware version: 0.1.0 diff --git a/artifacts/oc-certified/0.1.0/manifests/vspherecloudconfigs.vdo.vmware.com-crd.yaml b/artifacts/oc-certified/0.1.0/manifests/vspherecloudconfigs.vdo.vmware.com-crd.yaml new file mode 100644 index 0000000..747f450 --- /dev/null +++ b/artifacts/oc-certified/0.1.0/manifests/vspherecloudconfigs.vdo.vmware.com-crd.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + vdo.vmware.com/managed-by: vdo + name: vspherecloudconfigs.vdo.vmware.com +spec: + group: vdo.vmware.com + names: + kind: VsphereCloudConfig + listKind: VsphereCloudConfigList + plural: vspherecloudconfigs + singular: vspherecloudconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: VsphereCloudConfig is the Schema for the vspherecloudconfigs API + properties: + apiVersion: + description: ' Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values.' + type: string + kind: + description: 'Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase.' + type: string + metadata: + type: object + spec: + description: VsphereCloudConfigSpec defines the desired state of VsphereCloudConfig + properties: + credentials: + description: Credentials refers to the name of k8s secret storing the VC creds + type: string + datacenters: + description: datacenters refers to list of datacenters on the VC which the configured user account can access + items: + type: string + type: array + insecure: + description: Insecure flag determines if connection to VC can be insecured + type: boolean + thumbprint: + description: thumbprint refers to the SSL Thumbprint to be used to establish a secure connection to VC + type: string + vcIp: + description: VCIP refers to IP of the vcenter which is used to configure for VDO + type: string + required: + - credentials + - datacenters + - insecure + - vcIp + type: object + status: + description: VsphereCloudConfigStatus defines the observed state of VsphereCloudConfig + properties: + config: + description: Config represents the verification status of VDO configuration + enum: + - verified + - failed + type: string + message: + description: Message displays text indicating the reason for failure in validating VDO config + type: string + required: + - config + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/artifacts/oc-certified/0.1.0/metadata/annotations.yaml b/artifacts/oc-certified/0.1.0/metadata/annotations.yaml new file mode 100644 index 0000000..3fe4aa0 --- /dev/null +++ b/artifacts/oc-certified/0.1.0/metadata/annotations.yaml @@ -0,0 +1,11 @@ +--- +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: vsphere-kubernetes-drivers-operator + + # Annotations to specify OCP versions compatibility. + com.redhat.openshift.versions: v4.6-v4.9 diff --git a/artifacts/oc-certified/ci.yaml b/artifacts/oc-certified/ci.yaml new file mode 100644 index 0000000..d94f037 --- /dev/null +++ b/artifacts/oc-certified/ci.yaml @@ -0,0 +1 @@ +cert_project_id: 6178282ed33d48b77395bb22 \ No newline at end of file diff --git a/artifacts/openshift/rbac.yaml b/artifacts/openshift/rbac.yaml deleted file mode 100644 index 3325c54..0000000 --- a/artifacts/openshift/rbac.yaml +++ /dev/null @@ -1,336 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - vdo.vmware.com/managed-by: vdo - name: vdo-controller-manager - namespace: vmware-system-vdo ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - vdo.vmware.com/managed-by: vdo - name: vdo-leader-election-role - namespace: vmware-system-vdo -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - labels: - vdo.vmware.com/managed-by: vdo - name: vdo-manager-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - delete - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete - - get - - list - - patch - - update -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - '*' -- apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - create - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - create - - get - - list - - watch -- apiGroups: - - vdo.vmware.com - resources: - - vdoconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - vdo.vmware.com - resources: - - vdoconfigs/finalizers - verbs: - - update -- apiGroups: - - vdo.vmware.com - resources: - - vdoconfigs/status - verbs: - - get - - patch - - update -- apiGroups: - - vdo.vmware.com - resources: - - vspherecloudconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - vdo.vmware.com - resources: - - vspherecloudconfigs/finalizers - verbs: - - update -- apiGroups: - - vdo.vmware.com - resources: - - vspherecloudconfigs/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - vdo.vmware.com/managed-by: vdo - name: vdo-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - vdo.vmware.com/managed-by: vdo - name: vdo-proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - vdo.vmware.com/managed-by: vdo - name: vdo-leader-election-rolebinding - namespace: vmware-system-vdo -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: vdo-leader-election-role -subjects: -- kind: ServiceAccount - name: vdo-controller-manager - namespace: vmware-system-vdo ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - vdo.vmware.com/managed-by: vdo - name: vdo-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: vdo-manager-role -subjects: -- kind: ServiceAccount - name: vdo-controller-manager - namespace: vmware-system-vdo ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - vdo.vmware.com/managed-by: vdo - name: vdo-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: vdo-proxy-role -subjects: -- kind: ServiceAccount - name: vdo-controller-manager - namespace: vmware-system-vdo ---- -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - vdo.vmware.com/managed-by: vdo - name: vdo-controller-manager-metrics-service - namespace: vmware-system-vdo -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager - vdo.vmware.com/managed-by: vdo diff --git a/artifacts/openshift/vsphere-kubernetes-drivers-operator.clusterserviceversion.yaml b/artifacts/openshift/vsphere-kubernetes-drivers-operator.clusterserviceversion.yaml deleted file mode 100644 index f5afc0e..0000000 --- a/artifacts/openshift/vsphere-kubernetes-drivers-operator.clusterserviceversion.yaml +++ /dev/null @@ -1,471 +0,0 @@ -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - annotations: - alm-examples: |- - [ - { - "apiVersion": "vdo.vmware.com/v1alpha1", - "kind": "VDOConfig", - "metadata": { - "name": "vdoconfig-sample", - "namespace": "vmware-system-vdo" - }, - "spec": { - "cloudProvider": { - "vsphereCloudConfig": "vspherecloudconfig-sample" - } - } - }, - { - "apiVersion": "vdo.vmware.com/v1alpha1", - "kind": "VsphereCloudConfig", - "metadata": { - "name": "vspherecloudconfig-sample", - "namespace": "vmware-system-vdo" - }, - "spec": { - "credentials": "10.186.1.25-creds", - "datacenters": [], - "insecure": true, - "vcIp": "10.186.1.25" - } - } - ] - capabilities: Basic Install - operators.operatorframework.io/builder: operator-sdk-v1.10.1 - operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 - categories: Integration & Delivery - containerImage: "" - createdAt: "" - description: Kubernetes operator to manage lifecycle of vSphere CSI/CPI drivers. - repository: https://github.com/vmware-tanzu/vsphere-kubernetes-drivers-operator - support: VMware - name: vsphere-kubernetes-drivers-operator.v0.1.0 - namespace: vmware-system-vdo -spec: - apiservicedefinitions: {} - customresourcedefinitions: - owned: - - kind: VDOConfig - name: vdoconfigs.vdo.vmware.com - displayName: VDOConfig - description: VDOConfig is the Schema for the vdoconfigs API - version: v1alpha1 - resources: - - kind: Deployment - version: v1 - - kind: ServiceAcount - version: v1 - - kind: Role - version: v1 - - kind: RoleBinding - version: v1 - specDescriptors: - - description: 'Configuration for vSphere CPI driver' - displayName: 'Cloud Provider' - path: cloudProvider - - description: 'Configuration for vSphere CSI driver ' - displayName: 'Storage Provider' - path: storageProvider - statusDescriptors: - - description: 'Informs the validity of the configuration to connect to vcenter' - displayName: 'config' - path: config - - kind: VsphereCloudConfig - name: vspherecloudconfigs.vdo.vmware.com - displayName: VsphereCloudConfig - description: VsphereCloudConfig is the Schema for the vspherecloudconfigs API - version: v1alpha1 - resources: - - kind: Deployment - version: v1 - - kind: ServiceAcount - version: v1 - - kind: Role - version: v1 - - kind: RoleBinding - version: v1 - specDescriptors: - - description: 'Credentials to connect to vcenter' - displayName: 'Credentials' - path: credentials - - description: 'List of Datacenters to be configured for vSphere drivers' - displayName: 'Datacenters' - path: datacenters - - description: 'Flag to establish an insecure connection to vcenter' - displayName: 'Insecure' - path: insecure - - description: 'Ip address of vcenter' - displayName: 'VC IP' - path: vcIp - statusDescriptors: - - description: 'Informs the status of vSphere Cloud Provider' - displayName: 'Cloud Provider' - path: cpi - - description: 'Informs the status of vSphere Storage Provider' - displayName: 'Storage Provider' - path: csi - description: 'Vsphere Kubernetes Drivers Operator helps to install/manage vsphere drivers required to run kubernetes workload on vSphere. The operator currently manages CPI and CSI vSphere drivers. The operator exposes two resources: VsphereCloudConfig - represents the connection information required to connect to vcenter. VDOConfig - represents the configuration information w.r.t CPI and CSI' - displayName: Vsphere Kubernetes Drivers Operator - icon: - - base64data: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA0MDAgNDAwIj48cGF0aCBkPSJNMzMxLjkyMiwwSDIyNC4wNDRsLTE2LDE2SDMzMS45MjJBNTIuMTM3LDUyLjEzNywwLDAsMSwzODQsNjguMDc4VjMzMS45MjJBNTIuMTM3LDUyLjEzNywwLDAsMSwzMzEuOTIyLDM4NEgyMjcuMzM5bC0xNiwxNkgzMzEuOTIyQTY4LjE1Niw2OC4xNTYsMCwwLDAsNDAwLDMzMS45MjJWNjguMDc4QTY4LjE1Niw2OC4xNTYsMCwwLDAsMzMxLjkyMiwwWiIgZmlsbD0iIzc4YmUyMCIvPjxwYXRoIGQ9Ik0xOTEuOTM3LDM4NEg2OC4wNzhBNTIuMTM3LDUyLjEzNywwLDAsMSwxNiwzMzEuOTIyVjY4LjA3OEE1Mi4xMzcsNTIuMTM3LDAsMCwxLDY4LjA3OCwxNkgxNzIuNjQzbDE2LTE2SDY4LjA3OEE2OC4xNTYsNjguMTU2LDAsMCwwLDAsNjguMDc4VjMzMS45MjJBNjguMTU2LDY4LjE1NiwwLDAsMCw2OC4wNzgsNDAwSDE3NS45MzdaIiBmaWxsPSIjMDBjMWQ1Ii8+PHBhdGggZD0iTTMyMC43NjMsMzUyLjY0NEgxNDcuNTQ5YTMxLjQ3NiwzMS40NzYsMCwwLDEtMzEuNDQxLTMxLjQ0VjE0My42NzNhMzEuNDc2LDMxLjQ3NiwwLDAsMSwzMS40NDEtMzEuNDQxSDMyMC43NjNhMzEuNDc2LDMxLjQ3NiwwLDAsMSwzMS40NCwzMS40NDFWMzIxLjJBMzEuNDc2LDMxLjQ3NiwwLDAsMSwzMjAuNzYzLDM1Mi42NDRaTTE0Ny41NDksMTI4LjIzMmExNS40NTksMTUuNDU5LDAsMCwwLTE1LjQ0MSwxNS40NDFWMzIxLjJhMTUuNDU4LDE1LjQ1OCwwLDAsMCwxNS40NDEsMTUuNDRIMzIwLjc2M0ExNS40NTcsMTUuNDU3LDAsMCwwLDMzNi4yLDMyMS4yVjE0My42NzNhMTUuNDU4LDE1LjQ1OCwwLDAsMC0xNS40NC0xNS40NDFabS00Ni45MzMsMTQzLjAxSDc4LjI4NEExNS40NTgsMTUuNDU4LDAsMCwxLDYyLjg0NCwyNTUuOFY3OC4yN2ExNS40NTcsMTUuNDU3LDAsMCwxLDE1LjQ0LTE1LjQ0SDI1MS41YTE1LjQ1NywxNS40NTcsMCwwLDEsMTUuNDQsMTUuNDRWOTYuMzI0aDE2Vjc4LjI3QTMxLjQ3NiwzMS40NzYsMCwwLDAsMjUxLjUsNDYuODNINzguMjg0YTMxLjQ3NiwzMS40NzYsMCwwLDAtMzEuNDQsMzEuNDRWMjU1LjhhMzEuNDc2LDMxLjQ3NiwwLDAsMCwzMS40NCwzMS40NDFoMjIuMzMyWiIgZmlsbD0iIzAwOTFkYSIvPjwvc3ZnPg== - mediatype: image/svg+xml - install: - spec: - clusterPermissions: - - rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - get - - list - - patch - - update - - apiGroups: - - "" - resources: - - services - verbs: - - create - - get - - list - - patch - - update - - apiGroups: - - apps - resources: - - daemonsets - verbs: - - create - - get - - list - - patch - - update - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - '*' - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - '*' - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - '*' - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - '*' - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - create - - get - - list - - watch - - apiGroups: - - vdo.vmware.com - resources: - - vdoconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - vdo.vmware.com - resources: - - vdoconfigs/finalizers - verbs: - - update - - apiGroups: - - vdo.vmware.com - resources: - - vdoconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - vdo.vmware.com - resources: - - vspherecloudconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - vdo.vmware.com - resources: - - vspherecloudconfigs/finalizers - verbs: - - update - - apiGroups: - - vdo.vmware.com - resources: - - vspherecloudconfigs/status - verbs: - - get - - patch - - update - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - serviceAccountName: vdo-controller-manager - deployments: - - name: vdo-controller-manager - spec: - replicas: 1 - selector: - matchLabels: - control-plane: controller-manager - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - labels: - control-plane: controller-manager - spec: - containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - resources: {} - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - command: - - /manager - env: - - name: MATRIX_CONFIG_CONTENT - valueFrom: - configMapKeyRef: - key: versionConfigContent - name: compat-matrix-config - optional: true - - name: MATRIX_CONFIG_URL - valueFrom: - configMapKeyRef: - key: versionConfigURL - name: compat-matrix-config - optional: true - - name: AUTO_UPGRADE - valueFrom: - configMapKeyRef: - key: auto-upgrade - name: compat-matrix-config - image: default-route-openshift-image-registry.apps-crc.testing/vmware-system-vdo/vdo:c3d1dcd - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 100m - memory: 20Mi - securityContext: - allowPrivilegeEscalation: false - volumeMounts: - - mountPath: /etc/kubernetes - name: vsphere-config-volume - hostNetwork: true - nodeSelector: - node-role.kubernetes.io/master: "" - serviceAccountName: vdo-controller-manager - serviceAccount: vdo-controller-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - operator: Exists - - effect: NoSchedule - key: kubeadmNode - operator: Equal - value: master - - effect: NoSchedule - key: node.cloudprovider.kubernetes.io/uninitialized - operator: Equal - value: "true" - volumes: - - hostPath: - path: /etc/kubernetes - type: DirectoryOrCreate - name: vsphere-config-volume - permissions: - - rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - serviceAccountName: vdo-controller-manager - strategy: deployment - installModes: - - supported: true - type: OwnNamespace - - supported: true - type: SingleNamespace - - supported: true - type: MultiNamespace - - supported: true - type: AllNamespaces - keywords: - - vsphere-kubernetes-drivers-operator - - vSphere - - CPI - - CSI - - OpenShift - - k8s - links: - - name: Vsphere Kubernetes Drivers Operator - url: https://github.com/vmware-tanzu/vsphere-kubernetes-drivers-operator - maintainers: - - email: vdo@vmware.com - name: VDO Maintainers - maturity: alpha - minKubeVersion: "1.21" - provider: - name: VMware - version: 0.1.0 diff --git a/artifacts/vanilla/vdo-spec.yaml b/artifacts/vanilla/vdo-spec.yaml index 612f038..62cd125 100644 --- a/artifacts/vanilla/vdo-spec.yaml +++ b/artifacts/vanilla/vdo-spec.yaml @@ -363,6 +363,18 @@ rules: - list - patch - update +- apiGroups: + - '*' + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - apps resources: @@ -417,6 +429,7 @@ rules: - csidrivers verbs: - create + - delete - get - list - patch @@ -428,6 +441,7 @@ rules: - csinodes verbs: - create + - delete - get - list - watch @@ -664,7 +678,7 @@ spec: configMapKeyRef: key: auto-upgrade name: compat-matrix-config - image: projects.registry.vmware.com/vsphere_kubernetes_driver_operator/vdo:0.1.0 + image: vmware.com/vdo:b1fe3ba imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 7562d87..04f9556 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -18,4 +18,4 @@ kind: Kustomization images: - name: controller newName: vmware.com/vdo - newTag: e834095 + newTag: b1fe3ba diff --git a/config/openshift/crd/vdoconfigs.vdo.vmware.com-crd.yaml b/config/openshift/crd/vdoconfigs.vdo.vmware.com-crd.yaml new file mode 100644 index 0000000..a959cd1 --- /dev/null +++ b/config/openshift/crd/vdoconfigs.vdo.vmware.com-crd.yaml @@ -0,0 +1,152 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + vdo.vmware.com/managed-by: vdo + name: vdoconfigs.vdo.vmware.com +spec: + group: vdo.vmware.com + names: + kind: VDOConfig + listKind: VDOConfigList + plural: vdoconfigs + singular: vdoconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: VDOConfig is the Schema for the vdoconfigs API + properties: + apiVersion: + description: 'Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. ' + type: string + kind: + description: 'Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase.' + type: string + metadata: + type: object + spec: + description: VDOConfigSpec defines the desired state of VDOConfig + properties: + cloudProvider: + description: CloudProvider refers to the section of config that is required to configure CPI driver + properties: + topology: + description: Topology represents the information required for configuring CPI with zone and region + properties: + region: + type: string + zone: + type: string + required: + - region + - zone + type: object + vsphereCloudConfigs: + description: VsphereCloudConfigs refers to the collection of the vSphereCloudConfig resource that holds the vSphere configuration + items: + type: string + type: array + type: object + storageProvider: + description: StorageProvider refers to the section of config that is required to configure CSI driver + properties: + clusterDistribution: + description: ClusterDistribution refers to the type of k8s distribution such as TKGI, OpenShift + type: string + customKubeletPath: + description: CustomKubeletPath refers to the Kubelet Path in case of custom K8s deployments + type: string + fileVolumes: + description: FileVolumes refers to the configuration required for file volumes + properties: + netPermissions: + description: NetPermissions refers to the list of Net permissions required for CSI driver to access file based volumes + items: + properties: + ips: + description: Ip refers to IP Subnet or Range to which these restrictions apply + type: string + permissions: + description: Permission refers to access to the volume such as READ_WRITE, READ_ONLY + type: string + rootSquash: + description: RootSquash refers to the access for root user to the volumes. If false, root access is confirmed for all volumes in this IP range + type: boolean + required: + - ips + type: object + type: array + vsanDataStoreUrl: + description: VSanDataStoreUrl refers to the list of datastores that the CSI drivers can access + items: + type: string + type: array + type: object + vsphereCloudConfig: + description: VsphereCloudConfig refers to the name of the vSphereCloudConfig resource that holds the vSphere configuration + type: string + required: + - vsphereCloudConfig + type: object + required: + - storageProvider + type: object + status: + description: VDOConfigStatus defines the observed state of VDOConfig + properties: + cpi: + description: CPIStatus refers to the configuration status of the CPI driver + properties: + 'nodeStatus ': + additionalProperties: + description: NodeStatus is used to type the constants describing possible node states w.r.t CPI configuration. + type: string + description: NodeStatus indicates the status of CPI driver with respect to each node in the cluster. + type: object + phase: + description: Phase is used to indicate the Phase of the CPI driver + enum: + - Deploying + - Deployed + - Configuring + - Configured + - Failed + type: string + statusMsg: + description: StatusMsg is used to display messages in reference to the Phase of the CPI driver + type: string + type: object + csi: + description: CSIStatus refers to the configuration status of the CSI driver + properties: + phase: + description: Phase is used to indicate the Phase of the CSI driver + enum: + - Deploying + - Deployed + - Configuring + - Configured + - Failed + type: string + statusMsg: + description: StatusMsg is used to display messages in reference to the Phase of the CSI driver + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/config/openshift/crd/vspherecloudconfigs.vdo.vmware.com-crd.yaml b/config/openshift/crd/vspherecloudconfigs.vdo.vmware.com-crd.yaml new file mode 100644 index 0000000..747f450 --- /dev/null +++ b/config/openshift/crd/vspherecloudconfigs.vdo.vmware.com-crd.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + vdo.vmware.com/managed-by: vdo + name: vspherecloudconfigs.vdo.vmware.com +spec: + group: vdo.vmware.com + names: + kind: VsphereCloudConfig + listKind: VsphereCloudConfigList + plural: vspherecloudconfigs + singular: vspherecloudconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: VsphereCloudConfig is the Schema for the vspherecloudconfigs API + properties: + apiVersion: + description: ' Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values.' + type: string + kind: + description: 'Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase.' + type: string + metadata: + type: object + spec: + description: VsphereCloudConfigSpec defines the desired state of VsphereCloudConfig + properties: + credentials: + description: Credentials refers to the name of k8s secret storing the VC creds + type: string + datacenters: + description: datacenters refers to list of datacenters on the VC which the configured user account can access + items: + type: string + type: array + insecure: + description: Insecure flag determines if connection to VC can be insecured + type: boolean + thumbprint: + description: thumbprint refers to the SSL Thumbprint to be used to establish a secure connection to VC + type: string + vcIp: + description: VCIP refers to IP of the vcenter which is used to configure for VDO + type: string + required: + - credentials + - datacenters + - insecure + - vcIp + type: object + status: + description: VsphereCloudConfigStatus defines the observed state of VsphereCloudConfig + properties: + config: + description: Config represents the verification status of VDO configuration + enum: + - verified + - failed + type: string + message: + description: Message displays text indicating the reason for failure in validating VDO config + type: string + required: + - config + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/config/openshift/csv/kustomization.yaml b/config/openshift/csv/kustomization.yaml deleted file mode 100644 index 6e521c0..0000000 --- a/config/openshift/csv/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# Adds namespace to all resources. -namespace: vmware-system-vdo - -resources: - - vsphere-kubernetes-drivers-operator.clusterserviceversion.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: - - name: default-route-openshift-image-registry.apps-crc.testing/vmware-system-vdo/vdo - newName: default-route-openshift-image-registry.apps-crc.testing/vmware-system-vdo/vdo - newTag: 08e3b3b \ No newline at end of file diff --git a/config/openshift/rbac/rbac.yaml b/config/openshift/rbac/rbac.yaml index eefe7b2..902b651 100644 --- a/config/openshift/rbac/rbac.yaml +++ b/config/openshift/rbac/rbac.yaml @@ -113,6 +113,18 @@ rules: - list - patch - update +- apiGroups: + - '*' + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - apps resources: @@ -167,6 +179,7 @@ rules: - csidrivers verbs: - create + - delete - get - list - patch @@ -178,6 +191,7 @@ rules: - csinodes verbs: - create + - delete - get - list - watch diff --git a/config/openshift/rbac/vdo-controller-manager-metrics-service.yaml b/config/openshift/rbac/vdo-controller-manager-metrics-service.yaml new file mode 100644 index 0000000..d536416 --- /dev/null +++ b/config/openshift/rbac/vdo-controller-manager-metrics-service.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + vdo.vmware.com/managed-by: vdo + name: vdo-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager + vdo.vmware.com/managed-by: vdo diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index cbd87a1..41558f7 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -71,6 +71,18 @@ rules: - list - patch - update +- apiGroups: + - '*' + resources: + - namespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - apps resources: @@ -125,6 +137,7 @@ rules: - csidrivers verbs: - create + - delete - get - list - patch @@ -136,6 +149,7 @@ rules: - csinodes verbs: - create + - delete - get - list - watch diff --git a/controllers/vdoconfig_controller.go b/controllers/vdoconfig_controller.go index 8af971b..d1c4f63 100644 --- a/controllers/vdoconfig_controller.go +++ b/controllers/vdoconfig_controller.go @@ -97,6 +97,7 @@ var ( SessionFn = session.GetOrCreate GetVMFn = session.GetVMByIP VDO_NAMESPACE = "" + CsiNamespace = "kube-system" ) // +kubebuilder:rbac:groups=vdo.vmware.com,resources=vdoconfigs,verbs=get;list;watch;create;update;patch;delete @@ -110,14 +111,15 @@ var ( // +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=roles,verbs=* // +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=clusterroles,verbs=* // +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=clusterrolebindings,verbs=* -// +kubebuilder:rbac:groups="storage.k8s.io",resources=csinodes,verbs=create;get;list;watch -// +kubebuilder:rbac:groups="storage.k8s.io",resources=csidrivers,verbs=create;update;patch;get;list;watch +// +kubebuilder:rbac:groups="storage.k8s.io",resources=csinodes,verbs=create;get;list;watch;delete +// +kubebuilder:rbac:groups="storage.k8s.io",resources=csidrivers,verbs=create;update;patch;get;list;watch;delete; // +kubebuilder:rbac:groups="apps",resources=deployments,verbs=create;update;patch;get;list;watch;delete; // +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;delete; // +kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;list;create;update;patch;delete; // +kubebuilder:rbac:groups="apps",resources=daemonsets,verbs=get;list;create;update;patch;watch;delete; // +kubebuilder:rbac:groups="",resources=services,verbs=get;list;create;update;patch;delete; // +kubebuilder:rbac:groups="",resources=configmaps,verbs=create;get;list;watch;update;patch;delete; +// +kubebuilder:rbac:groups=*,resources=namespaces,verbs=create;get;list;watch;update;patch;delete; func (r *VDOConfigReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { r.Logger.Info("Inside VDOConfig reconciler", "name", req.NamespacedName) @@ -166,7 +168,7 @@ func (r *VDOConfigReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( if len(nodeName) > 0 && len(vdoConfig.Status.CPIStatus.NodeStatus) > 0 { if val, ok := vdoConfig.Status.CPIStatus.NodeStatus[nodeName]; ok { if val == vdov1alpha1.NodeStatusReady { - vdoctx.Logger.Error(err, "Skipping Reconcile of VDOConfig resource %s generated by node events", "name", vdoConfig.Name) + vdoctx.Logger.V(5).Info("Skipping Reconcile of VDOConfig resource generated by node events", "name", vdoConfig.Name) return ctrl.Result{}, nil } } @@ -651,7 +653,7 @@ func (r *VDOConfigReconciler) reconcileCPIDeploymentStatus(ctx vdocontext.VDOCon func (r *VDOConfigReconciler) reconcileCSIDeploymentStatus(ctx vdocontext.VDOContext, clientset kubernetes.Interface) error { ctx.Logger.V(4).Info("will attempt to reconcile deployment status of CSI") - err := r.fetchDaemonSetPodStatus(ctx, clientset, CSI_DAEMONSET_NAME, DEPLOYMENT_NS, CSI_DAEMON_POD_KEY) + err := r.fetchDaemonSetPodStatus(ctx, clientset, CSI_DAEMONSET_NAME, CsiNamespace, CSI_DAEMON_POD_KEY) if err != nil { return errors.Wrapf(err, "unable to get CSI DaemonSet Pod Status") } @@ -1050,7 +1052,7 @@ func (r *VDOConfigReconciler) reconcileCSISecret(ctx vdocontext.VDOContext, conf } csiSecretKey := types.NamespacedName{ - Namespace: VC_CREDS_SECRET_NS, + Namespace: CsiNamespace, Name: CSI_SECRET_NAME, } @@ -1292,10 +1294,12 @@ func (r *VDOConfigReconciler) CheckCompatAndRetrieveSpec(ctx vdocontext.VDOConte } } - err = r.FetchCpiDeploymentYamls(ctx, matrix, vSphereVersions, k8sVersion) - if err != nil { - ctx.Logger.Error(err, "Error occurred when fetching the CPI deployment yamls") - return err + if len(vdoConfig.Spec.CloudProvider.VsphereCloudConfigs) > 0 { + err = r.FetchCpiDeploymentYamls(ctx, matrix, vSphereVersions, k8sVersion) + if err != nil { + ctx.Logger.Error(err, "Error occurred when fetching the CPI deployment yamls") + return err + } } err = r.FetchCsiDeploymentYamls(ctx, matrix, vSphereVersions, k8sVersion) @@ -1304,6 +1308,27 @@ func (r *VDOConfigReconciler) CheckCompatAndRetrieveSpec(ctx vdocontext.VDOConte return err } + isCSINamespaceReq, err := r.compareVersions("2.3.0", r.CurrentCSIDeployedVersion, "100.0.0") + if err != nil { + return err + } + if isCSINamespaceReq { + // create and update CSI Namespace + CsiNamespace = "vmware-system-csi" + err = r.createCSINamespace(ctx) + if err != nil { + ctx.Logger.Error(err, "Error occurred when creating CSI namespace") + return err + } + } else { + err = r.deleteCSINamespace(ctx) + if err != nil { + ctx.Logger.Error(err, "Error occurred while deleting CSI namespace") + return err + } + CsiNamespace = "kube-system" + + } return nil } @@ -1356,7 +1381,7 @@ func (r *VDOConfigReconciler) updateCSIDaemonSet(ctx vdocontext.VDOContext, kubP kubeletDefaultPath := "/var/lib/kubelet" key := types.NamespacedName{ - Namespace: DEPLOYMENT_NS, + Namespace: CsiNamespace, Name: CSI_DAEMONSET_NAME, } err := r.Get(ctx, key, ds) @@ -1403,3 +1428,36 @@ func (r *VDOConfigReconciler) updateCSIDaemonSet(ctx vdocontext.VDOContext, kubP return nil } + +func (r *VDOConfigReconciler) createCSINamespace(ctx vdocontext.VDOContext) error { + nsSpec := &v1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: CsiNamespace, + }, + } + + err := r.Create(ctx, nsSpec) + if err != nil { + if apierrors.IsAlreadyExists(err) { + return nil + } + } + return err + +} + +func (r *VDOConfigReconciler) deleteCSINamespace(ctx vdocontext.VDOContext) error { + nsSpec := &v1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: "vmware-system-csi", + }, + } + + err := r.Delete(ctx, nsSpec) + if err != nil { + if apierrors.IsNotFound(err) { + return nil + } + } + return err +} diff --git a/controllers/vdoconfig_controller_test.go b/controllers/vdoconfig_controller_test.go index 8c6bf19..09c4d9b 100644 --- a/controllers/vdoconfig_controller_test.go +++ b/controllers/vdoconfig_controller_test.go @@ -1374,6 +1374,25 @@ var _ = Describe("TestCheckCompatAndRetrieveSpec", func() { It("Should fetch deployment yamls without error", func() { err := r.CheckCompatAndRetrieveSpec(vdoctx, req, vdoConfig, matrixString) Expect(err).NotTo(HaveOccurred()) + }) + + matrixStringIncompatibleCSI := "{\n \"CSI\" : {\n \"2.2.1\" : {\n \"vSphere\" : { \"min\" : \"6.7.0\", \"max\": \"7.0.7\"},\n \"k8s\" : {\"min\": \"1.23\", \"max\": \"1.24\"},\n \"isCPIRequired\" : false,\n \"deploymentPath\": [\n \"https://github.com/raw/kubernetes-sigs/vsphere-csi-driver/v2.2.1/manifests/v2.2.1/rbac/vsphere-csi-controller-rbac.yaml\",\n \"https://github.com/raw/kubernetes-sigs/vsphere-csi-driver/v2.2.1/manifests/v2.2.1/rbac/vsphere-csi-node-rbac.yaml\",\n \"https://github.com/raw/kubernetes-sigs/vsphere-csi-driver/v2.2.1/manifests/v2.2.1/deploy/vsphere-csi-controller-deployment.yaml\",\n \"https://github.com/raw/kubernetes-sigs/vsphere-csi-driver/v2.2.1/manifests/v2.2.1/deploy/vsphere-csi-node-ds.yaml\"]\n }\n },\n \"CPI\" : {\n \"1.20.0\" : {\n \"vSphere\" : { \"min\" : \"6.7.0\", \"max\": \"7.0.7\"},\n \"k8s\" : {\"skewVersion\": \"1.21\"},\n \"deploymentPath\": [\n \"https://github.com/raw/kubernetes/cloud-provider-vsphere/v1.20.0/manifests/controller-manager/cloud-controller-manager-roles.yaml\",\n \"https://github.com/raw/kubernetes/cloud-provider-vsphere/v1.20.0/manifests/controller-manager/cloud-controller-manager-role-bindings.yaml\",\n \"https://github.com/raw/kubernetes/cloud-provider-vsphere/v1.20.0/manifests/controller-manager/vsphere-cloud-controller-manager-ds.yaml\"]\n }\n }\n \n}" + It("Should fail with CSI Version not available error when CSI/CPI is configured", func() { + err := r.CheckCompatAndRetrieveSpec(vdoctx, req, vdoConfig, matrixStringIncompatibleCSI) + Expect(err.Error()).Should(Equal("could not fetch compatible CSI version for vSphere version and k8s version ")) + }) + + matrixStringIncompatibleCPI := "{\n \"CSI\" : {\n \"2.2.1\" : {\n \"vSphere\" : { \"min\" : \"6.7.0\", \"max\": \"7.0.7\"},\n \"k8s\" : {\"min\": \"1.18\", \"max\": \"1.21\"},\n \"isCPIRequired\" : false,\n \"deploymentPath\": [\n \"https://github.com/raw/kubernetes-sigs/vsphere-csi-driver/v2.2.1/manifests/v2.2.1/rbac/vsphere-csi-controller-rbac.yaml\",\n \"https://github.com/raw/kubernetes-sigs/vsphere-csi-driver/v2.2.1/manifests/v2.2.1/rbac/vsphere-csi-node-rbac.yaml\",\n \"https://github.com/raw/kubernetes-sigs/vsphere-csi-driver/v2.2.1/manifests/v2.2.1/deploy/vsphere-csi-controller-deployment.yaml\",\n \"https://github.com/raw/kubernetes-sigs/vsphere-csi-driver/v2.2.1/manifests/v2.2.1/deploy/vsphere-csi-node-ds.yaml\"]\n }\n },\n \"CPI\" : {\n \"1.20.0\" : {\n \"vSphere\" : { \"min\" : \"6.7.0\", \"max\": \"7.0.7\"},\n \"k8s\" : {\"skewVersion\": \"1.22\"},\n \"deploymentPath\": [\n \"https://github.com/raw/kubernetes/cloud-provider-vsphere/v1.20.0/manifests/controller-manager/cloud-controller-manager-roles.yaml\",\n \"https://github.com/raw/kubernetes/cloud-provider-vsphere/v1.20.0/manifests/controller-manager/cloud-controller-manager-role-bindings.yaml\",\n \"https://github.com/raw/kubernetes/cloud-provider-vsphere/v1.20.0/manifests/controller-manager/vsphere-cloud-controller-manager-ds.yaml\"]\n }\n }\n \n}" + It("Should fail with CPI Version not available error when CSI/CPI is configured", func() { + err := r.CheckCompatAndRetrieveSpec(vdoctx, req, vdoConfig, matrixStringIncompatibleCPI) + Expect(err.Error()).Should(Equal("could not fetch compatible CPI version for vSphere version and k8s version ")) + }) + + vdoConfigWithoutCpi := initializeVDOConfig() + vdoConfigWithoutCpi.Spec.CloudProvider = v1alpha1.CloudProviderConfig{} + It("Should fetch deployment yamls without errors if only CSI is configured", func() { + err := r.CheckCompatAndRetrieveSpec(vdoctx, req, vdoConfigWithoutCpi, matrixStringIncompatibleCPI) + Expect(err).NotTo(HaveOccurred()) defer server.Close() }) }) diff --git a/docs/configure_drivers.md b/docs/configure_drivers.md index 83c548e..5fc5d4e 100644 --- a/docs/configure_drivers.md +++ b/docs/configure_drivers.md @@ -12,6 +12,8 @@ If you want to install `Kubernetes vSphere Cloud Provider`, you will be taken th - Login credentials for vcenter - Datacenter(s) - you can provide a comma separated list of datacenters +Pre-requisites for installing CPI can be found [here.](https://cloud-provider-vsphere.sigs.k8s.io/tutorials/kubernetes-on-vsphere-with-kubeadm.html#:~:text=Check%20that%20all%20nodes%20are%20tainted) + ```shell Please provide the vcenter IP for configuring CloudProvider VC IP 10.10.10.10 @@ -38,7 +40,7 @@ Password ******* Datacenter(s) dc2, dc3 ``` -Once done you can choose to configure zones/regions if required. Please note, the tags for zone/regions need to be available in vcenter. Please refer [CPI](https://github.com/kubernetes/cloud-provider-vsphere/blob/master/docs/book/tutorials/deploying_cpi_and_csi_with_multi_dc_vc_aka_zones.md) documentation on how to configure zones/regions +Once done you can choose to configure zones/regions if required. Please note, the tags for zone/regions need to be available in vcenter. Please refer [CPI](https://github.com/kubernetes/cloud-provider-vsphere/blob/master/docs/book/tutorials/deploying_cpi_with_multi_dc_vc_aka_zones.md) documentation on how to configure zones/regions ```shell Do you want to configure zones/regions for CloudProvider? (Y/N) y diff --git a/docs/getting-started.md b/docs/getting-started.md index 3331601..336c77a 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -90,6 +90,14 @@ Web URL https://github.com/raw/asifdxtreme/Docs/master/sample/matrix/ ``` Note: You can either use this sample url or create your own matrix. +Local file path can be provided by appending `file:/` before the absolute path + +For example, +Matrix located at `$HOME/matrix.yaml` can be provided as +```shell +file:/$HOME/matrix.yaml +``` + Generally with each new release a New Compatibility Matrix will be released, you can get more details from [here](https://github.com/vmware-tanzu/vsphere-kubernetes-drivers-operator/releases). @@ -114,4 +122,5 @@ Typically, you would need: To get more detailed info please visit [configure drivers](configure_drivers.md) +For Developer’s guide, please visit [here](developer-guide.md)