feat: add snapshot-controller

Signed-off-by: Tadas Sutkaitis <[email protected]>

Signed-off-by: Tadas Sutkaitis <[email protected]>

Author: fitbeard

Cargo.lock

@@ -24,6 +24,7 @@ inventory = "0.3.19"
 json-patch = "4.0.0"
 k8s-openapi = { version = "0.24.0", features = ["schemars", "latest"] }
 kube = { version = "0.99.0", features = ["runtime", "derive"] }
+lazy_static = "1.4.0"
 log = "0.4.27"
 maplit = "1.0.2"
 pyo3-async-runtimes = { version = "0.25.0", features = ["tokio-runtime"] }

Cargo.toml

@@ -375,6 +375,11 @@ def _get_cloud_provider_images(config: Optional[Dict] = None) -> List[str]:
         "registry.k8s.io/provider-os/cinder-csi-plugin:v1.31.1",
         "registry.k8s.io/provider-os/manila-csi-plugin:v1.31.1",
         "registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.31.1",
+        # v1.32.0
+        "registry.k8s.io/provider-os/k8s-keystone-auth:v1.32.0",
+        "registry.k8s.io/provider-os/cinder-csi-plugin:v1.32.0",
+        "registry.k8s.io/provider-os/manila-csi-plugin:v1.32.0",
+        "registry.k8s.io/provider-os/openstack-cloud-controller-manager:v1.32.0",
     ]
 
 
@@ -388,24 +393,33 @@ def _get_infra_images(config: Optional[Dict] = None) -> List[str]:
     return [
         "registry.k8s.io/sig-storage/csi-attacher:v3.4.0",
         "registry.k8s.io/sig-storage/csi-attacher:v4.2.0",
+        "registry.k8s.io/sig-storage/csi-attacher:v4.7.0",
         "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.4.0",
         "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1",
         "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.6.2",
         "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.6.3",
         "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0",
+        "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0",
         "registry.k8s.io/sig-storage/csi-provisioner:v3.0.0",
         "registry.k8s.io/sig-storage/csi-provisioner:v3.1.0",
         "registry.k8s.io/sig-storage/csi-provisioner:v3.3.0",
         "registry.k8s.io/sig-storage/csi-provisioner:v3.4.1",
+        "registry.k8s.io/sig-storage/csi-provisioner:v5.1.0",
         "registry.k8s.io/sig-storage/csi-resizer:v1.4.0",
         "registry.k8s.io/sig-storage/csi-resizer:v1.8.0",
+        "registry.k8s.io/sig-storage/csi-resizer:v1.12.0",
         "registry.k8s.io/sig-storage/csi-snapshotter:v5.0.1",
         "registry.k8s.io/sig-storage/csi-snapshotter:v6.0.1",
         "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.1",
+        "registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0",
+        "registry.k8s.io/sig-storage/csi-snapshotter:v8.2.1",
         "registry.k8s.io/sig-storage/livenessprobe:v2.7.0",
         "registry.k8s.io/sig-storage/livenessprobe:v2.8.0",
         "registry.k8s.io/sig-storage/livenessprobe:v2.9.0",
+        "registry.k8s.io/sig-storage/livenessprobe:v2.14.0",
         "registry.k8s.io/sig-storage/nfsplugin:v4.2.0",
+        "registry.k8s.io/sig-storage/snapshot-controller:v7.0.2",
+        "registry.k8s.io/sig-storage/snapshot-controller:v8.2.1",
     ]
 
 

magnum_cluster_api/cmd/image_loader.py

@@ -63,6 +63,8 @@ def get_image(name: str, repository: str = None):
         new_image_name = name.replace("gcr.io/k8s-staging-sig-storage", repository)
     if new_image_name.startswith(f"{repository}/livenessprobe"):
         return new_image_name.replace("livenessprobe", "csi-livenessprobe")
+    if new_image_name.startswith(f"{repository}/snapshot-controller"):
+        return new_image_name.replace("snapshot-controller", "csi-snapshot-controller")
     if new_image_name.startswith("registry.k8s.io/coredns"):
         return new_image_name.replace("registry.k8s.io/coredns", repository)
     if new_image_name.startswith("registry.k8s.io/autoscaling"):

magnum_cluster_api/image_utils.py

@@ -0,0 +1,103 @@
+# RBAC file for the snapshot controller.
+#
+# The snapshot controller implements the control loop for CSI snapshot functionality.
+# It should be installed as part of the base Kubernetes distribution in an appropriate
+# namespace for components implementing base system functionality. For installing with
+# Vanilla Kubernetes, kube-system makes sense for the namespace.
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: snapshot-controller
+  namespace: kube-system
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: snapshot-controller-runner
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents/status"]
+    verbs: ["patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list", "watch", "update", "patch", "delete"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots/status"]
+    verbs: ["update", "patch"]
+
+  - apiGroups: ["groupsnapshot.storage.k8s.io"]
+    resources: ["volumegroupsnapshotclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["groupsnapshot.storage.k8s.io"]
+    resources: ["volumegroupsnapshotcontents"]
+    verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
+  - apiGroups: ["groupsnapshot.storage.k8s.io"]
+    resources: ["volumegroupsnapshotcontents/status"]
+    verbs: ["patch"]
+  - apiGroups: ["groupsnapshot.storage.k8s.io"]
+    resources: ["volumegroupsnapshots"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: ["groupsnapshot.storage.k8s.io"]
+    resources: ["volumegroupsnapshots/status"]
+    verbs: ["update", "patch"]
+
+  # Enable this RBAC rule only when using distributed snapshotting, i.e. when the enable-distributed-snapshotting flag is set to true
+  # - apiGroups: [""]
+  #   resources: ["nodes"]
+  #   verbs: ["get", "list", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: snapshot-controller-role
+subjects:
+  - kind: ServiceAccount
+    name: snapshot-controller
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: snapshot-controller-runner
+  apiGroup: rbac.authorization.k8s.io
+
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: snapshot-controller-leaderelection
+  namespace: kube-system
+rules:
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: snapshot-controller-leaderelection
+  namespace: kube-system
+subjects:
+  - kind: ServiceAccount
+    name: snapshot-controller
+roleRef:
+  kind: Role
+  name: snapshot-controller-leaderelection
+  apiGroup: rbac.authorization.k8s.io

magnum_cluster_api/manifests/snapshot-controller-csi/v7.0.2/rbac-snapshot-controller.yaml

@@ -0,0 +1,136 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/814"
+    controller-gen.kubebuilder.io/version: v0.12.0
+  creationTimestamp: null
+  name: volumesnapshotclasses.snapshot.storage.k8s.io
+spec:
+  group: snapshot.storage.k8s.io
+  names:
+    kind: VolumeSnapshotClass
+    listKind: VolumeSnapshotClassList
+    plural: volumesnapshotclasses
+    shortNames:
+    - vsclass
+    - vsclasses
+    singular: volumesnapshotclass
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .driver
+      name: Driver
+      type: string
+    - description: Determines whether a VolumeSnapshotContent created through the
+        VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted.
+      jsonPath: .deletionPolicy
+      name: DeletionPolicy
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: VolumeSnapshotClass specifies parameters that a underlying storage
+          system uses when creating a volume snapshot. A specific VolumeSnapshotClass
+          is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses
+          are non-namespaced
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          deletionPolicy:
+            description: deletionPolicy determines whether a VolumeSnapshotContent
+              created through the VolumeSnapshotClass should be deleted when its bound
+              VolumeSnapshot is deleted. Supported values are "Retain" and "Delete".
+              "Retain" means that the VolumeSnapshotContent and its physical snapshot
+              on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent
+              and its physical snapshot on underlying storage system are deleted.
+              Required.
+            enum:
+            - Delete
+            - Retain
+            type: string
+          driver:
+            description: driver is the name of the storage driver that handles this
+              VolumeSnapshotClass. Required.
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          parameters:
+            additionalProperties:
+              type: string
+            description: parameters is a key-value map with storage driver specific
+              parameters for creating snapshots. These values are opaque to Kubernetes.
+            type: object
+        required:
+        - deletionPolicy
+        - driver
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+  - additionalPrinterColumns:
+    - jsonPath: .driver
+      name: Driver
+      type: string
+    - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted.
+      jsonPath: .deletionPolicy
+      name: DeletionPolicy
+      type: string
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1beta1
+    # This indicates the v1beta1 version of the custom resource is deprecated.
+    # API requests to this version receive a warning in the server response.
+    deprecated: true
+    # This overrides the default warning returned to clients making v1beta1 API requests.
+    deprecationWarning: "snapshot.storage.k8s.io/v1beta1 VolumeSnapshotClass is deprecated; use snapshot.storage.k8s.io/v1 VolumeSnapshotClass"
+    schema:
+      openAPIV3Schema:
+        description: VolumeSnapshotClass specifies parameters that a underlying storage system uses when creating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses are non-namespaced
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          deletionPolicy:
+            description: deletionPolicy determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. Required.
+            enum:
+            - Delete
+            - Retain
+            type: string
+          driver:
+            description: driver is the name of the storage driver that handles this VolumeSnapshotClass. Required.
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          parameters:
+            additionalProperties:
+              type: string
+            description: parameters is a key-value map with storage driver specific parameters for creating snapshots. These values are opaque to Kubernetes.
+            type: object
+        required:
+        - deletionPolicy
+        - driver
+        type: object
+    served: false
+    storage: false
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []