From f5da94c7c8d68cc1ff55cd8218cd23fddbeb219d Mon Sep 17 00:00:00 2001 From: matancarmeli7 Date: Sun, 15 Jan 2023 11:38:24 +0200 Subject: [PATCH 01/11] add csiaddons to operator Signed-off-by: matancarmeli7 --- config/rbac/role.yaml | 104 +++++++++++++ controllers/ibmblockcsi_controller.go | 12 ++ .../crutils/static_resource_generator.go | 72 +++++++++ .../generated/ibm-block-csi-operator.yaml | 104 +++++++++++++ ...perator.v1.11.0.clusterserviceversion.yaml | 104 +++++++++++++ ...ck-csi-operator.clusterserviceversion.yaml | 144 +++++++++++++++--- 6 files changed, 520 insertions(+), 20 deletions(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 11fc8cb81..c72388929 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -275,3 +275,107 @@ rules: - volumeattachments/status verbs: - patch +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/status + verbs: + - get + - patch + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - networkfences + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/status + verbs: + - get + - patch + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs/status + verbs: + - get + - patch + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/status + verbs: + - get + - patch + - update \ No newline at end of file diff --git a/controllers/ibmblockcsi_controller.go b/controllers/ibmblockcsi_controller.go index f68447e45..ac0c8c409 100644 --- a/controllers/ibmblockcsi_controller.go +++ b/controllers/ibmblockcsi_controller.go @@ -106,6 +106,18 @@ type IBMBlockCSIReconciler struct { //+kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications,verbs=create;delete;get;list;patch;update;watch //+kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications/finalizers,verbs=update //+kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes,verbs=create;delete;get;list;patch;update;watch +//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes/finalizers,verbs=update +//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=networkfences,verbs=create;delete;get;list;patch;update;watch +//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=networkfences/finalizers,verbs=update +//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=networkfences/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs,verbs=create;delete;get;list;patch;update;watch +//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs/finalizers,verbs=update +//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacejobs,verbs=create;delete;get;list;patch;update;watch +//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacejobs/finalizers,verbs=update +//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacejobs/status,verbs=get;patch;update func (r *IBMBlockCSIReconciler) Reconcile(ctx context.Context, req ctrl.Request) (reconcile.Result, error) { reqLogger := log.WithValues("Request.Namespace", req.Namespace, "Request.Name", req.Name) reqLogger.Info("Reconciling IBMBlockCSI") diff --git a/controllers/internal/crutils/static_resource_generator.go b/controllers/internal/crutils/static_resource_generator.go index c34ececeb..8e1014205 100644 --- a/controllers/internal/crutils/static_resource_generator.go +++ b/controllers/internal/crutils/static_resource_generator.go @@ -54,6 +54,18 @@ const ( volumeReplicationsResource string = "volumereplications" volumeReplicationsFinalizersResource string = "volumereplications/finalizers" volumeReplicationsStatusResource string = "volumereplications/status" + csiAddonsNodesResource string = "csiaddonsnodes" + csiAddonsNodesFinalizersResource string = "csiaddonsnodes/finalizers" + csiAddonsNodesStatusResource string = "csiaddonsnodes/status" + networkFencesResource string = "networkfences" + networkFencesFinalizersResource string = "networkfences/finalizers" + networkFencesStatusResource string = "networkfences/status" + reclaimSpaceCronJobsResource string = "reclaimspacecronjobs" + reclaimSpaceCronJobsFinalizersResource string = "reclaimspacecronjobs/finalizers" + reclaimSpaceCronJobsStatusResource string = "reclaimspacecronjobs/status" + reclaimSpaceJobsResource string = "reclaimspacejobs" + reclaimSpaceJobsFinalizersResource string = "reclaimspacejobs/finalizers" + reclaimSpaceJobsStatusResource string = "reclaimspacejobs/status" eventsResource string = "events" nodesResource string = "nodes" csiNodesResource string = "csinodes" @@ -381,6 +393,66 @@ func (c *IBMBlockCSI) GenerateCSIAddonsReplicatorClusterRole() *rbacv1.ClusterRo Resources: []string{secretsResource}, Verbs: []string{verbGet}, }, + { + APIGroups: []string{replicationStorageOpenshiftApiGroup}, + Resources: []string{csiAddonsNodesResource}, + Verbs: []string{verbCreate, verbDelete, verbGet, verbList, verbPatch, verbUpdate, verbWatch}, + }, + { + APIGroups: []string{replicationStorageOpenshiftApiGroup}, + Resources: []string{csiAddonsNodesFinalizersResource}, + Verbs: []string{verbUpdate}, + }, + { + APIGroups: []string{replicationStorageOpenshiftApiGroup}, + Resources: []string{csiAddonsNodesStatusResource}, + Verbs: []string{verbGet, verbPatch, verbUpdate}, + }, + { + APIGroups: []string{replicationStorageOpenshiftApiGroup}, + Resources: []string{networkFencesResource}, + Verbs: []string{verbCreate, verbDelete, verbGet, verbList, verbPatch, verbUpdate, verbWatch}, + }, + { + APIGroups: []string{replicationStorageOpenshiftApiGroup}, + Resources: []string{networkFencesFinalizersResource}, + Verbs: []string{verbUpdate}, + }, + { + APIGroups: []string{replicationStorageOpenshiftApiGroup}, + Resources: []string{networkFencesStatusResource}, + Verbs: []string{verbGet, verbPatch, verbUpdate}, + }, + { + APIGroups: []string{replicationStorageOpenshiftApiGroup}, + Resources: []string{reclaimSpaceCronJobsResource}, + Verbs: []string{verbCreate, verbDelete, verbGet, verbList, verbPatch, verbUpdate, verbWatch}, + }, + { + APIGroups: []string{replicationStorageOpenshiftApiGroup}, + Resources: []string{reclaimSpaceCronJobsFinalizersResource}, + Verbs: []string{verbUpdate}, + }, + { + APIGroups: []string{replicationStorageOpenshiftApiGroup}, + Resources: []string{reclaimSpaceCronJobsStatusResource}, + Verbs: []string{verbGet, verbPatch, verbUpdate}, + }, + { + APIGroups: []string{replicationStorageOpenshiftApiGroup}, + Resources: []string{reclaimSpaceJobsResource}, + Verbs: []string{verbCreate, verbDelete, verbGet, verbList, verbPatch, verbUpdate, verbWatch}, + }, + { + APIGroups: []string{replicationStorageOpenshiftApiGroup}, + Resources: []string{reclaimSpaceJobsFinalizersResource}, + Verbs: []string{verbUpdate}, + }, + { + APIGroups: []string{replicationStorageOpenshiftApiGroup}, + Resources: []string{reclaimSpaceJobsStatusResource}, + Verbs: []string{verbGet, verbPatch, verbUpdate}, + }, }, } } diff --git a/deploy/installer/generated/ibm-block-csi-operator.yaml b/deploy/installer/generated/ibm-block-csi-operator.yaml index 7a8aba226..16335d29f 100644 --- a/deploy/installer/generated/ibm-block-csi-operator.yaml +++ b/deploy/installer/generated/ibm-block-csi-operator.yaml @@ -2067,6 +2067,110 @@ rules: - volumeattachments/status verbs: - patch +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/status + verbs: + - get + - patch + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - networkfences + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/status + verbs: + - get + - patch + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs/status + verbs: + - get + - patch + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/finalizers + verbs: + - update +- apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/deploy/olm-catalog/ibm-block-csi-operator-community/1.11.0/manifests/ibm-block-csi-operator.v1.11.0.clusterserviceversion.yaml b/deploy/olm-catalog/ibm-block-csi-operator-community/1.11.0/manifests/ibm-block-csi-operator.v1.11.0.clusterserviceversion.yaml index df3933cec..46939bb88 100644 --- a/deploy/olm-catalog/ibm-block-csi-operator-community/1.11.0/manifests/ibm-block-csi-operator.v1.11.0.clusterserviceversion.yaml +++ b/deploy/olm-catalog/ibm-block-csi-operator-community/1.11.0/manifests/ibm-block-csi-operator.v1.11.0.clusterserviceversion.yaml @@ -608,6 +608,110 @@ spec: - volumeattachments/status verbs: - patch + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/finalizers + verbs: + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/status + verbs: + - get + - patch + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/finalizers + verbs: + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/status + verbs: + - get + - patch + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs/finalizers + verbs: + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs/status + verbs: + - get + - patch + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/finalizers + verbs: + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/status + verbs: + - get + - patch + - update deployments: - name: ibm-block-csi-operator diff --git a/deploy/olm-catalog/ibm-block-csi-operator/1.11.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml b/deploy/olm-catalog/ibm-block-csi-operator/1.11.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml index 686c206a9..34acb7c4d 100644 --- a/deploy/olm-catalog/ibm-block-csi-operator/1.11.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/ibm-block-csi-operator/1.11.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml @@ -5,7 +5,7 @@ metadata: namespace: placeholder annotations: capabilities: "Seamless Upgrades" - olm.skipRange: '>=1.6.0 <1.11.0' + olm.skipRange: ">=1.6.0 <1.11.0" categories: "Storage,Cloud Provider" certified: "true" containerImage: registry.connect.redhat.com/ibm/ibm-block-csi-operator:1.11.0 @@ -226,51 +226,51 @@ spec: description: "Represents a block storage CSI driver" resources: - kind: ServiceAccount - name: '' + name: "" version: v1 - kind: StatefulSet - name: '' + name: "" version: apps/v1 - kind: DaemonSet - name: '' + name: "" version: apps/v1 specDescriptors: - description: Controller Image Repository. displayName: Controller Image Repository path: controller.repository x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:text' + - "urn:alm:descriptor:com.tectonic.ui:text" - description: Controller Image Tag. displayName: Controller Image Tag path: controller.tag x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:text' + - "urn:alm:descriptor:com.tectonic.ui:text" - description: Node Image Repository. displayName: Node Image Repository path: node.repository x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:text' + - "urn:alm:descriptor:com.tectonic.ui:text" - description: Node Image Tag. displayName: Node Image Tag path: node.tag x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:text' + - "urn:alm:descriptor:com.tectonic.ui:text" statusDescriptors: - description: The current status of the driver. displayName: Status path: phase x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' + - "urn:alm:descriptor:io.kubernetes.phase" - description: Is the controller ready? displayName: Controller Ready path: controllerReady x-descriptors: - - 'urn:alm:descriptor:text' + - "urn:alm:descriptor:text" - description: Is the node ready? displayName: Node Ready path: nodeReady x-descriptors: - - 'urn:alm:descriptor:text' + - "urn:alm:descriptor:text" - description: The current version of the driver. displayName: Version path: version @@ -299,33 +299,33 @@ spec: description: "Represents Host Definer for block storage CSI driver" resources: - kind: ServiceAccount - name: '' + name: "" version: v1 - kind: Deployment - name: '' + name: "" version: apps/v1 specDescriptors: - description: HostDefiner Image Repository. displayName: HostDefiner Image Repository path: hostdefiner.repository x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:text' + - "urn:alm:descriptor:com.tectonic.ui:text" - description: HostDefiner Image Tag. displayName: HostDefiner Image Tag path: hostdefiner.tag x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:text' + - "urn:alm:descriptor:com.tectonic.ui:text" statusDescriptors: - description: The current status of the host definer. displayName: Status path: phase x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' + - "urn:alm:descriptor:io.kubernetes.phase" - description: Is the host definer deployment ready? displayName: HostDefiner Ready path: hostdefinerReady x-descriptors: - - 'urn:alm:descriptor:text' + - "urn:alm:descriptor:text" - description: The current version of the driver. displayName: Version path: version @@ -348,7 +348,7 @@ spec: resources: - events verbs: - - '*' + - "*" - apiGroups: - "" resources: @@ -455,9 +455,9 @@ spec: - apiGroups: - csi.ibm.com resources: - - '*' + - "*" verbs: - - '*' + - "*" - apiGroups: - monitoring.coreos.com resources: @@ -598,6 +598,110 @@ spec: - volumeattachments/status verbs: - patch + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/finalizers + verbs: + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes/status + verbs: + - get + - patch + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/finalizers + verbs: + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - networkfences/status + verbs: + - get + - patch + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs/finalizers + verbs: + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacecronjobs/status + verbs: + - get + - patch + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/finalizers + verbs: + - update + - apiGroups: + - csiaddons.openshift.io + resources: + - reclaimspacejobs/status + verbs: + - get + - patch + - update deployments: - name: ibm-block-csi-operator From 7c17f1535bd4ff10783532e92d2eeda890c5e00d Mon Sep 17 00:00:00 2001 From: Elena Gershkovich Date: Sun, 15 Jan 2023 14:32:38 +0200 Subject: [PATCH 02/11] New replication operator Signed-off-by: Elena Gershkovich --- config/rbac/role.yaml | 104 +++++++++++++++++++++++++++ controllers/syncer/csi_controller.go | 7 +- 2 files changed, 108 insertions(+), 3 deletions(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index c72388929..eb97a192c 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -154,6 +154,110 @@ rules: - list - update - watch +- apiGroups: + - replication.storage.openshift.io + resources: + - csiaddonsnodes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - replication.storage.openshift.io + resources: + - csiaddonsnodes/finalizers + verbs: + - update +- apiGroups: + - replication.storage.openshift.io + resources: + - csiaddonsnodes/status + verbs: + - get + - patch + - update +- apiGroups: + - replication.storage.openshift.io + resources: + - networkfences + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - replication.storage.openshift.io + resources: + - networkfences/finalizers + verbs: + - update +- apiGroups: + - replication.storage.openshift.io + resources: + - networkfences/status + verbs: + - get + - patch + - update +- apiGroups: + - replication.storage.openshift.io + resources: + - reclaimspacecronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - replication.storage.openshift.io + resources: + - reclaimspacecronjobs/finalizers + verbs: + - update +- apiGroups: + - replication.storage.openshift.io + resources: + - reclaimspacecronjobs/status + verbs: + - get + - patch + - update +- apiGroups: + - replication.storage.openshift.io + resources: + - reclaimspacejobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - replication.storage.openshift.io + resources: + - reclaimspacejobs/finalizers + verbs: + - update +- apiGroups: + - replication.storage.openshift.io + resources: + - reclaimspacejobs/status + verbs: + - get + - patch + - update - apiGroups: - replication.storage.openshift.io resources: diff --git a/controllers/syncer/csi_controller.go b/controllers/syncer/csi_controller.go index 0f20decee..b4c9b5abd 100644 --- a/controllers/syncer/csi_controller.go +++ b/controllers/syncer/csi_controller.go @@ -206,12 +206,13 @@ func (s *csiControllerSyncer) ensureContainersSpec() []corev1.Container { ) resizer.ImagePullPolicy = s.getCSIResizerPullPolicy() - leaderElectionNamespaceFlag := fmt.Sprintf("--leader-election-namespace=%s", s.driver.Namespace) driverNameFlag := fmt.Sprintf("--driver-name=%s", config.DriverName) + controllerPodName := fmt.Sprintf("--pod=%s", s.driver.Name) + controllerPodNamespace := fmt.Sprintf("--namespace=%s", s.driver.Namespace) replicator := s.ensureContainer(replicatorContainerName, s.getCSIAddonsReplicatorImage(), - []string{leaderElectionNamespaceFlag, driverNameFlag, - "--csi-address=$(ADDRESS)", "--zap-log-level=5", "--rpc-timeout=30s"}, + []string{controllerPodName, controllerPodNamespace, + "--zap-log-level=5"}, ) replicator.ImagePullPolicy = s.getCSIAddonsReplicatorPullPolicy() From 9fc6d54c11b831a5033873fb3f017abdd2ab5d5c Mon Sep 17 00:00:00 2001 From: Elena Gershkovich Date: Sun, 15 Jan 2023 14:42:59 +0200 Subject: [PATCH 03/11] New replication operator Signed-off-by: Elena Gershkovich --- controllers/ibmblockcsi_controller.go | 96 +++++++++++++++------------ 1 file changed, 54 insertions(+), 42 deletions(-) diff --git a/controllers/ibmblockcsi_controller.go b/controllers/ibmblockcsi_controller.go index ac0c8c409..91baae0e6 100644 --- a/controllers/ibmblockcsi_controller.go +++ b/controllers/ibmblockcsi_controller.go @@ -76,48 +76,60 @@ type IBMBlockCSIReconciler struct { } // the rbac rule requires an empty row at the end to render -//+kubebuilder:rbac:groups="",resources=pods,verbs=get;delete;list;watch -//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;create;delete -//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch -//+kubebuilder:rbac:groups="",resources=persistentvolumeclaims,verbs=get;list;watch;update;patch -//+kubebuilder:rbac:groups="",resources=persistentvolumeclaims/status,verbs=get;update;patch -//+kubebuilder:rbac:groups="",resources=persistentvolumeclaims/finalizers,verbs=update -//+kubebuilder:rbac:groups="",resources=persistentvolumes,verbs=get;delete;list;watch;update;create;patch -//+kubebuilder:rbac:groups="",resources=events,verbs=* -//+kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch -//+kubebuilder:rbac:groups=apps,resources=deployments;daemonsets;statefulsets,verbs=get;list;watch;update;create;delete -//+kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=create;delete;get;watch;list -//+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles;clusterrolebindings,verbs=create;delete;get;watch;list;update -//+kubebuilder:rbac:groups=storage.k8s.io,resources=volumeattachments,verbs=get;list;watch;update;patch -//+kubebuilder:rbac:groups=storage.k8s.io,resources=volumeattachments/status,verbs=patch -//+kubebuilder:rbac:groups=storage.k8s.io,resources=storageclasses,verbs=get;list;watch -//+kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;create -//+kubebuilder:rbac:groups=apps,resourceNames=ibm-block-csi-operator,resources=deployments/finalizers,verbs=update -//+kubebuilder:rbac:groups=storage.k8s.io,resources=csidrivers,verbs=create;delete;get;watch;list -//+kubebuilder:rbac:groups=storage.k8s.io,resources=csinodes,verbs=get;list;watch -//+kubebuilder:rbac:groups=security.openshift.io,resourceNames=anyuid;privileged,resources=securitycontextconstraints,verbs=use -//+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=create;list;watch;delete -//+kubebuilder:rbac:groups=csi.ibm.com,resources=*,verbs=* -//+kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotclasses,verbs=get;watch;list -//+kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotcontents,verbs=get;watch;list;create;update;delete -//+kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotcontents/status,verbs=update -//+kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshots,verbs=get;watch;list;update -//+kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplicationclasses,verbs=get;list;watch -//+kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications/finalizers,verbs=update -//+kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications/status,verbs=get;patch;update -//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes/finalizers,verbs=update -//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes/status,verbs=get;patch;update -//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=networkfences,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=networkfences/finalizers,verbs=update -//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=networkfences/status,verbs=get;patch;update -//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs/finalizers,verbs=update -//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs/status,verbs=get;patch;update -//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacejobs,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacejobs/finalizers,verbs=update -//+kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacejobs/status,verbs=get;patch;update +// +kubebuilder:rbac:groups="",resources=pods,verbs=get;delete;list;watch +// +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;create;delete +// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch +// +kubebuilder:rbac:groups="",resources=persistentvolumeclaims,verbs=get;list;watch;update;patch +// +kubebuilder:rbac:groups="",resources=persistentvolumeclaims/status,verbs=get;update;patch +// +kubebuilder:rbac:groups="",resources=persistentvolumeclaims/finalizers,verbs=update +// +kubebuilder:rbac:groups="",resources=persistentvolumes,verbs=get;delete;list;watch;update;create;patch +// +kubebuilder:rbac:groups="",resources=events,verbs=* +// +kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch +// +kubebuilder:rbac:groups=apps,resources=deployments;daemonsets;statefulsets,verbs=get;list;watch;update;create;delete +// +kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=create;delete;get;watch;list +// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles;clusterrolebindings,verbs=create;delete;get;watch;list;update +// +kubebuilder:rbac:groups=storage.k8s.io,resources=volumeattachments,verbs=get;list;watch;update;patch +// +kubebuilder:rbac:groups=storage.k8s.io,resources=volumeattachments/status,verbs=patch +// +kubebuilder:rbac:groups=storage.k8s.io,resources=storageclasses,verbs=get;list;watch +// +kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;create +// +kubebuilder:rbac:groups=apps,resourceNames=ibm-block-csi-operator,resources=deployments/finalizers,verbs=update +// +kubebuilder:rbac:groups=storage.k8s.io,resources=csidrivers,verbs=create;delete;get;watch;list +// +kubebuilder:rbac:groups=storage.k8s.io,resources=csinodes,verbs=get;list;watch +// +kubebuilder:rbac:groups=security.openshift.io,resourceNames=anyuid;privileged,resources=securitycontextconstraints,verbs=use +// +kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=create;list;watch;delete +// +kubebuilder:rbac:groups=csi.ibm.com,resources=*,verbs=* +// +kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotclasses,verbs=get;watch;list +// +kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotcontents,verbs=get;watch;list;create;update;delete +// +kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotcontents/status,verbs=update +// +kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshots,verbs=get;watch;list;update +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplicationclasses,verbs=get;list;watch +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications/finalizers,verbs=update +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications/status,verbs=get;patch;update +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=csiaddonsnodes,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=csiaddonsnodes/finalizers,verbs=update +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=csiaddonsnodes/status,verbs=get;patch;update +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=networkfences,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=networkfences/finalizers,verbs=update +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=networkfences/status,verbs=get;patch;update +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=reclaimspacecronjobs,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=reclaimspacecronjobs/finalizers,verbs=update +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=reclaimspacecronjobs/status,verbs=get;patch;update +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=reclaimspacejobs,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=reclaimspacejobs/finalizers,verbs=update +// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=reclaimspacejobs/status,verbs=get;patch;update +// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes/finalizers,verbs=update +// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes/status,verbs=get;patch;update +// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=networkfences,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=networkfences/finalizers,verbs=update +// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=networkfences/status,verbs=get;patch;update +// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs/finalizers,verbs=update +// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs/status,verbs=get;patch;update +// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacejobs,verbs=create;delete;get;list;patch;update;watch +// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacejobs/finalizers,verbs=update +// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacejobs/status,verbs=get;patch;update func (r *IBMBlockCSIReconciler) Reconcile(ctx context.Context, req ctrl.Request) (reconcile.Result, error) { reqLogger := log.WithValues("Request.Namespace", req.Namespace, "Request.Name", req.Name) reqLogger.Info("Reconciling IBMBlockCSI") From ee54f759442a089c3bc5dc87c87b6253e256e642 Mon Sep 17 00:00:00 2001 From: matancarmeli7 Date: Sun, 15 Jan 2023 15:03:17 +0200 Subject: [PATCH 04/11] change csiaddons apiGroup in go Signed-off-by: matancarmeli7 --- config/rbac/role.yaml | 104 ------------------ controllers/ibmblockcsi_controller.go | 12 -- .../crutils/static_resource_generator.go | 25 +++-- 3 files changed, 13 insertions(+), 128 deletions(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index eb97a192c..c72388929 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -154,110 +154,6 @@ rules: - list - update - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - csiaddonsnodes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - csiaddonsnodes/finalizers - verbs: - - update -- apiGroups: - - replication.storage.openshift.io - resources: - - csiaddonsnodes/status - verbs: - - get - - patch - - update -- apiGroups: - - replication.storage.openshift.io - resources: - - networkfences - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - networkfences/finalizers - verbs: - - update -- apiGroups: - - replication.storage.openshift.io - resources: - - networkfences/status - verbs: - - get - - patch - - update -- apiGroups: - - replication.storage.openshift.io - resources: - - reclaimspacecronjobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - reclaimspacecronjobs/finalizers - verbs: - - update -- apiGroups: - - replication.storage.openshift.io - resources: - - reclaimspacecronjobs/status - verbs: - - get - - patch - - update -- apiGroups: - - replication.storage.openshift.io - resources: - - reclaimspacejobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - reclaimspacejobs/finalizers - verbs: - - update -- apiGroups: - - replication.storage.openshift.io - resources: - - reclaimspacejobs/status - verbs: - - get - - patch - - update - apiGroups: - replication.storage.openshift.io resources: diff --git a/controllers/ibmblockcsi_controller.go b/controllers/ibmblockcsi_controller.go index 91baae0e6..a70131c6c 100644 --- a/controllers/ibmblockcsi_controller.go +++ b/controllers/ibmblockcsi_controller.go @@ -106,18 +106,6 @@ type IBMBlockCSIReconciler struct { // +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications,verbs=create;delete;get;list;patch;update;watch // +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications/finalizers,verbs=update // +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications/status,verbs=get;patch;update -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=csiaddonsnodes,verbs=create;delete;get;list;patch;update;watch -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=csiaddonsnodes/finalizers,verbs=update -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=csiaddonsnodes/status,verbs=get;patch;update -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=networkfences,verbs=create;delete;get;list;patch;update;watch -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=networkfences/finalizers,verbs=update -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=networkfences/status,verbs=get;patch;update -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=reclaimspacecronjobs,verbs=create;delete;get;list;patch;update;watch -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=reclaimspacecronjobs/finalizers,verbs=update -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=reclaimspacecronjobs/status,verbs=get;patch;update -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=reclaimspacejobs,verbs=create;delete;get;list;patch;update;watch -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=reclaimspacejobs/finalizers,verbs=update -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=reclaimspacejobs/status,verbs=get;patch;update // +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes,verbs=create;delete;get;list;patch;update;watch // +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes/finalizers,verbs=update // +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes/status,verbs=get;patch;update diff --git a/controllers/internal/crutils/static_resource_generator.go b/controllers/internal/crutils/static_resource_generator.go index 8e1014205..f2c10ce41 100644 --- a/controllers/internal/crutils/static_resource_generator.go +++ b/controllers/internal/crutils/static_resource_generator.go @@ -32,6 +32,7 @@ const ( storageApiGroup string = "storage.k8s.io" rbacAuthorizationApiGroup string = "rbac.authorization.k8s.io" replicationStorageOpenshiftApiGroup string = "replication.storage.openshift.io" + csiAddonsApiGroup string = "csiaddons.openshift.io" storageClassesResource string = "storageclasses" persistentVolumesResource string = "persistentvolumes" persistentVolumeClaimsResource string = "persistentvolumeclaims" @@ -394,62 +395,62 @@ func (c *IBMBlockCSI) GenerateCSIAddonsReplicatorClusterRole() *rbacv1.ClusterRo Verbs: []string{verbGet}, }, { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, + APIGroups: []string{csiAddonsApiGroup}, Resources: []string{csiAddonsNodesResource}, Verbs: []string{verbCreate, verbDelete, verbGet, verbList, verbPatch, verbUpdate, verbWatch}, }, { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, + APIGroups: []string{csiAddonsApiGroup}, Resources: []string{csiAddonsNodesFinalizersResource}, Verbs: []string{verbUpdate}, }, { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, + APIGroups: []string{csiAddonsApiGroup}, Resources: []string{csiAddonsNodesStatusResource}, Verbs: []string{verbGet, verbPatch, verbUpdate}, }, { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, + APIGroups: []string{csiAddonsApiGroup}, Resources: []string{networkFencesResource}, Verbs: []string{verbCreate, verbDelete, verbGet, verbList, verbPatch, verbUpdate, verbWatch}, }, { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, + APIGroups: []string{csiAddonsApiGroup}, Resources: []string{networkFencesFinalizersResource}, Verbs: []string{verbUpdate}, }, { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, + APIGroups: []string{csiAddonsApiGroup}, Resources: []string{networkFencesStatusResource}, Verbs: []string{verbGet, verbPatch, verbUpdate}, }, { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, + APIGroups: []string{csiAddonsApiGroup}, Resources: []string{reclaimSpaceCronJobsResource}, Verbs: []string{verbCreate, verbDelete, verbGet, verbList, verbPatch, verbUpdate, verbWatch}, }, { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, + APIGroups: []string{csiAddonsApiGroup}, Resources: []string{reclaimSpaceCronJobsFinalizersResource}, Verbs: []string{verbUpdate}, }, { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, + APIGroups: []string{csiAddonsApiGroup}, Resources: []string{reclaimSpaceCronJobsStatusResource}, Verbs: []string{verbGet, verbPatch, verbUpdate}, }, { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, + APIGroups: []string{csiAddonsApiGroup}, Resources: []string{reclaimSpaceJobsResource}, Verbs: []string{verbCreate, verbDelete, verbGet, verbList, verbPatch, verbUpdate, verbWatch}, }, { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, + APIGroups: []string{csiAddonsApiGroup}, Resources: []string{reclaimSpaceJobsFinalizersResource}, Verbs: []string{verbUpdate}, }, { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, + APIGroups: []string{csiAddonsApiGroup}, Resources: []string{reclaimSpaceJobsStatusResource}, Verbs: []string{verbGet, verbPatch, verbUpdate}, }, From a74e51404358c50bcfb0d15531d8bfc2f7da759c Mon Sep 17 00:00:00 2001 From: Elena Gershkovich Date: Sun, 15 Jan 2023 17:44:07 +0200 Subject: [PATCH 05/11] New replication operator Signed-off-by: Elena Gershkovich --- controllers/syncer/csi_controller.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/controllers/syncer/csi_controller.go b/controllers/syncer/csi_controller.go index b4c9b5abd..772f8fde3 100644 --- a/controllers/syncer/csi_controller.go +++ b/controllers/syncer/csi_controller.go @@ -20,6 +20,7 @@ import ( "fmt" "math" os "runtime" + "strconv" "github.com/imdario/mergo" appsv1 "k8s.io/api/apps/v1" @@ -209,10 +210,11 @@ func (s *csiControllerSyncer) ensureContainersSpec() []corev1.Container { driverNameFlag := fmt.Sprintf("--driver-name=%s", config.DriverName) controllerPodName := fmt.Sprintf("--pod=%s", s.driver.Name) controllerPodNamespace := fmt.Sprintf("--namespace=%s", s.driver.Namespace) + controllerPort := fmt.Sprintf("--controller-port=%s", + strconv.Itoa(int(controllerPlugin.Ports[0].ContainerPort))) replicator := s.ensureContainer(replicatorContainerName, s.getCSIAddonsReplicatorImage(), - []string{controllerPodName, controllerPodNamespace, - "--zap-log-level=5"}, + []string{controllerPodName, controllerPodNamespace, controllerPort}, ) replicator.ImagePullPolicy = s.getCSIAddonsReplicatorPullPolicy() From 0994930a481497a46ca4e04984f4d2a32c748aca Mon Sep 17 00:00:00 2001 From: matancarmeli7 Date: Sun, 5 Feb 2023 16:23:48 +0200 Subject: [PATCH 06/11] update parameters for csiaddons Signed-off-by: matancarmeli7 --- controllers/ibmblockcsi_controller.go | 2 +- controllers/syncer/csi_controller.go | 59 +++++++++++++++++++++++---- pkg/config/constants.go | 1 + pkg/config/resources.go | 4 ++ 4 files changed, 58 insertions(+), 8 deletions(-) diff --git a/controllers/ibmblockcsi_controller.go b/controllers/ibmblockcsi_controller.go index a70131c6c..ec56aafd0 100644 --- a/controllers/ibmblockcsi_controller.go +++ b/controllers/ibmblockcsi_controller.go @@ -372,7 +372,7 @@ func (r *IBMBlockCSIReconciler) restartControllerPodfromStatefulSet(logger logr. } func (r *IBMBlockCSIReconciler) getControllerPod(controllerStatefulset *appsv1.StatefulSet, controllerPod *corev1.Pod) error { - controllerPodName := fmt.Sprintf("%s-0", controllerStatefulset.Name) + controllerPodName := oconfig.GetControllerPodName(controllerStatefulset.Name) err := r.Get(context.TODO(), types.NamespacedName{ Name: controllerPodName, Namespace: controllerStatefulset.Namespace, diff --git a/controllers/syncer/csi_controller.go b/controllers/syncer/csi_controller.go index 772f8fde3..497a23f30 100644 --- a/controllers/syncer/csi_controller.go +++ b/controllers/syncer/csi_controller.go @@ -20,7 +20,6 @@ import ( "fmt" "math" os "runtime" - "strconv" "github.com/imdario/mergo" appsv1 "k8s.io/api/apps/v1" @@ -136,7 +135,7 @@ func (s *csiControllerSyncer) ensurePodSpec() corev1.PodSpec { func (s *csiControllerSyncer) ensureContainersSpec() []corev1.Container { controllerPlugin := s.ensureContainer(ControllerContainerName, s.driver.GetCSIControllerImage(), - []string{"--csi-endpoint=$(CSI_ENDPOINT)"}, + []string{"--csi-endpoint=$(CSI_ENDPOINT)", "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)"}, ) controllerPlugin.Resources = ensureResources("40m", "800m", "40Mi", "400Mi") @@ -208,13 +207,16 @@ func (s *csiControllerSyncer) ensureContainersSpec() []corev1.Container { resizer.ImagePullPolicy = s.getCSIResizerPullPolicy() driverNameFlag := fmt.Sprintf("--driver-name=%s", config.DriverName) - controllerPodName := fmt.Sprintf("--pod=%s", s.driver.Name) + statfulSetName := config.GetNameForResource(config.CSIController, s.driver.Name) + controllerPodName := fmt.Sprintf("--pod=%s", config.GetControllerPodName(statfulSetName)) controllerPodNamespace := fmt.Sprintf("--namespace=%s", s.driver.Namespace) - controllerPort := fmt.Sprintf("--controller-port=%s", - strconv.Itoa(int(controllerPlugin.Ports[0].ContainerPort))) + controllerPort := fmt.Sprintf("--controller-port=%s", "9087") replicator := s.ensureContainer(replicatorContainerName, s.getCSIAddonsReplicatorImage(), - []string{controllerPodName, controllerPodNamespace, controllerPort}, + []string{controllerPodName, controllerPodNamespace, controllerPort, + "--csi-addons-address=$(CSI_ADDONS_ENDPOINT)", + "--node-id=$(NODE_ID)", "--pod-uid=$(POD_UID)", + "--controller-ip=$(POD_IP)"}, ) replicator.ImagePullPolicy = s.getCSIAddonsReplicatorPullPolicy() @@ -329,14 +331,57 @@ func (s *csiControllerSyncer) getEnvFor(name string) []corev1.EnvVar { Name: "CSI_ENDPOINT", Value: config.CSIEndpoint, }, + { + Name: "CSI_ADDONS_ENDPOINT", + Value: config.CSIAddonsEndpoint, + }, + { + Name: "NODE_ID", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "spec.nodeName", + }, + }, + }, { Name: "CSI_LOGLEVEL", Value: config.DefaultLogLevel, }, } + case replicatorContainerName: + return []corev1.EnvVar{ + { + Name: "CSI_ADDONS_ENDPOINT", + Value: config.CSIAddonsEndpoint, + }, + { + Name: "NODE_ID", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "spec.nodeName", + }, + }, + }, + { + Name: "POD_IP", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "status.podIP", + }, + }, + }, + { + Name: "POD_UID", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.uid", + }, + }, + }, + } case provisionerContainerName, attacherContainerName, snapshotterContainerName, - resizerContainerName, replicatorContainerName, volumeGroupContainerName: + resizerContainerName, volumeGroupContainerName: return []corev1.EnvVar{ { Name: "ADDRESS", diff --git a/pkg/config/constants.go b/pkg/config/constants.go index 3efa696d4..b0f75d8b5 100644 --- a/pkg/config/constants.go +++ b/pkg/config/constants.go @@ -61,4 +61,5 @@ const ( NodeRegistrarSocketPath = "/var/lib/kubelet/plugins/block.csi.ibm.com/csi.sock" CSIEndpoint = "unix:///var/lib/csi/sockets/pluginproxy/csi.sock" CSINodeEndpoint = "unix:///csi/csi.sock" + CSIAddonsEndpoint = "unix:///var/lib/csi/sockets/pluginproxy/csi-addons.sock" ) diff --git a/pkg/config/resources.go b/pkg/config/resources.go index 540d10f8d..de5b0fc1b 100644 --- a/pkg/config/resources.go +++ b/pkg/config/resources.go @@ -74,3 +74,7 @@ func GetNameForResource(name ResourceName, driverName string) string { return fmt.Sprintf("%s-%s", driverName, name) } } + +func GetControllerPodName(statefulSetName string) string { + return fmt.Sprintf("%s-0", statefulSetName) +} From cdecaf808ab6cf63e8c06334f8d294f9581c8c59 Mon Sep 17 00:00:00 2001 From: matancarmeli7 Date: Sun, 5 Feb 2023 16:28:54 +0200 Subject: [PATCH 07/11] add new line in rbac Signed-off-by: matancarmeli7 --- config/rbac/role.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index c72388929..1951d9f40 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -378,4 +378,4 @@ rules: verbs: - get - patch - - update \ No newline at end of file + - update From ea4f9aa1ec7b873425e7a20a6448e6ec092909ba Mon Sep 17 00:00:00 2001 From: matancarmeli7 Date: Tue, 21 Feb 2023 09:27:02 +0200 Subject: [PATCH 08/11] update rbac Signed-off-by: matancarmeli7 --- config/rbac/role.yaml | 112 -------------- controllers/ibmblockcsi_controller.go | 13 -- .../crutils/static_resource_generator.go | 78 ---------- ...perator.v1.11.0.clusterserviceversion.yaml | 104 ------------- ...ck-csi-operator.clusterserviceversion.yaml | 144 +++--------------- 5 files changed, 20 insertions(+), 431 deletions(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 1951d9f40..71832a7b0 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -154,40 +154,6 @@ rules: - list - update - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplicationclasses - verbs: - - get - - list - - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplications - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplications/finalizers - verbs: - - update -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplications/status - verbs: - - get - - patch - - update - apiGroups: - security.openshift.io resourceNames: @@ -301,81 +267,3 @@ rules: - get - patch - update -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences/finalizers - verbs: - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences/status - verbs: - - get - - patch - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs/finalizers - verbs: - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs/status - verbs: - - get - - patch - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs/finalizers - verbs: - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs/status - verbs: - - get - - patch - - update diff --git a/controllers/ibmblockcsi_controller.go b/controllers/ibmblockcsi_controller.go index ec56aafd0..3f8d1aff4 100644 --- a/controllers/ibmblockcsi_controller.go +++ b/controllers/ibmblockcsi_controller.go @@ -102,22 +102,9 @@ type IBMBlockCSIReconciler struct { // +kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotcontents,verbs=get;watch;list;create;update;delete // +kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshotcontents/status,verbs=update // +kubebuilder:rbac:groups=snapshot.storage.k8s.io,resources=volumesnapshots,verbs=get;watch;list;update -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplicationclasses,verbs=get;list;watch -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications,verbs=create;delete;get;list;patch;update;watch -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications/finalizers,verbs=update -// +kubebuilder:rbac:groups=replication.storage.openshift.io,resources=volumereplications/status,verbs=get;patch;update // +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes,verbs=create;delete;get;list;patch;update;watch // +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes/finalizers,verbs=update // +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=csiaddonsnodes/status,verbs=get;patch;update -// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=networkfences,verbs=create;delete;get;list;patch;update;watch -// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=networkfences/finalizers,verbs=update -// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=networkfences/status,verbs=get;patch;update -// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs,verbs=create;delete;get;list;patch;update;watch -// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs/finalizers,verbs=update -// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacecronjobs/status,verbs=get;patch;update -// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacejobs,verbs=create;delete;get;list;patch;update;watch -// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacejobs/finalizers,verbs=update -// +kubebuilder:rbac:groups=csiaddons.openshift.io,resources=reclaimspacejobs/status,verbs=get;patch;update func (r *IBMBlockCSIReconciler) Reconcile(ctx context.Context, req ctrl.Request) (reconcile.Result, error) { reqLogger := log.WithValues("Request.Namespace", req.Namespace, "Request.Name", req.Name) reqLogger.Info("Reconciling IBMBlockCSI") diff --git a/controllers/internal/crutils/static_resource_generator.go b/controllers/internal/crutils/static_resource_generator.go index f2c10ce41..42e67706f 100644 --- a/controllers/internal/crutils/static_resource_generator.go +++ b/controllers/internal/crutils/static_resource_generator.go @@ -51,22 +51,9 @@ const ( volumeSnapshotsResource string = "volumesnapshots" volumeSnapshotContentsResource string = "volumesnapshotcontents" volumeSnapshotContentsStatusResource string = "volumesnapshotcontents/status" - volumeReplicationClassesResource string = "volumereplicationclasses" - volumeReplicationsResource string = "volumereplications" - volumeReplicationsFinalizersResource string = "volumereplications/finalizers" - volumeReplicationsStatusResource string = "volumereplications/status" csiAddonsNodesResource string = "csiaddonsnodes" csiAddonsNodesFinalizersResource string = "csiaddonsnodes/finalizers" csiAddonsNodesStatusResource string = "csiaddonsnodes/status" - networkFencesResource string = "networkfences" - networkFencesFinalizersResource string = "networkfences/finalizers" - networkFencesStatusResource string = "networkfences/status" - reclaimSpaceCronJobsResource string = "reclaimspacecronjobs" - reclaimSpaceCronJobsFinalizersResource string = "reclaimspacecronjobs/finalizers" - reclaimSpaceCronJobsStatusResource string = "reclaimspacecronjobs/status" - reclaimSpaceJobsResource string = "reclaimspacejobs" - reclaimSpaceJobsFinalizersResource string = "reclaimspacejobs/finalizers" - reclaimSpaceJobsStatusResource string = "reclaimspacejobs/status" eventsResource string = "events" nodesResource string = "nodes" csiNodesResource string = "csinodes" @@ -369,26 +356,6 @@ func (c *IBMBlockCSI) GenerateCSIAddonsReplicatorClusterRole() *rbacv1.ClusterRo Name: config.GetNameForResource(config.CSIAddonsReplicatorClusterRole, c.Name), }, Rules: []rbacv1.PolicyRule{ - { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, - Resources: []string{volumeReplicationClassesResource}, - Verbs: []string{verbGet, verbList, verbWatch}, - }, - { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, - Resources: []string{volumeReplicationsResource}, - Verbs: []string{verbCreate, verbDelete, verbGet, verbList, verbPatch, verbUpdate, verbWatch}, - }, - { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, - Resources: []string{volumeReplicationsFinalizersResource}, - Verbs: []string{verbUpdate}, - }, - { - APIGroups: []string{replicationStorageOpenshiftApiGroup}, - Resources: []string{volumeReplicationsStatusResource}, - Verbs: []string{verbGet, verbPatch, verbUpdate}, - }, { APIGroups: []string{""}, Resources: []string{secretsResource}, @@ -409,51 +376,6 @@ func (c *IBMBlockCSI) GenerateCSIAddonsReplicatorClusterRole() *rbacv1.ClusterRo Resources: []string{csiAddonsNodesStatusResource}, Verbs: []string{verbGet, verbPatch, verbUpdate}, }, - { - APIGroups: []string{csiAddonsApiGroup}, - Resources: []string{networkFencesResource}, - Verbs: []string{verbCreate, verbDelete, verbGet, verbList, verbPatch, verbUpdate, verbWatch}, - }, - { - APIGroups: []string{csiAddonsApiGroup}, - Resources: []string{networkFencesFinalizersResource}, - Verbs: []string{verbUpdate}, - }, - { - APIGroups: []string{csiAddonsApiGroup}, - Resources: []string{networkFencesStatusResource}, - Verbs: []string{verbGet, verbPatch, verbUpdate}, - }, - { - APIGroups: []string{csiAddonsApiGroup}, - Resources: []string{reclaimSpaceCronJobsResource}, - Verbs: []string{verbCreate, verbDelete, verbGet, verbList, verbPatch, verbUpdate, verbWatch}, - }, - { - APIGroups: []string{csiAddonsApiGroup}, - Resources: []string{reclaimSpaceCronJobsFinalizersResource}, - Verbs: []string{verbUpdate}, - }, - { - APIGroups: []string{csiAddonsApiGroup}, - Resources: []string{reclaimSpaceCronJobsStatusResource}, - Verbs: []string{verbGet, verbPatch, verbUpdate}, - }, - { - APIGroups: []string{csiAddonsApiGroup}, - Resources: []string{reclaimSpaceJobsResource}, - Verbs: []string{verbCreate, verbDelete, verbGet, verbList, verbPatch, verbUpdate, verbWatch}, - }, - { - APIGroups: []string{csiAddonsApiGroup}, - Resources: []string{reclaimSpaceJobsFinalizersResource}, - Verbs: []string{verbUpdate}, - }, - { - APIGroups: []string{csiAddonsApiGroup}, - Resources: []string{reclaimSpaceJobsStatusResource}, - Verbs: []string{verbGet, verbPatch, verbUpdate}, - }, }, } } diff --git a/deploy/olm-catalog/ibm-block-csi-operator-community/1.11.0/manifests/ibm-block-csi-operator.v1.11.0.clusterserviceversion.yaml b/deploy/olm-catalog/ibm-block-csi-operator-community/1.11.0/manifests/ibm-block-csi-operator.v1.11.0.clusterserviceversion.yaml index fc9101003..9da3b5cc0 100644 --- a/deploy/olm-catalog/ibm-block-csi-operator-community/1.11.0/manifests/ibm-block-csi-operator.v1.11.0.clusterserviceversion.yaml +++ b/deploy/olm-catalog/ibm-block-csi-operator-community/1.11.0/manifests/ibm-block-csi-operator.v1.11.0.clusterserviceversion.yaml @@ -608,110 +608,6 @@ spec: - volumeattachments/status verbs: - patch - - apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes/finalizers - verbs: - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes/status - verbs: - - get - - patch - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - networkfences - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - csiaddons.openshift.io - resources: - - networkfences/finalizers - verbs: - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - networkfences/status - verbs: - - get - - patch - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs/finalizers - verbs: - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs/status - verbs: - - get - - patch - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs/finalizers - verbs: - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs/status - verbs: - - get - - patch - - update deployments: - name: ibm-block-csi-operator diff --git a/deploy/olm-catalog/ibm-block-csi-operator/1.11.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml b/deploy/olm-catalog/ibm-block-csi-operator/1.11.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml index aa5fb6a74..48ef3c489 100644 --- a/deploy/olm-catalog/ibm-block-csi-operator/1.11.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/ibm-block-csi-operator/1.11.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml @@ -5,7 +5,7 @@ metadata: namespace: placeholder annotations: capabilities: "Seamless Upgrades" - olm.skipRange: ">=1.6.0 <1.11.0" + olm.skipRange: '>=1.6.0 <1.11.0' categories: "Storage,Cloud Provider" certified: "true" containerImage: registry.connect.redhat.com/ibm/ibm-block-csi-operator:1.11.0 @@ -226,51 +226,51 @@ spec: description: "Represents a block storage CSI driver" resources: - kind: ServiceAccount - name: "" + name: '' version: v1 - kind: StatefulSet - name: "" + name: '' version: apps/v1 - kind: DaemonSet - name: "" + name: '' version: apps/v1 specDescriptors: - description: Controller Image Repository. displayName: Controller Image Repository path: controller.repository x-descriptors: - - "urn:alm:descriptor:com.tectonic.ui:text" + - 'urn:alm:descriptor:com.tectonic.ui:text' - description: Controller Image Tag. displayName: Controller Image Tag path: controller.tag x-descriptors: - - "urn:alm:descriptor:com.tectonic.ui:text" + - 'urn:alm:descriptor:com.tectonic.ui:text' - description: Node Image Repository. displayName: Node Image Repository path: node.repository x-descriptors: - - "urn:alm:descriptor:com.tectonic.ui:text" + - 'urn:alm:descriptor:com.tectonic.ui:text' - description: Node Image Tag. displayName: Node Image Tag path: node.tag x-descriptors: - - "urn:alm:descriptor:com.tectonic.ui:text" + - 'urn:alm:descriptor:com.tectonic.ui:text' statusDescriptors: - description: The current status of the driver. displayName: Status path: phase x-descriptors: - - "urn:alm:descriptor:io.kubernetes.phase" + - 'urn:alm:descriptor:io.kubernetes.phase' - description: Is the controller ready? displayName: Controller Ready path: controllerReady x-descriptors: - - "urn:alm:descriptor:text" + - 'urn:alm:descriptor:text' - description: Is the node ready? displayName: Node Ready path: nodeReady x-descriptors: - - "urn:alm:descriptor:text" + - 'urn:alm:descriptor:text' - description: The current version of the driver. displayName: Version path: version @@ -299,33 +299,33 @@ spec: description: "Represents Host Definer for block storage CSI driver" resources: - kind: ServiceAccount - name: "" + name: '' version: v1 - kind: Deployment - name: "" + name: '' version: apps/v1 specDescriptors: - description: HostDefiner Image Repository. displayName: HostDefiner Image Repository path: hostdefiner.repository x-descriptors: - - "urn:alm:descriptor:com.tectonic.ui:text" + - 'urn:alm:descriptor:com.tectonic.ui:text' - description: HostDefiner Image Tag. displayName: HostDefiner Image Tag path: hostdefiner.tag x-descriptors: - - "urn:alm:descriptor:com.tectonic.ui:text" + - 'urn:alm:descriptor:com.tectonic.ui:text' statusDescriptors: - description: The current status of the host definer. displayName: Status path: phase x-descriptors: - - "urn:alm:descriptor:io.kubernetes.phase" + - 'urn:alm:descriptor:io.kubernetes.phase' - description: Is the host definer deployment ready? displayName: HostDefiner Ready path: hostdefinerReady x-descriptors: - - "urn:alm:descriptor:text" + - 'urn:alm:descriptor:text' - description: The current version of the driver. displayName: Version path: version @@ -348,7 +348,7 @@ spec: resources: - events verbs: - - "*" + - '*' - apiGroups: - "" resources: @@ -455,9 +455,9 @@ spec: - apiGroups: - csi.ibm.com resources: - - "*" + - '*' verbs: - - "*" + - '*' - apiGroups: - monitoring.coreos.com resources: @@ -598,110 +598,6 @@ spec: - volumeattachments/status verbs: - patch - - apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes/finalizers - verbs: - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - csiaddonsnodes/status - verbs: - - get - - patch - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - networkfences - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - csiaddons.openshift.io - resources: - - networkfences/finalizers - verbs: - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - networkfences/status - verbs: - - get - - patch - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs/finalizers - verbs: - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs/status - verbs: - - get - - patch - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs/finalizers - verbs: - - update - - apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs/status - verbs: - - get - - patch - - update deployments: - name: ibm-block-csi-operator From 0ed835336a70d68b33e8e522f76a806c7b64412c Mon Sep 17 00:00:00 2001 From: matancarmeli7 Date: Tue, 21 Feb 2023 09:29:21 +0200 Subject: [PATCH 09/11] update yaml files Signed-off-by: matancarmeli7 --- .../generated/ibm-block-csi-operator.yaml | 112 ------------------ 1 file changed, 112 deletions(-) diff --git a/deploy/installer/generated/ibm-block-csi-operator.yaml b/deploy/installer/generated/ibm-block-csi-operator.yaml index 189d2310b..0b6516a5e 100644 --- a/deploy/installer/generated/ibm-block-csi-operator.yaml +++ b/deploy/installer/generated/ibm-block-csi-operator.yaml @@ -1946,40 +1946,6 @@ rules: - list - update - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplicationclasses - verbs: - - get - - list - - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplications - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplications/finalizers - verbs: - - update -- apiGroups: - - replication.storage.openshift.io - resources: - - volumereplications/status - verbs: - - get - - patch - - update - apiGroups: - security.openshift.io resourceNames: @@ -2093,84 +2059,6 @@ rules: - get - patch - update -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences/finalizers - verbs: - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - networkfences/status - verbs: - - get - - patch - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs/finalizers - verbs: - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacecronjobs/status - verbs: - - get - - patch - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs/finalizers - verbs: - - update -- apiGroups: - - csiaddons.openshift.io - resources: - - reclaimspacejobs/status - verbs: - - get - - patch - - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding From 8a3a6d24ebd7b1314cdbbd0ad00a93e3bb5559bd Mon Sep 17 00:00:00 2001 From: matancarmeli7 Date: Tue, 21 Feb 2023 09:35:20 +0200 Subject: [PATCH 10/11] change rules in csv files Signed-off-by: matancarmeli7 --- ...perator.v1.12.0.clusterserviceversion.yaml | 20 ++++++------------- ...ck-csi-operator.clusterserviceversion.yaml | 20 ++++++------------- 2 files changed, 12 insertions(+), 28 deletions(-) diff --git a/deploy/olm-catalog/ibm-block-csi-operator-community/1.12.0/manifests/ibm-block-csi-operator.v1.12.0.clusterserviceversion.yaml b/deploy/olm-catalog/ibm-block-csi-operator-community/1.12.0/manifests/ibm-block-csi-operator.v1.12.0.clusterserviceversion.yaml index f4846ebf1..70cdbcd35 100644 --- a/deploy/olm-catalog/ibm-block-csi-operator-community/1.12.0/manifests/ibm-block-csi-operator.v1.12.0.clusterserviceversion.yaml +++ b/deploy/olm-catalog/ibm-block-csi-operator-community/1.12.0/manifests/ibm-block-csi-operator.v1.12.0.clusterserviceversion.yaml @@ -488,17 +488,9 @@ spec: - update - watch - apiGroups: - - replication.storage.openshift.io + - csiaddons.openshift.io resources: - - volumereplicationclasses - verbs: - - get - - list - - watch - - apiGroups: - - replication.storage.openshift.io - resources: - - volumereplications + - csiaddonsnodes verbs: - create - delete @@ -508,15 +500,15 @@ spec: - update - watch - apiGroups: - - replication.storage.openshift.io + - csiaddons.openshift.io resources: - - volumereplications/finalizers + - csiaddonsnodes/finalizers verbs: - update - apiGroups: - - replication.storage.openshift.io + - csiaddons.openshift.io resources: - - volumereplications/status + - csiaddonsnodes/status verbs: - get - patch diff --git a/deploy/olm-catalog/ibm-block-csi-operator/1.12.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml b/deploy/olm-catalog/ibm-block-csi-operator/1.12.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml index ecbe4d6ad..4b4e212d3 100644 --- a/deploy/olm-catalog/ibm-block-csi-operator/1.12.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/ibm-block-csi-operator/1.12.0/manifests/ibm-block-csi-operator.clusterserviceversion.yaml @@ -478,17 +478,9 @@ spec: - update - watch - apiGroups: - - replication.storage.openshift.io + - csiaddons.openshift.io resources: - - volumereplicationclasses - verbs: - - get - - list - - watch - - apiGroups: - - replication.storage.openshift.io - resources: - - volumereplications + - csiaddonsnodes verbs: - create - delete @@ -498,15 +490,15 @@ spec: - update - watch - apiGroups: - - replication.storage.openshift.io + - csiaddons.openshift.io resources: - - volumereplications/finalizers + - csiaddonsnodes/finalizers verbs: - update - apiGroups: - - replication.storage.openshift.io + - csiaddons.openshift.io resources: - - volumereplications/status + - csiaddonsnodes/status verbs: - get - patch From fa2bcbf7ca891568dd112fa6c122bc2a7a5f13f6 Mon Sep 17 00:00:00 2001 From: matancarmeli7 Date: Sun, 26 Feb 2023 10:12:43 +0200 Subject: [PATCH 11/11] remove replication api group Signed-off-by: matancarmeli7 --- controllers/internal/crutils/static_resource_generator.go | 1 - 1 file changed, 1 deletion(-) diff --git a/controllers/internal/crutils/static_resource_generator.go b/controllers/internal/crutils/static_resource_generator.go index 42e67706f..0094d3088 100644 --- a/controllers/internal/crutils/static_resource_generator.go +++ b/controllers/internal/crutils/static_resource_generator.go @@ -31,7 +31,6 @@ const ( volumeGroupApiGroup string = "csi.ibm.com" storageApiGroup string = "storage.k8s.io" rbacAuthorizationApiGroup string = "rbac.authorization.k8s.io" - replicationStorageOpenshiftApiGroup string = "replication.storage.openshift.io" csiAddonsApiGroup string = "csiaddons.openshift.io" storageClassesResource string = "storageclasses" persistentVolumesResource string = "persistentvolumes"