Skip to content

Commit

Permalink
Merge pull request #777 from kubernetes-sigs/revert-710-master
Browse files Browse the repository at this point in the history 
Revert "EFS-CSI pod impersonation implementation"
  • Loading branch information
@wongma7
wongma7 authored Sep 29, 2022
2 parents d319944 + 863fa0b commit a0fa760
Show file tree
Hide file tree
Showing 12 changed files with 1 addition and 418 deletions.
7 changes: 0 additions & 7 deletions charts/aws-efs-csi-driver/templates/csidriver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,3 @@ metadata:
"helm.sh/resource-policy": keep
spec:
attachRequired: false
{{- if .Values.podIAMAuthorization }}
podInfoOnMount: true
tokenRequests:
- audience: "sts.amazonaws.com"
expirationSeconds: 3600
requiresRepublish: true
{{- end}}
30 changes: 0 additions & 30 deletions charts/aws-efs-csi-driver/templates/node-serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,33 +10,3 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

{{- if .Values.podIAMAuthorization }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: efs-csi-external-provisioner-role-node
labels:
app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
rules:
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
---
# Source: aws-efs-csi-driver/templates/node-serviceaccount.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: efs-csi-node-binding
labels:
app.kubernetes.io/name: aws-efs-csi-driver
subjects:
- kind: ServiceAccount
name: {{ .Values.node.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: efs-csi-external-provisioner-role-node
apiGroup: rbac.authorization.k8s.io
{{- end }}
1 change: 0 additions & 1 deletion charts/aws-efs-csi-driver/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ fullnameOverride: ""
replicaCount: 2

useFIPS: false
podIAMAuthorization: false

image:
repository: amazon/aws-efs-csi-driver
Expand Down
1 change: 0 additions & 1 deletion cmd/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@ func main() {
if err != nil {
klog.Fatalln(err)
}

drv := driver.NewDriver(*endpoint, etcAmazonEfs, *efsUtilsStaticFilesPath, *tags, *volMetricsOptIn, *volMetricsRefreshPeriod, *volMetricsFsRateLimit, *deleteAccessPointRootDir)
if err := drv.Run(); err != nil {
klog.Fatalln(err)
Expand Down
2 changes: 1 addition & 1 deletion deploy/kubernetes/base/controller-serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: efs-csi-controller-sa
namespace: kube-system
namespace: default
roleRef:
kind: ClusterRole
name: efs-csi-external-provisioner-role
Expand Down
6 changes: 0 additions & 6 deletions deploy/kubernetes/base/csidriver.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,3 @@ metadata:
"helm.sh/resource-policy": keep
spec:
attachRequired: false
podInfoOnMount: true
tokenRequests:
- audience: "sts.amazonaws.com"
expirationSeconds: 3600
requiresRepublish: true

28 changes: 0 additions & 28 deletions deploy/kubernetes/base/node-serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,31 +6,3 @@ metadata:
name: efs-csi-node-sa
labels:
app.kubernetes.io/name: aws-efs-csi-driver
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: efs-csi-external-provisioner-role-node
labels:
app.kubernetes.io/name: aws-efs-csi-driver
rules:
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
---
# Source: aws-efs-csi-driver/templates/node-serviceaccount.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: efs-csi-node-binding
labels:
app.kubernetes.io/name: aws-efs-csi-driver
subjects:
- kind: ServiceAccount
name: efs-csi-node-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: efs-csi-external-provisioner-role-node
apiGroup: rbac.authorization.k8s.io

83 changes: 0 additions & 83 deletions examples/kubernetes/pod_iam_impersonation/README.md
View file

This file was deleted.

54 changes: 0 additions & 54 deletions examples/kubernetes/pod_iam_impersonation/specs/example.yaml
View file

This file was deleted.

16 changes: 0 additions & 16 deletions pkg/driver/driver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,6 @@ import (

"github.com/container-storage-interface/spec/lib/go/csi"
"google.golang.org/grpc"
"k8s.io/client-go/kubernetes"
k8sv1 "k8s.io/client-go/kubernetes/typed/core/v1"
"k8s.io/client-go/rest"
"k8s.io/klog"

"github.com/kubernetes-sigs/aws-efs-csi-driver/pkg/cloud"
Expand All @@ -51,7 +48,6 @@ type Driver struct {
gidAllocator GidAllocator
deleteAccessPointRootDir bool
tags map[string]string
k8sClient k8sv1.CoreV1Interface
}

func NewDriver(endpoint, efsUtilsCfgPath, efsUtilsStaticFilesPath, tags string, volMetricsOptIn bool, volMetricsRefreshPeriod float64, volMetricsFsRateLimit int, deleteAccessPointRootDir bool) *Driver {
Expand All @@ -62,17 +58,6 @@ func NewDriver(endpoint, efsUtilsCfgPath, efsUtilsStaticFilesPath, tags string,

nodeCaps := SetNodeCapOptInFeatures(volMetricsOptIn)
watchdog := newExecWatchdog(efsUtilsCfgPath, efsUtilsStaticFilesPath, "amazon-efs-mount-watchdog")

cfg, err := rest.InClusterConfig()
if err != nil {
klog.Fatal(err)
}

clientset, err := kubernetes.NewForConfig(cfg)
if err != nil {
klog.Fatal(err)
}

return &Driver{
endpoint: endpoint,
nodeID: cloud.GetMetadata().GetInstanceID(),
Expand All @@ -87,7 +72,6 @@ func NewDriver(endpoint, efsUtilsCfgPath, efsUtilsStaticFilesPath, tags string,
gidAllocator: NewGidAllocator(),
deleteAccessPointRootDir: deleteAccessPointRootDir,
tags: parseTagsFromStr(strings.TrimSpace(tags)),
k8sClient: clientset.CoreV1(),
}
}

Expand Down
Loading

0 comments on commit a0fa760

Please sign in to comment.