sigs.k8s.io/cluster-api-provider-aws@v1.5.5/test/e2e/data/infrastructure-aws/e2e_test_templates/cluster-template-external-csi.yaml (about) 1 apiVersion: cluster.x-k8s.io/v1beta1 2 kind: Cluster 3 metadata: 4 labels: 5 cni: ${CLUSTER_NAME}-crs-0 6 csi: external 7 name: ${CLUSTER_NAME} 8 spec: 9 clusterNetwork: 10 pods: 11 cidrBlocks: 12 - 192.168.0.0/16 13 controlPlaneRef: 14 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 15 kind: KubeadmControlPlane 16 name: ${CLUSTER_NAME}-control-plane 17 infrastructureRef: 18 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 19 kind: AWSCluster 20 name: ${CLUSTER_NAME} 21 --- 22 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 23 kind: AWSCluster 24 metadata: 25 name: ${CLUSTER_NAME} 26 spec: 27 network: 28 vpc: 29 availabilityZoneUsageLimit: 1 30 region: ${AWS_REGION} 31 sshKeyName: ${AWS_SSH_KEY_NAME} 32 --- 33 apiVersion: controlplane.cluster.x-k8s.io/v1beta1 34 kind: KubeadmControlPlane 35 metadata: 36 name: ${CLUSTER_NAME}-control-plane 37 spec: 38 kubeadmConfigSpec: 39 clusterConfiguration: 40 apiServer: 41 extraArgs: 42 cloud-provider: aws 43 controllerManager: 44 extraArgs: 45 cloud-provider: aws 46 initConfiguration: 47 nodeRegistration: 48 kubeletExtraArgs: 49 cloud-provider: aws 50 name: '{{ ds.meta_data.local_hostname }}' 51 joinConfiguration: 52 nodeRegistration: 53 kubeletExtraArgs: 54 cloud-provider: aws 55 name: '{{ ds.meta_data.local_hostname }}' 56 machineTemplate: 57 infrastructureRef: 58 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 59 kind: AWSMachineTemplate 60 name: ${CLUSTER_NAME}-control-plane 61 replicas: ${CONTROL_PLANE_MACHINE_COUNT} 62 version: ${KUBERNETES_VERSION} 63 --- 64 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 65 kind: AWSMachineTemplate 66 metadata: 67 name: ${CLUSTER_NAME}-control-plane 68 spec: 69 template: 70 spec: 71 iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io 72 instanceType: ${AWS_CONTROL_PLANE_MACHINE_TYPE} 73 sshKeyName: ${AWS_SSH_KEY_NAME} 74 --- 75 apiVersion: cluster.x-k8s.io/v1beta1 76 kind: MachineDeployment 77 metadata: 78 name: ${CLUSTER_NAME}-md-0 79 spec: 80 clusterName: ${CLUSTER_NAME} 81 replicas: ${WORKER_MACHINE_COUNT} 82 selector: 83 matchLabels: null 84 template: 85 spec: 86 bootstrap: 87 configRef: 88 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 89 kind: KubeadmConfigTemplate 90 name: ${CLUSTER_NAME}-md-0 91 clusterName: ${CLUSTER_NAME} 92 infrastructureRef: 93 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 94 kind: AWSMachineTemplate 95 name: ${CLUSTER_NAME}-md-0 96 version: ${KUBERNETES_VERSION} 97 --- 98 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 99 kind: AWSMachineTemplate 100 metadata: 101 name: ${CLUSTER_NAME}-md-0 102 spec: 103 template: 104 spec: 105 iamInstanceProfile: nodes.cluster-api-provider-aws.sigs.k8s.io 106 instanceType: ${AWS_NODE_MACHINE_TYPE} 107 sshKeyName: ${AWS_SSH_KEY_NAME} 108 --- 109 apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 110 kind: KubeadmConfigTemplate 111 metadata: 112 name: ${CLUSTER_NAME}-md-0 113 spec: 114 template: 115 spec: 116 joinConfiguration: 117 nodeRegistration: 118 kubeletExtraArgs: 119 cloud-provider: aws 120 name: '{{ ds.meta_data.local_hostname }}' 121 --- 122 apiVersion: v1 123 data: ${CNI_RESOURCES} 124 kind: ConfigMap 125 metadata: 126 name: cni-${CLUSTER_NAME}-crs-0 127 --- 128 apiVersion: addons.cluster.x-k8s.io/v1beta1 129 kind: ClusterResourceSet 130 metadata: 131 name: ${CLUSTER_NAME}-crs-0 132 spec: 133 clusterSelector: 134 matchLabels: 135 cni: ${CLUSTER_NAME}-crs-0 136 resources: 137 - kind: ConfigMap 138 name: cni-${CLUSTER_NAME}-crs-0 139 strategy: ApplyOnce 140 --- 141 apiVersion: addons.cluster.x-k8s.io/v1beta1 142 kind: ClusterResourceSet 143 metadata: 144 name: crs-csi 145 spec: 146 clusterSelector: 147 matchLabels: 148 csi: external 149 resources: 150 - kind: ConfigMap 151 name: aws-ebs-csi-driver-addon 152 strategy: ApplyOnce 153 --- 154 apiVersion: v1 155 data: 156 aws-ebs-csi-external.yaml: |- 157 apiVersion: v1 158 kind: Secret 159 metadata: 160 name: aws-secret 161 namespace: kube-system 162 stringData: 163 key_id: "" 164 access_key: "" 165 --- 166 apiVersion: v1 167 kind: ServiceAccount 168 metadata: 169 labels: 170 app.kubernetes.io/name: aws-ebs-csi-driver 171 name: ebs-csi-controller-sa 172 namespace: kube-system 173 --- 174 apiVersion: v1 175 kind: ServiceAccount 176 metadata: 177 labels: 178 app.kubernetes.io/name: aws-ebs-csi-driver 179 name: ebs-csi-node-sa 180 namespace: kube-system 181 --- 182 apiVersion: rbac.authorization.k8s.io/v1 183 kind: ClusterRole 184 metadata: 185 labels: 186 app.kubernetes.io/name: aws-ebs-csi-driver 187 name: ebs-external-attacher-role 188 rules: 189 - apiGroups: 190 - "" 191 resources: 192 - persistentvolumes 193 verbs: 194 - get 195 - list 196 - watch 197 - update 198 - patch 199 - apiGroups: 200 - "" 201 resources: 202 - nodes 203 verbs: 204 - get 205 - list 206 - watch 207 - apiGroups: 208 - csi.storage.k8s.io 209 resources: 210 - csinodeinfos 211 verbs: 212 - get 213 - list 214 - watch 215 - apiGroups: 216 - storage.k8s.io 217 resources: 218 - volumeattachments 219 verbs: 220 - get 221 - list 222 - watch 223 - update 224 - patch 225 - apiGroups: 226 - storage.k8s.io 227 resources: 228 - volumeattachments/status 229 verbs: 230 - patch 231 --- 232 apiVersion: rbac.authorization.k8s.io/v1 233 kind: ClusterRole 234 metadata: 235 labels: 236 app.kubernetes.io/name: aws-ebs-csi-driver 237 name: ebs-external-provisioner-role 238 rules: 239 - apiGroups: 240 - "" 241 resources: 242 - persistentvolumes 243 verbs: 244 - get 245 - list 246 - watch 247 - create 248 - delete 249 - apiGroups: 250 - "" 251 resources: 252 - persistentvolumeclaims 253 verbs: 254 - get 255 - list 256 - watch 257 - update 258 - apiGroups: 259 - storage.k8s.io 260 resources: 261 - storageclasses 262 verbs: 263 - get 264 - list 265 - watch 266 - apiGroups: 267 - "" 268 resources: 269 - events 270 verbs: 271 - list 272 - watch 273 - create 274 - update 275 - patch 276 - apiGroups: 277 - snapshot.storage.k8s.io 278 resources: 279 - volumesnapshots 280 verbs: 281 - get 282 - list 283 - apiGroups: 284 - snapshot.storage.k8s.io 285 resources: 286 - volumesnapshotcontents 287 verbs: 288 - get 289 - list 290 - apiGroups: 291 - storage.k8s.io 292 resources: 293 - csinodes 294 verbs: 295 - get 296 - list 297 - watch 298 - apiGroups: 299 - "" 300 resources: 301 - nodes 302 verbs: 303 - get 304 - list 305 - watch 306 - apiGroups: 307 - coordination.k8s.io 308 resources: 309 - leases 310 verbs: 311 - get 312 - watch 313 - list 314 - delete 315 - update 316 - create 317 - apiGroups: 318 - storage.k8s.io 319 resources: 320 - volumeattachments 321 verbs: 322 - get 323 - list 324 - watch 325 --- 326 apiVersion: rbac.authorization.k8s.io/v1 327 kind: ClusterRole 328 metadata: 329 labels: 330 app.kubernetes.io/name: aws-ebs-csi-driver 331 name: ebs-external-resizer-role 332 rules: 333 - apiGroups: 334 - "" 335 resources: 336 - persistentvolumes 337 verbs: 338 - get 339 - list 340 - watch 341 - update 342 - patch 343 - apiGroups: 344 - "" 345 resources: 346 - persistentvolumeclaims 347 verbs: 348 - get 349 - list 350 - watch 351 - apiGroups: 352 - "" 353 resources: 354 - persistentvolumeclaims/status 355 verbs: 356 - update 357 - patch 358 - apiGroups: 359 - storage.k8s.io 360 resources: 361 - storageclasses 362 verbs: 363 - get 364 - list 365 - watch 366 - apiGroups: 367 - "" 368 resources: 369 - events 370 verbs: 371 - list 372 - watch 373 - create 374 - update 375 - patch 376 - apiGroups: 377 - "" 378 resources: 379 - pods 380 verbs: 381 - get 382 - list 383 - watch 384 --- 385 apiVersion: rbac.authorization.k8s.io/v1 386 kind: ClusterRole 387 metadata: 388 labels: 389 app.kubernetes.io/name: aws-ebs-csi-driver 390 name: ebs-external-snapshotter-role 391 rules: 392 - apiGroups: 393 - "" 394 resources: 395 - events 396 verbs: 397 - list 398 - watch 399 - create 400 - update 401 - patch 402 - apiGroups: 403 - "" 404 resources: 405 - secrets 406 verbs: 407 - get 408 - list 409 - apiGroups: 410 - snapshot.storage.k8s.io 411 resources: 412 - volumesnapshotclasses 413 verbs: 414 - get 415 - list 416 - watch 417 - apiGroups: 418 - snapshot.storage.k8s.io 419 resources: 420 - volumesnapshotcontents 421 verbs: 422 - create 423 - get 424 - list 425 - watch 426 - update 427 - delete 428 - apiGroups: 429 - snapshot.storage.k8s.io 430 resources: 431 - volumesnapshotcontents/status 432 verbs: 433 - update 434 --- 435 apiVersion: rbac.authorization.k8s.io/v1 436 kind: ClusterRoleBinding 437 metadata: 438 labels: 439 app.kubernetes.io/name: aws-ebs-csi-driver 440 name: ebs-csi-attacher-binding 441 roleRef: 442 apiGroup: rbac.authorization.k8s.io 443 kind: ClusterRole 444 name: ebs-external-attacher-role 445 subjects: 446 - kind: ServiceAccount 447 name: ebs-csi-controller-sa 448 namespace: kube-system 449 --- 450 apiVersion: rbac.authorization.k8s.io/v1 451 kind: ClusterRoleBinding 452 metadata: 453 labels: 454 app.kubernetes.io/name: aws-ebs-csi-driver 455 name: ebs-csi-provisioner-binding 456 roleRef: 457 apiGroup: rbac.authorization.k8s.io 458 kind: ClusterRole 459 name: ebs-external-provisioner-role 460 subjects: 461 - kind: ServiceAccount 462 name: ebs-csi-controller-sa 463 namespace: kube-system 464 --- 465 apiVersion: rbac.authorization.k8s.io/v1 466 kind: ClusterRoleBinding 467 metadata: 468 labels: 469 app.kubernetes.io/name: aws-ebs-csi-driver 470 name: ebs-csi-resizer-binding 471 roleRef: 472 apiGroup: rbac.authorization.k8s.io 473 kind: ClusterRole 474 name: ebs-external-resizer-role 475 subjects: 476 - kind: ServiceAccount 477 name: ebs-csi-controller-sa 478 namespace: kube-system 479 --- 480 apiVersion: rbac.authorization.k8s.io/v1 481 kind: ClusterRoleBinding 482 metadata: 483 labels: 484 app.kubernetes.io/name: aws-ebs-csi-driver 485 name: ebs-csi-snapshotter-binding 486 roleRef: 487 apiGroup: rbac.authorization.k8s.io 488 kind: ClusterRole 489 name: ebs-external-snapshotter-role 490 subjects: 491 - kind: ServiceAccount 492 name: ebs-csi-controller-sa 493 namespace: kube-system 494 --- 495 apiVersion: apps/v1 496 kind: Deployment 497 metadata: 498 labels: 499 app.kubernetes.io/name: aws-ebs-csi-driver 500 name: ebs-csi-controller 501 namespace: kube-system 502 spec: 503 replicas: 2 504 selector: 505 matchLabels: 506 app: ebs-csi-controller 507 app.kubernetes.io/name: aws-ebs-csi-driver 508 template: 509 metadata: 510 labels: 511 app: ebs-csi-controller 512 app.kubernetes.io/name: aws-ebs-csi-driver 513 spec: 514 containers: 515 - args: 516 - --endpoint=$(CSI_ENDPOINT) 517 - --logtostderr 518 - --v=2 519 env: 520 - name: CSI_ENDPOINT 521 value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock 522 - name: CSI_NODE_NAME 523 valueFrom: 524 fieldRef: 525 fieldPath: spec.nodeName 526 - name: AWS_ACCESS_KEY_ID 527 valueFrom: 528 secretKeyRef: 529 key: key_id 530 name: aws-secret 531 optional: true 532 - name: AWS_SECRET_ACCESS_KEY 533 valueFrom: 534 secretKeyRef: 535 key: access_key 536 name: aws-secret 537 optional: true 538 image: registry.k8s.io/provider-aws/aws-ebs-csi-driver:v1.2.0 539 imagePullPolicy: IfNotPresent 540 livenessProbe: 541 failureThreshold: 5 542 httpGet: 543 path: /healthz 544 port: healthz 545 initialDelaySeconds: 10 546 periodSeconds: 10 547 timeoutSeconds: 3 548 name: ebs-plugin 549 ports: 550 - containerPort: 9808 551 name: healthz 552 protocol: TCP 553 readinessProbe: 554 failureThreshold: 5 555 httpGet: 556 path: /healthz 557 port: healthz 558 initialDelaySeconds: 10 559 periodSeconds: 10 560 timeoutSeconds: 3 561 volumeMounts: 562 - mountPath: /var/lib/csi/sockets/pluginproxy/ 563 name: socket-dir 564 - args: 565 - --csi-address=$(ADDRESS) 566 - --v=2 567 - --feature-gates=Topology=true 568 - --extra-create-metadata 569 - --leader-election=true 570 - --default-fstype=ext4 571 env: 572 - name: ADDRESS 573 value: /var/lib/csi/sockets/pluginproxy/csi.sock 574 image: registry.k8s.io/sig-storage/csi-provisioner:v2.1.1 575 name: csi-provisioner 576 volumeMounts: 577 - mountPath: /var/lib/csi/sockets/pluginproxy/ 578 name: socket-dir 579 - args: 580 - --csi-address=$(ADDRESS) 581 - --v=2 582 - --leader-election=true 583 env: 584 - name: ADDRESS 585 value: /var/lib/csi/sockets/pluginproxy/csi.sock 586 image: registry.k8s.io/sig-storage/csi-attacher:v3.1.0 587 name: csi-attacher 588 volumeMounts: 589 - mountPath: /var/lib/csi/sockets/pluginproxy/ 590 name: socket-dir 591 - args: 592 - --csi-address=$(ADDRESS) 593 - --leader-election=true 594 env: 595 - name: ADDRESS 596 value: /var/lib/csi/sockets/pluginproxy/csi.sock 597 image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 598 name: csi-snapshotter 599 volumeMounts: 600 - mountPath: /var/lib/csi/sockets/pluginproxy/ 601 name: socket-dir 602 - args: 603 - --csi-address=$(ADDRESS) 604 - --v=2 605 env: 606 - name: ADDRESS 607 value: /var/lib/csi/sockets/pluginproxy/csi.sock 608 image: registry.k8s.io/sig-storage/csi-resizer:v1.0.0 609 imagePullPolicy: Always 610 name: csi-resizer 611 volumeMounts: 612 - mountPath: /var/lib/csi/sockets/pluginproxy/ 613 name: socket-dir 614 - args: 615 - --csi-address=/csi/csi.sock 616 image: registry.k8s.io/sig-storage/livenessprobe:v2.2.0 617 name: liveness-probe 618 volumeMounts: 619 - mountPath: /csi 620 name: socket-dir 621 nodeSelector: 622 kubernetes.io/os: linux 623 priorityClassName: system-cluster-critical 624 serviceAccountName: ebs-csi-controller-sa 625 tolerations: 626 - key: CriticalAddonsOnly 627 operator: Exists 628 - effect: NoExecute 629 operator: Exists 630 tolerationSeconds: 300 631 - key: node-role.kubernetes.io/master 632 effect: NoSchedule 633 - effect: NoSchedule 634 key: node-role.kubernetes.io/control-plane 635 affinity: 636 nodeAffinity: 637 requiredDuringSchedulingIgnoredDuringExecution: 638 nodeSelectorTerms: 639 - matchExpressions: 640 - key: node-role.kubernetes.io/control-plane 641 operator: Exists 642 - matchExpressions: 643 - key: node-role.kubernetes.io/master 644 operator: Exists 645 volumes: 646 - emptyDir: {} 647 name: socket-dir 648 --- 649 apiVersion: policy/v1beta1 650 kind: PodDisruptionBudget 651 metadata: 652 labels: 653 app.kubernetes.io/name: aws-ebs-csi-driver 654 name: ebs-csi-controller 655 namespace: kube-system 656 spec: 657 maxUnavailable: 1 658 selector: 659 matchLabels: 660 app: ebs-csi-controller 661 app.kubernetes.io/name: aws-ebs-csi-driver 662 --- 663 apiVersion: apps/v1 664 kind: DaemonSet 665 metadata: 666 labels: 667 app.kubernetes.io/name: aws-ebs-csi-driver 668 name: ebs-csi-node 669 namespace: kube-system 670 spec: 671 selector: 672 matchLabels: 673 app: ebs-csi-node 674 app.kubernetes.io/name: aws-ebs-csi-driver 675 template: 676 metadata: 677 labels: 678 app: ebs-csi-node 679 app.kubernetes.io/name: aws-ebs-csi-driver 680 spec: 681 affinity: 682 nodeAffinity: 683 requiredDuringSchedulingIgnoredDuringExecution: 684 nodeSelectorTerms: 685 - matchExpressions: 686 - key: eks.amazonaws.com/compute-type 687 operator: NotIn 688 values: 689 - fargate 690 containers: 691 - args: 692 - node 693 - --endpoint=$(CSI_ENDPOINT) 694 - --logtostderr 695 - --v=2 696 env: 697 - name: CSI_ENDPOINT 698 value: unix:/csi/csi.sock 699 - name: CSI_NODE_NAME 700 valueFrom: 701 fieldRef: 702 fieldPath: spec.nodeName 703 image: registry.k8s.io/provider-aws/aws-ebs-csi-driver:v1.2.0 704 livenessProbe: 705 failureThreshold: 5 706 httpGet: 707 path: /healthz 708 port: healthz 709 initialDelaySeconds: 10 710 periodSeconds: 10 711 timeoutSeconds: 3 712 name: ebs-plugin 713 ports: 714 - containerPort: 9808 715 name: healthz 716 protocol: TCP 717 securityContext: 718 privileged: true 719 volumeMounts: 720 - mountPath: /var/lib/kubelet 721 mountPropagation: Bidirectional 722 name: kubelet-dir 723 - mountPath: /csi 724 name: plugin-dir 725 - mountPath: /dev 726 name: device-dir 727 - args: 728 - --csi-address=$(ADDRESS) 729 - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) 730 - --v=2 731 env: 732 - name: ADDRESS 733 value: /csi/csi.sock 734 - name: DRIVER_REG_SOCK_PATH 735 value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock 736 image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.1.0 737 name: node-driver-registrar 738 volumeMounts: 739 - mountPath: /csi 740 name: plugin-dir 741 - mountPath: /registration 742 name: registration-dir 743 - args: 744 - --csi-address=/csi/csi.sock 745 image: registry.k8s.io/sig-storage/livenessprobe:v2.2.0 746 name: liveness-probe 747 volumeMounts: 748 - mountPath: /csi 749 name: plugin-dir 750 nodeSelector: 751 kubernetes.io/os: linux 752 priorityClassName: system-node-critical 753 serviceAccountName: ebs-csi-node-sa 754 tolerations: 755 - key: CriticalAddonsOnly 756 operator: Exists 757 - effect: NoExecute 758 operator: Exists 759 tolerationSeconds: 300 760 volumes: 761 - hostPath: 762 path: /var/lib/kubelet 763 type: Directory 764 name: kubelet-dir 765 - hostPath: 766 path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ 767 type: DirectoryOrCreate 768 name: plugin-dir 769 - hostPath: 770 path: /var/lib/kubelet/plugins_registry/ 771 type: Directory 772 name: registration-dir 773 - hostPath: 774 path: /dev 775 type: Directory 776 name: device-dir 777 updateStrategy: 778 rollingUpdate: 779 maxUnavailable: 10% 780 type: RollingUpdate 781 --- 782 apiVersion: storage.k8s.io/v1 783 kind: CSIDriver 784 metadata: 785 labels: 786 app.kubernetes.io/name: aws-ebs-csi-driver 787 name: ebs.csi.aws.com 788 spec: 789 attachRequired: true 790 podInfoOnMount: false 791 kind: ConfigMap 792 metadata: 793 annotations: 794 note: generated 795 labels: 796 type: generated 797 name: aws-ebs-csi-driver-addon