divyenpatel/csi-migration-vsphere-csi-controller-deployment.yaml

## csi-migration-vsphere-csi-controller-deployment.yaml
# Minimum Kubernetes version - 1.16
# For prior releases make sure to add required --feature-gates flags
kind: Deployment
apiVersion: apps/v1
metadata:
  name: vsphere-csi-controller
  namespace: kube-system
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 0
  selector:
    matchLabels:
      app: vsphere-csi-controller
  template:
    metadata:
      labels:
        app: vsphere-csi-controller
        role: vsphere-csi
    spec:
      serviceAccountName: vsphere-csi-controller
      nodeSelector:
        node-role.kubernetes.io/master: ""
      tolerations:
        - operator: "Exists"
          effect: NoSchedule
        - operator: "Exists"
          effect: NoExecute
      dnsPolicy: "Default"
      containers:
        - name: csi-attacher
          image: divyen/csi-translation-external-attacher:latest
          args:
            - "--v=4"
            - "--timeout=300s"
            - "--csi-address=$(ADDRESS)"
            - "--leader-election"
          env:
            - name: ADDRESS
              value: /csi/csi.sock
          volumeMounts:
            - mountPath: /csi
              name: socket-dir
        - name: csi-resizer
          image: quay.io/k8scsi/csi-resizer:v0.3.0
          args:
            - "--v=4"
            - "--csiTimeout=300s"
            - "--csi-address=$(ADDRESS)"
            - "--leader-election"
          env:
            - name: ADDRESS
              value: /csi/csi.sock
          volumeMounts:
            - mountPath: /csi
              name: socket-dir
        - name: vsphere-csi-controller
          image: divyen/driver:csi-migration
          lifecycle:
            preStop:
              exec:
                command: ["/bin/sh", "-c", "rm -rf /var/lib/csi/sockets/pluginproxy/csi.vsphere.vmware.com"]
          imagePullPolicy: "Always"
          env:
            - name: CSI_ENDPOINT
              value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
            - name: X_CSI_MODE
              value: "controller"
            - name: VSPHERE_CSI_CONFIG
              value: "/etc/cloud/csi-vsphere.conf"
            - name: FEATURE_STATES
              value: "/etc/cloud/csi-feature-states/csi-feature-states.conf"
            - name: LOGGER_LEVEL
              value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
          volumeMounts:
            - mountPath: /etc/cloud
              name: vsphere-config-volume
              readOnly: true
            - mountPath: /var/lib/csi/sockets/pluginproxy/
              name: socket-dir
            - mountPath: /etc/cloud/csi-feature-states
              name: csi-fss-config-volume
              readOnly: true
          ports:
            - name: healthz
              containerPort: 9808
              protocol: TCP
          livenessProbe:
            httpGet:
              path: /healthz
              port: healthz
            initialDelaySeconds: 10
            timeoutSeconds: 3
            periodSeconds: 5
            failureThreshold: 3
        - name: liveness-probe
          image: quay.io/k8scsi/livenessprobe:v1.1.0
          args:
            - "--csi-address=$(ADDRESS)"
          env:
            - name: ADDRESS
              value: /var/lib/csi/sockets/pluginproxy/csi.sock
          volumeMounts:
            - mountPath: /var/lib/csi/sockets/pluginproxy/
              name: socket-dir
        - name: csi-provisioner
          image: divyen/csi-translation-external-provisioner:latest
          args:
            - "--v=4"
            - "--timeout=300s"
            - "--csi-address=$(ADDRESS)"
            - "--feature-gates=Topology=true"
            - "--strict-topology"
            - "--leader-election"
          env:
            - name: ADDRESS
              value: /csi/csi.sock
          volumeMounts:
            - mountPath: /csi
              name: socket-dir
      volumes:
      - name: vsphere-config-volume
        secret:
          secretName: vsphere-config-secret
      - name: csi-fss-config-volume
        configMap:
          name: csi-feature-states
          optional: true
      - name: socket-dir
        hostPath:
          path: /var/lib/csi/sockets/pluginproxy/csi.vsphere.vmware.com
          type: DirectoryOrCreate
---
apiVersion: storage.k8s.io/v1beta1
kind: CSIDriver
metadata:
  name: csi.vsphere.vmware.com
spec:
  attachRequired: true
  podInfoOnMount: false

## csi-migration-vsphere-csi-controller-rbac.yaml
kind: ServiceAccount
apiVersion: v1
metadata:
  name: vsphere-csi-controller
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: vsphere-csi-controller-role
rules:
  - apiGroups: [""]
    resources: ["nodes", "persistentvolumeclaims", "pods"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims/status"]
    verbs: ["update", "patch"]
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["get", "watch", "list", "delete", "update", "create"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses", "csinodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments"]
    verbs: ["get", "list", "watch", "patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments/status"]
    verbs: ["update", "patch"]
  - apiGroups: ["cns.vmware.com"]
    resources: ["cnsvspherevolumemigrations"]
    verbs: ["create", "get", "list", "watch", "update", "delete"]
  - apiGroups: ["apiextensions.k8s.io"]
    resources: ["customresourcedefinitions"]
    verbs: ["get", "create", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: vsphere-csi-controller-binding
subjects:
  - kind: ServiceAccount
    name: vsphere-csi-controller
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: vsphere-csi-controller-role
  apiGroup: rbac.authorization.k8s.io
	# Minimum Kubernetes version - 1.16
	# For prior releases make sure to add required --feature-gates flags
	kind: Deployment
	apiVersion: apps/v1
	metadata:
	name: vsphere-csi-controller
	namespace: kube-system
	spec:
	replicas: 1
	strategy:
	type: RollingUpdate
	rollingUpdate:
	maxUnavailable: 1
	maxSurge: 0
	selector:
	matchLabels:
	app: vsphere-csi-controller
	template:
	metadata:
	labels:
	app: vsphere-csi-controller
	role: vsphere-csi
	spec:
	serviceAccountName: vsphere-csi-controller
	nodeSelector:
	node-role.kubernetes.io/master: ""
	tolerations:
	- operator: "Exists"
	effect: NoSchedule
	- operator: "Exists"
	effect: NoExecute
	dnsPolicy: "Default"
	containers:
	- name: csi-attacher
	image: divyen/csi-translation-external-attacher:latest
	args:
	- "--v=4"
	- "--timeout=300s"
	- "--csi-address=$(ADDRESS)"
	- "--leader-election"
	env:
	- name: ADDRESS
	value: /csi/csi.sock
	volumeMounts:
	- mountPath: /csi
	name: socket-dir
	- name: csi-resizer
	image: quay.io/k8scsi/csi-resizer:v0.3.0
	args:
	- "--v=4"
	- "--csiTimeout=300s"
	- "--csi-address=$(ADDRESS)"
	- "--leader-election"
	env:
	- name: ADDRESS
	value: /csi/csi.sock
	volumeMounts:
	- mountPath: /csi
	name: socket-dir
	- name: vsphere-csi-controller
	image: divyen/driver:csi-migration
	lifecycle:
	preStop:
	exec:
	command: ["/bin/sh", "-c", "rm -rf /var/lib/csi/sockets/pluginproxy/csi.vsphere.vmware.com"]
	imagePullPolicy: "Always"
	env:
	- name: CSI_ENDPOINT
	value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
	- name: X_CSI_MODE
	value: "controller"
	- name: VSPHERE_CSI_CONFIG
	value: "/etc/cloud/csi-vsphere.conf"
	- name: FEATURE_STATES
	value: "/etc/cloud/csi-feature-states/csi-feature-states.conf"
	- name: LOGGER_LEVEL
	value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
	volumeMounts:
	- mountPath: /etc/cloud
	name: vsphere-config-volume
	readOnly: true
	- mountPath: /var/lib/csi/sockets/pluginproxy/
	name: socket-dir
	- mountPath: /etc/cloud/csi-feature-states
	name: csi-fss-config-volume
	readOnly: true
	ports:
	- name: healthz
	containerPort: 9808
	protocol: TCP
	livenessProbe:
	httpGet:
	path: /healthz
	port: healthz
	initialDelaySeconds: 10
	timeoutSeconds: 3
	periodSeconds: 5
	failureThreshold: 3
	- name: liveness-probe
	image: quay.io/k8scsi/livenessprobe:v1.1.0
	args:
	- "--csi-address=$(ADDRESS)"
	env:
	- name: ADDRESS
	value: /var/lib/csi/sockets/pluginproxy/csi.sock
	volumeMounts:
	- mountPath: /var/lib/csi/sockets/pluginproxy/
	name: socket-dir
	- name: csi-provisioner
	image: divyen/csi-translation-external-provisioner:latest
	args:
	- "--v=4"
	- "--timeout=300s"
	- "--csi-address=$(ADDRESS)"
	- "--feature-gates=Topology=true"
	- "--strict-topology"
	- "--leader-election"
	env:
	- name: ADDRESS
	value: /csi/csi.sock
	volumeMounts:
	- mountPath: /csi
	name: socket-dir
	volumes:
	- name: vsphere-config-volume
	secret:
	secretName: vsphere-config-secret
	- name: csi-fss-config-volume
	configMap:
	name: csi-feature-states
	optional: true
	- name: socket-dir
	hostPath:
	path: /var/lib/csi/sockets/pluginproxy/csi.vsphere.vmware.com
	type: DirectoryOrCreate
	---
	apiVersion: storage.k8s.io/v1beta1
	kind: CSIDriver
	metadata:
	name: csi.vsphere.vmware.com
	spec:
	attachRequired: true
	podInfoOnMount: false
	kind: ServiceAccount
	apiVersion: v1
	metadata:
	name: vsphere-csi-controller
	namespace: kube-system
	---
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: vsphere-csi-controller-role
	rules:
	- apiGroups: [""]
	resources: ["nodes", "persistentvolumeclaims", "pods"]
	verbs: ["get", "list", "watch"]
	- apiGroups: [""]
	resources: ["persistentvolumeclaims/status"]
	verbs: ["update", "patch"]
	- apiGroups: [""]
	resources: ["persistentvolumes"]
	verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
	- apiGroups: [""]
	resources: ["events"]
	verbs: ["get", "list", "watch", "create", "update", "patch"]
	- apiGroups: ["coordination.k8s.io"]
	resources: ["leases"]
	verbs: ["get", "watch", "list", "delete", "update", "create"]
	- apiGroups: ["storage.k8s.io"]
	resources: ["storageclasses", "csinodes"]
	verbs: ["get", "list", "watch"]
	- apiGroups: ["storage.k8s.io"]
	resources: ["volumeattachments"]
	verbs: ["get", "list", "watch", "patch"]
	- apiGroups: ["storage.k8s.io"]
	resources: ["volumeattachments/status"]
	verbs: ["update", "patch"]
	- apiGroups: ["cns.vmware.com"]
	resources: ["cnsvspherevolumemigrations"]
	verbs: ["create", "get", "list", "watch", "update", "delete"]
	- apiGroups: ["apiextensions.k8s.io"]
	resources: ["customresourcedefinitions"]
	verbs: ["get", "create", "delete"]
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: vsphere-csi-controller-binding
	subjects:
	- kind: ServiceAccount
	name: vsphere-csi-controller
	namespace: kube-system
	roleRef:
	kind: ClusterRole
	name: vsphere-csi-controller-role
	apiGroup: rbac.authorization.k8s.io