Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deploy: fix snapshotter RBAC creation #128

Merged
merged 1 commit into from
Dec 9, 2019
Merged

deploy: fix snapshotter RBAC creation #128

merged 1 commit into from
Dec 9, 2019

Conversation

pohly
Copy link
Contributor

@pohly pohly commented Dec 9, 2019
edited
Loading

What type of PR is this?
/kind bug

What this PR does / why we need it:

The CSI_SNAPSHOTTER_RBAC was not set correctly and had extra garbage
at the end. This led to garbage output but happened to work with some
versions of kubectl (like 1.16.0) which ignored the extra parameters.

Which issue(s) this PR fixes:
Related-to #127

Special notes for your reviewer:

We don't need to mention this in the release notes because the bug never was in a released version.

Does this PR introduce a user-facing change?:

NONE

@pohly
deploy: fix snapshotter RBAC creation
cc874d3 
The CSI_SNAPSHOTTER_RBAC was not set correctly and had extra garbage
at the end. This led to garbage output but happened to work with some
versions of kubectl (like 1.16.0) which ignored the extra parameters.
@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/bug Categorizes issue or PR as related to a bug. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Dec 9, 2019
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Dec 9, 2019
@pohly
Copy link
Contributor Author

pohly commented Dec 9, 2019

/assign @ggriffiths

@tpoxa
Copy link

tpoxa commented Dec 9, 2019
edited
Loading

This branch did not make big difference for me.

maksym@Debian-911-stretch-64-minimal:~/csi-driver-host-path/deploy/kubernetes-1.16$ ./deploy-hostpath.sh
SNAPSHOTTER_RBAC_RELATIVE_PATH rbac.yaml
applying RBAC rules
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-provisioner/v1.4.0/deploy/kubernetes/rbac.yaml
serviceaccount/csi-provisioner unchanged
clusterrole.rbac.authorization.k8s.io/external-provisioner-runner unchanged
clusterrolebinding.rbac.authorization.k8s.io/csi-provisioner-role unchanged
role.rbac.authorization.k8s.io/external-provisioner-cfg unchanged
rolebinding.rbac.authorization.k8s.io/csi-provisioner-role-cfg unchanged
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-attacher/v2.0.0/deploy/kubernetes/rbac.yaml
serviceaccount/csi-attacher unchanged
clusterrole.rbac.authorization.k8s.io/external-attacher-runner unchanged
clusterrolebinding.rbac.authorization.k8s.io/csi-attacher-role unchanged
role.rbac.authorization.k8s.io/external-attacher-cfg unchanged
rolebinding.rbac.authorization.k8s.io/csi-attacher-role-cfg unchanged
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/v1.2.0/deploy/kubernetes/rbac.yaml
serviceaccount/csi-snapshotter created
clusterrole.rbac.authorization.k8s.io/external-snapshotter-runner created
clusterrolebinding.rbac.authorization.k8s.io/csi-snapshotter-role created
role.rbac.authorization.k8s.io/external-snapshotter-leaderelection created
rolebinding.rbac.authorization.k8s.io/external-snapshotter-leaderelection created
kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-resizer/v0.3.0/deploy/kubernetes/rbac.yaml
serviceaccount/csi-resizer created
clusterrole.rbac.authorization.k8s.io/external-resizer-runner created
clusterrolebinding.rbac.authorization.k8s.io/csi-resizer-role created
role.rbac.authorization.k8s.io/external-resizer-cfg created
rolebinding.rbac.authorization.k8s.io/csi-resizer-role-cfg created
deploying hostpath components
   ./hostpath/csi-hostpath-attacher.yaml
        using           image: quay.io/k8scsi/csi-attacher:v2.0.0
service/csi-hostpath-attacher created
statefulset.apps/csi-hostpath-attacher created
   ./hostpath/csi-hostpath-driverinfo.yaml
csidriver.storage.k8s.io/hostpath.csi.k8s.io unchanged
   ./hostpath/csi-hostpath-plugin.yaml
        using           image: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0
        using           image: quay.io/k8scsi/hostpathplugin:v1.2.0
        using           image: quay.io/k8scsi/livenessprobe:v1.1.0
service/csi-hostpathplugin created
statefulset.apps/csi-hostpathplugin created
   ./hostpath/csi-hostpath-provisioner.yaml
        using           image: quay.io/k8scsi/csi-provisioner:v1.4.0
service/csi-hostpath-provisioner created
statefulset.apps/csi-hostpath-provisioner created
   ./hostpath/csi-hostpath-resizer.yaml
        using           image: quay.io/k8scsi/csi-resizer:v0.3.0
service/csi-hostpath-resizer created
statefulset.apps/csi-hostpath-resizer created
   ./hostpath/csi-hostpath-snapshotter.yaml
        using           image: quay.io/k8scsi/csi-snapshotter:v1.2.0
service/csi-hostpath-snapshotter created
statefulset.apps/csi-hostpath-snapshotter created
   ./hostpath/csi-hostpath-testing.yaml
        using           image: alpine/socat:1.0.3
service/hostpath-service created
statefulset.apps/csi-hostpath-socat created
09:14:26 waiting for hostpath deployment to complete, attempt #0
09:14:36 waiting for hostpath deployment to complete, attempt #1
09:14:47 waiting for hostpath deployment to complete, attempt #2
09:14:57 waiting for hostpath deployment to complete, attempt #3
09:15:07 waiting for hostpath deployment to complete, attempt #4

kubectl logs pod/csi-hostpath-snapshotter-0
I1209 08:17:39.976602       1 main.go:89] Version: v1.2.0-0-gb3f591d8
W1209 08:17:39.976658       1 main.go:92] --connection-timeout is deprecated and will have no effect
F1209 08:17:39.985822       1 create_crd.go:50] failed to create VolumeSnapshotResource: &v1beta1.CustomResourceDefinition{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ObjectMeta:v1.ObjectMeta{Name:"", GenerateName:"", Namespace:"", SelfLink:"", UID:"", ResourceVersion:"", Generation:0, CreationTimestamp:v1.Time{Time:time.Time{wall:0x0, ext:0, loc:(*time.Location)(nil)}}, DeletionTimestamp:(*v1.Time)(nil), DeletionGracePeriodSeconds:(*int64)(nil), Labels:map[string]string(nil), Annotations:map[string]string(nil), OwnerReferences:[]v1.OwnerReference(nil), Initializers:(*v1.Initializers)(nil), Finalizers:[]string(nil), ClusterName:"", ManagedFields:[]v1.ManagedFieldsEntry(nil)}, Spec:v1beta1.CustomResourceDefinitionSpec{Group:"", Version:"", Names:v1beta1.CustomResourceDefinitionNames{Plural:"", Singular:"", ShortNames:[]string(nil), Kind:"", ListKind:"", Categories:[]string(nil)}, Scope:"", Validation:(*v1beta1.CustomResourceValidation)(nil), Subresources:(*v1beta1.CustomResourceSubresources)(nil), Versions:[]v1beta1.CustomResourceDefinitionVersion(nil), AdditionalPrinterColumns:[]v1beta1.CustomResourceColumnDefinition(nil), Conversion:(*v1beta1.CustomResourceConversion)(nil)}, Status:v1beta1.CustomResourceDefinitionStatus{Conditions:[]v1beta1.CustomResourceDefinitionCondition(nil), AcceptedNames:v1beta1.CustomResourceDefinitionNames{Plural:"", Singular:"", ShortNames:[]string(nil), Kind:"", ListKind:"", Categories:[]string(nil)}, StoredVersions:[]string(nil)}}, err: &errors.StatusError{ErrStatus:v1.Status{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ListMeta:v1.ListMeta{SelfLink:"", ResourceVersion:"", Continue:""}, Status:"Failure", Message:"customresourcedefinitions.apiextensions.k8s.io is forbidden: User \"system:serviceaccount:cert-manager:csi-snapshotter\" cannot create resource \"customresourcedefinitions\" in API group \"apiextensions.k8s.io\" at the cluster scope", Reason:"Forbidden", Details:(*v1.StatusDetails)(0xc00039c3c0), Code:403}}

User \"system:serviceaccount:cert-manager:csi-snapshotter\" cannot create resource \"customresourcedefinitions\" in API group \"apiextensions.k8s.io\" at the cluster scope", Reason:"Forbidden"

Maybe its cert-manager related issue?

@ggriffiths
Copy link
Member

This change is needed but it does not look like it's fixing the original issue.
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 9, 2019
@msau42
Copy link
Collaborator

msau42 commented Dec 9, 2019

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: msau42, pohly

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 9, 2019
@k8s-ci-robot k8s-ci-robot merged commit 5a4616d into kubernetes-csi:master Dec 9, 2019
fengzixu added a commit to fengzixu/csi-driver-host-path that referenced this pull request Jan 20, 2021
@fengzixu
Squashed 'release-tools/' changes from 2bb7525..8fdf0f78
0b4fb1c 
8fdf0f78 Merge pull request kubernetes-csi#128 from fengzixu/master
1c94220d fix: fix a bug of csi-sanity
a4c41e6a Merge pull request kubernetes-csi#127 from pohly/fix-boilerplate
dbd89672 verify-boilerplate.sh: fix path to script
9289fd16 Merge pull request kubernetes-csi#125 from sachinkumarsingh092/optional-spelling-boilerplate-checks
ad29307f Make the spelling and boilerplate checks optional
5f06d024 Merge pull request kubernetes-csi#124 from sachinkumarsingh092/fix-spellcheck-boilerplate-tests
48186eba Fix spelling and boilerplate errors
71690aff Merge pull request kubernetes-csi#122 from sachinkumarsingh092/include-spellcheck-boilerplate-tests
981be3fe Adding spelling and boilerplate checks.

git-subtree-dir: release-tools
git-subtree-split: 8fdf0f78617d73fac3f8d6894c21fe74bda9d0fa
kvaps added a commit to kvaps/csi-driver-host-path that referenced this pull request Jan 25, 2021
@kvaps
Squashed 'release-tools/' changes from c6a88c6..fe1f2848
dddc2c4 
fe1f2848 Merge pull request kubernetes-csi#121 from kvaps/namespace-check
8fdf0f78 Merge pull request kubernetes-csi#128 from fengzixu/master
1c94220d fix: fix a bug of csi-sanity
a4c41e6a Merge pull request kubernetes-csi#127 from pohly/fix-boilerplate
ece0f50 check namespace for snapshot-controller
dbd89672 verify-boilerplate.sh: fix path to script
9289fd16 Merge pull request kubernetes-csi#125 from sachinkumarsingh092/optional-spelling-boilerplate-checks
ad29307f Make the spelling and boilerplate checks optional
5f06d024 Merge pull request kubernetes-csi#124 from sachinkumarsingh092/fix-spellcheck-boilerplate-tests
48186eba Fix spelling and boilerplate errors
71690aff Merge pull request kubernetes-csi#122 from sachinkumarsingh092/include-spellcheck-boilerplate-tests
981be3fe Adding spelling and boilerplate checks.
2bb7525 Merge pull request kubernetes-csi#117 from fengzixu/master
3b6d17b Merge pull request kubernetes-csi#118 from pohly/cloud-build-timeout
9318c6c cloud build: double the timeout, now 1 hour
4ab8b15 use the tag to replace commit of csi-test
5d74e45 change the csi-test import path to v4
7dcd0a9 upgrade csi-test to v4.0.2
86ff580 Merge pull request kubernetes-csi#116 from andyzhangx/export-image-name
c3a9662 allow export image name and registry name

git-subtree-dir: release-tools
git-subtree-split: fe1f284817af983ce0f0329fa3a0d55f577aa727
pohly added a commit to pohly/csi-driver-host-path that referenced this pull request Mar 15, 2021
@pohly
Squashed 'release-tools/' changes from 7bc70e52..00bc64a9
3c0f612 
00bc64a9 remove travis.yml, Go 1.16
REVERT: 7bc70e52 Merge pull request kubernetes-csi#129 from pohly/squash-documentation
REVERT: e0b02e72 README.md: document usage of --squash
REVERT: 316cb957 Merge pull request kubernetes-csi#132 from yiyang5055/bugfix/boilerplate
REVERT: 26e2ab10 fix: default boilerplate path
REVERT: 1add8c18 Merge pull request kubernetes-csi#133 from pohly/kubernetes-1.20-tag
REVERT: 3e811d6c prow.sh: fix "on-master" prow jobs
REVERT: 1d60e779 Merge pull request kubernetes-csi#131 from pohly/kubernetes-1.20-tag
REVERT: 9f104590 prow.sh: support building Kubernetes for a specific version
REVERT: fe1f2848 Merge pull request kubernetes-csi#121 from kvaps/namespace-check
REVERT: 8fdf0f78 Merge pull request kubernetes-csi#128 from fengzixu/master
REVERT: 1c94220d fix: fix a bug of csi-sanity
REVERT: a4c41e6a Merge pull request kubernetes-csi#127 from pohly/fix-boilerplate
REVERT: ece0f50 check namespace for snapshot-controller
REVERT: dbd89672 verify-boilerplate.sh: fix path to script
REVERT: 9289fd16 Merge pull request kubernetes-csi#125 from sachinkumarsingh092/optional-spelling-boilerplate-checks
REVERT: ad29307f Make the spelling and boilerplate checks optional
REVERT: 5f06d024 Merge pull request kubernetes-csi#124 from sachinkumarsingh092/fix-spellcheck-boilerplate-tests
REVERT: 48186eba Fix spelling and boilerplate errors
REVERT: 71690aff Merge pull request kubernetes-csi#122 from sachinkumarsingh092/include-spellcheck-boilerplate-tests
REVERT: 981be3fe Adding spelling and boilerplate checks.
REVERT: 2bb7525 Merge pull request kubernetes-csi#117 from fengzixu/master
REVERT: 3b6d17b Merge pull request kubernetes-csi#118 from pohly/cloud-build-timeout
REVERT: 9318c6c cloud build: double the timeout, now 1 hour
REVERT: 4ab8b15 use the tag to replace commit of csi-test
REVERT: 5d74e45 change the csi-test import path to v4
REVERT: 7dcd0a9 upgrade csi-test to v4.0.2
REVERT: 86ff580 Merge pull request kubernetes-csi#116 from andyzhangx/export-image-name
REVERT: c3a9662 allow export image name and registry name
REVERT: c6a88c6 Merge pull request kubernetes-csi#113 from xing-yang/install_snapshot_controller
REVERT: 45ec4c6 Fix the install of snapshot CRDs and controller
REVERT: 5d874cc Merge pull request kubernetes-csi#112 from xing-yang/cleanup
REVERT: 79bbca7 Cleanup
REVERT: d437673 Merge pull request kubernetes-csi#111 from xing-yang/update_snapshot_v1_rc
REVERT: 57718f8 Update snapshot CRD version
REVERT: 4aff857 Merge pull request kubernetes-csi#109 from pohly/alpha-test-defaults
REVERT: 0427289 Merge pull request kubernetes-csi#110 from pohly/kind-0.9-bazel-build-workaround
REVERT: 9a370ab prow.sh: work around "kind build node-image" failure
REVERT: 522361e prow.sh: only run alpha tests for latest Kubernetes release
REVERT: 22c0395 Merge pull request kubernetes-csi#108 from bnrjee/master
REVERT: b5b447b Add go ldflags using LDFLAGS at the time of compilation
REVERT: 16f4afb Merge pull request kubernetes-csi#107 from pohly/kind-update

git-subtree-dir: release-tools
git-subtree-split: 00bc64a9b7c2585676b1da301a7acae8797229a9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsafrane jsafrane Awaiting requested review from jsafrane

@saad-ali saad-ali Awaiting requested review from saad-ali

Assignees

@ggriffiths ggriffiths

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pohly @tpoxa @ggriffiths @msau42 @k8s-ci-robot