update README, examples and RBAC to include leader election

andrewsykim · andrewsykim · commit 2e2058d55990 · 2019-04-08T10:23:31.000-04:00
diff --git a/README.md b/README.md
@@ -48,6 +48,13 @@ It is necessary to create a new service account and give it enough privileges to
 for i in $(find deploy/kubernetes -name '*.yaml'); do kubectl create -f $i; done
 ```
 
+### Running with Leader Election
+
+If you want to run external-snapshotter with higher availability, you can enable resource based leader election. To enable this, set the following flags:
+```bash
+--leader-election=true
+```
+
 ## Testing
 
 Running Unit Tests:
diff --git a/deploy/kubernetes/rbac-external-provisioner.yaml b/deploy/kubernetes/rbac-external-provisioner.yaml
@@ -59,7 +59,7 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
 
 ---
-# Provisioner must be able to work with endpoints in current namespace
+# Provisioner must be able to work with endpoints and leases in current namespace
 # if (and only if) leadership election is enabled
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
@@ -71,6 +71,9 @@ rules:
 - apiGroups: [""]
   resources: ["endpoints"]
   verbs: ["get", "watch", "list", "delete", "update", "create"]
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
 
 ---
 kind: RoleBinding
diff --git a/deploy/kubernetes/rbac.yaml b/deploy/kubernetes/rbac.yaml
@@ -63,3 +63,30 @@ roleRef:
   # change the name also here if the ClusterRole gets renamed
   name: external-snapshotter-runner
   apiGroup: rbac.authorization.k8s.io
+
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: default # TODO: replace with the namespace you want for your sidecar
+  name: external-snapshotter-leaderelection
+rules:
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: external-snapshotter-leaderelection
+  namespace: default # TODO: replace with the namespace you want for your sidecar
+subjects:
+  - kind: ServiceAccount
+    name: csi-snapshotter
+    namespace: default # TODO: replace with the namespace you want for your sidecar
+roleRef:
+  kind: Role
+  name: external-snapshotter-leaderelection
+  apiGroup: rbac.authorization.k8s.io
+
diff --git a/deploy/kubernetes/setup-csi-snapshotter.yaml b/deploy/kubernetes/setup-csi-snapshotter.yaml
@@ -89,6 +89,7 @@ spec:
           args:
             - "--csi-address=$(ADDRESS)"
             - "--connection-timeout=15s"
+            - "--leader-election=false"
           env:
             - name: ADDRESS
               value: /csi/csi.sock
