shiftstack
diff --git a/‎Makefile‎
Lines changed: 2 additions & 2 deletions b/‎Makefile‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎charts/README.md‎
Lines changed: 3 additions & 0 deletions b/‎charts/README.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎charts/latest/csi-driver-nfs-v0.0.0.tgz‎
468 Bytes b/‎charts/latest/csi-driver-nfs-v0.0.0.tgz‎
468 Bytes
diff --git a/‎charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml‎
Lines changed: 48 additions & 9 deletions b/‎charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml‎
Lines changed: 48 additions & 9 deletions
diff --git a/‎charts/latest/csi-driver-nfs/templates/csi-snapshot-controller.yaml‎
Lines changed: 21 additions & 0 deletions b/‎charts/latest/csi-driver-nfs/templates/csi-snapshot-controller.yaml‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎charts/latest/csi-driver-nfs/templates/rbac-csi-nfs.yaml‎
Lines changed: 36 additions & 0 deletions b/‎charts/latest/csi-driver-nfs/templates/rbac-csi-nfs.yaml‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎charts/latest/csi-driver-nfs/templates/rbac-snapshot-controller.yaml‎
Lines changed: 1 addition & 1 deletion b/‎charts/latest/csi-driver-nfs/templates/rbac-snapshot-controller.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎charts/latest/csi-driver-nfs/templates/snapshotclass.yaml‎
Lines changed: 9 additions & 0 deletions b/‎charts/latest/csi-driver-nfs/templates/snapshotclass.yaml‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎charts/latest/csi-driver-nfs/templates/storageclass.yaml‎
Lines changed: 1 addition & 0 deletions b/‎charts/latest/csi-driver-nfs/templates/storageclass.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎charts/latest/csi-driver-nfs/values.yaml‎
Lines changed: 20 additions & 2 deletions b/‎charts/latest/csi-driver-nfs/values.yaml‎
Lines changed: 20 additions & 2 deletions
@@ -27,7 +27,7 @@ include release-tools/build.make
 
 GIT_COMMIT = $(shell git rev-parse HEAD)
 BUILD_DATE = $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
-IMAGE_VERSION ?= v4.9.0
+IMAGE_VERSION ?= v4.10.0
 LDFLAGS = -X ${PKG}/pkg/nfs.driverVersion=${IMAGE_VERSION} -X ${PKG}/pkg/nfs.gitCommit=${GIT_COMMIT} -X ${PKG}/pkg/nfs.buildDate=${BUILD_DATE}
 EXT_LDFLAGS = -s -w -extldflags "-static"
 # Use a custom version for E2E tests if we are testing in CI
@@ -42,7 +42,7 @@ REGISTRY_NAME ?= $(shell echo $(REGISTRY) | sed "s/.azurecr.io//g")
 IMAGE_TAG = $(REGISTRY)/$(IMAGENAME):$(IMAGE_VERSION)
 IMAGE_TAG_LATEST = $(REGISTRY)/$(IMAGENAME):latest
 
-E2E_HELM_OPTIONS ?= --set image.nfs.repository=$(REGISTRY)/$(IMAGENAME) --set image.nfs.tag=$(IMAGE_VERSION) --set image.nfs.pullPolicy=Always --set feature.enableInlineVolume=true --set externalSnapshotter.enabled=true
+E2E_HELM_OPTIONS ?= --set image.nfs.repository=$(REGISTRY)/$(IMAGENAME) --set image.nfs.tag=$(IMAGE_VERSION) --set image.nfs.pullPolicy=Always --set feature.enableInlineVolume=true --set externalSnapshotter.enabled=true --set controller.runOnControlPlane=true
 E2E_HELM_OPTIONS += ${EXTRA_HELM_OPTIONS}
 
 # Output type of docker buildx build
 
@@ -79,6 +79,9 @@ The following table lists the configurable parameters of the latest NFS CSI Driv
 | `controller.resources.csiProvisioner.limits.memory`   | csi-provisioner memory limits                         | 100Mi                                                          |
 | `controller.resources.csiProvisioner.requests.cpu`    | csi-provisioner cpu requests limits                   | 10m                                                            |
 | `controller.resources.csiProvisioner.requests.memory` | csi-provisioner memory requests limits                | 20Mi                                                           |
+| `controller.resources.csiResizer.limits.memory`       | csi-resizer memory limits                             | 400Mi                                                          |
+| `controller.resources.csiResizer.requests.cpu`        | csi-resizer cpu requests                       | 10m                                                            |
+| `controller.resources.csiResizer.requests.memory`     | csi-resizer memory requests                    | 20Mi                                                           |
 | `controller.resources.livenessProbe.limits.memory`    | liveness-probe memory limits                          | 100Mi                                                          |
 | `controller.resources.livenessProbe.requests.cpu`     | liveness-probe cpu requests limits                    | 10m                                                            |
 | `controller.resources.livenessProbe.requests.memory`  | liveness-probe memory requests limits                 | 20Mi                                                           |
 
@@ -24,18 +24,29 @@ spec:
       hostNetwork: true  # controller also needs to mount nfs to create dir
       dnsPolicy: {{ .Values.controller.dnsPolicy }}
       serviceAccountName: {{ .Values.serviceAccount.controller }}
-{{- with .Values.controller.affinity }}
+    # runOnControlPlane=true or runOnMaster=true only takes effect if affinity is not set
+    {{- if contains (tpl "{{ .Values.controller.affinity }}" .) "nodeSelectorTerms" }}
+      {{- with .Values.controller.affinity }}
       affinity:
-{{ toYaml . | indent 8 }}
-{{- end }}
+      {{ toYaml . | indent 8 }}
+      {{- end }}
+    {{- else if or .Values.controller.runOnControlPlane .Values.controller.runOnMaster}}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                {{- if .Values.controller.runOnControlPlane}}
+                - key: node-role.kubernetes.io/control-plane
+                  operator: Exists
+                {{- end}}
+                {{- if .Values.controller.runOnMaster}}
+                - key: node-role.kubernetes.io/master
+                  operator: Exists
+                {{- end}}
+    {{- end }}
       nodeSelector:
         kubernetes.io/os: linux
-        {{- if .Values.controller.runOnMaster}}
-        node-role.kubernetes.io/master: ""
-        {{- end}}
-        {{- if .Values.controller.runOnControlPlane}}
-        node-role.kubernetes.io/control-plane: ""
-        {{- end}}
 {{- with .Values.controller.nodeSelector }}
 {{ toYaml . | indent 8 }}
 {{- end }}
@@ -62,6 +73,7 @@ spec:
             - "--extra-create-metadata=true"
             - "--feature-gates=HonorPVReclaimPolicy=true"
             - "--timeout=1200s"
+            - "--retry-interval-max=30m"
           env:
             - name: ADDRESS
               value: /csi/csi.sock
@@ -75,6 +87,31 @@ spec:
             capabilities:
               drop:
               - ALL
+        - name: csi-resizer
+{{- if hasPrefix "/" .Values.image.csiResizer.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
+{{- else }}
+          image: "{{ .Values.image.csiResizer.repository }}:{{ .Values.image.csiResizer.tag }}"
+{{- end }}
+          args:
+            - "-csi-address=$(ADDRESS)"
+            - "-v=2"
+            - "-leader-election"
+            - "--leader-election-namespace={{ .Release.Namespace }}"
+            - '-handle-volume-inuse-error=false'
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          imagePullPolicy: {{ .Values.image.csiResizer.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }}
+          securityContext:
+            capabilities:
+              drop:
+              - ALL
+{{- if .Values.controller.enableSnapshotter }}
         - name: csi-snapshotter
 {{- if hasPrefix "/" .Values.image.csiSnapshotter.repository }}
           image: "{{ .Values.image.baseRepo }}{{ .Values.image.csiSnapshotter.repository }}:{{ .Values.image.csiSnapshotter.tag }}"
@@ -87,6 +124,7 @@ spec:
             - "--leader-election-namespace={{ .Release.Namespace }}"
             - "--leader-election"
             - "--timeout=1200s"
+            - "--retry-interval-max=30m"
           env:
             - name: ADDRESS
               value: /csi/csi.sock
@@ -99,6 +137,7 @@ spec:
             capabilities:
               drop:
               - ALL
+{{- end }}
         - name: liveness-probe
 {{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
           image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
 
@@ -46,6 +46,27 @@ spec:
       {{- end }}
       nodeSelector:
         kubernetes.io/os: linux
+    # runOnControlPlane=true or runOnMaster=true only takes effect if affinity is not set
+    {{- if contains (tpl "{{ .Values.controller.affinity }}" .) "nodeSelectorTerms" }}
+      {{- with .Values.controller.affinity }}
+      affinity:
+      {{ toYaml . | indent 8 }}
+      {{- end }}
+    {{- else if or .Values.controller.runOnControlPlane .Values.controller.runOnMaster}}
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                {{- if .Values.controller.runOnControlPlane}}
+                - key: node-role.kubernetes.io/control-plane
+                  operator: Exists
+                {{- end}}
+                {{- if .Values.controller.runOnMaster}}
+                - key: node-role.kubernetes.io/master
+                  operator: Exists
+                {{- end}}
+    {{- end }}
       priorityClassName: {{ .Values.externalSnapshotter.priorityClassName }}
       securityContext:
         seccompProfile:
 
@@ -57,6 +57,42 @@ rules:
     resources: ["secrets"]
     verbs: ["get"]
 ---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-external-resizer-role
+{{ include "nfs.labels" . | indent 2 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.rbac.name }}-csi-resizer-role
+{{ include "nfs.labels" . | indent 2 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.controller }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.rbac.name }}-external-resizer-role
+  apiGroup: rbac.authorization.k8s.io
+---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
 
@@ -40,7 +40,7 @@ rules:
     verbs: ["patch"]
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshots"]
-    verbs: ["get", "list", "watch", "update", "patch"]
+    verbs: ["get", "list", "watch", "update", "patch", "create"]
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshots/status"]
     verbs: ["update", "patch"]
 
@@ -0,0 +1,9 @@
+{{- if .Values.volumeSnapshotClass.create }}
+---
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: {{ .Values.volumeSnapshotClass.name }}
+driver: {{ .Values.driver.name }}
+deletionPolicy: {{ .Values.volumeSnapshotClass.deletionPolicy }}
+{{- end }}
@@ -16,6 +16,7 @@ parameters:
 {{- end }}
 reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }}
 volumeBindingMode: {{ .Values.storageClass.volumeBindingMode }}
+allowVolumeExpansion: true
 {{- with .Values.storageClass.mountOptions }}
 mountOptions:
 {{ toYaml . | nindent 2 }}
 
@@ -9,9 +9,13 @@ image:
         repository: registry.k8s.io/sig-storage/csi-provisioner
         tag: v5.1.0
         pullPolicy: IfNotPresent
+    csiResizer:
+        repository: registry.k8s.io/sig-storage/csi-resizer
+        tag: v1.12.0
+        pullPolicy: IfNotPresent
     csiSnapshotter:
         repository: registry.k8s.io/sig-storage/csi-snapshotter
-        tag: v8.1.0
+        tag: v8.2.0
         pullPolicy: IfNotPresent
     livenessProbe:
         repository: registry.k8s.io/sig-storage/livenessprobe
@@ -23,7 +27,7 @@ image:
         pullPolicy: IfNotPresent
     externalSnapshotter:
         repository: registry.k8s.io/sig-storage/snapshot-controller
-        tag: v8.1.0
+        tag: v8.2.0
         pullPolicy: IfNotPresent
 
 serviceAccount:
@@ -52,6 +56,7 @@ controller:
   strategyType: Recreate
   runOnMaster: false
   runOnControlPlane: false
+  enableSnapshotter: true
   livenessProbe:
     healthPort: 29652
   logLevel: 5
@@ -81,6 +86,12 @@ controller:
       requests:
         cpu: 10m
         memory: 20Mi
+    csiResizer:
+      limits:
+        memory: 400Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
     csiSnapshotter:
       limits:
         memory: 200Mi
@@ -136,6 +147,7 @@ externalSnapshotter:
   enabled: false
   name: snapshot-controller
   priorityClassName: system-cluster-critical
+  deletionPolicy: Delete
   controller:
     replicas: 1
   resources:
@@ -148,6 +160,12 @@ externalSnapshotter:
   customResourceDefinitions:
     enabled: true   #if set true, VolumeSnapshot, VolumeSnapshotContent and VolumeSnapshotClass CRDs will be created. Set it false, If they already exist in cluster.
 
+## volumeSnapshotClass resource example:
+volumeSnapshotClass:
+  create: false
+  name: csi-nfs-snapclass
+  deletionPolicy: Delete
+  
 ## Reference to one or more secrets to be used when pulling images
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 ##