Merge pull request kubernetes#84312 from davidz627/tests/pd

Add updated v0.6.0 stable PD driver specs - enable block tests for PD

Author: k8s-ci-robot

test/e2e/storage/drivers/csi.go

@@ -389,13 +389,16 @@ func InitGcePDCSIDriver() testsuites.TestDriver {
 			SupportedMountOption: sets.NewString("debug", "nouid32"),
 			Capabilities: map[testsuites.Capability]bool{
 				testsuites.CapPersistence: true,
+				testsuites.CapBlock:       true,
 				testsuites.CapFsGroup:     true,
 				testsuites.CapExec:        true,
 				testsuites.CapMultiPODs:   true,
 				// GCE supports volume limits, but the test creates large
 				// number of volumes and times out test suites.
-				testsuites.CapVolumeLimits: false,
-				testsuites.CapTopology:     true,
+				testsuites.CapVolumeLimits:        false,
+				testsuites.CapTopology:            true,
+				testsuites.CapControllerExpansion: true,
+				testsuites.CapNodeExpansion:       true,
 			},
 			RequiredAccessModes: []v1.PersistentVolumeAccessMode{v1.ReadWriteOnce},
 			TopologyKeys:        []string{GCEPDCSIZoneTopologyKey},

test/e2e/testing-manifests/storage-csi/gce-pd/controller_ss.yaml

@@ -13,11 +13,10 @@ spec:
       labels:
         app: gcp-compute-persistent-disk-csi-driver
     spec:
-      serviceAccountName: csi-controller-sa
+      serviceAccountName: csi-gce-pd-controller-sa
       containers:
         - name: csi-provisioner
-          # TODO: replace with official 1.4.0 release when ready
-          image: quay.io/k8scsi/csi-provisioner:v1.4.0-rc1
+          image: gcr.io/gke-release/csi-provisioner:v1.4.0-gke.0
           args:
             - "--v=5"
             - "--csi-address=/csi/csi.sock"
@@ -26,15 +25,23 @@ spec:
             - name: socket-dir
               mountPath: /csi
         - name: csi-attacher
-          image: gcr.io/gke-release/csi-attacher:v1.2.0-gke.0
+          image: gcr.io/gke-release/csi-attacher:v2.0.0-gke.0
+          args:
+            - "--v=5"
+            - "--csi-address=/csi/csi.sock"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+        - name: csi-resizer
+          image: gcr.io/gke-release/csi-resizer:v0.3.0-gke.0
           args:
             - "--v=5"
             - "--csi-address=/csi/csi.sock"
           volumeMounts:
             - name: socket-dir
               mountPath: /csi
         - name: gce-pd-driver
-          image: gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver:v0.5.2-gke.0
+          image: gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver:v0.6.0-gke.0
           args:
             - "--v=5"
             - "--endpoint=unix:/csi/csi.sock"

test/e2e/testing-manifests/storage-csi/gce-pd/csi-controller-rbac.yaml

@@ -1,63 +1,116 @@
+##### Controller Service Account, Roles, Rolebindings
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: csi-controller-sa
+  name: csi-gce-pd-controller-sa
 
 ---
+# xref: https://github.com/kubernetes-csi/external-provisioner/blob/master/deploy/kubernetes/rbac.yaml
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-gce-pd-provisioner-role
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+
+---
+
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: csi-controller-attacher-role
+  name: csi-gce-pd-controller-provisioner-binding
 subjects:
   - kind: ServiceAccount
-    name: csi-controller-sa
-    namespace: default
+    name: csi-gce-pd-controller-sa
 roleRef:
   kind: ClusterRole
-  name: external-attacher-runner
+  name: csi-gce-pd-provisioner-role
   apiGroup: rbac.authorization.k8s.io
-
+  
 ---
-kind: RoleBinding
+# xref: https://github.com/kubernetes-csi/external-attacher/blob/master/deploy/kubernetes/rbac.yaml
+kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: csi-controller-attacher-role-cfg
-  namespace: default
-subjects:
-  - kind: ServiceAccount
-    name: csi-controller-sa
-    namespace: default
-roleRef:
-  kind: Role
-  name: external-attacher-cfg
+  name: csi-gce-pd-attacher-role
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update", "patch"]
 
 ---
+
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: csi-controller-provisioner-role
+  name: csi-gce-pd-controller-attacher-binding
 subjects:
   - kind: ServiceAccount
-    name: csi-controller-sa
-    namespace: default
+    name: csi-gce-pd-controller-sa
 roleRef:
   kind: ClusterRole
-  name: external-provisioner-runner
+  name: csi-gce-pd-attacher-role
   apiGroup: rbac.authorization.k8s.io
 
 ---
-kind: RoleBinding
+
+# Resizer must be able to work with PVCs, PVs, SCs.
+kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: csi-controller-provisioner-role-cfg
-  namespace: default
+  name: csi-gce-pd-resizer-role
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-gce-pd-resizer-binding
 subjects:
   - kind: ServiceAccount
-    name: csi-controller-sa
-    namespace: default
+    name: csi-gce-pd-controller-sa
 roleRef:
-  kind: Role
-  name: external-provisioner-cfg
+  kind: ClusterRole
+  name: csi-gce-pd-resizer-role
+  apiGroup: rbac.authorization.k8s.io
 
 ---
 # priviledged Pod Security Policy, previously defined via PrivilegedTestPSPClusterRoleBinding()
@@ -67,7 +120,7 @@ metadata:
   name: psp-csi-controller-driver-registrar-role
 subjects:
   - kind: ServiceAccount
-    name: csi-controller-sa
+    name: csi-gce-pd-controller-sa
     namespace: default
 roleRef:
   kind: ClusterRole

test/e2e/testing-manifests/storage-csi/gce-pd/node_ds.yaml

@@ -13,7 +13,7 @@ spec:
     spec:
       containers:
         - name: csi-driver-registrar
-          image: gcr.io/gke-release/csi-node-driver-registrar:v1.1.0-gke.0
+          image: gcr.io/gke-release/csi-node-driver-registrar:v1.2.0-gke.0
           args:
             - "--v=5"
             - "--csi-address=/csi/csi.sock"
@@ -35,7 +35,7 @@ spec:
         - name: gce-pd-driver
           securityContext:
             privileged: true
-          image: gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver:v0.5.2-gke.0
+          image: gcr.io/gke-release/gcp-compute-persistent-disk-csi-driver:v0.6.0-gke.0
           args:
             - "--v=5"
             - "--endpoint=unix:/csi/csi.sock"