From 28d659c726918499c02d4bf9bd460d26b4c9cbc0 Mon Sep 17 00:00:00 2001 From: stoneshi-yunify Date: Tue, 19 Sep 2023 15:38:41 +0800 Subject: [PATCH 1/3] update chart of storageclass-accessor Signed-off-by: stoneshi-yunify --- src/main/storageclass-accessor/Chart.yaml | 4 ++-- src/main/storageclass-accessor/README.md | 5 +++-- src/main/storageclass-accessor/templates/deployment.yaml | 2 +- src/main/storageclass-accessor/templates/rbac.yaml | 6 +++--- .../storageclass-accessor/templates/validatingwebhook.yaml | 2 +- src/main/storageclass-accessor/values.yaml | 1 + 6 files changed, 11 insertions(+), 9 deletions(-) diff --git a/src/main/storageclass-accessor/Chart.yaml b/src/main/storageclass-accessor/Chart.yaml index d35915663..dea320559 100644 --- a/src/main/storageclass-accessor/Chart.yaml +++ b/src/main/storageclass-accessor/Chart.yaml @@ -6,5 +6,5 @@ sources: - https://github.com/kubesphere/storageclass-accessor type: application -version: 0.1.0 -appVersion: v0.1.1 \ No newline at end of file +version: 0.1.1 +appVersion: v0.1.2 \ No newline at end of file diff --git a/src/main/storageclass-accessor/README.md b/src/main/storageclass-accessor/README.md index 757944344..3a6fbdbe5 100644 --- a/src/main/storageclass-accessor/README.md +++ b/src/main/storageclass-accessor/README.md @@ -28,7 +28,8 @@ helm delete storageclass-accessor --namespace storageclass-accessor The following table lists the configurable parameters of the chart and their default values. -Parameter | Description | Default +Parameter | Description | Default --- | --- | --- -`image.repository` | Image repository of accessor deployment | `kubesphere/storageclass-accessor` +`image.repository` | Image repository of accessor deployment | `kubesphere/storageclass-accessor` +`image.tag` | Image tag of accessor deployment | `latest` `webhook.timeoutSeconds` | The maximum number of seconds used by the webhook to verify | `5` \ No newline at end of file diff --git a/src/main/storageclass-accessor/templates/deployment.yaml b/src/main/storageclass-accessor/templates/deployment.yaml index a07eb8c95..4b3fff6e1 100644 --- a/src/main/storageclass-accessor/templates/deployment.yaml +++ b/src/main/storageclass-accessor/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: spec: containers: - name: storageclass-accessor - image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: IfNotPresent args: ['--tls-cert-file=/etc/storageclass-accessor-webhook/certs/cert.pem', '--tls-private-key-file=/etc/storageclass-accessor-webhook/certs/key.pem'] ports: diff --git a/src/main/storageclass-accessor/templates/rbac.yaml b/src/main/storageclass-accessor/templates/rbac.yaml index 65c14e787..e2f999361 100644 --- a/src/main/storageclass-accessor/templates/rbac.yaml +++ b/src/main/storageclass-accessor/templates/rbac.yaml @@ -14,15 +14,15 @@ metadata: rules: - apiGroups: [ "" ] resources: [ "namespaces" ] - verbs: [ "get", "list", "watch", "create", "delete", "update" ] + verbs: [ "get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "create", "delete", "update"] + verbs: ["get", "list", "watch"] - apiGroups: ["storage.kubesphere.io"] resources: ["accessors"] - verbs: [ "get", "list", "watch", "create", "delete", "update"] + verbs: [ "get", "list", "watch"] --- kind: ClusterRoleBinding diff --git a/src/main/storageclass-accessor/templates/validatingwebhook.yaml b/src/main/storageclass-accessor/templates/validatingwebhook.yaml index f04e3e439..b6182a387 100644 --- a/src/main/storageclass-accessor/templates/validatingwebhook.yaml +++ b/src/main/storageclass-accessor/templates/validatingwebhook.yaml @@ -23,7 +23,7 @@ webhooks: rules: - apiGroups: [""] apiVersions: ["v1"] - operations: ["CREATE", "UPDATE", "DELETE"] + operations: ["CREATE"] resources: ["persistentvolumeclaims"] scope: "*" clientConfig: diff --git a/src/main/storageclass-accessor/values.yaml b/src/main/storageclass-accessor/values.yaml index f1194dceb..1676de121 100644 --- a/src/main/storageclass-accessor/values.yaml +++ b/src/main/storageclass-accessor/values.yaml @@ -1,5 +1,6 @@ image: repository: kubesphere/storageclass-accessor + tag: latest webhook: timeoutSeconds: 5 \ No newline at end of file From 8b1fd2e2ef44af81c3dede17008db8ae60206829 Mon Sep 17 00:00:00 2001 From: stoneshi-yunify Date: Tue, 19 Sep 2023 17:04:43 +0800 Subject: [PATCH 2/3] update storageclass-accessor crd Signed-off-by: stoneshi-yunify --- .../templates/accessor.yaml | 61 ++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/src/main/storageclass-accessor/templates/accessor.yaml b/src/main/storageclass-accessor/templates/accessor.yaml index d5204a656..6a601dd31 100644 --- a/src/main/storageclass-accessor/templates/accessor.yaml +++ b/src/main/storageclass-accessor/templates/accessor.yaml @@ -104,8 +104,67 @@ spec: type: object storageClassName: type: string + workspaceSelector: + properties: + fieldSelector: + items: + properties: + fieldExpressions: + items: + properties: + field: + enum: + - Name + - Status + type: string + operator: + enum: + - In + - NotIn + type: string + values: + items: + type: string + type: array + required: + - field + - operator + - values + type: object + type: array + required: + - fieldExpressions + type: object + type: array + labelSelector: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + required: + - matchExpressions + type: object + type: array + type: object required: - - namespaceSelector - storageClassName type: object type: object From e5a7bcf2603d15110bf198c91d31a91e19017dd2 Mon Sep 17 00:00:00 2001 From: stoneshi-yunify Date: Wed, 20 Sep 2023 10:32:01 +0800 Subject: [PATCH 3/3] fix storageclass-accesor rbac Signed-off-by: stoneshi-yunify --- src/main/storageclass-accessor/templates/rbac.yaml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/main/storageclass-accessor/templates/rbac.yaml b/src/main/storageclass-accessor/templates/rbac.yaml index e2f999361..d7eca1f30 100644 --- a/src/main/storageclass-accessor/templates/rbac.yaml +++ b/src/main/storageclass-accessor/templates/rbac.yaml @@ -12,9 +12,9 @@ metadata: labels: role: controller rules: - - apiGroups: [ "" ] - resources: [ "namespaces" ] - verbs: [ "get", "list", "watch"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] @@ -22,8 +22,11 @@ rules: - apiGroups: ["storage.kubesphere.io"] resources: ["accessors"] - verbs: [ "get", "list", "watch"] + verbs: ["get", "list", "watch"] + - apiGroups: ["tenant.kubesphere.io"] + resources: ["workspaces"] + verbs: ["get", "list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1