From 4aa27ddcdf4da7edb9d8d7649ad0c91b8f121baf Mon Sep 17 00:00:00 2001
From: Cyrill Troxler <cyrill@nine.ch>
Date: Thu, 16 May 2019 18:15:45 +0200
Subject: [PATCH 1/2] Clean up old references to encryptionKey
---
deploy/kubernetes/csi-s3.yaml | 25 -------------------------
deploy/kubernetes/provisioner.yaml | 25 -------------------------
pkg/s3/config.go | 1 -
pkg/s3/s3-client.go | 1 -
test/secret.yaml | 5 -----
5 files changed, 57 deletions(-)
diff --git a/deploy/kubernetes/csi-s3.yaml b/deploy/kubernetes/csi-s3.yaml
index 69bbc5c..d820195 100644
--- a/deploy/kubernetes/csi-s3.yaml
+++ b/deploy/kubernetes/csi-s3.yaml
@@ -92,31 +92,6 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- - name: ACCESS_KEY_ID
- valueFrom:
- secretKeyRef:
- name: csi-s3-secret
- key: accessKeyID
- - name: SECRET_ACCESS_KEY
- valueFrom:
- secretKeyRef:
- name: csi-s3-secret
- key: secretAccessKey
- - name: S3_ENDPOINT
- valueFrom:
- secretKeyRef:
- name: csi-s3-secret
- key: endpoint
- - name: REGION
- valueFrom:
- secretKeyRef:
- name: csi-s3-secret
- key: region
- - name: ENCRYPTION_KEY
- valueFrom:
- secretKeyRef:
- name: csi-s3-secret
- key: encryptionKey
imagePullPolicy: "Always"
volumeMounts:
- name: plugin-dir
diff --git a/deploy/kubernetes/provisioner.yaml b/deploy/kubernetes/provisioner.yaml
index fd7cc07..bc1887f 100644
--- a/deploy/kubernetes/provisioner.yaml
+++ b/deploy/kubernetes/provisioner.yaml
@@ -91,31 +91,6 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- - name: ACCESS_KEY_ID
- valueFrom:
- secretKeyRef:
- name: csi-s3-secret
- key: accessKeyID
- - name: SECRET_ACCESS_KEY
- valueFrom:
- secretKeyRef:
- name: csi-s3-secret
- key: secretAccessKey
- - name: S3_ENDPOINT
- valueFrom:
- secretKeyRef:
- name: csi-s3-secret
- key: endpoint
- - name: REGION
- valueFrom:
- secretKeyRef:
- name: csi-s3-secret
- key: region
- - name: ENCRYPTION_KEY
- valueFrom:
- secretKeyRef:
- name: csi-s3-secret
- key: encryptionKey
imagePullPolicy: "Always"
volumeMounts:
- name: socket-dir
diff --git a/pkg/s3/config.go b/pkg/s3/config.go
index f5b1714..e3d0b9a 100644
--- a/pkg/s3/config.go
+++ b/pkg/s3/config.go
@@ -7,5 +7,4 @@ type Config struct {
Region string
Endpoint string
Mounter string
- EncryptionKey string
}
diff --git a/pkg/s3/s3-client.go b/pkg/s3/s3-client.go
index b85bc67..0f6c727 100644
--- a/pkg/s3/s3-client.go
+++ b/pkg/s3/s3-client.go
@@ -55,7 +55,6 @@ func newS3ClientFromSecrets(secrets map[string]string) (*s3Client, error) {
SecretAccessKey: secrets["secretAccessKey"],
Region: secrets["region"],
Endpoint: secrets["endpoint"],
- EncryptionKey: secrets["encryptionKey"],
// Mounter is set in the volume preferences, not secrets
Mounter: "",
})
diff --git a/test/secret.yaml b/test/secret.yaml
index 1f08c2f..50a57c4 100644
--- a/test/secret.yaml
+++ b/test/secret.yaml
@@ -3,28 +3,23 @@ CreateVolumeSecret:
secretAccessKey: DSG643HGDS
endpoint: http://127.0.0.1:9000
region: ""
- encryptionKey: ""
DeleteVolumeSecret:
accessKeyID: FJDSJ
secretAccessKey: DSG643HGDS
endpoint: http://127.0.0.1:9000
region: ""
- encryptionKey: ""
NodeStageVolumeSecret:
accessKeyID: FJDSJ
secretAccessKey: DSG643HGDS
endpoint: http://127.0.0.1:9000
region: ""
- encryptionKey: ""
NodePublishVolumeSecret:
accessKeyID: FJDSJ
secretAccessKey: DSG643HGDS
endpoint: http://127.0.0.1:9000
region: ""
- encryptionKey: ""
ControllerValidateVolumeCapabilitiesSecret:
accessKeyID: FJDSJ
secretAccessKey: DSG643HGDS
endpoint: http://127.0.0.1:9000
region: ""
- encryptionKey: ""
\ No newline at end of file
From 386e5e3181682395bae94c766070ccdc19f8f992 Mon Sep 17 00:00:00 2001
From: Cyrill Troxler <cyrilltroxler@gmail.com>
Date: Sat, 18 May 2019 11:43:12 +0200
Subject: [PATCH 2/2] Deploy to kube-system by default
---
deploy/kubernetes/attacher.yaml | 4 +++-
deploy/kubernetes/csi-s3.yaml | 3 ++-
deploy/kubernetes/provisioner.yaml | 4 +++-
deploy/kubernetes/{secret.yaml => secret.yaml.sample} | 0
4 files changed, 8 insertions(+), 3 deletions(-)
rename deploy/kubernetes/{secret.yaml => secret.yaml.sample} (100%)
diff --git a/deploy/kubernetes/attacher.yaml b/deploy/kubernetes/attacher.yaml
index 5414597..e944f85 100644
--- a/deploy/kubernetes/attacher.yaml
+++ b/deploy/kubernetes/attacher.yaml
@@ -1,8 +1,8 @@
----
apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-attacher-sa
+ namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
@@ -43,6 +43,7 @@ kind: Service
apiVersion: v1
metadata:
name: csi-attacher-s3
+ namespace: kube-system
labels:
app: csi-attacher-s3
spec:
@@ -56,6 +57,7 @@ kind: StatefulSet
apiVersion: apps/v1beta1
metadata:
name: csi-attacher-s3
+ namespace: kube-system
spec:
serviceName: "csi-attacher-s3"
replicas: 1
diff --git a/deploy/kubernetes/csi-s3.yaml b/deploy/kubernetes/csi-s3.yaml
index d820195..316e3a1 100644
--- a/deploy/kubernetes/csi-s3.yaml
+++ b/deploy/kubernetes/csi-s3.yaml
@@ -1,8 +1,8 @@
----
apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-s3
+ namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
@@ -42,6 +42,7 @@ kind: DaemonSet
apiVersion: apps/v1beta2
metadata:
name: csi-s3
+ namespace: kube-system
spec:
selector:
matchLabels:
diff --git a/deploy/kubernetes/provisioner.yaml b/deploy/kubernetes/provisioner.yaml
index bc1887f..25a45fc 100644
--- a/deploy/kubernetes/provisioner.yaml
+++ b/deploy/kubernetes/provisioner.yaml
@@ -1,8 +1,8 @@
----
apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-provisioner-sa
+ namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
@@ -42,6 +42,7 @@ kind: Service
apiVersion: v1
metadata:
name: csi-provisioner-s3
+ namespace: kube-system
labels:
app: csi-provisioner-s3
spec:
@@ -55,6 +56,7 @@ kind: StatefulSet
apiVersion: apps/v1beta1
metadata:
name: csi-provisioner-s3
+ namespace: kube-system
spec:
serviceName: "csi-provisioner-s3"
replicas: 1
diff --git a/deploy/kubernetes/secret.yaml b/deploy/kubernetes/secret.yaml.sample
similarity index 100%
rename from deploy/kubernetes/secret.yaml
rename to deploy/kubernetes/secret.yaml.sample