Fix restarts in controller/nodeServer pod + sync manifests(#115)

* Bug fixes + sync sc

Author: prankulmahajan

deploy/kubernetes/driver/kubernetes/manifests/controller-server.yaml

@@ -7,11 +7,16 @@ metadata:
   labels:
     app.kubernetes.io/name: ibm-vpc-file-csi-driver
 spec:
-  replicas: 1
+  replicas: 2
   selector:
     matchLabels:
       app: ibm-vpc-file-csi-controller
       app.kubernetes.io/name: ibm-vpc-file-csi-driver
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
   template:
     metadata:
       annotations:
@@ -40,6 +45,9 @@ spec:
             - "--csi-address=$(CSI_ADDRESS)"
             - "--timeout=600s"
             - "--feature-gates=Topology=true"
+            - "--leader-election=true"
+            - "--kube-api-qps=15"
+            - "--kube-api-burst=20"
           env:
             - name: CSI_ADDRESS
               valueFrom:
@@ -67,6 +75,9 @@ spec:
             - "--csi-address=$(ADDRESS)"
             - "--timeout=600s"
             - "--handle-volume-inuse-error=false"
+            - "--leader-election=true"
+            - "--kube-api-qps=15"
+            - "--kube-api-burst=20"
           env:
             - name: ADDRESS
               value: /csi/csi-vpc-file.sock
@@ -200,11 +211,11 @@ spec:
                   key: SIDECAR_ENDPOINT
           resources:
             limits:
-              cpu: 12m
-              memory: 20Mi
+              cpu: 60m
+              memory: 80Mi
             requests:
-              cpu: 3m
-              memory: 5Mi
+              cpu: 15m
+              memory: 20Mi
           volumeMounts:
             - mountPath: /sidecardir
               name: socket-dir

deploy/kubernetes/driver/kubernetes/manifests/csidriver.yaml

@@ -7,5 +7,6 @@ metadata:
 spec:
   attachRequired: false
   podInfoOnMount: true
+  fsGroupPolicy: ReadWriteOnceWithFSType
   volumeLifecycleModes:
   - Persistent

deploy/kubernetes/driver/kubernetes/manifests/node-server.yaml

@@ -39,6 +39,14 @@ spec:
             - "--v=5"
             - "--csi-address=$(CSI_ADDRESS)"
             - "--kubelet-registration-path=$(DRIVER_REGISTRATION_SOCK)"
+          livenessProbe: # GoodToHave check https://github.com/kubernetes-csi/node-driver-registrar?tab=readme-ov-file#health-check-with-the-http-server
+            exec:
+              command:
+              - /csi-node-driver-registrar
+              - --kubelet-registration-path=$(DRIVER_REGISTRATION_SOCK)
+              - --mode=kubelet-registration-probe
+            initialDelaySeconds: 30
+            timeoutSeconds: 15
           env:
             - name: CSI_ADDRESS
               valueFrom:
@@ -190,6 +198,13 @@ spec:
                 configMapKeyRef:
                   name: ibm-vpc-file-csi-configmap
                   key: SIDECAR_ENDPOINT
+          resources:
+            limits:
+              cpu: 60m
+              memory: 80Mi
+            requests:
+              cpu: 15m
+              memory: 20Mi
           volumeMounts:
             - mountPath: /sidecardir
               name: secret-sidecar-sock-dir
@@ -249,3 +264,4 @@ spec:
         - name: mh-logs
           hostPath:
             path: /opt/ibm/mount-ibmshare/
+          type: DirectoryOrCreate

deploy/kubernetes/storageclass/ibmc-vpc-file-1000-iops.yaml

@@ -0,0 +1,31 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: ibmc-vpc-file-1000-iops
+  labels:
+    app.kubernetes.io/name: ibm-vpc-file-csi-driver
+provisioner: vpc.file.csi.ibm.io
+mountOptions:
+  - hard
+  - nfsvers=4.1
+  - sec=sys
+parameters:
+  profile: "dp2"   #The VPC Storage profile used. https://cloud.ibm.com/docs/vpc?topic=vpc-file-storage-profiles
+  iops: "1000"    # All PVC will get this fixed iops provisioned by using this storageclass. 
+  billingType: "hourly"  # The default billing policy used. The uer can override this default.
+  encrypted: "false"     # By default, encryption is managed by cloud provider. User can override this default.
+  encryptionKey: ""      # If encrypted is true, then a user must specify the CRK-CRN.
+  resourceGroup: ""      # By default resource group will be used from storage-secrete-store secret, User can override.
+  isENIEnabled: "true"   # VPC File Share ENI/VNI feature will be used by all PVCs created with this storage class.
+  securityGroupIDs: ""   # By default cluster security group i.e kube-<clusterID> will be used. User can provide their own command separated SGs.
+  subnetID: ""    # User can provide subnetID in which the ENI/VNI will be created. Zone and region are mandatory for this. If not provided CSI driver will use the subnetID available in the cluster' VPC zone.
+  region: ""             # By VPC CSI driver will select a region from cluster node's topology. The user can override this default.
+  zone: "" # By VPC CSI driver will select a region from cluster node's topology. The user can override this default.
+  primaryIPID: "" # Existing ID of reserved IP from the same subnet as the file share zone. Zone and region are mandatory for this. SubnetID is not mandatory for this.
+  primaryIPAddress: "" # IPAddress for ENI/VNI to be created in the respective subnet of the zone. Zone, region and subnetID are mandatory for this.
+  tags: ""             # User can add a list of tags "a, b, c" that will be used at the time of provisioning file share, by default CSI driver has its own tags.
+  uid: "0"             # The initial user identifier for the file share, by default its root.
+  gid: "0"             # The initial group identifier for the file share, by default its root.
+  classVersion: "1"
+reclaimPolicy: "Delete"
+allowVolumeExpansion: true

deploy/kubernetes/storageclass/ibmc-vpc-file-3000-iops.yaml

@@ -0,0 +1,31 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: ibmc-vpc-file-3000-iops
+  labels:
+    app.kubernetes.io/name: ibm-vpc-file-csi-driver
+provisioner: vpc.file.csi.ibm.io
+mountOptions:
+  - hard
+  - nfsvers=4.1
+  - sec=sys
+parameters:
+  profile: "dp2"   #The VPC Storage profile used. https://cloud.ibm.com/docs/vpc?topic=vpc-file-storage-profiles
+  iops: "3000"    # All PVC will get this fixed iops provisioned by using this storageclass. 
+  billingType: "hourly"  # The default billing policy used. The uer can override this default.
+  encrypted: "false"     # By default, encryption is managed by cloud provider. User can override this default.
+  encryptionKey: ""      # If encrypted is true, then a user must specify the CRK-CRN.
+  resourceGroup: ""      # By default resource group will be used from storage-secrete-store secret, User can override.
+  isENIEnabled: "true"   # VPC File Share ENI/VNI feature will be used by all PVCs created with this storage class.
+  securityGroupIDs: ""   # By default cluster security group i.e kube-<clusterID> will be used. User can provide their own command separated SGs.
+  subnetID: ""    # User can provide subnetID in which the ENI/VNI will be created. Zone and region are mandatory for this. If not provided CSI driver will use the subnetID available in the cluster' VPC zone.
+  region: ""             # By VPC CSI driver will select a region from cluster node's topology. The user can override this default.
+  zone: "" # By VPC CSI driver will select a region from cluster node's topology. The user can override this default.
+  primaryIPID: "" # Existing ID of reserved IP from the same subnet as the file share zone. Zone and region are mandatory for this. SubnetID is not mandatory for this.
+  primaryIPAddress: "" # IPAddress for ENI/VNI to be created in the respective subnet of the zone. Zone, region and subnetID are mandatory for this.
+  tags: ""             # User can add a list of tags "a, b, c" that will be used at the time of provisioning file share, by default CSI driver has its own tags.
+  uid: "0"             # The initial user identifier for the file share, by default its root.
+  gid: "0"             # The initial group identifier for the file share, by default its root.
+  classVersion: "1"
+reclaimPolicy: "Delete"
+allowVolumeExpansion: true

deploy/kubernetes/storageclass/ibmc-vpc-file-500-iops.yaml

@@ -0,0 +1,31 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: ibmc-vpc-file-500-iops
+  labels:
+    app.kubernetes.io/name: ibm-vpc-file-csi-driver
+provisioner: vpc.file.csi.ibm.io
+mountOptions:
+  - hard
+  - nfsvers=4.1
+  - sec=sys
+parameters:
+  profile: "dp2"   #The VPC Storage profile used. https://cloud.ibm.com/docs/vpc?topic=vpc-file-storage-profiles
+  iops: "500"    # All PVC will get this fixed iops provisioned by using this storageclass. 
+  billingType: "hourly"  # The default billing policy used. The uer can override this default.
+  encrypted: "false"     # By default, encryption is managed by cloud provider. User can override this default.
+  encryptionKey: ""      # If encrypted is true, then a user must specify the CRK-CRN.
+  resourceGroup: ""      # By default resource group will be used from storage-secrete-store secret, User can override.
+  isENIEnabled: "true"   # VPC File Share ENI/VNI feature will be used by all PVCs created with this storage class.
+  securityGroupIDs: ""   # By default cluster security group i.e kube-<clusterID> will be used. User can provide their own command separated SGs.
+  subnetID: ""    # User can provide subnetID in which the ENI/VNI will be created. Zone and region are mandatory for this. If not provided CSI driver will use the subnetID available in the cluster' VPC zone.
+  region: ""             # By VPC CSI driver will select a region from cluster node's topology. The user can override this default.
+  zone: "" # By VPC CSI driver will select a region from cluster node's topology. The user can override this default.
+  primaryIPID: "" # Existing ID of reserved IP from the same subnet as the file share zone. Zone and region are mandatory for this. SubnetID is not mandatory for this.
+  primaryIPAddress: "" # IPAddress for ENI/VNI to be created in the respective subnet of the zone. Zone, region and subnetID are mandatory for this.
+  tags: ""             # User can add a list of tags "a, b, c" that will be used at the time of provisioning file share, by default CSI driver has its own tags.
+  uid: "0"             # The initial user identifier for the file share, by default its root.
+  gid: "0"             # The initial group identifier for the file share, by default its root.
+  classVersion: "1"
+reclaimPolicy: "Delete"
+allowVolumeExpansion: true

deploy/kubernetes/storageclass/ibmc-vpc-file-dp2-StorageClass.yaml

@@ -0,0 +1,28 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: ibmc-vpc-file-eit
+  labels:
+    app.kubernetes.io/name: ibm-vpc-file-csi-driver
+provisioner: vpc.file.csi.ibm.io
+parameters:
+  profile: "dp2"   # The VPC Storage profile used. https://cloud.ibm.com/docs/vpc?topic=vpc-file-storage-profiles.
+  billingType: "hourly"  # The default billing policy used. The uer can override this default.
+  iops: "1000"    # All PVC will get this fixed iops provisioned by using this storageclass.
+  encrypted: "false"     # By default, encryption is managed by cloud provider. User can override this default.
+  encryptionKey: ""      # If encrypted is true, then a user must specify the CRK-CRN.
+  resourceGroup: ""      # By default resource group will be used from storage-secrete-store secret, User can override.
+  isENIEnabled: "true"   # VPC File Share ENI/VNI feature will be used by all PVCs created with this storage class.
+  isEITEnabled: "true"   # VPC File Share will have EIT enabled.
+  securityGroupIDs: ""   # By default cluster security group i.e kube-<clusterID> will be used. User can provide their own command separated SGs.
+  subnetID: ""    # User can provide subnetID in which the ENI/VNI will be created. Zone and region are mandatory for this. If not provided CSI driver will use the subnetID available in the cluster' VPC zone.
+  region: ""             # By VPC CSI driver will select a region from cluster node's topology. The user can override this default.
+  zone: "" # By VPC CSI driver will select a region from cluster node's topology. The user can override this default.
+  primaryIPID: "" # Existing ID of reserved IP from the same subnet as the file share zone. Zone and region are mandatory for this. SubnetID is not mandatory for this.
+  primaryIPAddress: "" # IPAddress for ENI/VNI to be created in the respective subnet of the zone. Zone, region and subnetID are mandatory for this.
+  tags: ""             # User can add a list of tags "a, b, c" that will be used at the time of provisioning file share, by default CSI driver has its own tags.
+  uid: "0"             # The initial user identifier for the file share, by default its root.
+  gid: "0"             # The initial group identifier for the file share, by default its root.
+  classVersion: "1"
+reclaimPolicy: "Delete"
+allowVolumeExpansion: true