m/node/kubernetes: implement storage resizing
This implements persistent volume resizing in the storage provisioner.
The logic is based on https://github.com/kubernetes-csi/external-resizer
The mutation caches are an optimization to prevent unnecessary repeated
processing, because they make the controller remember changes that it
has made itself, when the watch events for those changes have not
arrived yet.
The controller supports the RecoverVolumeExpansionFailure feature, which
allows reducing the requested size when the previous resize fails due to
insufficient space. When resize fails, it is retried with backoff.
Change-Id: I0f3d40c1a592b30d25739f5d20b529dfe25dfbe1
Reviewed-on: https://review.monogon.dev/c/monogon/+/4008
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI
diff --git a/metropolis/node/kubernetes/reconciler/resources_rbac.go b/metropolis/node/kubernetes/reconciler/resources_rbac.go
index 9ce9942..bf9885c 100644
--- a/metropolis/node/kubernetes/reconciler/resources_rbac.go
+++ b/metropolis/node/kubernetes/reconciler/resources_rbac.go
@@ -73,8 +73,18 @@
},
{
APIGroups: []string{""},
- Resources: []string{"persistentvolumes", "persistentvolumeclaims"},
- Verbs: []string{"*"},
+ Resources: []string{"persistentvolumes"},
+ Verbs: []string{"get", "list", "watch", "create", "patch", "delete"},
+ },
+ {
+ APIGroups: []string{""},
+ Resources: []string{"persistentvolumeclaims"},
+ Verbs: []string{"get", "list", "watch"},
+ },
+ {
+ APIGroups: []string{""},
+ Resources: []string{"persistentvolumeclaims/status"},
+ Verbs: []string{"patch"},
},
},
},