RubyGems - porkadot - Versions diffs - 0.18.0 → 0.20.0 - Mend

porkadot 0.18.0 → 0.20.0

Files changed (30) hide show

data/lib/porkadot/assets/kubernetes/manifests/kube-apiserver.secrets.yaml.erb CHANGED Viewed

@@ -11,6 +11,7 @@ data:
   kubelet-client.crt: <%= certs.kubernetes.to_base64(:kubelet_client_cert) %>
   kubelet-client.key: <%= certs.kubernetes.to_base64(:kubelet_client_key) %>
   sa.pub: <%= certs.kubernetes.to_base64(:sa_public_key) %>
+  sa.key: <%= certs.kubernetes.to_base64(:sa_private_key) %>
 kind: Secret
 metadata:
   name: kube-apiserver

data/lib/porkadot/assets/kubernetes/manifests/kubelet-rubber-stamp.yaml.erb CHANGED Viewed

@@ -51,7 +51,7 @@ roleRef:
   name: kubelet-rubber-stamp
   apiGroup: rbac.authorization.k8s.io
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: kubelet-rubber-stamp

data/lib/porkadot/assets/kubernetes/manifests/metallb.secrets.yaml.erb ADDED Viewed

@@ -0,0 +1,13 @@
+<% require 'securerandom' -%>
+<% k8s = global_config.k8s -%>
+---
+apiVersion: v1
+stringData:
+  secretkey: <%= SecureRandom.base64(128) %>
+kind: Secret
+metadata:
+  name: memberlist
+  namespace: metallb-system
+  labels:
+    app: metallb
+type: Opaque

data/lib/porkadot/assets/kubernetes/manifests/metallb.yaml.erb CHANGED Viewed

@@ -8,6 +8,48 @@ metadata:
 ---
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
+metadata:
+  labels:
+    app: metallb
+  name: controller
+  namespace: metallb-system
+spec:
+  allowPrivilegeEscalation: false
+  allowedCapabilities: []
+  allowedHostPaths: []
+  defaultAddCapabilities: []
+  defaultAllowPrivilegeEscalation: false
+  fsGroup:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  hostIPC: false
+  hostNetwork: false
+  hostPID: false
+  privileged: false
+  readOnlyRootFilesystem: true
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  volumes:
+  - configMap
+  - secret
+  - emptyDir
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
 metadata:
   labels:
     app: metallb
@@ -19,13 +61,21 @@ spec:
   - NET_ADMIN
   - NET_RAW
   - SYS_ADMIN
+  allowedHostPaths: []
+  defaultAddCapabilities: []
+  defaultAllowPrivilegeEscalation: false
   fsGroup:
     rule: RunAsAny
+  hostIPC: false
   hostNetwork: true
+  hostPID: false
   hostPorts:
   - max: 7472
     min: 7472
   privileged: true
+  readOnlyRootFilesystem: true
+  requiredDropCapabilities:
+  - ALL
   runAsUser:
     rule: RunAsAny
   seLinux:
@@ -33,7 +83,9 @@ spec:
   supplementalGroups:
     rule: RunAsAny
   volumes:
-  - '*'
+  - configMap
+  - secret
+  - emptyDir
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -80,6 +132,14 @@ rules:
   verbs:
   - create
   - patch
+- apiGroups:
+  - policy
+  resourceNames:
+  - controller
+  resources:
+  - podsecuritypolicies
+  verbs:
+  - use
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -106,7 +166,7 @@ rules:
   - create
   - patch
 - apiGroups:
-  - extensions
+  - policy
   resourceNames:
   - speaker
   resources:
@@ -132,6 +192,21 @@ rules:
   - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app: metallb
+  name: pod-lister
+  namespace: metallb-system
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
@@ -178,6 +253,21 @@ subjects:
 - kind: ServiceAccount
   name: speaker
 ---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app: metallb
+  name: pod-lister
+  namespace: metallb-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: pod-lister
+subjects:
+- kind: ServiceAccount
+  name: speaker
+---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -200,24 +290,6 @@ spec:
         app: metallb
         component: speaker
     spec:
-      initContainers:
-      - command:
-        - "iptables"
-        - "-P"
-        - "FORWARD"
-        - "ACCEPT"
-        image: <%= k8s.image_repository %>/kube-proxy:<%= k8s.kubernetes_version %>
-        imagePullPolicy: IfNotPresent
-        name: default-iptables
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            add:
-            - NET_ADMIN
-            - NET_RAW
-            drop:
-            - ALL
-          readOnlyRootFilesystem: true
       containers:
       - args:
         - --port=7472
@@ -231,8 +303,26 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: status.hostIP
-        image: metallb/speaker:v0.8.2
-        imagePullPolicy: IfNotPresent
+        - name: METALLB_ML_BIND_ADDR
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        # needed when another software is also using memberlist / port 7946
+        #- name: METALLB_ML_BIND_PORT
+        #  value: "7946"
+        - name: METALLB_ML_LABELS
+          value: "app=metallb,component=speaker"
+        - name: METALLB_ML_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: METALLB_ML_SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: memberlist
+              key: secretkey
+        image: metallb/speaker:v0.9.4
+        imagePullPolicy: Always
         name: speaker
         ports:
         - containerPort: 7472
@@ -253,9 +343,9 @@ spec:
           readOnlyRootFilesystem: true
       hostNetwork: true
       nodeSelector:
-        kubernetes.io/os: linux
+        beta.kubernetes.io/os: linux
       serviceAccountName: speaker
-      terminationGracePeriodSeconds: 0
+      terminationGracePeriodSeconds: 2
       tolerations:
       - effect: NoSchedule
         key: node-role.kubernetes.io/master
@@ -287,8 +377,8 @@ spec:
       - args:
         - --port=7472
         - --config=config
-        image: metallb/controller:v0.8.2
-        imagePullPolicy: IfNotPresent
+        image: metallb/controller:v0.9.5
+        imagePullPolicy: Always
         name: controller
         ports:
         - containerPort: 7472

data/lib/porkadot/assets/kubernetes/manifests/storage-version-migrator.yaml.erb CHANGED Viewed

@@ -1,327 +1,357 @@
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kube-system
+---
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
-  name: storageversionmigrations.migration.k8s.io
+  annotations:
+    api-approved.kubernetes.io: https://github.com/kubernetes/enhancements/pull/747
+  name: storagestates.migration.k8s.io
 spec:
   group: migration.k8s.io
   names:
-    kind: StorageVersionMigration
-    listKind: StorageVersionMigrationList
-    plural: storageversionmigrations
-    singular: storageversionmigration
+    kind: StorageState
+    listKind: StorageStateList
+    plural: storagestates
+    singular: storagestate
+  preserveUnknownFields: false
   scope: Cluster
-  subresources:
-    status: {}
-  version: v1alpha1
   versions:
   - name: v1alpha1
-    served: true
-    storage: true
-  "validation":
-    "openAPIV3Schema":
-      description: StorageVersionMigration represents a migration of stored data to
-        the latest storage version.
-      type: object
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: Specification of the migration.
-          type: object
-          required:
-          - resource
-          properties:
-            continueToken:
-              description: The token used in the list options to get the next chunk
-                of objects to migrate. When the .status.conditions indicates the migration
-                is "Running", users can use this token to check the progress of the
-                migration.
-              type: string
-            resource:
-              description: The resource that is being migrated. The migrator sends
-                requests to the endpoint serving the resource. Immutable.
-              type: object
-              properties:
-                group:
-                  description: The name of the group.
-                  type: string
-                resource:
-                  description: The name of the resource.
-                  type: string
-                version:
-                  description: The name of the version.
-                  type: string
-        status:
-          description: Status of the migration.
-          type: object
-          properties:
-            conditions:
-              description: The latest available observations of the migration's current
-                state.
-              type: array
-              items:
-                description: Describes the state of a migration at a certain point.
-                type: object
-                required:
-                - status
-                - type
+    schema:
+      openAPIV3Schema:
+        description: The state of the storage of a specific resource.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            properties:
+              name:
+                description: name must be "<.spec.resource.resouce>.<.spec.resource.group>".
+                type: string
+            type: object
+          spec:
+            description: Specification of the storage state.
+            properties:
+              resource:
+                description: The resource this storageState is about.
                 properties:
-                  lastUpdateTime:
-                    description: The last time this condition was updated.
+                  group:
+                    description: The name of the group.
                     type: string
-                    format: date-time
-                  message:
-                    description: A human readable message indicating details about
-                      the transition.
-                    type: string
-                  reason:
-                    description: The reason for the condition's last transition.
-                    type: string
-                  status:
-                    description: Status of the condition, one of True, False, Unknown.
-                    type: string
-                  type:
-                    description: Type of the condition.
+                  resource:
+                    description: The name of the resource.
                     type: string
+                type: object
+            type: object
+          status:
+            description: Status of the storage state.
+            properties:
+              currentStorageVersionHash:
+                description: The hash value of the current storage version, as shown
+                  in the discovery document served by the API server. Storage Version
+                  is the version to which objects are converted to before persisted.
+                type: string
+              lastHeartbeatTime:
+                description: LastHeartbeatTime is the last time the storage migration
+                  triggering controller checks the storage version hash of this resource
+                  in the discovery document and updates this field.
+                format: date-time
+                type: string
+              persistedStorageVersionHashes:
+                description: The hash values of storage versions that persisted instances
+                  of spec.resource might still be encoded in. "Unknown" is a valid
+                  value in the list, and is the default value. It is not safe to upgrade
+                  or downgrade to an apiserver binary that does not support all versions
+                  listed in this field, or if "Unknown" is listed. Once the storage
+                  version migration for this resource has completed, the value of
+                  this field is refined to only contain the currentStorageVersionHash.
+                  Once the apiserver has changed the storage version, the new storage
+                  version is appended to the list.
+                items:
+                  type: string
+                type: array
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
-  name: storagestates.migration.k8s.io
+  annotations:
+    api-approved.kubernetes.io: https://github.com/kubernetes/community/pull/2524
+  name: storageversionmigrations.migration.k8s.io
 spec:
   group: migration.k8s.io
   names:
-    kind: StorageState
-    listKind: StorageStateList
-    plural: storagestates
-    singular: storagestate
+    kind: StorageVersionMigration
+    listKind: StorageVersionMigrationList
+    plural: storageversionmigrations
+    singular: storageversionmigration
+  preserveUnknownFields: false
   scope: Cluster
-  subresources:
-    status: {}
-  version: v1alpha1
   versions:
   - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: StorageVersionMigration represents a migration of stored data
+          to the latest storage version.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: Specification of the migration.
+            properties:
+              continueToken:
+                description: The token used in the list options to get the next chunk
+                  of objects to migrate. When the .status.conditions indicates the
+                  migration is "Running", users can use this token to check the progress
+                  of the migration.
+                type: string
+              resource:
+                description: The resource that is being migrated. The migrator sends
+                  requests to the endpoint serving the resource. Immutable.
+                properties:
+                  group:
+                    description: The name of the group.
+                    type: string
+                  resource:
+                    description: The name of the resource.
+                    type: string
+                  version:
+                    description: The name of the version.
+                    type: string
+                type: object
+            required:
+            - resource
+            type: object
+          status:
+            description: Status of the migration.
+            properties:
+              conditions:
+                description: The latest available observations of the migration's
+                  current state.
+                items:
+                  description: Describes the state of a migration at a certain point.
+                  properties:
+                    lastUpdateTime:
+                      description: The last time this condition was updated.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of the condition.
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+            type: object
+        type: object
     served: true
     storage: true
-  "validation":
-    "openAPIV3Schema":
-      description: The state of the storage of a specific resource.
-      type: object
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          description: The name must be "<.spec.resource.resouce>.<.spec.resource.group>".
-          type: object
-        spec:
-          description: Specification of the storage state.
-          type: object
-          properties:
-            resource:
-              description: The resource this storageState is about.
-              type: object
-              properties:
-                group:
-                  description: The name of the group.
-                  type: string
-                resource:
-                  description: The name of the resource.
-                  type: string
-        status:
-          description: Status of the storage state.
-          type: object
-          properties:
-            currentStorageVersionHash:
-              description: The hash value of the current storage version, as shown
-                in the discovery document served by the API server. Storage Version
-                is the version to which objects are converted to before persisted.
-              type: string
-            lastHeartbeatTime:
-              description: LastHeartbeatTime is the last time the storage migration
-                triggering controller checks the storage version hash of this resource
-                in the discovery document and updates this field.
-              type: string
-              format: date-time
-            persistedStorageVersionHashes:
-              description: The hash values of storage versions that persisted instances
-                of spec.resource might still be encoded in. "Unknown" is a valid value
-                in the list, and is the default value. It is not safe to upgrade or
-                downgrade to an apiserver binary that does not support all versions
-                listed in this field, or if "Unknown" is listed. Once the storage
-                version migration for this resource has completed, the value of this
-                field is refined to only contain the currentStorageVersionHash. Once
-                the apiserver has changed the storage version, the new storage version
-                is appended to the list.
-              type: array
-              items:
-                type: string
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: kube-system
+    subresources:
+      status: {}
 ---
-kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
-  name: storage-version-migration-trigger
+  name: storage-version-migration-crd-creator
 rules:
-- apiGroups: ["migration.k8s.io"]
-  resources: ["storagestates"]
-  verbs: ["watch", "get", "list", "delete", "create", "update"]
-- apiGroups: ["migration.k8s.io"]
-  resources: ["storageversionmigrations"]
-  verbs: ["watch", "get", "list", "delete", "create"]
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - create
+  - delete
+  - get
 ---
-kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
-  name: storage-version-migration-crd-creator
+  name: storage-version-migration-initializer
 rules:
-- apiGroups: ["apiextensions.k8s.io"]
-  resources: ["customresourcedefinitions"]
-  verbs: ["create", "delete", "get"]
+- apiGroups:
+  - migration.k8s.io
+  resources:
+  - storageversionmigrations
+  verbs:
+  - create
 ---
-kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
-  name: storage-version-migration-initializer
+  name: storage-version-migration-trigger
 rules:
-- apiGroups: ["migration.k8s.io"]
-  resources: ["storageversionmigrations"]
-  verbs: ["create"]
+- apiGroups:
+  - migration.k8s.io
+  resources:
+  - storagestates
+  verbs:
+  - watch
+  - get
+  - list
+  - delete
+  - create
+  - update
+- apiGroups:
+  - migration.k8s.io
+  resources:
+  - storageversionmigrations
+  verbs:
+  - watch
+  - get
+  - list
+  - delete
+  - create
 ---
-kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: storage-version-migration-migrator
+  name: storage-version-migration-crd-creator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: storage-version-migration-crd-creator
 subjects:
 - kind: ServiceAccount
   name: default
   namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: cluster-admin
-  apiGroup: rbac.authorization.k8s.io
 ---
-kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: storage-version-migration-trigger
+  name: storage-version-migration-initializer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: storage-version-migration-initializer
 subjects:
 - kind: ServiceAccount
   name: default
   namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: storage-version-migration-trigger
-  apiGroup: rbac.authorization.k8s.io
 ---
-kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: storage-version-migration-crd-creator
+  name: storage-version-migration-migrator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
 subjects:
 - kind: ServiceAccount
   name: default
   namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: storage-version-migration-crd-creator
-  apiGroup: rbac.authorization.k8s.io
 ---
-kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
-  name: storage-version-migration-initializer
+  name: storage-version-migration-trigger
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: storage-version-migration-trigger
 subjects:
 - kind: ServiceAccount
   name: default
   namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: storage-version-migration-initializer
-  apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: trigger
-  namespace: kube-system
   labels:
-    app: trigger
+    app: migrator
+  name: migrator
+  namespace: kube-system
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: trigger
+      app: migrator
   template:
     metadata:
       labels:
-        app: trigger
+        app: migrator
     spec:
       containers:
-      - name: trigger
-        image: yuanying/storage-version-migration-trigger:v0.1
-        args:
-        - --kubeconfig=/etc/trigger/kubeconfig
+      - command:
+        - /migrator
+        - --v=2
+        - --alsologtostderr
+        - --kube-api-qps=40
+        - --kube-api-burst=1000
+        - --kubeconfig=/etc/migrator/kubeconfig
+        image: asia.gcr.io/k8s-artifacts-prod/storage-migrator/storage-version-migration-migrator:v0.0.3
+        name: migrator
         volumeMounts:
-        - mountPath: /etc/trigger
+        - mountPath: /etc/migrator
           name: kubeconfig
       volumes:
-      - name: kubeconfig
-        configMap:
+      - configMap:
           name: kubeconfig-in-cluster-latest
+        name: kubeconfig
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: migrator
-  namespace: kube-system
   labels:
-    app: migrator
+    app: trigger
+  name: trigger
+  namespace: kube-system
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: migrator
+      app: trigger
   template:
     metadata:
       labels:
-        app: migrator
+        app: trigger
     spec:
       containers:
-      - name: migrator
-        image: yuanying/storage-version-migration-migrator:v0.1
-        command:
-          - /migrator
-          - --v=2
-          - --alsologtostderr
-          - --kube-api-qps=40
-          - --kube-api-burst=1000
-          - --kubeconfig=/etc/migrator/kubeconfig
+      - args:
+        - --kubeconfig=/etc/migrator/kubeconfig
+        image: asia.gcr.io/k8s-artifacts-prod/storage-migrator/storage-version-migration-trigger:v0.0.3
+        name: trigger
         volumeMounts:
         - mountPath: /etc/migrator
           name: kubeconfig
       volumes:
-      - name: kubeconfig
-        configMap:
+      - configMap:
           name: kubeconfig-in-cluster-latest
+        name: kubeconfig