2019-02-07 09:59:26 +00:00
|
|
|
---
|
2018-01-09 18:59:50 +00:00
|
|
|
kind: DaemonSet
|
2019-06-19 09:05:44 +00:00
|
|
|
apiVersion: apps/v1
|
2018-01-09 18:59:50 +00:00
|
|
|
metadata:
|
2018-03-06 22:33:57 +00:00
|
|
|
name: csi-rbdplugin
|
2021-07-30 17:15:34 +00:00
|
|
|
# replace with non-default namespace name
|
|
|
|
namespace: default
|
2018-01-09 18:59:50 +00:00
|
|
|
spec:
|
|
|
|
selector:
|
|
|
|
matchLabels:
|
2018-03-06 22:33:57 +00:00
|
|
|
app: csi-rbdplugin
|
2018-01-09 18:59:50 +00:00
|
|
|
template:
|
|
|
|
metadata:
|
|
|
|
labels:
|
2018-03-06 22:33:57 +00:00
|
|
|
app: csi-rbdplugin
|
2018-01-09 18:59:50 +00:00
|
|
|
spec:
|
2021-04-05 11:43:45 +00:00
|
|
|
serviceAccountName: rbd-csi-nodeplugin
|
2018-01-09 18:59:50 +00:00
|
|
|
hostNetwork: true
|
2019-02-07 09:59:26 +00:00
|
|
|
hostPID: true
|
2020-05-05 08:27:38 +00:00
|
|
|
priorityClassName: system-node-critical
|
2018-09-19 14:37:58 +00:00
|
|
|
# to use e.g. Rook orchestrated cluster, and mons' FQDN is
|
|
|
|
# resolved through k8s service, set dns policy to cluster first
|
2019-02-07 09:59:26 +00:00
|
|
|
dnsPolicy: ClusterFirstWithHostNet
|
2018-01-09 18:59:50 +00:00
|
|
|
containers:
|
|
|
|
- name: driver-registrar
|
2020-01-13 04:14:18 +00:00
|
|
|
# This is necessary only for systems with SELinux, where
|
|
|
|
# non-privileged sidecar containers cannot access unix domain socket
|
|
|
|
# created by privileged CSI driver container.
|
|
|
|
securityContext:
|
|
|
|
privileged: true
|
2022-04-12 05:45:44 +00:00
|
|
|
allowPrivilegeEscalation: true
|
2022-05-17 08:56:08 +00:00
|
|
|
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1
|
2018-01-09 18:59:50 +00:00
|
|
|
args:
|
|
|
|
- "--v=5"
|
2019-01-22 16:31:55 +00:00
|
|
|
- "--csi-address=/csi/csi.sock"
|
2019-03-13 05:09:58 +00:00
|
|
|
- "--kubelet-registration-path=/var/lib/kubelet/plugins/rbd.csi.ceph.com/csi.sock"
|
2018-01-09 18:59:50 +00:00
|
|
|
env:
|
|
|
|
- name: KUBE_NODE_NAME
|
|
|
|
valueFrom:
|
|
|
|
fieldRef:
|
|
|
|
fieldPath: spec.nodeName
|
|
|
|
volumeMounts:
|
2019-07-03 10:02:36 +00:00
|
|
|
- name: socket-dir
|
2019-01-22 16:31:55 +00:00
|
|
|
mountPath: /csi
|
2018-09-10 19:16:17 +00:00
|
|
|
- name: registration-dir
|
|
|
|
mountPath: /registration
|
2018-09-17 18:12:22 +00:00
|
|
|
- name: csi-rbdplugin
|
2018-01-09 18:59:50 +00:00
|
|
|
securityContext:
|
|
|
|
privileged: true
|
|
|
|
capabilities:
|
|
|
|
add: ["SYS_ADMIN"]
|
|
|
|
allowPrivilegeEscalation: true
|
2019-05-24 11:03:33 +00:00
|
|
|
# for stable functionality replace canary with latest release version
|
|
|
|
image: quay.io/cephcsi/cephcsi:canary
|
2019-02-07 09:59:26 +00:00
|
|
|
args:
|
2018-01-09 18:59:50 +00:00
|
|
|
- "--nodeid=$(NODE_ID)"
|
2021-05-31 11:11:01 +00:00
|
|
|
- "--pluginpath=/var/lib/kubelet/plugins"
|
rbd: add volume healer
Problem:
-------
For rbd nbd userspace mounter backends, after a restart of the nodeplugin
all the mounts will start seeing IO errors. This is because, for rbd-nbd
backends there will be a userspace mount daemon running per volume, post
restart of the nodeplugin pod, there is no way to restore the daemons
back to life.
Solution:
--------
The volume healer is a one-time activity that is triggered at the startup
time of the rbd nodeplugin. It navigates through the list of volume
attachments on the node and acts accordingly.
For now, it is limited to nbd type storage only, but it is flexible and
can be extended in the future for other backend types as needed.
From a few feets above:
This solves a severe problem for nbd backed csi volumes. The healer while
going through the list of volume attachments on the node, if finds the
volume is in attached state and is of type nbd, then it will attempt to
fix the rbd-nbd volumes by sending a NodeStageVolume request with the
required volume attributes like secrets, device name, image attributes,
and etc.. which will finally help start the required rbd-nbd daemons in
the nodeplugin csi-rbdplugin container. This will allow reattaching the
backend images with the right nbd device, thus allowing the applications
to perform IO without any interruptions even after a nodeplugin restart.
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
2021-05-31 11:13:54 +00:00
|
|
|
- "--stagingpath=/var/lib/kubelet/plugins/kubernetes.io/csi/pv/"
|
2019-05-24 11:03:33 +00:00
|
|
|
- "--type=rbd"
|
2019-08-14 06:42:17 +00:00
|
|
|
- "--nodeserver=true"
|
2018-01-09 18:59:50 +00:00
|
|
|
- "--endpoint=$(CSI_ENDPOINT)"
|
2021-12-22 07:09:27 +00:00
|
|
|
- "--csi-addons-endpoint=$(CSI_ADDONS_ENDPOINT)"
|
2018-01-09 18:59:50 +00:00
|
|
|
- "--v=5"
|
2019-03-13 05:09:58 +00:00
|
|
|
- "--drivername=rbd.csi.ceph.com"
|
2021-03-25 11:14:46 +00:00
|
|
|
- "--enableprofiling=false"
|
2020-01-24 16:26:56 +00:00
|
|
|
# If topology based provisioning is desired, configure required
|
|
|
|
# node labels representing the nodes topology domain
|
2020-11-24 11:54:29 +00:00
|
|
|
# and pass the label names below, for CSI to consume and advertise
|
2020-01-24 16:26:56 +00:00
|
|
|
# its equivalent topology domain
|
|
|
|
# - "--domainlabels=failure-domain/region,failure-domain/zone"
|
2018-01-09 18:59:50 +00:00
|
|
|
env:
|
2019-08-21 09:28:02 +00:00
|
|
|
- name: POD_IP
|
|
|
|
valueFrom:
|
|
|
|
fieldRef:
|
|
|
|
fieldPath: status.podIP
|
2018-01-09 18:59:50 +00:00
|
|
|
- name: NODE_ID
|
|
|
|
valueFrom:
|
|
|
|
fieldRef:
|
|
|
|
fieldPath: spec.nodeName
|
2021-07-30 17:15:34 +00:00
|
|
|
- name: POD_NAMESPACE
|
|
|
|
valueFrom:
|
|
|
|
fieldRef:
|
|
|
|
fieldPath: metadata.namespace
|
2020-12-15 10:07:28 +00:00
|
|
|
# - name: KMS_CONFIGMAP_NAME
|
|
|
|
# value: encryptionConfig
|
2018-01-09 18:59:50 +00:00
|
|
|
- name: CSI_ENDPOINT
|
2019-03-18 06:50:06 +00:00
|
|
|
value: unix:///csi/csi.sock
|
2021-12-22 07:09:27 +00:00
|
|
|
- name: CSI_ADDONS_ENDPOINT
|
|
|
|
value: unix:///csi/csi-addons.sock
|
2018-01-09 18:59:50 +00:00
|
|
|
imagePullPolicy: "IfNotPresent"
|
|
|
|
volumeMounts:
|
2019-07-03 10:02:36 +00:00
|
|
|
- name: socket-dir
|
2019-03-18 06:50:06 +00:00
|
|
|
mountPath: /csi
|
2018-01-09 18:59:50 +00:00
|
|
|
- mountPath: /dev
|
|
|
|
name: host-dev
|
|
|
|
- mountPath: /sys
|
|
|
|
name: host-sys
|
2020-01-23 08:29:53 +00:00
|
|
|
- mountPath: /run/mount
|
|
|
|
name: host-mount
|
2021-08-02 14:57:11 +00:00
|
|
|
- mountPath: /etc/selinux
|
|
|
|
name: etc-selinux
|
|
|
|
readOnly: true
|
2018-01-09 18:59:50 +00:00
|
|
|
- mountPath: /lib/modules
|
|
|
|
name: lib-modules
|
|
|
|
readOnly: true
|
2019-04-22 21:35:39 +00:00
|
|
|
- name: ceph-csi-config
|
|
|
|
mountPath: /etc/ceph-csi-config/
|
2020-01-29 11:44:45 +00:00
|
|
|
- name: ceph-csi-encryption-kms-config
|
|
|
|
mountPath: /etc/ceph-csi-encryption-kms-config/
|
2019-07-03 10:02:36 +00:00
|
|
|
- name: plugin-dir
|
|
|
|
mountPath: /var/lib/kubelet/plugins
|
|
|
|
mountPropagation: "Bidirectional"
|
|
|
|
- name: mountpoint-dir
|
|
|
|
mountPath: /var/lib/kubelet/pods
|
|
|
|
mountPropagation: "Bidirectional"
|
2019-06-25 19:29:17 +00:00
|
|
|
- name: keys-tmp-dir
|
|
|
|
mountPath: /tmp/csi/keys
|
2021-08-12 13:07:54 +00:00
|
|
|
- name: ceph-logdir
|
|
|
|
mountPath: /var/log/ceph
|
2021-08-26 05:28:02 +00:00
|
|
|
- name: ceph-config
|
|
|
|
mountPath: /etc/ceph/
|
2022-03-02 10:30:48 +00:00
|
|
|
- name: oidc-token
|
2022-03-23 05:31:25 +00:00
|
|
|
mountPath: /run/secrets/tokens
|
2022-03-02 10:30:48 +00:00
|
|
|
readOnly: true
|
2019-06-20 19:30:40 +00:00
|
|
|
- name: liveness-prometheus
|
2020-01-13 04:14:18 +00:00
|
|
|
securityContext:
|
|
|
|
privileged: true
|
2022-04-12 05:45:44 +00:00
|
|
|
allowPrivilegeEscalation: true
|
2019-06-20 19:30:40 +00:00
|
|
|
image: quay.io/cephcsi/cephcsi:canary
|
|
|
|
args:
|
|
|
|
- "--type=liveness"
|
|
|
|
- "--endpoint=$(CSI_ENDPOINT)"
|
2019-08-27 18:55:15 +00:00
|
|
|
- "--metricsport=8680"
|
2019-08-21 09:28:02 +00:00
|
|
|
- "--metricspath=/metrics"
|
2019-06-20 19:30:40 +00:00
|
|
|
- "--polltime=60s"
|
|
|
|
- "--timeout=3s"
|
|
|
|
env:
|
|
|
|
- name: CSI_ENDPOINT
|
|
|
|
value: unix:///csi/csi.sock
|
|
|
|
- name: POD_IP
|
|
|
|
valueFrom:
|
|
|
|
fieldRef:
|
|
|
|
fieldPath: status.podIP
|
|
|
|
volumeMounts:
|
|
|
|
- name: socket-dir
|
|
|
|
mountPath: /csi
|
|
|
|
imagePullPolicy: "IfNotPresent"
|
2018-01-09 18:59:50 +00:00
|
|
|
volumes:
|
2019-07-03 10:02:36 +00:00
|
|
|
- name: socket-dir
|
2018-01-09 18:59:50 +00:00
|
|
|
hostPath:
|
2019-03-13 05:09:58 +00:00
|
|
|
path: /var/lib/kubelet/plugins/rbd.csi.ceph.com
|
2018-01-09 18:59:50 +00:00
|
|
|
type: DirectoryOrCreate
|
2019-07-03 10:02:36 +00:00
|
|
|
- name: plugin-dir
|
|
|
|
hostPath:
|
|
|
|
path: /var/lib/kubelet/plugins
|
|
|
|
type: Directory
|
|
|
|
- name: mountpoint-dir
|
2019-02-07 09:59:26 +00:00
|
|
|
hostPath:
|
2019-07-03 10:02:36 +00:00
|
|
|
path: /var/lib/kubelet/pods
|
2018-11-01 01:03:03 +00:00
|
|
|
type: DirectoryOrCreate
|
2021-08-12 13:07:54 +00:00
|
|
|
- name: ceph-logdir
|
|
|
|
hostPath:
|
|
|
|
path: /var/log/ceph
|
|
|
|
type: DirectoryOrCreate
|
2018-09-10 19:16:17 +00:00
|
|
|
- name: registration-dir
|
|
|
|
hostPath:
|
2018-12-04 20:08:39 +00:00
|
|
|
path: /var/lib/kubelet/plugins_registry/
|
2018-09-10 19:16:17 +00:00
|
|
|
type: Directory
|
2018-01-09 18:59:50 +00:00
|
|
|
- name: host-dev
|
|
|
|
hostPath:
|
|
|
|
path: /dev
|
|
|
|
- name: host-sys
|
|
|
|
hostPath:
|
|
|
|
path: /sys
|
2021-08-02 14:57:11 +00:00
|
|
|
- name: etc-selinux
|
|
|
|
hostPath:
|
|
|
|
path: /etc/selinux
|
2020-01-23 08:29:53 +00:00
|
|
|
- name: host-mount
|
|
|
|
hostPath:
|
|
|
|
path: /run/mount
|
2018-01-09 18:59:50 +00:00
|
|
|
- name: lib-modules
|
|
|
|
hostPath:
|
2018-07-18 14:48:43 +00:00
|
|
|
path: /lib/modules
|
2021-08-26 05:28:02 +00:00
|
|
|
- name: ceph-config
|
|
|
|
configMap:
|
|
|
|
name: ceph-config
|
2019-04-22 21:35:39 +00:00
|
|
|
- name: ceph-csi-config
|
|
|
|
configMap:
|
|
|
|
name: ceph-csi-config
|
2020-01-29 11:44:45 +00:00
|
|
|
- name: ceph-csi-encryption-kms-config
|
|
|
|
configMap:
|
|
|
|
name: ceph-csi-encryption-kms-config
|
2019-06-25 19:29:17 +00:00
|
|
|
- name: keys-tmp-dir
|
|
|
|
emptyDir: {
|
|
|
|
medium: "Memory"
|
|
|
|
}
|
2022-03-02 10:30:48 +00:00
|
|
|
- name: oidc-token
|
|
|
|
projected:
|
|
|
|
sources:
|
|
|
|
- serviceAccountToken:
|
|
|
|
path: oidc-token
|
|
|
|
expirationSeconds: 3600
|
|
|
|
audience: ceph-csi-kms
|
2019-06-20 19:30:40 +00:00
|
|
|
---
|
2020-03-31 05:59:29 +00:00
|
|
|
# This is a service to expose the liveness metrics
|
2019-06-20 19:30:40 +00:00
|
|
|
apiVersion: v1
|
|
|
|
kind: Service
|
|
|
|
metadata:
|
2019-08-21 09:28:02 +00:00
|
|
|
name: csi-metrics-rbdplugin
|
2021-07-30 17:15:34 +00:00
|
|
|
# replace with non-default namespace name
|
|
|
|
namespace: default
|
2019-06-20 19:30:40 +00:00
|
|
|
labels:
|
2019-08-21 09:28:02 +00:00
|
|
|
app: csi-metrics
|
2019-06-20 19:30:40 +00:00
|
|
|
spec:
|
|
|
|
ports:
|
|
|
|
- name: http-metrics
|
|
|
|
port: 8080
|
|
|
|
protocol: TCP
|
2019-08-27 18:55:15 +00:00
|
|
|
targetPort: 8680
|
2019-06-20 19:30:40 +00:00
|
|
|
selector:
|
|
|
|
app: csi-rbdplugin
|