script: Add script to install snapshot-controller

Added script and snapshot-controller PSP file to install snapshot-controller Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2024-11-26 16:20:28 +00:00 · 2020-04-16 12:10:14 +05:30 · 2020-04-16 12:10:14 +05:30 · c533d0125a
commit c533d0125a
parent 1a3b07994e
2 changed files with 151 additions and 0 deletions
--- a/scripts/install-snapshot.sh
+++ b/scripts/install-snapshot.sh
@ -0,0 +1,96 @@
 #!/bin/bash -e
 # This script can be used to install/delete snapshotcontroller and snapshot beta CRD
 SNAPSHOT_VERSION=${SNAPSHOT_VERSION:-"master"}
 SCRIPT_DIR="$(dirname "${0}")"
 TEMP_DIR="$(mktemp -d)"
 SNAPSHOTTER_URL="https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${SNAPSHOT_VERSION}"
 # controller
 SNAPSHOT_RBAC="${SNAPSHOTTER_URL}/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml"
 SNAPSHOT_CONTROLLER="${SNAPSHOTTER_URL}/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml"
 # snapshot CRD
 SNAPSHOTCLASS="${SNAPSHOTTER_URL}/config/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml"
 VOLUME_SNAPSHOT_CONTENT="${SNAPSHOTTER_URL}/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml"
 VOLUME_SNAPSHOT="${SNAPSHOTTER_URL}/config/crd/snapshot.storage.k8s.io_volumesnapshots.yaml"
 function install_snapshot_controller() {
    local namespace=$1
    if [ -z "${namespace}" ]; then
        namespace="default"
    fi
    create_or_delete_resource "create" ${namespace}
    pod_ready=$(kubectl get pods -l app=snapshot-controller -n ${namespace} -o jsonpath='{.items[0].status.containerStatuses[0].ready}')
    INC=0
    until [[ "${pod_ready}" == "true" || $INC -gt 20 ]]; do
        sleep 10
        ((++INC))
        pod_ready=$(kubectl get pods -l app=snapshot-controller -n ${namespace} -o jsonpath='{.items[0].status.containerStatuses[0].ready}')
        echo "snapshotter pod status: ${pod_ready}"
    done
    if [ "${pod_ready}" != "true" ]; then
        echo "snapshotter controller creation failed"
        kubectl get pods -l app=snapshot-controller -n ${namespace}
        kubectl describe po -l app=snapshot-controller -n ${namespace}
        exit 1
    fi
    echo "snapshot controller creation successful"
 }
 function cleanup_snapshot_controller() {
    local namespace=$1
    if [ -z "${namespace}" ]; then
        namespace="default"
    fi
    create_or_delete_resource "delete" ${namespace}
 }
 function create_or_delete_resource() {
    local operation=$1
    local namespace=$2
    temp_rbac=${TEMP_DIR}/snapshot-rbac.yaml
    snapshotter_psp="${SCRIPT_DIR}/snapshot-controller-psp.yaml"
    mkdir -p "${TEMP_DIR}"
    curl -o "${temp_rbac}" "${SNAPSHOT_RBAC}"
    sed -i "s/namespace: default/namespace: ${namespace}/g" "${temp_rbac}"
    sed -i "s/namespace: default/namespace: ${namespace}/g" "${snapshotter_psp}"
    kubectl "${operation}" -f "${temp_rbac}"
    kubectl "${operation}" -f "${snapshotter_psp}"
    kubectl "${operation}" -f "${SNAPSHOT_CONTROLLER}" -n "${namespace}"
    kubectl "${operation}" -f "${SNAPSHOTCLASS}"
    kubectl "${operation}" -f "${VOLUME_SNAPSHOT_CONTENT}"
    kubectl "${operation}" -f "${VOLUME_SNAPSHOT}"
 }
 function delete_snapshot_crd() {
    kubectl delete -f "${SNAPSHOTCLASS}" --ignore-not-found
    kubectl delete -f "${VOLUME_SNAPSHOT_CONTENT}" --ignore-not-found
    kubectl delete -f "${VOLUME_SNAPSHOT}" --ignore-not-found
 }
 case "${1:-}" in
 install)
    install_snapshot_controller "$2"
    ;;
 cleanup)
    cleanup_snapshot_controller "$2"
    ;;
 delete-crd)
    delete_snapshot_crd
    ;;
 *)
    echo "usage:" >&2
    echo "  $0 install" >&2
    echo "  $0 cleanup" >&2
    echo "  $0 delete-crd" >&2
    ;;
 esac
--- a/scripts/snapshot-controller-psp.yaml
+++ b/scripts/snapshot-controller-psp.yaml
@ -0,0 +1,55 @@
 ---
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: csi-snapshotter-psp
 spec:
  allowPrivilegeEscalation: true
  allowedCapabilities:
    - "SYS_ADMIN"
  fsGroup:
    rule: RunAsAny
  privileged: true
  runAsUser:
    rule: RunAsAny
  seLinux:
    rule: RunAsAny
  supplementalGroups:
    rule: RunAsAny
  volumes:
    - "configMap"
    - "emptyDir"
    - "projected"
    - "secret"
    - "downwardAPI"
    - "hostPath"
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: csi-snapshotter-psp
  # replace with non-default namespace name
  namespace: default
 rules:
  - apiGroups: ["policy"]
    resources: ["podsecuritypolicies"]
    verbs: ["use"]
    resourceNames: ["csi-snapshotter-psp"]
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: csi-snapshotter-psp
  # replace with non-default namespace name
  namespace: default
 subjects:
  - kind: ServiceAccount
    name: snapshot-controller
    # replace with non-default namespace name
    namespace: default
 roleRef:
  kind: Role
  name: csi-snapshotter-psp
  apiGroup: rbac.authorization.k8s.io