diff --git a/Makefile b/Makefile index 80de61edb..b2c98dc29 100644 --- a/Makefile +++ b/Makefile @@ -15,10 +15,10 @@ .PHONY: all rbdplugin RBD_IMAGE_NAME=quay.io/cephcsi/rbdplugin -RBD_IMAGE_VERSION=v0.2.0 +RBD_IMAGE_VERSION=v0.3.0 CEPHFS_IMAGE_NAME=quay.io/cephcsi/cephfsplugin -CEPHFS_IMAGE_VERSION=v0.2.0 +CEPHFS_IMAGE_VERSION=v0.3.0 all: rbdplugin cephfsplugin @@ -30,7 +30,7 @@ rbdplugin: if [ ! -d ./vendor ]; then dep ensure; fi CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-extldflags "-static"' -o _output/rbdplugin ./rbd -rbdplugin-container: rbdplugin +image-rbdplugin: rbdplugin cp _output/rbdplugin deploy/rbd/docker docker build -t $(RBD_IMAGE_NAME):$(RBD_IMAGE_VERSION) deploy/rbd/docker @@ -38,14 +38,14 @@ cephfsplugin: if [ ! -d ./vendor ]; then dep ensure; fi CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-extldflags "-static"' -o _output/cephfsplugin ./cephfs -cephfsplugin-container: cephfsplugin +image-cephfsplugin: cephfsplugin cp _output/cephfsplugin deploy/cephfs/docker docker build -t $(CEPHFS_IMAGE_NAME):$(CEPHFS_IMAGE_VERSION) deploy/cephfs/docker -push-rbdplugin-container: rbdplugin-container +push-image-rbdplugin: image-rbdplugin docker push $(RBD_IMAGE_NAME):$(RBD_IMAGE_VERSION) -push-cephfsplugin-container: cephfsplugin-container +push-image-cephfsplugin: image-cephfsplugin docker push $(CEPHFS_IMAGE_NAME):$(CEPHFS_IMAGE_VERSION) clean: diff --git a/deploy.sh b/deploy.sh index f18ae762a..ee5d35ee1 100755 --- a/deploy.sh +++ b/deploy.sh @@ -2,5 +2,5 @@ if [ "${TRAVIS_BRANCH}" == "master" ] && [ "${TRAVIS_PULL_REQUEST}" == "false" ]; then docker login -u "${QUAY_IO_USERNAME}" -p "${QUAY_IO_PASSWORD}" quay.io - make push-rbdplugin-container push-cephfsplugin-container + make push-image-rbdplugin push-image-cephfsplugin fi diff --git a/deploy/cephfs/kubernetes/cephfs-storage-class.yaml b/deploy/cephfs/kubernetes/cephfs-storage-class.yaml deleted file mode 100644 index 9d704d5f9..000000000 --- a/deploy/cephfs/kubernetes/cephfs-storage-class.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: csi-cephfs -provisioner: csi-cephfsplugin -parameters: - monitors: mon1:port,mon2:port - - # If set to true, a new volume will be created along with a RADOS user - this requires admin access. - # If set to false, it is assumed the volume already exists and the user is expected to provide - # a rootPath to a cephfs volume and user credentials. - provisionVolume: "true" - - # Required if provisionVolume is set to false - # rootPath: /path-in-cephfs - - # Required if provisionVolume is set to true - # pool: cephfs_data - - # The secret has to contain user and/or admin credentials. - csiProvisionerSecretName: csi-cephfs-secret - csiProvisionerSecretNameSpace: default - - # (optional) The driver can use either ceph-fuse (fuse) or ceph kernel client (kernel) - # If left out, default volume mounter will be used - this is determined by probing for ceph-fuse - # or by setting the default mounter explicitly via --volumemounter command-line argument. - # mounter: kernel -reclaimPolicy: Delete diff --git a/deploy/cephfs/kubernetes/csi-attacher-rbac.yaml b/deploy/cephfs/kubernetes/csi-attacher-rbac.yaml new file mode 100644 index 000000000..97037313b --- /dev/null +++ b/deploy/cephfs/kubernetes/csi-attacher-rbac.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-attacher + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-attacher-runner +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-role +subjects: + - kind: ServiceAccount + name: csi-attacher + namespace: default +roleRef: + kind: ClusterRole + name: external-attacher-runner + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/cephfs/kubernetes/csi-attacher.yaml b/deploy/cephfs/kubernetes/csi-attacher.yaml deleted file mode 100644 index 3f12cce29..000000000 --- a/deploy/cephfs/kubernetes/csi-attacher.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# This YAML file contains RBAC API objects, -# which are necessary to run external csi attacher for cinder. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-attacher - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-attacher-runner -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-attacher-role -subjects: - - kind: ServiceAccount - name: csi-attacher - namespace: default -roleRef: - kind: ClusterRole - name: external-attacher-runner - apiGroup: rbac.authorization.k8s.io ---- - -kind: Service -apiVersion: v1 -metadata: - name: csi-attacher - labels: - app: csi-attacher -spec: - selector: - app: csi-attacher - ports: - - name: dummy - port: 12345 - ---- -kind: StatefulSet -apiVersion: apps/v1beta1 -metadata: - name: csi-attacher -spec: - serviceName: "csi-attacher" - replicas: 1 - template: - metadata: - labels: - app: csi-attacher - spec: - serviceAccount: csi-attacher - containers: - - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v0.2.0 - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/kubelet/plugins/csi-cephfsplugin/csi.sock - imagePullPolicy: "IfNotPresent" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/kubelet/plugins/csi-cephfsplugin - volumes: - - name: socket-dir - hostPath: - path: /var/lib/kubelet/plugins/csi-cephfsplugin - type: DirectoryOrCreate diff --git a/deploy/cephfs/kubernetes/csi-cephfsplugin-attacher.yaml b/deploy/cephfs/kubernetes/csi-cephfsplugin-attacher.yaml new file mode 100644 index 000000000..af77e6058 --- /dev/null +++ b/deploy/cephfs/kubernetes/csi-cephfsplugin-attacher.yaml @@ -0,0 +1,45 @@ +kind: Service +apiVersion: v1 +metadata: + name: csi-cephfsplugin-attacher + labels: + app: csi-cephfsplugin-attacher +spec: + selector: + app: csi-cephfsplugin-attacher + ports: + - name: dummy + port: 12345 + +--- +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: csi-cephfsplugin-attacher +spec: + serviceName: "csi-cephfsplugin-attacher" + replicas: 1 + template: + metadata: + labels: + app: csi-cephfsplugin-attacher + spec: + serviceAccount: csi-attacher + containers: + - name: csi-cephfsplugin-attacher + image: quay.io/k8scsi/csi-attacher:v0.3.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/kubelet/plugins/csi-cephfsplugin/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/kubelet/plugins/csi-cephfsplugin + volumes: + - name: socket-dir + hostPath: + path: /var/lib/kubelet/plugins/csi-cephfsplugin + type: DirectoryOrCreate diff --git a/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml b/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml new file mode 100644 index 000000000..8d6addea8 --- /dev/null +++ b/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml @@ -0,0 +1,46 @@ +kind: Service +apiVersion: v1 +metadata: + name: csi-cephfsplugin-provisioner + labels: + app: csi-cephfsplugin-provisioner +spec: + selector: + app: csi-cephfsplugin-provisioner + ports: + - name: dummy + port: 12345 + +--- +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: csi-cephfsplugin-provisioner +spec: + serviceName: "csi-cephfsplugin-provisioner" + replicas: 1 + template: + metadata: + labels: + app: csi-cephfsplugin-provisioner + spec: + serviceAccount: csi-provisioner + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v0.3.0 + args: + - "--provisioner=csi-cephfsplugin" + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/kubelet/plugins/csi-cephfsplugin/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/kubelet/plugins/csi-cephfsplugin + volumes: + - name: socket-dir + hostPath: + path: /var/lib/kubelet/plugins/csi-cephfsplugin + type: DirectoryOrCreate diff --git a/deploy/cephfs/kubernetes/cephfsplugin.yaml b/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml similarity index 67% rename from deploy/cephfs/kubernetes/cephfsplugin.yaml rename to deploy/cephfs/kubernetes/csi-cephfsplugin.yaml index d4b77f25a..66b56b45d 100644 --- a/deploy/cephfs/kubernetes/cephfsplugin.yaml +++ b/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml @@ -1,46 +1,3 @@ -# This YAML defines all API objects to create RBAC roles for csi node plugin. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-cephfsplugin - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-cephfsplugin -rules: - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "update"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-cephfsplugin -subjects: - - kind: ServiceAccount - name: csi-cephfsplugin - namespace: default -roleRef: - kind: ClusterRole - name: csi-cephfsplugin - apiGroup: rbac.authorization.k8s.io - ---- -# This YAML file contains driver-registrar & csi driver nodeplugin API objects, -# which are necessary to run csi nodeplugin for cephfs. - kind: DaemonSet apiVersion: apps/v1beta2 metadata: @@ -54,11 +11,11 @@ spec: labels: app: csi-cephfsplugin spec: - serviceAccount: csi-cephfsplugin + serviceAccount: csi-nodeplugin hostNetwork: true containers: - name: driver-registrar - image: quay.io/k8scsi/driver-registrar:v0.2.0 + image: quay.io/k8scsi/driver-registrar:v0.3.0 args: - "--v=5" - "--csi-address=$(ADDRESS)" @@ -78,7 +35,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: quay.io/cephcsi/cephfsplugin:v0.2.0 + image: quay.io/cephcsi/cephfsplugin:v0.3.0 args : - "--nodeid=$(NODE_ID)" - "--endpoint=$(CSI_ENDPOINT)" diff --git a/deploy/cephfs/kubernetes/csi-nodeplugin-rbac.yaml b/deploy/cephfs/kubernetes/csi-nodeplugin-rbac.yaml new file mode 100644 index 000000000..9ad985b39 --- /dev/null +++ b/deploy/cephfs/kubernetes/csi-nodeplugin-rbac.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-nodeplugin + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-nodeplugin +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "update"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-nodeplugin +subjects: + - kind: ServiceAccount + name: csi-nodeplugin + namespace: default +roleRef: + kind: ClusterRole + name: csi-nodeplugin + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/cephfs/kubernetes/csi-provisioner-rbac.yaml b/deploy/cephfs/kubernetes/csi-provisioner-rbac.yaml new file mode 100644 index 000000000..0c496b422 --- /dev/null +++ b/deploy/cephfs/kubernetes/csi-provisioner-rbac.yaml @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-provisioner + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-provisioner-runner +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-role +subjects: + - kind: ServiceAccount + name: csi-provisioner + namespace: default +roleRef: + kind: ClusterRole + name: external-provisioner-runner + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/cephfs/kubernetes/csi-provisioner.yaml b/deploy/cephfs/kubernetes/csi-provisioner.yaml deleted file mode 100644 index 5e3efeefb..000000000 --- a/deploy/cephfs/kubernetes/csi-provisioner.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# This YAML file contains all API objects that are necessary to run external -# CSI provisioner. -# -# In production, this needs to be in separate files, e.g. service account and -# role and role binding needs to be created once, while stateful set may -# require some tuning. -# -# In addition, mock CSI driver is hardcoded as the CSI driver. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-provisioner - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-provisioner-runner -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-provisioner-role -subjects: - - kind: ServiceAccount - name: csi-provisioner - namespace: default -roleRef: - kind: ClusterRole - name: external-provisioner-runner - apiGroup: rbac.authorization.k8s.io - ---- -kind: Service -apiVersion: v1 -metadata: - name: csi-provisioner - labels: - app: csi-provisioner -spec: - selector: - app: csi-provisioner - ports: - - name: dummy - port: 12345 - ---- -kind: StatefulSet -apiVersion: apps/v1beta1 -metadata: - name: csi-provisioner -spec: - serviceName: "csi-provisioner" - replicas: 1 - template: - metadata: - labels: - app: csi-provisioner - spec: - serviceAccount: csi-provisioner - containers: - - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v0.2.1 - args: - - "--provisioner=csi-cephfsplugin" - - "--csi-address=$(ADDRESS)" - - "--v=5" - env: - - name: ADDRESS - value: /var/lib/kubelet/plugins/csi-cephfsplugin/csi.sock - imagePullPolicy: "IfNotPresent" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/kubelet/plugins/csi-cephfsplugin - volumes: - - name: socket-dir - hostPath: - path: /var/lib/kubelet/plugins/csi-cephfsplugin - type: DirectoryOrCreate diff --git a/deploy/cephfs/kubernetes/deploy-csi.sh b/deploy/cephfs/kubernetes/deploy-csi.sh deleted file mode 100755 index 1a220b675..000000000 --- a/deploy/cephfs/kubernetes/deploy-csi.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -objects=(cephfs-storage-class cephfsplugin csi-attacher csi-provisioner) - -for obj in ${objects[@]}; do - kubectl create -f "./$obj.yaml" -done diff --git a/deploy/cephfs/kubernetes/deploy-pod.sh b/deploy/cephfs/kubernetes/deploy-pod.sh deleted file mode 100755 index c45358953..000000000 --- a/deploy/cephfs/kubernetes/deploy-pod.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -kubectl create -f ./pvc.yaml -kubectl create -f ./pod.yaml diff --git a/deploy/cephfs/kubernetes/exec-bash.sh b/deploy/cephfs/kubernetes/exec-bash.sh deleted file mode 100755 index e2e91d851..000000000 --- a/deploy/cephfs/kubernetes/exec-bash.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -kubectl exec -it $(kubectl get pods -l app=csi-cephfsplugin -o=name | head -n 1 | cut -f2 -d"/") -c csi-cephfsplugin bash diff --git a/deploy/cephfs/kubernetes/logs.sh b/deploy/cephfs/kubernetes/logs.sh deleted file mode 100755 index 9a07653cd..000000000 --- a/deploy/cephfs/kubernetes/logs.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -kubectl logs $(kubectl get pods -l app=csi-cephfsplugin -o=name | head -n 1) -c csi-cephfsplugin diff --git a/deploy/cephfs/kubernetes/pod.yaml b/deploy/cephfs/kubernetes/pod.yaml deleted file mode 100644 index af65152ae..000000000 --- a/deploy/cephfs/kubernetes/pod.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: web-server -spec: - containers: - - name: web-server - image: nginx - volumeMounts: - - mountPath: /var/lib/www/html - name: mypvc - volumes: - - name: mypvc - persistentVolumeClaim: - claimName: csi-cephfs-pvc - readOnly: false - diff --git a/deploy/cephfs/kubernetes/pvc.yaml b/deploy/cephfs/kubernetes/pvc.yaml deleted file mode 100644 index 864b7f128..000000000 --- a/deploy/cephfs/kubernetes/pvc.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: csi-cephfs-pvc -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 5Gi - storageClassName: csi-cephfs diff --git a/deploy/cephfs/kubernetes/secret.yaml b/deploy/cephfs/kubernetes/secret.yaml deleted file mode 100644 index 61038ba31..000000000 --- a/deploy/cephfs/kubernetes/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: csi-cephfs-secret - namespace: default -data: - # Required if provisionVolume is set to false - userID: userID-encoded-by-base64 - userKey: userKey-encoded-by-base64 - - # Required if provisionVolume is set to true - adminID: adminID-encoded-by-base64 - adminKey: adminKey-encoded-by-base64 diff --git a/deploy/cephfs/kubernetes/teardown-csi.sh b/deploy/cephfs/kubernetes/teardown-csi.sh deleted file mode 100755 index 0a277864c..000000000 --- a/deploy/cephfs/kubernetes/teardown-csi.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -objects=(cephfsplugin csi-provisioner csi-attacher cephfs-storage-class) - -for obj in ${objects[@]}; do - kubectl delete -f "./$obj.yaml" -done diff --git a/deploy/cephfs/kubernetes/teardown-pod.sh b/deploy/cephfs/kubernetes/teardown-pod.sh deleted file mode 100755 index e6133df1b..000000000 --- a/deploy/cephfs/kubernetes/teardown-pod.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -kubectl delete -f ./pod.yaml -kubectl delete -f ./pvc.yaml diff --git a/deploy/rbd/kubernetes/csi-attacher-rbac.yaml b/deploy/rbd/kubernetes/csi-attacher-rbac.yaml new file mode 100644 index 000000000..97037313b --- /dev/null +++ b/deploy/rbd/kubernetes/csi-attacher-rbac.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-attacher + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-attacher-runner +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-role +subjects: + - kind: ServiceAccount + name: csi-attacher + namespace: default +roleRef: + kind: ClusterRole + name: external-attacher-runner + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/rbd/kubernetes/csi-attacher.yaml b/deploy/rbd/kubernetes/csi-attacher.yaml deleted file mode 100644 index 142890a7d..000000000 --- a/deploy/rbd/kubernetes/csi-attacher.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# This YAML file contains RBAC API objects, -# which are necessary to run external csi attacher for cinder. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-attacher - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-attacher-runner -rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-attacher-role -subjects: - - kind: ServiceAccount - name: csi-attacher - namespace: default -roleRef: - kind: ClusterRole - name: external-attacher-runner - apiGroup: rbac.authorization.k8s.io ---- - -kind: Service -apiVersion: v1 -metadata: - name: csi-attacher - labels: - app: csi-attacher -spec: - selector: - app: csi-attacher - ports: - - name: dummy - port: 12345 - ---- -kind: StatefulSet -apiVersion: apps/v1beta1 -metadata: - name: csi-attacher -spec: - serviceName: "csi-attacher" - replicas: 1 - template: - metadata: - labels: - app: csi-attacher - spec: - serviceAccount: csi-attacher - containers: - - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v0.2.0 - args: - - "--v=5" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/kubelet/plugins/csi-rbdplugin/csi.sock - imagePullPolicy: "IfNotPresent" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/kubelet/plugins/csi-rbdplugin - volumes: - - name: socket-dir - hostPath: - path: /var/lib/kubelet/plugins/csi-rbdplugin - type: DirectoryOrCreate diff --git a/deploy/rbd/kubernetes/csi-nodeplugin-rbac.yaml b/deploy/rbd/kubernetes/csi-nodeplugin-rbac.yaml new file mode 100644 index 000000000..9ad985b39 --- /dev/null +++ b/deploy/rbd/kubernetes/csi-nodeplugin-rbac.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-nodeplugin + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-nodeplugin +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "update"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-nodeplugin +subjects: + - kind: ServiceAccount + name: csi-nodeplugin + namespace: default +roleRef: + kind: ClusterRole + name: csi-nodeplugin + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml b/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml new file mode 100644 index 000000000..0c496b422 --- /dev/null +++ b/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-provisioner + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-provisioner-runner +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-role +subjects: + - kind: ServiceAccount + name: csi-provisioner + namespace: default +roleRef: + kind: ClusterRole + name: external-provisioner-runner + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/rbd/kubernetes/csi-provisioner.yaml b/deploy/rbd/kubernetes/csi-provisioner.yaml deleted file mode 100644 index fb9ed0170..000000000 --- a/deploy/rbd/kubernetes/csi-provisioner.yaml +++ /dev/null @@ -1,97 +0,0 @@ -# This YAML file contains all API objects that are necessary to run external -# CSI provisioner. -# -# In production, this needs to be in separate files, e.g. service account and -# role and role binding needs to be created once, while stateful set may -# require some tuning. -# -# In addition, mock CSI driver is hardcoded as the CSI driver. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-provisioner - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-provisioner-runner -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-provisioner-role -subjects: - - kind: ServiceAccount - name: csi-provisioner - namespace: default -roleRef: - kind: ClusterRole - name: external-provisioner-runner - apiGroup: rbac.authorization.k8s.io - ---- -kind: Service -apiVersion: v1 -metadata: - name: csi-provisioner - labels: - app: csi-provisioner -spec: - selector: - app: csi-provisioner - ports: - - name: dummy - port: 12345 - ---- -kind: StatefulSet -apiVersion: apps/v1beta1 -metadata: - name: csi-provisioner -spec: - serviceName: "csi-provisioner" - replicas: 1 - template: - metadata: - labels: - app: csi-provisioner - spec: - serviceAccount: csi-provisioner - containers: - - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v0.2.0 - args: - - "--provisioner=csi-rbdplugin" - - "--csi-address=$(ADDRESS)" - - "--v=5" - env: - - name: ADDRESS - value: /var/lib/kubelet/plugins/csi-rbdplugin/csi.sock - imagePullPolicy: "IfNotPresent" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/kubelet/plugins/csi-rbdplugin - volumes: - - name: socket-dir - hostPath: - path: /var/lib/kubelet/plugins/csi-rbdplugin - type: DirectoryOrCreate diff --git a/deploy/rbd/kubernetes/csi-rbdplugin-attacher.yaml b/deploy/rbd/kubernetes/csi-rbdplugin-attacher.yaml new file mode 100644 index 000000000..6bf9711a8 --- /dev/null +++ b/deploy/rbd/kubernetes/csi-rbdplugin-attacher.yaml @@ -0,0 +1,45 @@ +kind: Service +apiVersion: v1 +metadata: + name: csi-rbdplugin-attacher + labels: + app: csi-rbdplugin-attacher +spec: + selector: + app: csi-rbdplugin-attacher + ports: + - name: dummy + port: 12345 + +--- +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: csi-rbdplugin-attacher +spec: + serviceName: "csi-rbdplugin-attacher" + replicas: 1 + template: + metadata: + labels: + app: csi-rbdplugin-attacher + spec: + serviceAccount: csi-attacher + containers: + - name: csi-rbdplugin-attacher + image: quay.io/k8scsi/csi-attacher:v0.3.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/kubelet/plugins/csi-rbdplugin/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/kubelet/plugins/csi-rbdplugin + volumes: + - name: socket-dir + hostPath: + path: /var/lib/kubelet/plugins/csi-rbdplugin + type: DirectoryOrCreate diff --git a/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml new file mode 100644 index 000000000..515cc50e9 --- /dev/null +++ b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml @@ -0,0 +1,46 @@ +kind: Service +apiVersion: v1 +metadata: + name: csi-rbdplugin-provisioner + labels: + app: csi-rbdplugin-provisioner +spec: + selector: + app: csi-rbdplugin-provisioner + ports: + - name: dummy + port: 12345 + +--- +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: csi-rbdplugin-provisioner +spec: + serviceName: "csi-rbdplugin-provisioner" + replicas: 1 + template: + metadata: + labels: + app: csi-rbdplugin-provisioner + spec: + serviceAccount: csi-provisioner + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v0.3.0 + args: + - "--provisioner=csi-rbdplugin" + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/kubelet/plugins/csi-rbdplugin/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/kubelet/plugins/csi-rbdplugin + volumes: + - name: socket-dir + hostPath: + path: /var/lib/kubelet/plugins/csi-rbdplugin + type: DirectoryOrCreate diff --git a/deploy/rbd/kubernetes/rbdplugin.yaml b/deploy/rbd/kubernetes/csi-rbdplugin.yaml similarity index 66% rename from deploy/rbd/kubernetes/rbdplugin.yaml rename to deploy/rbd/kubernetes/csi-rbdplugin.yaml index 4eef8e86b..e9106ae2f 100644 --- a/deploy/rbd/kubernetes/rbdplugin.yaml +++ b/deploy/rbd/kubernetes/csi-rbdplugin.yaml @@ -1,46 +1,3 @@ -# This YAML defines all API objects to create RBAC roles for csi node plugin. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-rbdplugin - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-rbdplugin -rules: - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "update"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-rbdplugin -subjects: - - kind: ServiceAccount - name: csi-rbdplugin - namespace: default -roleRef: - kind: ClusterRole - name: csi-rbdplugin - apiGroup: rbac.authorization.k8s.io - ---- -# This YAML file contains driver-registrar & csi driver nodeplugin API objects, -# which are necessary to run csi nodeplugin for rbd. - kind: DaemonSet apiVersion: apps/v1beta2 metadata: @@ -54,11 +11,11 @@ spec: labels: app: csi-rbdplugin spec: - serviceAccount: csi-rbdplugin + serviceAccount: csi-nodeplugin hostNetwork: true containers: - name: driver-registrar - image: quay.io/k8scsi/driver-registrar:v0.2.0 + image: quay.io/k8scsi/driver-registrar:v0.3.0 args: - "--v=5" - "--csi-address=$(ADDRESS)" @@ -78,7 +35,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: quay.io/cephcsi/rbdplugin:v0.2.0 + image: quay.io/cephcsi/rbdplugin:v0.3.0 args : - "--nodeid=$(NODE_ID)" - "--endpoint=$(CSI_ENDPOINT)" @@ -126,4 +83,4 @@ spec: path: /sys - name: lib-modules hostPath: - path: /lib/modules \ No newline at end of file + path: /lib/modules diff --git a/deploy/rbd/kubernetes/pvc.yaml b/deploy/rbd/kubernetes/pvc.yaml deleted file mode 100644 index cb0a5b322..000000000 --- a/deploy/rbd/kubernetes/pvc.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: rbd-pvc -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: csi-rbd diff --git a/deploy/rbd/kubernetes/rbd-secrets.yaml b/deploy/rbd/kubernetes/rbd-secrets.yaml deleted file mode 100644 index 7f13e2681..000000000 --- a/deploy/rbd/kubernetes/rbd-secrets.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: csi-ceph-secret - namespace: default -data: -#Please note this value is base64 encoded. -# Key value corresponds to a user name defined in ceph cluster - admin: QVFDZUhPMVpJTFBQRFJBQTd6dzNkNzZicGxrdlR3em9vc3lidkE9PQo= - kubernetes: QVFDZDR1MVoxSDI0QnhBQWFxdmZIRnFuMSs0RFZlK1pRZ0ZmUEE9PQo= \ No newline at end of file diff --git a/deploy/rbd/kubernetes/rbd-storage-class.yaml b/deploy/rbd/kubernetes/rbd-storage-class.yaml deleted file mode 100644 index e1b07e56b..000000000 --- a/deploy/rbd/kubernetes/rbd-storage-class.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: csi-rbd -provisioner: csi-rbdplugin -parameters: - monitors: 192.168.80.233:6789 - pool: kubernetes - csiProvisionerSecretName: csi-ceph-secret - csiProvisionerSecretNamespace: default - imageFormat: "2" - imageFeatures: layering -reclaimPolicy: Delete diff --git a/deploy/rbd/pod.yaml b/deploy/rbd/pod.yaml deleted file mode 100644 index 44f6f2c84..000000000 --- a/deploy/rbd/pod.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: web-server -spec: - containers: - - name: web-server - image: nginx - volumeMounts: - - mountPath: /var/lib/www/html - name: mypvc - volumes: - - name: mypvc - persistentVolumeClaim: - claimName: rbd-pvc - readOnly: false -