mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-01-11 22:39:31 +00:00
b3fbcb9c95
if the kms encryption configmap is not mounted as a volume to the CSI pods, add the code to read the configuration from the kubernetes. Later the code to fetch the configmap will be moved to the new sidecar which is will talk to respective CO to fetch the encryption configurations. The k8s configmap uses the standard vault spefic names to add the configurations. this will be converted back to the CSI configurations. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
228 lines
7.0 KiB
YAML
228 lines
7.0 KiB
YAML
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: csi-rbdplugin-provisioner
|
|
labels:
|
|
app: csi-metrics
|
|
spec:
|
|
selector:
|
|
app: csi-rbdplugin-provisioner
|
|
ports:
|
|
- name: http-metrics
|
|
port: 8080
|
|
protocol: TCP
|
|
targetPort: 8680
|
|
|
|
---
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: csi-rbdplugin-provisioner
|
|
spec:
|
|
replicas: 3
|
|
selector:
|
|
matchLabels:
|
|
app: csi-rbdplugin-provisioner
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: csi-rbdplugin-provisioner
|
|
spec:
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- csi-rbdplugin-provisioner
|
|
topologyKey: "kubernetes.io/hostname"
|
|
serviceAccount: rbd-csi-provisioner
|
|
containers:
|
|
- name: csi-provisioner
|
|
image: k8s.gcr.io/sig-storage/csi-provisioner:v2.0.4
|
|
args:
|
|
- "--csi-address=$(ADDRESS)"
|
|
- "--v=5"
|
|
- "--timeout=150s"
|
|
- "--retry-interval-start=500ms"
|
|
- "--leader-election=true"
|
|
# set it to true to use topology based provisioning
|
|
- "--feature-gates=Topology=false"
|
|
# if fstype is not specified in storageclass, ext4 is default
|
|
- "--default-fstype=ext4"
|
|
- "--extra-create-metadata=true"
|
|
env:
|
|
- name: ADDRESS
|
|
value: unix:///csi/csi-provisioner.sock
|
|
imagePullPolicy: "IfNotPresent"
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /csi
|
|
- name: csi-snapshotter
|
|
image: k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.2
|
|
args:
|
|
- "--csi-address=$(ADDRESS)"
|
|
- "--v=5"
|
|
- "--timeout=150s"
|
|
- "--leader-election=true"
|
|
env:
|
|
- name: ADDRESS
|
|
value: unix:///csi/csi-provisioner.sock
|
|
imagePullPolicy: "IfNotPresent"
|
|
securityContext:
|
|
privileged: true
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /csi
|
|
- name: csi-attacher
|
|
image: k8s.gcr.io/sig-storage/csi-attacher:v3.0.2
|
|
args:
|
|
- "--v=5"
|
|
- "--csi-address=$(ADDRESS)"
|
|
- "--leader-election=true"
|
|
- "--retry-interval-start=500ms"
|
|
env:
|
|
- name: ADDRESS
|
|
value: /csi/csi-provisioner.sock
|
|
imagePullPolicy: "IfNotPresent"
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /csi
|
|
- name: csi-resizer
|
|
image: k8s.gcr.io/sig-storage/csi-resizer:v1.0.1
|
|
args:
|
|
- "--csi-address=$(ADDRESS)"
|
|
- "--v=5"
|
|
- "--timeout=150s"
|
|
- "--leader-election"
|
|
- "--retry-interval-start=500ms"
|
|
- "--handle-volume-inuse-error=false"
|
|
env:
|
|
- name: ADDRESS
|
|
value: unix:///csi/csi-provisioner.sock
|
|
imagePullPolicy: "IfNotPresent"
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /csi
|
|
- name: csi-rbdplugin
|
|
securityContext:
|
|
privileged: true
|
|
capabilities:
|
|
add: ["SYS_ADMIN"]
|
|
# for stable functionality replace canary with latest release version
|
|
image: quay.io/cephcsi/cephcsi:canary
|
|
args:
|
|
- "--nodeid=$(NODE_ID)"
|
|
- "--type=rbd"
|
|
- "--controllerserver=true"
|
|
- "--endpoint=$(CSI_ENDPOINT)"
|
|
- "--v=5"
|
|
- "--drivername=rbd.csi.ceph.com"
|
|
- "--pidlimit=-1"
|
|
- "--rbdhardmaxclonedepth=8"
|
|
- "--rbdsoftmaxclonedepth=4"
|
|
env:
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: NODE_ID
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
# - name: POD_NAMESPACE
|
|
# valueFrom:
|
|
# fieldRef:
|
|
# fieldPath: spec.namespace
|
|
# - name: KMS_CONFIGMAP_NAME
|
|
# value: encryptionConfig
|
|
- name: CSI_ENDPOINT
|
|
value: unix:///csi/csi-provisioner.sock
|
|
imagePullPolicy: "IfNotPresent"
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /csi
|
|
- mountPath: /dev
|
|
name: host-dev
|
|
- mountPath: /sys
|
|
name: host-sys
|
|
- mountPath: /lib/modules
|
|
name: lib-modules
|
|
readOnly: true
|
|
- name: ceph-csi-config
|
|
mountPath: /etc/ceph-csi-config/
|
|
- name: ceph-csi-encryption-kms-config
|
|
mountPath: /etc/ceph-csi-encryption-kms-config/
|
|
- name: keys-tmp-dir
|
|
mountPath: /tmp/csi/keys
|
|
- name: csi-rbdplugin-controller
|
|
securityContext:
|
|
privileged: true
|
|
capabilities:
|
|
add: ["SYS_ADMIN"]
|
|
# for stable functionality replace canary with latest release version
|
|
image: quay.io/cephcsi/cephcsi:canary
|
|
args:
|
|
- "--type=controller"
|
|
- "--v=5"
|
|
- "--drivername=rbd.csi.ceph.com"
|
|
- "--drivernamespace=$(DRIVER_NAMESPACE)"
|
|
env:
|
|
- name: DRIVER_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
imagePullPolicy: "IfNotPresent"
|
|
volumeMounts:
|
|
- name: ceph-csi-config
|
|
mountPath: /etc/ceph-csi-config/
|
|
- name: keys-tmp-dir
|
|
mountPath: /tmp/csi/keys
|
|
- name: liveness-prometheus
|
|
image: quay.io/cephcsi/cephcsi:canary
|
|
args:
|
|
- "--type=liveness"
|
|
- "--endpoint=$(CSI_ENDPOINT)"
|
|
- "--metricsport=8680"
|
|
- "--metricspath=/metrics"
|
|
- "--polltime=60s"
|
|
- "--timeout=3s"
|
|
env:
|
|
- name: CSI_ENDPOINT
|
|
value: unix:///csi/csi-provisioner.sock
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
volumeMounts:
|
|
- name: socket-dir
|
|
mountPath: /csi
|
|
imagePullPolicy: "IfNotPresent"
|
|
volumes:
|
|
- name: host-dev
|
|
hostPath:
|
|
path: /dev
|
|
- name: host-sys
|
|
hostPath:
|
|
path: /sys
|
|
- name: lib-modules
|
|
hostPath:
|
|
path: /lib/modules
|
|
- name: socket-dir
|
|
emptyDir: {
|
|
medium: "Memory"
|
|
}
|
|
- name: ceph-csi-config
|
|
configMap:
|
|
name: ceph-csi-config
|
|
- name: ceph-csi-encryption-kms-config
|
|
configMap:
|
|
name: ceph-csi-encryption-kms-config
|
|
- name: keys-tmp-dir
|
|
emptyDir: {
|
|
medium: "Memory"
|
|
}
|