From 6338a29adc7b2205b66a2d9a660ec00fd14c5bda Mon Sep 17 00:00:00 2001 From: Humble Chirammal Date: Fri, 23 Apr 2021 14:55:04 +0530 Subject: [PATCH] Add deployment artifacts for iscsi csi driver deployment Signed-off-by: Humble Chirammal --- deploy/csi-iscsi-driverinfo.yaml | 10 +++ deploy/csi-iscsi-node.yaml | 109 ++++++++++++++++++++++++++ deploy/install-driver.sh | 40 ++++++++++ deploy/rbac-csi-iscsi-controller.yaml | 49 ++++++++++++ 4 files changed, 208 insertions(+) create mode 100644 deploy/csi-iscsi-driverinfo.yaml create mode 100644 deploy/csi-iscsi-node.yaml create mode 100755 deploy/install-driver.sh create mode 100644 deploy/rbac-csi-iscsi-controller.yaml diff --git a/deploy/csi-iscsi-driverinfo.yaml b/deploy/csi-iscsi-driverinfo.yaml new file mode 100644 index 00000000..9ad6c4e5 --- /dev/null +++ b/deploy/csi-iscsi-driverinfo.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: iscsi.csi.k8s.io +spec: + attachRequired: false + volumeLifecycleModes: + - Persistent + podInfoOnMount: true diff --git a/deploy/csi-iscsi-node.yaml b/deploy/csi-iscsi-node.yaml new file mode 100644 index 00000000..9f849bef --- /dev/null +++ b/deploy/csi-iscsi-node.yaml @@ -0,0 +1,109 @@ +--- +# This YAML file contains driver-registrar & csi driver nodeplugin API objects +# that are necessary to run CSI nodeplugin for iscsi +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-iscsi-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-iscsi-node + template: + metadata: + labels: + app: csi-iscsi-node + spec: + hostNetwork: true # original iscsi connection would be broken without hostNetwork setting + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: + kubernetes.io/os: linux + containers: + - name: liveness-probe + image: k8s.gcr.io/sig-storage/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --health-port=29653 + - --v=2 + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: node-driver-registrar + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.1.0 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/csi-iscsiplugin /registration/csi-iscsiplugin-reg.sock"] + args: + - --v=2 + - --csi-address=/csi/csi.sock + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-iscsiplugin/csi.sock + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: iscsi + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: mcr.microsoft.com/k8s/csi/iscsi-csi:latest + args: + - "-v=5" + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + ports: + - containerPort: 29653 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + volumes: + - name: socket-dir + hostPath: + path: /var/lib/kubelet/plugins/csi-iscsiplugin + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + name: registration-dir diff --git a/deploy/install-driver.sh b/deploy/install-driver.sh new file mode 100755 index 00000000..f961998d --- /dev/null +++ b/deploy/install-driver.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# Copyright 2020 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -euo pipefail + +ver="master" +if [[ "$#" -gt 0 ]]; then + ver="$1" +fi + +repo="https://raw.githubusercontent.com/kubernetes-csi/csi-driver-iscsi/$ver/deploy" +if [[ "$#" -gt 1 ]]; then + if [[ "$2" == *"local"* ]]; then + echo "use local deploy" + repo="./deploy" + fi +fi + +if [ $ver != "master" ]; then + repo="$repo/$ver" +fi + +echo "Installing iscsi CSI driver, version: $ver ..." +kubectl apply -f $repo/rbac-csi-iscsi-controller.yaml +kubectl apply -f $repo/csi-iscsi-driverinfo.yaml +kubectl apply -f $repo/csi-iscsi-node.yaml +echo 'iscsi CSI driver installed successfully.' diff --git a/deploy/rbac-csi-iscsi-controller.yaml b/deploy/rbac-csi-iscsi-controller.yaml new file mode 100644 index 00000000..57a55264 --- /dev/null +++ b/deploy/rbac-csi-iscsi-controller.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-iscsi-controller-sa + namespace: kube-system + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: iscsi-external-provisioner-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: iscsi-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: csi-iscsi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: iscsi-external-provisioner-role + apiGroup: rbac.authorization.k8s.io