From d8043f1740854695a8bc164e8641f30b0b0da086 Mon Sep 17 00:00:00 2001 From: Ryuichi KAWAMATA Date: Mon, 10 Jan 2022 17:09:25 +0900 Subject: [PATCH 1/5] Match deploy/*.yaml and deploy/objects/*.yaml --- deploy/objects/clusterrolebinding.yaml | 1 + deploy/objects/deployment.yaml | 13 ++++++++++--- deploy/objects/role.yaml | 2 ++ deploy/objects/rolebinding.yaml | 2 ++ deploy/objects/serviceaccount.yaml | 2 ++ 5 files changed, 17 insertions(+), 3 deletions(-) diff --git a/deploy/objects/clusterrolebinding.yaml b/deploy/objects/clusterrolebinding.yaml index 0e949a27..4f085e02 100644 --- a/deploy/objects/clusterrolebinding.yaml +++ b/deploy/objects/clusterrolebinding.yaml @@ -5,6 +5,7 @@ metadata: subjects: - kind: ServiceAccount name: nfs-client-provisioner + # replace with namespace where provisioner is deployed namespace: default roleRef: kind: ClusterRole diff --git a/deploy/objects/deployment.yaml b/deploy/objects/deployment.yaml index df10aa3f..26d2a234 100644 --- a/deploy/objects/deployment.yaml +++ b/deploy/objects/deployment.yaml @@ -1,11 +1,18 @@ +apiVersion: apps/v1 kind: Deployment -apiVersion: extensions/v1beta1 metadata: name: nfs-client-provisioner + labels: + app: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default spec: replicas: 1 strategy: type: Recreate + selector: + matchLabels: + app: nfs-client-provisioner template: metadata: labels: @@ -22,11 +29,11 @@ spec: - name: PROVISIONER_NAME value: k8s-sigs.io/nfs-subdir-external-provisioner - name: NFS_SERVER - value: 10.10.10.60 + value: 10.3.243.101 - name: NFS_PATH value: /ifs/kubernetes volumes: - name: nfs-client-root nfs: - server: 10.10.10.60 + server: 10.3.243.101 path: /ifs/kubernetes diff --git a/deploy/objects/role.yaml b/deploy/objects/role.yaml index 28721e82..bcd83d3f 100644 --- a/deploy/objects/role.yaml +++ b/deploy/objects/role.yaml @@ -2,6 +2,8 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default rules: - apiGroups: [""] resources: ["endpoints"] diff --git a/deploy/objects/rolebinding.yaml b/deploy/objects/rolebinding.yaml index b5faf2d8..76a51e57 100644 --- a/deploy/objects/rolebinding.yaml +++ b/deploy/objects/rolebinding.yaml @@ -2,6 +2,8 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default subjects: - kind: ServiceAccount name: nfs-client-provisioner diff --git a/deploy/objects/serviceaccount.yaml b/deploy/objects/serviceaccount.yaml index edead9ad..b76dcd62 100644 --- a/deploy/objects/serviceaccount.yaml +++ b/deploy/objects/serviceaccount.yaml @@ -2,3 +2,5 @@ apiVersion: v1 kind: ServiceAccount metadata: name: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default From ce2849ccd7077ef2506c271abe36a4b8e836ec7d Mon Sep 17 00:00:00 2001 From: Richard Kugler <36081947+BYondRAK@users.noreply.github.com> Date: Wed, 26 May 2021 14:07:47 -0400 Subject: [PATCH 2/5] Allow use of securityContext Update Deployment with securityContext for pod and Container --- .../nfs-subdir-external-provisioner/templates/deployment.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/nfs-subdir-external-provisioner/templates/deployment.yaml b/charts/nfs-subdir-external-provisioner/templates/deployment.yaml index a8b47fc0..b21efdc2 100644 --- a/charts/nfs-subdir-external-provisioner/templates/deployment.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/deployment.yaml @@ -24,6 +24,8 @@ spec: {{- include "nfs-subdir-external-provisioner.podLabels" . | nindent 8 }} spec: serviceAccountName: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} @@ -43,6 +45,8 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} volumeMounts: - name: {{ .Values.nfs.volumeName }} mountPath: /persistentvolumes From 8b7f3ae920797f4d8bcceb7c5de79a55b6ded3f9 Mon Sep 17 00:00:00 2001 From: Richard Kugler <36081947+BYondRAK@users.noreply.github.com> Date: Wed, 26 May 2021 14:14:52 -0400 Subject: [PATCH 3/5] Update Values to support securityContext Adding securityContext variables to the values file. --- charts/nfs-subdir-external-provisioner/values.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/nfs-subdir-external-provisioner/values.yaml b/charts/nfs-subdir-external-provisioner/values.yaml index 20720b19..e7d4a78d 100644 --- a/charts/nfs-subdir-external-provisioner/values.yaml +++ b/charts/nfs-subdir-external-provisioner/values.yaml @@ -74,6 +74,10 @@ podAnnotations: {} ## Set pod priorityClassName # priorityClassName: "" +podSecurityContext: {} + +securityContext: {} + serviceAccount: # Specifies whether a ServiceAccount should be created create: true From 9c867b50b82c33b7e155995234682f60162e4341 Mon Sep 17 00:00:00 2001 From: Daniel Kemp Date: Thu, 20 Jan 2022 16:19:40 -0500 Subject: [PATCH 4/5] fix indentation --- .../nfs-subdir-external-provisioner/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nfs-subdir-external-provisioner/templates/deployment.yaml b/charts/nfs-subdir-external-provisioner/templates/deployment.yaml index b21efdc2..15a574b2 100644 --- a/charts/nfs-subdir-external-provisioner/templates/deployment.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/deployment.yaml @@ -25,7 +25,7 @@ spec: spec: serviceAccountName: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} From 5c92c0ae51b944c515c39a7e3696f58222d91c06 Mon Sep 17 00:00:00 2001 From: Daniel Kemp Date: Thu, 20 Jan 2022 16:19:56 -0500 Subject: [PATCH 5/5] Update chart version --- charts/nfs-subdir-external-provisioner/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nfs-subdir-external-provisioner/Chart.yaml b/charts/nfs-subdir-external-provisioner/Chart.yaml index 58d3174a..9783d088 100644 --- a/charts/nfs-subdir-external-provisioner/Chart.yaml +++ b/charts/nfs-subdir-external-provisioner/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 4.0.2 description: nfs-subdir-external-provisioner is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. name: nfs-subdir-external-provisioner home: https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner -version: 4.0.14 +version: 4.0.15 kubeVersion: ">=1.9.0-0" sources: - https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner