-
Notifications
You must be signed in to change notification settings - Fork 58
/
openebs-nfs-provisioner.yaml
245 lines (243 loc) · 9.38 KB
/
openebs-nfs-provisioner.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
# This manifest deploys the OpenEBS control plane components, with associated CRs & RBAC rules
# NOTE: On GKE, deploy the openebs-operator.yaml in admin context
# Create the OpenEBS namespace
apiVersion: v1
kind: Namespace
metadata:
name: openebs
---
# Create Maya Service Account
apiVersion: v1
kind: ServiceAccount
metadata:
name: openebs-maya-operator
namespace: openebs
---
# Define Role that allows operations on K8s pods/deployments
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-maya-operator
rules:
- apiGroups: ["*"]
resources: ["nodes", "nodes/proxy"]
verbs: ["*"]
- apiGroups: ["*"]
resources: ["namespaces", "services", "pods", "pods/exec", "deployments", "deployments/finalizers", "replicationcontrollers", "replicasets", "events", "endpoints", "configmaps", "secrets", "jobs", "cronjobs"]
verbs: ["*"]
- apiGroups: ["*"]
resources: ["statefulsets", "daemonsets"]
verbs: ["*"]
- apiGroups: ["*"]
resources: ["resourcequotas", "limitranges"]
verbs: ["list", "watch"]
- apiGroups: ["*"]
resources: ["ingresses", "horizontalpodautoscalers", "verticalpodautoscalers", "poddisruptionbudgets", "certificatesigningrequests"]
verbs: ["list", "watch"]
- apiGroups: ["*"]
resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"]
verbs: ["*"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: [ "get", "list", "create", "update", "delete", "patch"]
- apiGroups: ["openebs.io"]
resources: [ "*"]
verbs: ["*"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
---
# Bind the Service Account with the Role Privileges.
# TODO: Check if default account also needs to be there
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-maya-operator
subjects:
- kind: ServiceAccount
name: openebs-maya-operator
namespace: openebs
roleRef:
kind: ClusterRole
name: openebs-maya-operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: openebs-nfs-provisioner
namespace: openebs
labels:
name: openebs-nfs-provisioner
openebs.io/component-name: openebs-nfs-provisioner
openebs.io/version: dev
spec:
selector:
matchLabels:
name: openebs-nfs-provisioner
openebs.io/component-name: openebs-nfs-provisioner
replicas: 1
strategy:
type: Recreate
template:
metadata:
labels:
name: openebs-nfs-provisioner
openebs.io/component-name: openebs-nfs-provisioner
openebs.io/version: dev
spec:
serviceAccountName: openebs-maya-operator
containers:
- name: openebs-provisioner-nfs
imagePullPolicy: IfNotPresent
image: openebs/provisioner-nfs:ci
env:
# OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s
# based on this address. This is ignored if empty.
# This is supported for openebs provisioner version 0.5.2 onwards
# - name: OPENEBS_IO_K8S_MASTER
# value: "http://10.128.0.12:8080"
# OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s
# based on this config. This is ignored if empty.
# This is supported for openebs provisioner version 0.5.2 onwards
# - name: OPENEBS_IO_KUBE_CONFIG
# value: "/home/ubuntu/.kube/config"
# OPENEBS_IO_NFS_SERVER_NODE_AFFINITY defines the node affinity rules to place NFS Server
# instance. It accepts affinity rules in multiple ways:
# - If NFS Server needs to be placed on storage nodes as well as only in
# zone-1 & zone-2 then value can be:
# value: "kubernetes.io/zone:[zone-1,zone-2],kubernetes.io/storage-node".
# - If NFS Server needs to be placed only on storage nodes & nfs nodes then
# value can be:
# value: "kubernetes.io/storage-node,kubernetes.io/nfs-node"
# - name: OPENEBS_IO_NFS_SERVER_NODE_AFFINITY
# value: "kubernetes.io/storage-node,kubernetes.io/nfs-node"
# Provide a switch to turn off the function of clearing stale pvc to avoid
#. garbage collecting an NFS backend PVC if the NFS PVC is deleted.
# - name: OPENEBS_IO_NFS_SERVER_GARBAGE_COLLECTION_ENABLED
#. value: false
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OPENEBS_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as
# environment variable
- name: OPENEBS_SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: OPENEBS_IO_ENABLE_ANALYTICS
value: "true"
- name: OPENEBS_IO_NFS_SERVER_USE_CLUSTERIP
value: "true"
- name: OPENEBS_IO_INSTALLER_TYPE
value: "openebs-operator-nfs"
# OPENEBS_IO_NFS_SERVER_NS defines the namespace for nfs-server deployment
#- name: OPENEBS_IO_NFS_SERVER_NS
# value: "openebs"
# OPENEBS_IO_NFS_SERVER_IMAGE_PULL_SECRET defines the name of an image pull secret to be used by the NFS server pods
#- name: OPENEBS_IO_NFS_SERVER_IMAGE_PULL_SECRET
# value: ""
# OPENEBS_IO_NFS_SERVER_IMG defines the nfs-server-alpine image name to be used
# while creating nfs volume
- name: OPENEBS_IO_NFS_SERVER_IMG
value: openebs/nfs-server-alpine:ci
# LEADER_ELECTION_ENABLED is used to enable/disable leader election. By default
# leader election is enabled.
#- name: LEADER_ELECTION_ENABLED
# value: "true"
# Set Timeout for backend PVC to bound, Default value is 60 seconds
#- name: OPENEBS_IO_NFS_SERVER_BACKEND_PVC_TIMEOUT
# value: "60"
# Process name used for matching is limited to the 15 characters
# present in the pgrep output.
# So fullname can't be used here with pgrep (>15 chars).A regular expression
# that matches the entire command name has to specified.
# Anchor `^` : matches any string that starts with `provisioner-nfs`
# `.*`: matches any string that has `provisioner-loc` followed by zero or more char
livenessProbe:
exec:
command:
- sh
- -c
- test `pgrep "^provisioner-nfs.*"` = 1
initialDelaySeconds: 30
periodSeconds: 60
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# ## Normal cases CPU and memory usage are around ~10 millicores and
# ## memory usage is around ~16Mb(after provisioing 70 volumes)
requests:
cpu: 50m
memory: 50M
## During provisioning(large no.of pvcs at a time) time CPU and memory usage
## are around ~67 millicores(6.7% of cpu) and memory usage is around ~34Mb
limits:
cpu: 200m
memory: 200M
# uncomment below lines to use nfs-hooks
# volumeMounts:
# - mountPath: /etc/nfs-provisioner
# name: hook-config
# uncomment below lines to use nfs-hooks
# volumes:
# - name: hook-config
# configMap:
# name: hook-config
---
#Sample storage classes for OpenEBS Local PV
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: openebs-rwx
annotations:
openebs.io/cas-type: nfsrwx
cas.openebs.io/config: |
- name: NFSServerType
value: "kernel"
- name: BackendStorageClass
value: "openebs-hostpath"
# NFSServerResourceRequests defines the resource requests for NFS Server
#- name: NFSServerResourceRequests
# value: |-
# memory: 50Mi
# cpu: 50m
# NFSServerResourceLimits defines the resource limits for NFS Server
#- name: NFSServerResourceLimits
# value: |-
# memory: 100Mi
# cpu: 100m
# LeaseTime defines the renewal period(in seconds) for client state
#- name: LeaseTime
# value: 30
# GraceTime defines the recovery period(in seconds) to reclaim locks
#- name: GraceTime
# value: 30
# FilePermissions defines the file ownership and mode specifications
# for the NFS server's shared filesystem volume.
# File permission changes are applied recursively if the root of the
# volume's filesystem does not match the specified value.
# Volume-specific file permission configuration can be specified by
# using the FilePermissions config key in the PVC YAML, instead of
# the StorageClass's.
#- name: FilePermissions
# data:
# UID: "1000"
# GID: "2000"
# mode: "0744"
# FSGID defines the group permissions of NFS Volume. If it is set
# then non-root applications should add FSGID value under pod
# Suplemental groups.
# The FSGID config key is being deprecated. Please use the
# FilePermissions config key instead.
#- name: FSGID
# value: "120"
provisioner: openebs.io/nfsrwx
reclaimPolicy: Delete
---