diff --git a/.gitignore b/.gitignore index 3ce5adb..331c58f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ .idea -vendor +vendor \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..43c81f1 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +FROM golang:1.14 as builder + +WORKDIR /go/src/github.com/container-object-storage-interface/ephemeral-csi-driver + +ADD ./bin/main /go/src/github.com/container-object-storage-interface/ephemeral-csi-driver/bin/main + +ENTRYPOINT ["./bin/main"] diff --git a/Makefile b/Makefile index 27f981f..e35e652 100644 --- a/Makefile +++ b/Makefile @@ -1,3 +1,11 @@ +repository = krishchow +version = v0.1 build: go build -o bin/main main.go + +docker: build + docker build --tag quay.io/$(repository)/ephemeral-csi-driver:$(version) . + +push: docker + docker push quay.io/$(repository)/ephemeral-csi-driver:$(version) \ No newline at end of file diff --git a/deploy/csi-cosi.properties b/deploy/csi-cosi.properties new file mode 100644 index 0000000..c832fea --- /dev/null +++ b/deploy/csi-cosi.properties @@ -0,0 +1,4 @@ +VERSION=v0.06 +KUBELET_DIR_PATH=/var/lib/kubelet +CSI_COSI_REPOSITORY_ORG=quay.io/krishchow +CSI_COSI_REPOSITORY_IMAGE=ephemeral-csi-driver \ No newline at end of file diff --git a/deploy/kustomizeconfig.yaml b/deploy/kustomizeconfig.yaml new file mode 100644 index 0000000..b5c30ce --- /dev/null +++ b/deploy/kustomizeconfig.yaml @@ -0,0 +1,25 @@ +varReference: + - path: data/VERSION + kind: ConfigMap + - path: spec/template/spec/volumes/hostPath/path + kind: DaemonSet + - path: spec/selector/matchLabels + kind: DaemonSet + - path: spec/template/metadata/labels + kind: DaemonSet + - path: spec/template/spec/containers/image + kind: DaemonSet + - path: spec/template/spec/containers/terminationMessagePath + kind: DaemonSet + - path: spec/template/spec/volumes/hostPath/path + kind: Deployment + - path: spec/selector/matchLabels + kind: Deployment + - path: spec/template/metadata/labels + kind: Deployment + - path: spec/template/spec/containers/image + kind: Deployment + - path: spec/template/spec/containers/terminationMessagePath + kind: Deployment + - path: spec/selector + kind: Service diff --git a/deploy/ns.yaml b/deploy/ns.yaml new file mode 100644 index 0000000..9223984 --- /dev/null +++ b/deploy/ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: cosi diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml new file mode 100644 index 0000000..3002538 --- /dev/null +++ b/deploy/rbac.yaml @@ -0,0 +1,72 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-cosi-driver + namespace: cosi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: csi-cosi-driver +rules: + # The following rule should be uncommented for plugins that require secrets + # for provisioning. + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["driver.objectstorage.k8s.io"] + resources: ["volumes"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create","get", "watch", "list", "delete", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: csi-cosi-driver +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-cosi-driver +subjects: + - kind: ServiceAccount + name: csi-cosi-driver + namespace: cosi diff --git a/deploy/workloads.yaml b/deploy/workloads.yaml new file mode 100644 index 0000000..5fa380e --- /dev/null +++ b/deploy/workloads.yaml @@ -0,0 +1,200 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: driver.objectstorage.k8s.io + namespace: cosi +spec: + volumeLifecycleModes: + - Persistent + - Ephemeral + podInfoOnMount: false + attachRequired: false +--- +apiVersion: v1 +kind: Secret +metadata: + name: csi-cosi-driver + namespace: cosi +data: + key: none +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: driver.objectstorage.k8s.io +provisioner: driver.objectstorage.k8s.io +parameters: + disable.csi.storage.k8s.io/provisioner-secret-name: csi-cosi-driver + disable.csi.storage.k8s.io/provisioner-secret-namespace: default + disable.csi.storage.k8s.io/fstype: xfs +--- +kind: Service +apiVersion: v1 +metadata: + name: csi-cosi-driver + namespace: cosi + labels: + app: csi-cosi-driver +spec: + selector: + app: csi-cosi-driver + ports: + - name: unused + port: 12345 +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-cosi-driver + namespace: cosi +spec: + selector: + matchLabels: + app: csi-cosi-driver + template: + metadata: + labels: + app: csi-cosi-driver + spec: + serviceAccountName: csi-cosi-driver + containers: + - name: node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0 + args: + - --v=5 + - --csi-address=/csi/csi.sock + - --kubelet-registration-path=$(KUBELET_DIR_PATH)/plugins/csi-cosi-driver/csi.sock + securityContext: + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + privileged: true + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /driver-registrar-termination-log + - name: csi-cosi-driver + image: $(REPOSITORY_ORG)/$(REPOSITORY_IMAGE):$(VERSION) + imagePullPolicy: "Always" + args: + - "--identity=driver.objectstorage.k8s.io" + - "--v=5" + - "--listen=$(CSI_ENDPOINT)" + - "--node-id=$(KUBE_NODE_NAME)" + - "--protocol=unix" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + securityContext: + privileged: true + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /driver-termination-log + ports: + - containerPort: 9898 + name: healthz + protocol: TCP + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: $(KUBELET_DIR_PATH)/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: $(KUBELET_DIR_PATH)/plugins + mountPropagation: Bidirectional + name: plugins-dir + - mountPath: /dev + name: dev-dir + volumes: + - hostPath: + path: $(KUBELET_DIR_PATH)/plugins/csi-cosi-driver + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: $(KUBELET_DIR_PATH)/pods + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: $(KUBELET_DIR_PATH)/plugins_registry + type: Directory + name: registration-dir + - hostPath: + path: $(KUBELET_DIR_PATH)/plugins + type: Directory + name: plugins-dir + - hostPath: + path: /dev + type: Directory + name: dev-dir +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: ephemeral-controller-cosi + namespace: cosi +spec: + replicas: 3 + selector: + matchLabels: + app: ephemeral-controller-cosi + template: + metadata: + labels: + app: ephemeral-controller-cosi + spec: + serviceAccountName: csi-cosi-driver + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.2.1 + args: + - "--v=5" + - "--timeout=300s" + - "--csi-address=$(CSI_ENDPOINT)" + - "--enable-leader-election" + - "--leader-election-type=leases" + - "--feature-gates=Topology=true" + - "--strict-topology" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /dev + name: dev-dir + terminationMessagePolicy: FallbackToLogsOnError + terminationMessagePath: /tmp/controller-provisioner-termination-log + ports: + - containerPort: 9898 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 9898 + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 2 + volumes: + - hostPath: + path: $(KUBELET_DIR_PATH)/plugins/ephemeral-controller-cosi + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /dev + type: Directory + name: dev-dir diff --git a/kustomization.yaml b/kustomization.yaml new file mode 100644 index 0000000..cf2f3e6 --- /dev/null +++ b/kustomization.yaml @@ -0,0 +1,50 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: cosi +commonAnnotations: + driver.objectstorage.k8s.io/authors: "The Kubernetes Authors" + driver.objectstorage.k8s.io/license: "Apache-2.0" +commonLabels: + driver.objectstorage.k8s.io/version: $(VERSION) +configMapGenerator: + - name: csi-cosi-config + env: deploy/csi-cosi.properties +generatorOptions: + disableNameSuffixHash: true + labels: + generated-by: "kustomize" +resources: + - deploy/workloads.yaml + - deploy/ns.yaml + - deploy/rbac.yaml +configurations: + - deploy/kustomizeconfig.yaml +vars: + - name: VERSION + objref: + name: csi-cosi-config + kind: ConfigMap + apiVersion: v1 + fieldref: + fieldpath: data.VERSION + - name: KUBELET_DIR_PATH + objref: + name: csi-cosi-config + kind: ConfigMap + apiVersion: v1 + fieldref: + fieldpath: data.KUBELET_DIR_PATH + - name: REPOSITORY_ORG + objref: + name: csi-cosi-config + kind: ConfigMap + apiVersion: v1 + fieldref: + fieldpath: data.CSI_COSI_REPOSITORY_ORG + - name: REPOSITORY_IMAGE + objref: + name: csi-cosi-config + kind: ConfigMap + apiVersion: v1 + fieldref: + fieldpath: data.CSI_COSI_REPOSITORY_IMAGE