Deployment Files

.gitignore

@@ -1,2 +1,2 @@
 .idea
-vendor
+vendor

Dockerfile

@@ -0,0 +1,7 @@
+FROM golang:1.14 as builder
+
+WORKDIR	/go/src/github.com/container-object-storage-interface/ephemeral-csi-driver
+
+ADD ./bin/main /go/src/github.com/container-object-storage-interface/ephemeral-csi-driver/bin/main
+
+ENTRYPOINT ["./bin/main"]

Makefile

@@ -1,3 +1,11 @@
+repository = krishchow
+version = v0.1
 
 build:
 	go build -o bin/main main.go
+
+docker: build
+	docker build --tag quay.io/$(repository)/ephemeral-csi-driver:$(version) .
+
+push: docker
+	docker push quay.io/$(repository)/ephemeral-csi-driver:$(version)

deploy/csi-cosi.properties

@@ -0,0 +1,4 @@
+VERSION=v0.06
+KUBELET_DIR_PATH=/var/lib/kubelet
+CSI_COSI_REPOSITORY_ORG=quay.io/krishchow
+CSI_COSI_REPOSITORY_IMAGE=ephemeral-csi-driver

deploy/kustomizeconfig.yaml

@@ -0,0 +1,25 @@
+varReference:
+  - path: data/VERSION
+    kind: ConfigMap
+  - path: spec/template/spec/volumes/hostPath/path
+    kind: DaemonSet
+  - path: spec/selector/matchLabels
+    kind: DaemonSet
+  - path: spec/template/metadata/labels
+    kind: DaemonSet
+  - path: spec/template/spec/containers/image
+    kind: DaemonSet
+  - path: spec/template/spec/containers/terminationMessagePath
+    kind: DaemonSet
+  - path: spec/template/spec/volumes/hostPath/path
+    kind: Deployment
+  - path: spec/selector/matchLabels
+    kind: Deployment
+  - path: spec/template/metadata/labels
+    kind: Deployment
+  - path: spec/template/spec/containers/image
+    kind: Deployment
+  - path: spec/template/spec/containers/terminationMessagePath
+    kind: Deployment
+  - path: spec/selector
+    kind: Service

deploy/ns.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cosi

deploy/rbac.yaml

@@ -0,0 +1,72 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-cosi-driver
+  namespace: cosi
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: csi-cosi-driver
+rules:
+  # The following rule should be uncommented for plugins that require secrets
+  # for provisioning.
+  # - apiGroups: [""]
+  #   resources: ["secrets"]
+  #   verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["get", "list"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  - apiGroups: ["driver.objectstorage.k8s.io"]
+    resources: ["volumes"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["create","get", "watch", "list", "delete", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: csi-cosi-driver
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: csi-cosi-driver
+subjects:
+  - kind: ServiceAccount
+    name: csi-cosi-driver
+    namespace: cosi

deploy/workloads.yaml

@@ -0,0 +1,200 @@
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: driver.objectstorage.k8s.io
+  namespace: cosi
+spec:
+  volumeLifecycleModes:
+  - Persistent
+  - Ephemeral
+  podInfoOnMount: false
+  attachRequired: false
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: csi-cosi-driver
+  namespace: cosi
+data:
+  key: none
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: driver.objectstorage.k8s.io
+provisioner: driver.objectstorage.k8s.io
+parameters:
+  disable.csi.storage.k8s.io/provisioner-secret-name: csi-cosi-driver
+  disable.csi.storage.k8s.io/provisioner-secret-namespace: default
+  disable.csi.storage.k8s.io/fstype: xfs
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: csi-cosi-driver
+  namespace: cosi
+  labels:
+    app: csi-cosi-driver
+spec:
+  selector:
+    app: csi-cosi-driver
+  ports:
+    - name: unused
+      port: 12345
+---
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: csi-cosi-driver
+  namespace: cosi
+spec:
+  selector:
+    matchLabels:
+      app: csi-cosi-driver
+  template:
+    metadata:
+      labels:
+        app: csi-cosi-driver
+    spec:
+      serviceAccountName: csi-cosi-driver
+      containers:
+        - name: node-driver-registrar
+          image: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0
+          args:
+            - --v=5
+            - --csi-address=/csi/csi.sock
+            - --kubelet-registration-path=$(KUBELET_DIR_PATH)/plugins/csi-cosi-driver/csi.sock
+          securityContext:
+            # This is necessary only for systems with SELinux, where
+            # non-privileged sidecar containers cannot access unix domain socket
+            # created by privileged CSI driver container.
+            privileged: true
+          env:
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          volumeMounts:
+          - mountPath: /csi
+            name: socket-dir
+          - mountPath: /registration
+            name: registration-dir
+          terminationMessagePolicy: FallbackToLogsOnError
+          terminationMessagePath: /driver-registrar-termination-log
+        - name: csi-cosi-driver
+          image: $(REPOSITORY_ORG)/$(REPOSITORY_IMAGE):$(VERSION)
+          imagePullPolicy: "Always"
+          args:
+            - "--identity=driver.objectstorage.k8s.io"
+            - "--v=5"
+            - "--listen=$(CSI_ENDPOINT)"
+            - "--node-id=$(KUBE_NODE_NAME)"
+            - "--protocol=unix"
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          securityContext:
+            privileged: true
+          terminationMessagePolicy: FallbackToLogsOnError
+          terminationMessagePath: /driver-termination-log
+          ports:
+          - containerPort: 9898
+            name: healthz
+            protocol: TCP
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+            - mountPath: $(KUBELET_DIR_PATH)/pods
+              mountPropagation: Bidirectional
+              name: mountpoint-dir
+            - mountPath: $(KUBELET_DIR_PATH)/plugins
+              mountPropagation: Bidirectional
+              name: plugins-dir
+            - mountPath: /dev
+              name: dev-dir
+      volumes:
+        - hostPath:
+            path: $(KUBELET_DIR_PATH)/plugins/csi-cosi-driver
+            type: DirectoryOrCreate
+          name: socket-dir
+        - hostPath:
+            path: $(KUBELET_DIR_PATH)/pods
+            type: DirectoryOrCreate
+          name: mountpoint-dir
+        - hostPath:
+            path: $(KUBELET_DIR_PATH)/plugins_registry
+            type: Directory
+          name: registration-dir
+        - hostPath:
+            path: $(KUBELET_DIR_PATH)/plugins
+            type: Directory
+          name: plugins-dir
+        - hostPath:
+            path: /dev
+            type: Directory
+          name: dev-dir
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: ephemeral-controller-cosi
+  namespace: cosi
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: ephemeral-controller-cosi
+  template:
+    metadata:
+      labels:
+        app: ephemeral-controller-cosi
+    spec:
+      serviceAccountName: csi-cosi-driver
+      containers:
+        - name: csi-provisioner
+          image: quay.io/k8scsi/csi-provisioner:v1.2.1
+          args:
+            - "--v=5"
+            - "--timeout=300s"
+            - "--csi-address=$(CSI_ENDPOINT)"
+            - "--enable-leader-election"
+            - "--leader-election-type=leases"
+            - "--feature-gates=Topology=true"
+            - "--strict-topology"
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+            - mountPath: /dev
+              name: dev-dir
+          terminationMessagePolicy: FallbackToLogsOnError
+          terminationMessagePath: /tmp/controller-provisioner-termination-log
+          ports:
+            - containerPort: 9898
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            failureThreshold: 5
+            httpGet:
+              path: /healthz
+              port: 9898
+            initialDelaySeconds: 10
+            timeoutSeconds: 3
+            periodSeconds: 2
+      volumes:
+        - hostPath:
+            path: $(KUBELET_DIR_PATH)/plugins/ephemeral-controller-cosi
+            type: DirectoryOrCreate
+          name: socket-dir
+        - hostPath:
+            path: /dev
+            type: Directory
+          name: dev-dir

kustomization.yaml

@@ -0,0 +1,50 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: cosi
+commonAnnotations:
+  driver.objectstorage.k8s.io/authors: "The Kubernetes Authors"
+  driver.objectstorage.k8s.io/license: "Apache-2.0"
+commonLabels:
+  driver.objectstorage.k8s.io/version: $(VERSION)
+configMapGenerator:
+  - name: csi-cosi-config
+    env: deploy/csi-cosi.properties
+generatorOptions:
+  disableNameSuffixHash: true
+  labels:
+    generated-by: "kustomize"
+resources:
+  - deploy/workloads.yaml
+  - deploy/ns.yaml
+  - deploy/rbac.yaml
+configurations:
+  - deploy/kustomizeconfig.yaml
+vars:
+  - name: VERSION
+    objref:
+      name: csi-cosi-config
+      kind: ConfigMap
+      apiVersion: v1
+    fieldref:
+      fieldpath: data.VERSION
+  - name: KUBELET_DIR_PATH
+    objref:
+      name: csi-cosi-config
+      kind: ConfigMap
+      apiVersion: v1
+    fieldref:
+      fieldpath: data.KUBELET_DIR_PATH
+  - name: REPOSITORY_ORG
+    objref:
+      name: csi-cosi-config
+      kind: ConfigMap
+      apiVersion: v1
+    fieldref:
+      fieldpath: data.CSI_COSI_REPOSITORY_ORG
+  - name: REPOSITORY_IMAGE
+    objref:
+      name: csi-cosi-config
+      kind: ConfigMap
+      apiVersion: v1
+    fieldref:
+      fieldpath: data.CSI_COSI_REPOSITORY_IMAGE