-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7401378
commit d9e2b48
Showing
1 changed file
with
303 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,303 @@ | ||
| # | ||
| # This file is the release v0.4.0. | ||
| # | ||
| --- | ||
| apiVersion: storage.k8s.io/v1beta1 | ||
| kind: CSIDriver | ||
| metadata: | ||
| name: csi.xelon.ch | ||
| spec: | ||
| attachRequired: true | ||
| podInfoOnMount: false | ||
|
|
||
| --- | ||
| kind: StorageClass | ||
| apiVersion: storage.k8s.io/v1 | ||
| metadata: | ||
| name: xelon-persistent-storage | ||
| namespace: kube-system | ||
| provisioner: csi.xelon.ch | ||
|
|
||
| --- | ||
| kind: ServiceAccount | ||
| apiVersion: v1 | ||
| metadata: | ||
| name: xelon-csi-controller-sa | ||
| namespace: kube-system | ||
|
|
||
| --- | ||
| kind: ClusterRole | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: xelon-csi-provisioner-role | ||
| rules: | ||
| - apiGroups: [""] | ||
| resources: ["persistentvolumes"] | ||
| verbs: ["get", "list", "watch", "create", "delete"] | ||
| - apiGroups: [""] | ||
| resources: ["persistentvolumeclaims"] | ||
| verbs: ["get", "list", "watch", "update"] | ||
| - apiGroups: ["storage.k8s.io"] | ||
| resources: ["storageclasses"] | ||
| verbs: ["get", "list", "watch"] | ||
| - apiGroups: [""] | ||
| resources: ["events"] | ||
| verbs: ["list", "watch", "create", "update", "patch"] | ||
| - apiGroups: ["storage.k8s.io"] | ||
| resources: ["csinodes"] | ||
| verbs: ["get", "list", "watch"] | ||
| - apiGroups: [""] | ||
| resources: ["nodes"] | ||
| verbs: ["get", "list", "watch"] | ||
| - apiGroups: ["storage.k8s.io"] | ||
| resources: ["volumeattachments"] | ||
| verbs: ["get", "list", "watch"] | ||
|
|
||
| --- | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: xelon-csi-controller-binding | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: xelon-csi-controller-sa | ||
| namespace: kube-system | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: xelon-csi-provisioner-role | ||
| apiGroup: rbac.authorization.k8s.io | ||
|
|
||
| --- | ||
| kind: ClusterRole | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: xelon-csi-attacher-role | ||
| rules: | ||
| - apiGroups: [""] | ||
| resources: ["persistentvolumes"] | ||
| verbs: ["get", "list", "watch", "update", "patch"] | ||
| - apiGroups: [""] | ||
| resources: ["nodes"] | ||
| verbs: ["get", "list", "watch"] | ||
| - apiGroups: ["storage.k8s.io"] | ||
| resources: ["csinodes"] | ||
| verbs: ["get", "list", "watch"] | ||
| - apiGroups: ["storage.k8s.io"] | ||
| resources: ["volumeattachments"] | ||
| verbs: ["get", "list", "watch", "update", "patch"] | ||
| - apiGroups: ["storage.k8s.io"] | ||
| resources: ["volumeattachments/status"] | ||
| verbs: ["patch"] | ||
|
|
||
| --- | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: xelon-csi-attacher-binding | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: xelon-csi-controller-sa | ||
| namespace: kube-system | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: xelon-csi-attacher-role | ||
| apiGroup: rbac.authorization.k8s.io | ||
|
|
||
| --- | ||
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: xelon-csi-node-sa | ||
| namespace: kube-system | ||
|
|
||
| --- | ||
| kind: ClusterRole | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: xelon-csi-node-driver-registrar-role | ||
| namespace: kube-system | ||
| rules: | ||
| - apiGroups: [""] | ||
| resources: ["events"] | ||
| verbs: ["get", "list", "watch", "create", "update", "patch"] | ||
| --- | ||
| kind: ClusterRoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: xelon-csi-node-driver-registrar-binding | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: xelon-csi-node-sa | ||
| namespace: kube-system | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: xelon-csi-node-driver-registrar-role | ||
| apiGroup: rbac.authorization.k8s.io | ||
|
|
||
| ############################################## | ||
| ########### ############ | ||
| ########### Controller plugin ############ | ||
| ########### ############ | ||
| ############################################## | ||
| --- | ||
| kind: StatefulSet | ||
| apiVersion: apps/v1 | ||
| metadata: | ||
| name: xelon-csi-controller | ||
| namespace: kube-system | ||
| spec: | ||
| serviceName: "xelon-csi" | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: xelon-csi-controller | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: xelon-csi-controller | ||
| role: xelon-csi | ||
| spec: | ||
| priorityClassName: system-cluster-critical | ||
| serviceAccountName: xelon-csi-controller-sa | ||
| containers: | ||
| - name: xelon-csi-plugin | ||
| image: xelonag/xelon-csi:v0.4.0 | ||
| args: | ||
| - "--api-url=$(XELON_API_URL)" | ||
| - "--endpoint=$(CSI_ENDPOINT)" | ||
| - "--mode=controller" | ||
| - "--token=$(XELON_API_TOKEN)" | ||
| env: | ||
| - name: CSI_ENDPOINT | ||
| value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock | ||
| - name: XELON_API_URL | ||
| value: "INSERT_API_URL_HERE" | ||
| - name: XELON_API_TOKEN | ||
| value: "INSERT_TOKEN_HERE" | ||
| imagePullPolicy: "Always" | ||
| volumeMounts: | ||
| - name: socket-dir | ||
| mountPath: /var/lib/csi/sockets/pluginproxy/ | ||
| - name: metadata-file | ||
| mountPath: /etc/init.d | ||
| readOnly: true | ||
| - name: csi-provisioner | ||
| image: k8s.gcr.io/sig-storage/csi-provisioner:v2.0.2 | ||
| args: | ||
| - "--csi-address=$(CSI_ADDRESS)" | ||
| - "--default-fstype=ext4" | ||
| - "--retry-interval-start=5s" | ||
| - "--worker-threads=1" | ||
| - "--v=5" | ||
| env: | ||
| - name: CSI_ADDRESS | ||
| value: /var/lib/csi/sockets/pluginproxy/csi.sock | ||
| volumeMounts: | ||
| - name: socket-dir | ||
| mountPath: /var/lib/csi/sockets/pluginproxy/ | ||
| - name: csi-attacher | ||
| image: quay.io/k8scsi/csi-attacher:v2.2.0 | ||
| args: | ||
| - "--csi-address=$(CSI_ADDRESS)" | ||
| - "--v=5" | ||
| env: | ||
| - name: CSI_ADDRESS | ||
| value: /var/lib/csi/sockets/pluginproxy/csi.sock | ||
| volumeMounts: | ||
| - name: socket-dir | ||
| mountPath: /var/lib/csi/sockets/pluginproxy/ | ||
| volumes: | ||
| - name: socket-dir | ||
| emptyDir: {} | ||
| - name: metadata-file | ||
| hostPath: | ||
| path: /etc/init.d | ||
|
|
||
| --- | ||
| ######################################## | ||
| ########### ############ | ||
| ########### Node plugin ############ | ||
| ########### ############ | ||
| ######################################## | ||
| --- | ||
| kind: DaemonSet | ||
| apiVersion: apps/v1 | ||
| metadata: | ||
| name: xelon-csi-node | ||
| namespace: kube-system | ||
| spec: | ||
| selector: | ||
| matchLabels: | ||
| app: xelon-csi-node | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: xelon-csi-node | ||
| role: xelon-csi-node | ||
| spec: | ||
| priorityClassName: system-node-critical | ||
| serviceAccount: xelon-csi-node-sa | ||
| hostNetwork: true | ||
| containers: | ||
| - name: xelon-csi-plugin | ||
| image: xelonag/xelon-csi:v0.4.0 | ||
| args: | ||
| - "--mode=node" | ||
| imagePullPolicy: "Always" | ||
| securityContext: | ||
| privileged: true | ||
| capabilities: | ||
| add: ["SYS_ADMIN"] | ||
| allowPrivilegeEscalation: true | ||
| volumeMounts: | ||
| - name: plugin-dir | ||
| mountPath: /csi | ||
| - name: pods-mount-dir | ||
| mountPath: /var/lib/kubelet | ||
| # needed so that any mounts setup inside this container are | ||
| # propagated back to the host machine. | ||
| mountPropagation: "Bidirectional" | ||
| - name: device-dir | ||
| mountPath: /dev | ||
| - name: metadata-file | ||
| mountPath: /etc/init.d | ||
| readOnly: true | ||
| - name: csi-node-driver-registrar | ||
| image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 | ||
| args: | ||
| - "--v=5" | ||
| - "--csi-address=$(ADDRESS)" | ||
| - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" | ||
| env: | ||
| - name: ADDRESS | ||
| value: /csi/csi.sock | ||
| - name: DRIVER_REG_SOCK_PATH | ||
| value: /var/lib/kubelet/plugins/csi.xelon.ch/csi.sock | ||
| - name: KUBE_NODE_NAME | ||
| valueFrom: | ||
| fieldRef: | ||
| fieldPath: spec.nodeName | ||
| volumeMounts: | ||
| - name: plugin-dir | ||
| mountPath: /csi/ | ||
| - name: registration-dir | ||
| mountPath: /registration/ | ||
| volumes: | ||
| - name: registration-dir | ||
| hostPath: | ||
| path: /var/lib/kubelet/plugins_registry/ | ||
| type: DirectoryOrCreate | ||
| - name: plugin-dir | ||
| hostPath: | ||
| path: /var/lib/kubelet/plugins/csi.xelon.ch | ||
| type: DirectoryOrCreate | ||
| - name: pods-mount-dir | ||
| hostPath: | ||
| path: /var/lib/kubelet | ||
| type: Directory | ||
| - name: device-dir | ||
| hostPath: | ||
| path: /dev | ||
| - name: metadata-file | ||
| hostPath: | ||
| path: /etc/init.d |