diff --git a/.travis.yml b/.travis.yml index 77f9796..29c650a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,4 +9,4 @@ before_install: - docker tag k8s.gcr.io/debian-base:v1.0.0 gcr.azk8s.cn/google_containers/debian-base:v1.0.0 script: - - make neonsan-container + - make container diff --git a/Makefile b/Makefile index 0b1b8de..8f9d4b7 100644 --- a/Makefile +++ b/Makefile @@ -16,8 +16,10 @@ .PHONY: all disk -NEONSAN_IMAGE_NAME=csiplugin/csi-neonsan -NEONSAN_IMAGE_VERSION=v1.2.0-rc2 +IMAGE=csiplugin/csi-neonsan +TAG=v1.2.0-rc2 +IMAGE_UBUNTU=csiplugin/csi-neonsan-ubuntu +TAG_UBUNTU=v1.2.0 RELEASE_VERSION=v1.2.0 ROOT_PATH=$(pwd) PACKAGE_LIST=./cmd/... ./pkg/... @@ -28,12 +30,18 @@ neonsan-plugin: neonsan-plugin-debug: go build -gcflags "all=-N -l" -mod=vendor -o deploy/neonsan/plugin/neonsan-plugin-debug ./cmd/neonsan -neonsan-container: - docker build -t ${NEONSAN_IMAGE_NAME}:${NEONSAN_IMAGE_VERSION} -f deploy/neonsan/docker/Dockerfile . +container: + docker build -t ${IMAGE}:${TAG} -f deploy/neonsan/docker/Dockerfile . + +container-ubuntu: + docker build -t ${IMAGE_UBUNTU}:${TAG_UBUNTU} -f deploy/neonsan/docker/ubuntu/Dockerfile . yaml: kustomize build deploy/neonsan/kubernetes/base > deploy/neonsan/kubernetes/release/csi-neonsan-${RELEASE_VERSION}.yaml +yaml-ubuntu: + kustomize build deploy/neonsan/kubernetes/base-ubuntu > deploy/neonsan/kubernetes/release/csi-neonsan-${RELEASE_VERSION}-ubuntu.yaml + release: cp deploy/neonsan/plugin/* deploy/neonsan/kubernetes/release && cd deploy/neonsan/kubernetes/ && tar -zcvf csi-neonsan-${RELEASE_VERSION}.tar.gz release/* diff --git a/deploy/neonsan/docker/ubuntu/Dockerfile b/deploy/neonsan/docker/ubuntu/Dockerfile new file mode 100644 index 0000000..81663fd --- /dev/null +++ b/deploy/neonsan/docker/ubuntu/Dockerfile @@ -0,0 +1,31 @@ +# +------------------------------------------------------------------------- +# | Copyright (C) 2018 Yunify, Inc. +# +------------------------------------------------------------------------- +# | Licensed under the Apache License, Version 2.0 (the "License"); +# | you may not use this work except in compliance with the License. +# | You may obtain a copy of the License in the LICENSE file, or at: +# | +# | http://www.apache.org/licenses/LICENSE-2.0 +# | +# | Unless required by applicable law or agreed to in writing, software +# | distributed under the License is distributed on an "AS IS" BASIS, +# | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# | See the License for the specific language governing permissions and +# | limitations under the License. +# +------------------------------------------------------------------------- + +FROM golang:1.12.7-alpine as builder +WORKDIR /qingstor-csi +COPY . . +RUN CGO_ENABLED=0 GOOS=linux go build -a -mod=vendor -ldflags "-s -w" -o _output/neonsan-csi-driver ./cmd/neonsan + +FROM ubuntu:16.04 +LABEL maintainers="Yunify" +LABEL description="NeonSAN CSI plugin" +# libcurl3 and libicu55 for qbd +RUN apt-get update -y && \ + apt-get install -y libcurl3 libicu55 +COPY --from=builder /qingstor-csi/_output/neonsan-csi-driver /neonsan-csi-driver +RUN chmod +x /neonsan-csi-driver && \ + mkdir -p /var/log/neonsan-csi-driver +ENTRYPOINT ["/neonsan-csi-driver"] \ No newline at end of file diff --git a/deploy/neonsan/kubernetes/base-ubuntu/controller-deploy.yaml b/deploy/neonsan/kubernetes/base-ubuntu/controller-deploy.yaml new file mode 100644 index 0000000..3254106 --- /dev/null +++ b/deploy/neonsan/kubernetes/base-ubuntu/controller-deploy.yaml @@ -0,0 +1,161 @@ +# Copyright (C) 2018 Yunify, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this work except in compliance with the License. +# You may obtain a copy of the License in the LICENSE file, or at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Deployment +apiVersion: apps/v1 +metadata: + name: csi-neonsan-controller + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + role: controller + template: + metadata: + labels: + role: controller + spec: + serviceAccount: csi-neonsan-controller + containers: + - name: csi-provisioner + image: csiplugin/csi-provisioner:v1.5.0 + resources: + limits: + memory: "20Mi" + cpu: "20m" + requests: + memory: "20Mi" + cpu: "20m" + args: + - "--csi-address=$(ADDRESS)" + - "--enable-leader-election" + - "--feature-gates=Topology=true" + - "--leader-election-type=leases" + - "--retry-interval-max=5m" + - "--retry-interval-start=5s" + - "--timeout=90s" + - "--worker-threads=5" + - "--volume-name-prefix=pvc" + - "--v=5" + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: csi-attacher + image: csiplugin/csi-attacher:v2.1.1 + resources: + limits: + memory: "20Mi" + cpu: "20m" + requests: + memory: "20Mi" + cpu: "20m" + args: + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--retry-interval-max=5m" + - "--retry-interval-start=5s" + - "--timeout=90s" + - "--worker-threads=5" + - "--v=5" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: MY_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: csi-snapshotter + image: csiplugin/csi-snapshotter:v2.0.1 + resources: + limits: + memory: "20Mi" + cpu: "20m" + requests: + memory: "20Mi" + cpu: "20m" + args: + - "--csi-address=$(ADDRESS)" + - "--leader-election=false" + - "--v=5" + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: csi-resizer + image: csiplugin/csi-resizer:v0.4.0 + resources: + limits: + memory: "20Mi" + cpu: "20m" + requests: + memory: "20Mi" + cpu: "20m" + args: + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--v=5" + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: csi-neonsan + image: csiplugin/csi-neonsan:v1.2.0-rc2 + resources: + limits: + memory: "50Mi" + cpu: "50m" + requests: + memory: "50Mi" + cpu: "50m" + args: + - "--config=/etc/neonsan/qbd.conf" + - "--drivername=neonsan.csi.qingstor.com" + - "--endpoint=$(CSI_ENDPOINT)" + - "--maxvolume=100" + - "--nodeid=$(NODE_ID)" + - "--v=5" + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix://csi/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: neonsan-config + mountPath: /etc/neonsan + volumes: + - name: socket-dir + emptyDir: + - name: neonsan-config + hostPath: + path: /etc/neonsan diff --git a/deploy/neonsan/kubernetes/base-ubuntu/controller-rbac.yaml b/deploy/neonsan/kubernetes/base-ubuntu/controller-rbac.yaml new file mode 100644 index 0000000..1cbecf1 --- /dev/null +++ b/deploy/neonsan/kubernetes/base-ubuntu/controller-rbac.yaml @@ -0,0 +1,255 @@ +# Copyright (C) 2018 Yunify, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this work except in compliance with the License. +# You may obtain a copy of the License in the LICENSE file, or at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-neonsan-controller + namespace: kube-system + labels: + role: controller +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-provisioner + labels: + role: controller +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-attacher + labels: + role: controller +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-snapshotter + labels: + role: controller +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-resizer + labels: + role: controller +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-controller + labels: + role: controller +aggregationRule: + clusterRoleSelectors: + - matchLabels: + app: csi-neonsan + role: controller + ver: v1.2.0 + owner: yunify +rules: [] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-controller + labels: + role: controller +subjects: + - kind: ServiceAccount + name: csi-neonsan-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-neonsan-controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: kube-system + name: csi-neonsan-provisioner + labels: + role: controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-provsioner + namespace: kube-system + labels: + role: controller +subjects: + - kind: ServiceAccount + name: csi-neonsan-controller + namespace: kube-system +roleRef: + kind: Role + name: csi-neonsan-provisioner + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: kube-system + name: csi-neonsan-attacher + labels: + role: controller +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-attacher + namespace: kube-system + labels: + role: controller +subjects: + - kind: ServiceAccount + name: csi-neonsan-controller + namespace: kube-system +roleRef: + kind: Role + name: csi-neonsan-attacher + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-snapshotter + namespace: kube-system + labels: + role: controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-snapshotter + namespace: kube-system + labels: + role: controller +subjects: + - kind: ServiceAccount + name: csi-snapshotter + namespace: kube-system +roleRef: + kind: Role + name: csi-neonsan-snapshotter + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-resizer + namespace: kube-system + labels: + role: controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-resizer + namespace: kube-system + labels: + role: controller +subjects: + - kind: ServiceAccount + name: csi-resizer + namespace: kube-system +roleRef: + kind: Role + name: csi-neonsan-resizer + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/neonsan/kubernetes/base-ubuntu/csi-driver.yaml b/deploy/neonsan/kubernetes/base-ubuntu/csi-driver.yaml new file mode 100644 index 0000000..9d0c571 --- /dev/null +++ b/deploy/neonsan/kubernetes/base-ubuntu/csi-driver.yaml @@ -0,0 +1,23 @@ +# Copyright (C) 2018 Yunify, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this work except in compliance with the License. +# You may obtain a copy of the License in the LICENSE file, or at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: neonsan.csi.qingstor.com +spec: + attachRequired: true + podInfoOnMount: false + volumeLifecycleModes: + - Persistent diff --git a/deploy/neonsan/kubernetes/base-ubuntu/kustomization.yaml b/deploy/neonsan/kubernetes/base-ubuntu/kustomization.yaml new file mode 100644 index 0000000..41c067d --- /dev/null +++ b/deploy/neonsan/kubernetes/base-ubuntu/kustomization.yaml @@ -0,0 +1,26 @@ +# Copyright (C) 2018 Yunify, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this work except in compliance with the License. +# You may obtain a copy of the License in the LICENSE file, or at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Kustomization +namespace: kube-system +commonLabels: + app: csi-neonsan + owner: yunify + ver: v1.2.0 +resources: + - csi-driver.yaml + - controller-rbac.yaml + - controller-deploy.yaml + - node-rbac.yaml + - node-ds.yaml diff --git a/deploy/neonsan/kubernetes/base-ubuntu/node-ds.yaml b/deploy/neonsan/kubernetes/base-ubuntu/node-ds.yaml new file mode 100644 index 0000000..9744ce8 --- /dev/null +++ b/deploy/neonsan/kubernetes/base-ubuntu/node-ds.yaml @@ -0,0 +1,129 @@ +# Copyright (C) 2018 Yunify, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this work except in compliance with the License. +# You may obtain a copy of the License in the LICENSE file, or at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-neonsan-node + namespace: kube-system + labels: + role: node +spec: + selector: + matchLabels: + role: node + template: + metadata: + labels: + role: node + spec: + serviceAccount: csi-neonsan-node + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - key: dedicated + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + hostNetwork: true + containers: + - name: csi-neonsan + image: csiplugin/csi-neonsan-ubuntu:v1.2.0 + imagePullPolicy: "IfNotPresent" + securityContext: + privileged: true + args: + - "--config=/etc/neonsan/qbd.conf" + - "--drivername=neonsan.csi.qingstor.com" + - "--endpoint=$(CSI_ENDPOINT)" + - "--maxvolume=100" + - "--nodeid=$(NODE_ID)" + - "--v=5" + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix://csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: neonsan-config + mountPath: /etc/neonsan + - name: qbd + mountPath: /usr/sbin/qbd + - name: dev-dir + mountPath: /dev + - name: plugin-dir + mountPath: /var/lib/kubelet/plugins + mountPropagation: "Bidirectional" + - name: mountpoint-dir + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + - name: node-registrar + image: csiplugin/csi-node-driver-registrar:v1.2.0 + resources: + limits: + memory: "20Mi" + cpu: "10m" + requests: + memory: "20Mi" + cpu: "10m" + args: + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=/var/lib/kubelet/plugins/neonsan.csi.qingstor.com/csi.sock" + - "--v=5" + env: + - name: ADDRESS + value: /csi/csi.sock + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/neonsan.csi.qingstor.com /registration/neonsan.csi.qingstor.com-reg.sock"] + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + volumes: + - name: socket-dir + hostPath: + path: /var/lib/kubelet/plugins/neonsan.csi.qingstor.com/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + - name: dev-dir + hostPath: + path: /dev + type: Directory + - name: neonsan-config + hostPath: + path: /etc/neonsan + - name: qbd + hostPath: + path: /usr/sbin/qbd + type: File + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins + type: Directory + - name: mountpoint-dir + hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate \ No newline at end of file diff --git a/deploy/neonsan/kubernetes/base-ubuntu/node-rbac.yaml b/deploy/neonsan/kubernetes/base-ubuntu/node-rbac.yaml new file mode 100644 index 0000000..e2dcd42 --- /dev/null +++ b/deploy/neonsan/kubernetes/base-ubuntu/node-rbac.yaml @@ -0,0 +1,47 @@ +# Copyright (C) 2018 Yunify, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this work except in compliance with the License. +# You may obtain a copy of the License in the LICENSE file, or at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-neonsan-node + namespace: kube-system + labels: + role: node +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-node + labels: + role: node +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-neonsan-node + labels: + role: node +subjects: + - kind: ServiceAccount + name: csi-neonsan-node + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-neonsan-node + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/deploy/neonsan/kubernetes/release/csi-neonsan-v1.2.0-ubuntu.yaml b/deploy/neonsan/kubernetes/release/csi-neonsan-v1.2.0-ubuntu.yaml new file mode 100644 index 0000000..2361de1 --- /dev/null +++ b/deploy/neonsan/kubernetes/release/csi-neonsan-v1.2.0-ubuntu.yaml @@ -0,0 +1,785 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-controller + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: csi-neonsan + owner: yunify + role: node + ver: v1.2.0 + name: csi-neonsan-node + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-attacher + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-provisioner + namespace: kube-system +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-resizer + namespace: kube-system +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-snapshotter + namespace: kube-system +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-attacher +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-controller +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: csi-neonsan + owner: yunify + role: node + ver: v1.2.0 + name: csi-neonsan-node +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-provisioner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-resizer +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-snapshotter +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - create + - get + - list + - watch + - update + - delete +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-attacher + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: csi-neonsan-attacher +subjects: +- kind: ServiceAccount + name: csi-neonsan-controller + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-provsioner + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: csi-neonsan-provisioner +subjects: +- kind: ServiceAccount + name: csi-neonsan-controller + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-resizer + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: csi-neonsan-resizer +subjects: +- kind: ServiceAccount + name: csi-resizer + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-snapshotter + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: csi-neonsan-snapshotter +subjects: +- kind: ServiceAccount + name: csi-snapshotter + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + name: csi-neonsan-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-neonsan-controller +subjects: +- kind: ServiceAccount + name: csi-neonsan-controller + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: csi-neonsan + owner: yunify + role: node + ver: v1.2.0 + name: csi-neonsan-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: csi-neonsan-node +subjects: +- kind: ServiceAccount + name: csi-neonsan-node + namespace: kube-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: csi-neonsan + owner: yunify + ver: v1.2.0 + name: csi-neonsan-controller + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + template: + metadata: + labels: + app: csi-neonsan + owner: yunify + role: controller + ver: v1.2.0 + spec: + containers: + - args: + - --csi-address=$(ADDRESS) + - --enable-leader-election + - --feature-gates=Topology=true + - --leader-election-type=leases + - --retry-interval-max=5m + - --retry-interval-start=5s + - --timeout=90s + - --worker-threads=5 + - --volume-name-prefix=pvc + - --v=5 + env: + - name: ADDRESS + value: /csi/csi.sock + image: csiplugin/csi-provisioner:v1.5.0 + imagePullPolicy: IfNotPresent + name: csi-provisioner + resources: + limits: + cpu: 20m + memory: 20Mi + requests: + cpu: 20m + memory: 20Mi + volumeMounts: + - mountPath: /csi + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --leader-election + - --retry-interval-max=5m + - --retry-interval-start=5s + - --timeout=90s + - --worker-threads=5 + - --v=5 + env: + - name: ADDRESS + value: /csi/csi.sock + - name: MY_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: csiplugin/csi-attacher:v2.1.1 + imagePullPolicy: IfNotPresent + name: csi-attacher + resources: + limits: + cpu: 20m + memory: 20Mi + requests: + cpu: 20m + memory: 20Mi + volumeMounts: + - mountPath: /csi + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --leader-election=false + - --v=5 + env: + - name: ADDRESS + value: /csi/csi.sock + image: csiplugin/csi-snapshotter:v2.0.1 + imagePullPolicy: IfNotPresent + name: csi-snapshotter + resources: + limits: + cpu: 20m + memory: 20Mi + requests: + cpu: 20m + memory: 20Mi + volumeMounts: + - mountPath: /csi + name: socket-dir + - args: + - --csi-address=$(ADDRESS) + - --leader-election + - --v=5 + env: + - name: ADDRESS + value: /csi/csi.sock + image: csiplugin/csi-resizer:v0.4.0 + imagePullPolicy: IfNotPresent + name: csi-resizer + resources: + limits: + cpu: 20m + memory: 20Mi + requests: + cpu: 20m + memory: 20Mi + volumeMounts: + - mountPath: /csi + name: socket-dir + - args: + - --config=/etc/neonsan/qbd.conf + - --drivername=neonsan.csi.qingstor.com + - --endpoint=$(CSI_ENDPOINT) + - --maxvolume=100 + - --nodeid=$(NODE_ID) + - --v=5 + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix://csi/csi.sock + image: csiplugin/csi-neonsan:v1.2.0-rc2 + imagePullPolicy: IfNotPresent + name: csi-neonsan + resources: + limits: + cpu: 50m + memory: 50Mi + requests: + cpu: 50m + memory: 50Mi + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /etc/neonsan + name: neonsan-config + serviceAccount: csi-neonsan-controller + volumes: + - emptyDir: null + name: socket-dir + - hostPath: + path: /etc/neonsan + name: neonsan-config +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: csi-neonsan + owner: yunify + role: node + ver: v1.2.0 + name: csi-neonsan-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-neonsan + owner: yunify + role: node + ver: v1.2.0 + template: + metadata: + labels: + app: csi-neonsan + owner: yunify + role: node + ver: v1.2.0 + spec: + containers: + - args: + - --config=/etc/neonsan/qbd.conf + - --drivername=neonsan.csi.qingstor.com + - --endpoint=$(CSI_ENDPOINT) + - --maxvolume=100 + - --nodeid=$(NODE_ID) + - --v=5 + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix://csi/csi.sock + image: csiplugin/csi-neonsan-ubuntu:v1.2.0 + imagePullPolicy: IfNotPresent + name: csi-neonsan + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /etc/neonsan + name: neonsan-config + - mountPath: /usr/sbin/qbd + name: qbd + - mountPath: /dev + name: dev-dir + - mountPath: /var/lib/kubelet/plugins + mountPropagation: Bidirectional + name: plugin-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=/var/lib/kubelet/plugins/neonsan.csi.qingstor.com/csi.sock + - --v=5 + env: + - name: ADDRESS + value: /csi/csi.sock + image: csiplugin/csi-node-driver-registrar:v1.2.0 + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - rm -rf /registration/neonsan.csi.qingstor.com /registration/neonsan.csi.qingstor.com-reg.sock + name: node-registrar + resources: + limits: + cpu: 10m + memory: 20Mi + requests: + cpu: 10m + memory: 20Mi + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + hostNetwork: true + serviceAccount: csi-neonsan-node + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - key: dedicated + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/neonsan.csi.qingstor.com/ + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + name: registration-dir + - hostPath: + path: /dev + type: Directory + name: dev-dir + - hostPath: + path: /etc/neonsan + name: neonsan-config + - hostPath: + path: /usr/sbin/qbd + type: File + name: qbd + - hostPath: + path: /var/lib/kubelet/plugins + type: Directory + name: plugin-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir +--- +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + labels: + app: csi-neonsan + owner: yunify + ver: v1.2.0 + name: neonsan.csi.qingstor.com +spec: + attachRequired: true + podInfoOnMount: false + volumeLifecycleModes: + - Persistent