diff --git a/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.3.0.yaml b/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.3.0.yaml new file mode 100644 index 00000000..75c3438f --- /dev/null +++ b/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.3.0.yaml @@ -0,0 +1,540 @@ +allowVolumeExpansion: true +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: linode-block-storage + namespace: kube-system +provisioner: linodebs.csi.linode.com +--- +allowVolumeExpansion: true +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + annotations: + storageclass.kubernetes.io/is-default-class: "true" + name: linode-block-storage-retain + namespace: kube-system +provisioner: linodebs.csi.linode.com +reclaimPolicy: Retain +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-controller-sa + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-node-sa + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: linode-csi-role + namespace: kube-system +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-attacher-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-provisioner-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-resizer-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: linode-csi-binding + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: linode-csi-role +subjects: +- kind: ServiceAccount + name: csi-node-sa + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: csi-controller-attacher-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-attacher-role +subjects: +- kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: csi-controller-provisioner-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-provisioner-role +subjects: +- kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: csi-controller-resizer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-resizer-role +subjects: +- kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system +--- +apiVersion: v1 +data: + get-linode-id.sh: |- + #!/bin/bash -efu + id="$(kubectl get node/"${NODE_NAME}" -o jsonpath='{.spec.providerID}')" + if [[ ! -z "${id}" ]]; then + echo "${id}" + echo -n "${id:9}" > /linode-info/linode-id + exit 0 + fi + echo "Provider ID not found" + # Exit here so that we wait for the CCM to initialize the provider ID + exit 1 +kind: ConfigMap +metadata: + labels: + app: csi-linode + name: get-linode-id + namespace: kube-system +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + app: csi-linode-controller + name: csi-linode-controller + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app: csi-linode-controller + serviceName: csi-linode + template: + metadata: + labels: + app: csi-linode-controller + role: csi-linode + spec: + containers: + - args: + - --volume-name-prefix=pvc + - --volume-name-uuid-length=16 + - --csi-address=$(ADDRESS) + - --v=2 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: quay.io/k8scsi/csi-provisioner:v1.6.0 + imagePullPolicy: Always + name: csi-provisioner + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --v=2 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: quay.io/k8scsi/csi-attacher:v2.2.0 + imagePullPolicy: Always + name: csi-attacher + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --v=2 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: quay.io/k8scsi/csi-resizer:v0.5.0 + name: linode-csi-resizer + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --endpoint=$(CSI_ENDPOINT) + - --token=$(LINODE_TOKEN) + - --url=$(LINODE_API_URL) + - --node=$(NODE_NAME) + - --bs-prefix=$(LINODE_BS_PREFIX) + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: LINODE_API_URL + value: https://api.linode.com/v4 + - name: LINODE_BS_PREFIX + value: null + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: LINODE_TOKEN + valueFrom: + secretKeyRef: + key: token + name: linode + image: linode/linode-blockstorage-csi-driver:v0.3.0 + imagePullPolicy: Always + name: linode-csi-plugin + volumeMounts: + - mountPath: /linode-info + name: linode-info + - mountPath: /scripts + name: get-linode-id + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + initContainers: + - command: + - /scripts/get-linode-id.sh + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: bitnami/kubectl:1.16.3-debian-10-r36 + name: init + volumeMounts: + - mountPath: /linode-info + name: linode-info + - mountPath: /scripts + name: get-linode-id + serviceAccount: csi-controller-sa + volumes: + - emptyDir: {} + name: socket-dir + - emptyDir: {} + name: linode-info + - configMap: + defaultMode: 493 + name: get-linode-id + name: get-linode-id +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: csi-linode-node + name: csi-linode-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-linode-node + template: + metadata: + labels: + app: csi-linode-node + role: csi-linode + spec: + containers: + - args: + - --v=2 + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/linodebs.csi.linode.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v1.3.0 + name: csi-node-driver-registrar + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - args: + - --endpoint=$(CSI_ENDPOINT) + - --token=$(LINODE_TOKEN) + - --url=$(LINODE_API_URL) + - --node=$(NODE_NAME) + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: LINODE_API_URL + value: https://api.linode.com/v4 + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: LINODE_TOKEN + valueFrom: + secretKeyRef: + key: token + name: linode + image: linode/linode-blockstorage-csi-driver:v0.3.0 + imagePullPolicy: Always + name: csi-linode-plugin + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + privileged: true + volumeMounts: + - mountPath: /linode-info + name: linode-info + - mountPath: /scripts + name: get-linode-id + - mountPath: /csi + name: plugin-dir + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: pods-mount-dir + - mountPath: /dev + name: device-dir + hostNetwork: true + initContainers: + - command: + - /scripts/get-linode-id.sh + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: bitnami/kubectl:1.16.3-debian-10-r36 + name: init + volumeMounts: + - mountPath: /linode-info + name: linode-info + - mountPath: /scripts + name: get-linode-id + serviceAccount: csi-node-sa + volumes: + - emptyDir: {} + name: linode-info + - configMap: + defaultMode: 493 + name: get-linode-id + name: get-linode-id + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/linodebs.csi.linode.com + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /var/lib/kubelet + type: Directory + name: pods-mount-dir + - hostPath: + path: /dev + name: device-dir + - hostPath: + path: /etc/udev + type: Directory + name: udev-rules-etc + - hostPath: + path: /lib/udev + type: Directory + name: udev-rules-lib + - hostPath: + path: /run/udev + type: Directory + name: udev-socket + - hostPath: + path: /sys + type: Directory + name: sys +--- +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: linodebs.csi.linode.com +spec: + attachRequired: true + podInfoOnMount: true diff --git a/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver.yaml b/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver.yaml index d0a1b07a..75c3438f 100644 --- a/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver.yaml +++ b/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver.yaml @@ -1,250 +1,404 @@ -# pkg/linode-bs/deploy/kubernetes/03-accounts-roles-bindings.yaml -##### Node Service Account, Roles, RoleBindings +allowVolumeExpansion: true +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: linode-block-storage + namespace: kube-system +provisioner: linodebs.csi.linode.com +--- +allowVolumeExpansion: true +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + annotations: + storageclass.kubernetes.io/is-default-class: "true" + name: linode-block-storage-retain + namespace: kube-system +provisioner: linodebs.csi.linode.com +reclaimPolicy: Retain +--- apiVersion: v1 kind: ServiceAccount metadata: - name: csi-node-sa + name: csi-controller-sa namespace: kube-system --- -##### Controller Service Account, Roles, Rolebindings apiVersion: v1 kind: ServiceAccount metadata: - name: csi-controller-sa + name: csi-node-sa namespace: kube-system --- -# xref: https://github.com/kubernetes-csi/external-provisioner/blob/master/deploy/kubernetes/rbac.yaml -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: - name: external-provisioner-role + name: linode-csi-role namespace: kube-system rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete", "patch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims", "persistentvolumeclaims/status"] - verbs: ["get", "list", "watch", "update", "patch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshots"] - verbs: ["get", "list"] - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotcontents"] - verbs: ["get", "list"] +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - update + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch --- -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: - name: csi-controller-provisioner-binding - namespace: kube-system -subjects: - - kind: ServiceAccount - name: csi-controller-sa - namespace: kube-system -roleRef: - kind: ClusterRole - name: external-provisioner-role - apiGroup: rbac.authorization.k8s.io + name: external-attacher-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch --- -# xref: https://github.com/kubernetes-csi/external-attacher/blob/master/deploy/kubernetes/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole +metadata: + name: external-provisioner-role +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: - name: external-attacher-role - namespace: kube-system + name: external-resizer-role rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["csinodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["volumeattachments"] - verbs: ["get", "list", "watch", "update", "patch"] +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch --- -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: - name: csi-controller-attacher-binding + name: linode-csi-binding namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: linode-csi-role subjects: - - kind: ServiceAccount - name: csi-controller-sa - namespace: kube-system +- kind: ServiceAccount + name: csi-node-sa + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: csi-controller-attacher-binding roleRef: + apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: external-attacher-role - apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system --- -# pkg/linode-bs/deploy/kubernetes/04-csi-driver-instance.yaml -apiVersion: storage.k8s.io/v1beta1 -kind: CSIDriver +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: - name: linodebs.csi.linode.com -spec: - attachRequired: true - podInfoOnMount: true + name: csi-controller-provisioner-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-provisioner-role +subjects: +- kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system --- -# pkg/linode-bs/deploy/kubernetes/05-csi-storageclass.yaml -kind: StorageClass -apiVersion: storage.k8s.io/v1 +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: - name: linode-block-storage + name: csi-controller-resizer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: external-resizer-role +subjects: +- kind: ServiceAccount + name: csi-controller-sa namespace: kube-system -provisioner: linodebs.csi.linode.com -allowVolumeExpansion: true --- -kind: StorageClass -apiVersion: storage.k8s.io/v1 +apiVersion: v1 +data: + get-linode-id.sh: |- + #!/bin/bash -efu + id="$(kubectl get node/"${NODE_NAME}" -o jsonpath='{.spec.providerID}')" + if [[ ! -z "${id}" ]]; then + echo "${id}" + echo -n "${id:9}" > /linode-info/linode-id + exit 0 + fi + echo "Provider ID not found" + # Exit here so that we wait for the CCM to initialize the provider ID + exit 1 +kind: ConfigMap metadata: - name: linode-block-storage-retain + labels: + app: csi-linode + name: get-linode-id namespace: kube-system - annotations: - storageclass.kubernetes.io/is-default-class: "true" -provisioner: linodebs.csi.linode.com -reclaimPolicy: Retain -allowVolumeExpansion: true --- -# pkg/linode-bs/deploy/kubernetes/06-ss-csi-linode-controller.yaml -kind: StatefulSet apiVersion: apps/v1 +kind: StatefulSet metadata: - name: csi-linode-controller - namespace: kube-system labels: app: csi-linode-controller + name: csi-linode-controller + namespace: kube-system spec: - serviceName: "csi-linode" replicas: 1 selector: matchLabels: app: csi-linode-controller + serviceName: csi-linode template: metadata: labels: app: csi-linode-controller role: csi-linode spec: - serviceAccount: csi-controller-sa - initContainers: - - name: init - image: bitnami/kubectl:1.16.3-debian-10-r36 - command: - - /scripts/get-linode-id.sh - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: linode-info - mountPath: /linode-info - - name: get-linode-id - mountPath: /scripts containers: - - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v1.6.0 - args: - - "--volume-name-prefix=pvc" - - "--volume-name-uuid-length=16" - - "--csi-address=$(ADDRESS)" - - "--v=2" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: "Always" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v2.2.0 - args: - - "--v=2" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - imagePullPolicy: "Always" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: linode-csi-resizer - image: quay.io/k8scsi/csi-resizer:v0.5.0 - args: - - "--v=2" - - "--csi-address=$(ADDRESS)" - env: - - name: ADDRESS - value: /var/lib/csi/sockets/pluginproxy/csi.sock - volumeMounts: - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ - - name: linode-csi-plugin - image: linode/linode-blockstorage-csi-driver:v0.2.1 - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--token=$(LINODE_TOKEN)" - - "--url=$(LINODE_API_URL)" - - "--node=$(NODE_NAME)" - - "--bs-prefix=$(LINODE_BS_PREFIX)" - - "--v=2" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - - name: LINODE_API_URL - value: https://api.linode.com/v4 - - name: LINODE_BS_PREFIX - value: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: LINODE_TOKEN - valueFrom: - secretKeyRef: - name: linode - key: token - imagePullPolicy: "Always" - volumeMounts: - - name: linode-info - mountPath: /linode-info - - name: get-linode-id - mountPath: /scripts - - name: socket-dir - mountPath: /var/lib/csi/sockets/pluginproxy/ + - args: + - --volume-name-prefix=pvc + - --volume-name-uuid-length=16 + - --csi-address=$(ADDRESS) + - --v=2 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: quay.io/k8scsi/csi-provisioner:v1.6.0 + imagePullPolicy: Always + name: csi-provisioner + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --v=2 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: quay.io/k8scsi/csi-attacher:v2.2.0 + imagePullPolicy: Always + name: csi-attacher + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --v=2 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + image: quay.io/k8scsi/csi-resizer:v0.5.0 + name: linode-csi-resizer + volumeMounts: + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + - args: + - --endpoint=$(CSI_ENDPOINT) + - --token=$(LINODE_TOKEN) + - --url=$(LINODE_API_URL) + - --node=$(NODE_NAME) + - --bs-prefix=$(LINODE_BS_PREFIX) + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: LINODE_API_URL + value: https://api.linode.com/v4 + - name: LINODE_BS_PREFIX + value: null + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: LINODE_TOKEN + valueFrom: + secretKeyRef: + key: token + name: linode + image: linode/linode-blockstorage-csi-driver:v0.3.0 + imagePullPolicy: Always + name: linode-csi-plugin + volumeMounts: + - mountPath: /linode-info + name: linode-info + - mountPath: /scripts + name: get-linode-id + - mountPath: /var/lib/csi/sockets/pluginproxy/ + name: socket-dir + initContainers: + - command: + - /scripts/get-linode-id.sh + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: bitnami/kubectl:1.16.3-debian-10-r36 + name: init + volumeMounts: + - mountPath: /linode-info + name: linode-info + - mountPath: /scripts + name: get-linode-id + serviceAccount: csi-controller-sa volumes: - - name: socket-dir - emptyDir: {} - - name: linode-info - emptyDir: {} - - name: get-linode-id - configMap: - name: get-linode-id - # octal mode 755 - defaultMode: 493 + - emptyDir: {} + name: socket-dir + - emptyDir: {} + name: linode-info + - configMap: + defaultMode: 493 + name: get-linode-id + name: get-linode-id --- -# pkg/linode-bs/deploy/kubernetes/07-ds-csi-linode-node.yaml -kind: DaemonSet apiVersion: apps/v1 +kind: DaemonSet metadata: - name: csi-linode-node - namespace: kube-system labels: app: csi-linode-node + name: csi-linode-node + namespace: kube-system spec: selector: matchLabels: @@ -255,147 +409,132 @@ spec: app: csi-linode-node role: csi-linode spec: - serviceAccount: csi-node-sa - initContainers: - - name: init - image: bitnami/kubectl:1.16.3-debian-10-r36 - command: - - /scripts/get-linode-id.sh - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: linode-info - mountPath: /linode-info - - name: get-linode-id - mountPath: /scripts - hostNetwork: true containers: - - name: csi-driver-registrar - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v1.3.0 - args: - - "--v=2" - - "--csi-address=$(ADDRESS)" - - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: /var/lib/kubelet/plugins/linodebs.csi.linode.com/csi.sock - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - - name: csi-linode-plugin - image: linode/linode-blockstorage-csi-driver:v0.2.1 - args : - - "--endpoint=$(CSI_ENDPOINT)" - - "--token=$(LINODE_TOKEN)" - - "--url=$(LINODE_API_URL)" - - "--node=$(NODE_NAME)" - - "--v=2" - env: - - name: CSI_ENDPOINT - value: unix:///csi/csi.sock - - name: LINODE_API_URL - value: https://api.linode.com/v4 - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: LINODE_TOKEN - valueFrom: - secretKeyRef: - name: linode - key: token - imagePullPolicy: "Always" - securityContext: - privileged: true - capabilities: - add: ["SYS_ADMIN"] - allowPrivilegeEscalation: true - volumeMounts: - - name: linode-info - mountPath: /linode-info - - name: get-linode-id - mountPath: /scripts - - name: plugin-dir - mountPath: /csi - - name: pods-mount-dir - mountPath: /var/lib/kubelet - # needed so that any mounts setup inside this container are - # propagated back to the host machine. - mountPropagation: "Bidirectional" - - mountPath: /dev - name: device-dir + - args: + - --v=2 + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/linodebs.csi.linode.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v1.3.0 + name: csi-node-driver-registrar + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - args: + - --endpoint=$(CSI_ENDPOINT) + - --token=$(LINODE_TOKEN) + - --url=$(LINODE_API_URL) + - --node=$(NODE_NAME) + - --v=2 + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: LINODE_API_URL + value: https://api.linode.com/v4 + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: LINODE_TOKEN + valueFrom: + secretKeyRef: + key: token + name: linode + image: linode/linode-blockstorage-csi-driver:v0.3.0 + imagePullPolicy: Always + name: csi-linode-plugin + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + privileged: true + volumeMounts: + - mountPath: /linode-info + name: linode-info + - mountPath: /scripts + name: get-linode-id + - mountPath: /csi + name: plugin-dir + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: pods-mount-dir + - mountPath: /dev + name: device-dir + hostNetwork: true + initContainers: + - command: + - /scripts/get-linode-id.sh + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: bitnami/kubectl:1.16.3-debian-10-r36 + name: init + volumeMounts: + - mountPath: /linode-info + name: linode-info + - mountPath: /scripts + name: get-linode-id + serviceAccount: csi-node-sa volumes: - - name: linode-info - emptyDir: {} - - name: get-linode-id - configMap: - name: get-linode-id - defaultMode: 493 - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: DirectoryOrCreate - - name: kubelet-dir - hostPath: - path: /var/lib/kubelet - type: Directory - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/linodebs.csi.linode.com - type: DirectoryOrCreate - - name: pods-mount-dir - hostPath: - path: /var/lib/kubelet - type: Directory - - name: device-dir - hostPath: - path: /dev - # The following mounts are required to trigger host udevadm from container - - name: udev-rules-etc - hostPath: - path: /etc/udev - type: Directory - - name: udev-rules-lib - hostPath: - path: /lib/udev - type: Directory - - name: udev-socket - hostPath: - path: /run/udev - type: Directory - - name: sys - hostPath: - path: /sys - type: Directory + - emptyDir: {} + name: linode-info + - configMap: + defaultMode: 493 + name: get-linode-id + name: get-linode-id + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/linodebs.csi.linode.com + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /var/lib/kubelet + type: Directory + name: pods-mount-dir + - hostPath: + path: /dev + name: device-dir + - hostPath: + path: /etc/udev + type: Directory + name: udev-rules-etc + - hostPath: + path: /lib/udev + type: Directory + name: udev-rules-lib + - hostPath: + path: /run/udev + type: Directory + name: udev-socket + - hostPath: + path: /sys + type: Directory + name: sys --- -# pkg/linode-bs/deploy/kubernetes/08-cm-get-linode-id.yaml -apiVersion: v1 -kind: ConfigMap +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver metadata: - name: get-linode-id - namespace: kube-system - labels: - app: csi-linode -data: - get-linode-id.sh: |- - #!/bin/bash -efu - id="$(kubectl get node/"${NODE_NAME}" -o jsonpath='{.spec.providerID}')" - if [[ ! -z "${id}" ]]; then - echo "${id}" - echo -n "${id:9}" > /linode-info/linode-id - exit 0 - fi - echo "Provider ID not found" - # Exit here so that we wait for the CCM to initialize the provider ID - exit 1 + name: linodebs.csi.linode.com +spec: + attachRequired: true + podInfoOnMount: true