(WIP) addon for metalstack csi-lvmtopic/metalstack-csilvm

author: Christian Pointner <equinox@spreadspace.org> 2022-08-22 22:46:53 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2022-08-22 22:46:53 +0200
commit: 6b3f1cf57d1a8b42658db6e3d7690e7904417728 (patch)
tree: 5dcbaedb8fb9befcf3ae1c386bf7f5935a7cb023
parent: ch-equinox-(t450s|ws): install helm (diff)
6 files changed, 857 insertions, 0 deletions
diff --git a/dan/k8s-emc.yml b/dan/k8s-emc.yml
index 4bdc9dcf..51c10fec 100644
--- a/dan/k8s-emc.yml
+++ b/dan/k8s-emc.yml
@@ -37,3 +37,4 @@
   roles:
   - role: kubernetes/addons/metrics-server
   - role: kubernetes/addons/openebs-zfs
+  - role: kubernetes/addons/metalstack-csilvm
diff --git a/inventory/group_vars/k8s-emc/vars.yml b/inventory/group_vars/k8s-emc/vars.yml
index f0308c91..0a926abb 100644
--- a/inventory/group_vars/k8s-emc/vars.yml
+++ b/inventory/group_vars/k8s-emc/vars.yml
@@ -67,3 +67,20 @@ kubernetes_openebs_zfs_storage_classes:
     parameters:
       fstype: "zfs"
       poolname: "storage"
+
+kubernetes_metalstack_csilvm_version: 0.4.1
+kubernetes_metalstack_csilvm_device_pattern: /dev/sda2
+kubernetes_metalstack_csilvm_vg: storage
+kubernetes_metalstack_csilvm_node_affinity:
+  requiredDuringSchedulingIgnoredDuringExecution:
+    nodeSelectorTerms:
+    - matchExpressions:
+      - key: streaming.spreadspace.org/edge
+        operator: Exists
+kubernetes_metalstack_csilvm_storage_classes:
+  lvm-storage:
+    allowVolumeExpansion: yes
+    volumeBindingMode: WaitForFirstConsumer
+    reclaimPolicy: Delete
+    parameters:
+      fstype: "linear"
diff --git a/roles/kubernetes/addons/metalstack-csilvm/defaults/main.yml b/roles/kubernetes/addons/metalstack-csilvm/defaults/main.yml
new file mode 100644
index 00000000..3561b93e
--- /dev/null
+++ b/roles/kubernetes/addons/metalstack-csilvm/defaults/main.yml
@@ -0,0 +1,21 @@
+---
+# kubernetes_metalstack_csilvm_version: 0.4.1
+
+# kubernetes_metalstack_csilvm_device_pattern:
+# kubernetes_metalstack_csilvm_vg:
+
+# kubernetes_metalstack_csilvm_node_selector:
+#   foo: bar
+
+# kubernetes_metalstack_csilvm_node_affinity:
+#   requiredDuringSchedulingIgnoredDuringExecution:
+#     nodeSelectorTerms:
+#     - matchExpressions:
+#       - key: k8s.example.com/metalstack-csilvm
+#         operator: Exists
+
+kubernetes_metalstack_csilvm_storage_classes: {}
+  # foo:
+  #   allowVolumeExpansion: true
+  #   parameters:
+  #     type: "linear"
diff --git a/roles/kubernetes/addons/metalstack-csilvm/tasks/main.yml b/roles/kubernetes/addons/metalstack-csilvm/tasks/main.yml
new file mode 100644
index 00000000..4183bedf
--- /dev/null
+++ b/roles/kubernetes/addons/metalstack-csilvm/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+- name: create base directory for metalstack-csilvm addon
+  file:
+    path: /etc/kubernetes/addons/metalstack-csilvm
+    state: directory
+
+- name: copy config for metalstack-csilvm
+  template:
+    src: "config.{{ kubernetes_metalstack_csilvm_version }}.yml.j2"
+    dest: /etc/kubernetes/addons/metalstack-csilvm/config.yml
+
+- name: check if metalstack-csilvm is already installed
+  check_mode: no
+  command: kubectl --kubeconfig /etc/kubernetes/admin.conf diff -f /etc/kubernetes/addons/metalstack-csilvm/config.yml
+  failed_when: false
+  changed_when: false
+  register: kube_metalstack_csilvm_config_diff_result
+
+- name: install metalstack-csilvm onto the cluster
+  when: kube_metalstack_csilvm_config_diff_result.rc != 0
+  command: kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/addons/metalstack-csilvm/config.yml
+
+
+- name: copy storageclasses config for metalstack-csilvm
+  loop: "{{ kubernetes_metalstack_csilvm_storage_classes | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  template:
+    src: "storageclass.yml.j2"
+    dest: "/etc/kubernetes/addons/metalstack-csilvm/sc-{{ item.key }}.yml"
+
+- name: check if metalstack-csilvm storageclass already exists
+  loop: "{{ kubernetes_metalstack_csilvm_storage_classes | list }}"
+  check_mode: no
+  command: "kubectl --kubeconfig /etc/kubernetes/admin.conf diff -f /etc/kubernetes/addons/metalstack-csilvm/sc-{{ item }}.yml"
+  failed_when: false
+  changed_when: false
+  register: kube_metalstack_csilvm_sc_diff
+
+- name: install/update storageclasses for metalstack-csilvm
+  loop: "{{ kube_metalstack_csilvm_sc_diff.results | selectattr('rc', 'ne', 0) | map(attribute='item') }}"
+  command: "kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/addons/metalstack-csilvm/sc-{{ item }}.yml"
diff --git a/roles/kubernetes/addons/metalstack-csilvm/templates/config.0.4.1.yml.j2 b/roles/kubernetes/addons/metalstack-csilvm/templates/config.0.4.1.yml.j2
new file mode 100644
index 00000000..20b374af
--- /dev/null
+++ b/roles/kubernetes/addons/metalstack-csilvm/templates/config.0.4.1.yml.j2
@@ -0,0 +1,770 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: metalstack
+---
+# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-lvmplugin
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+---
+# Source: csi-driver-lvm/templates/external-attacher-rbac.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-attacher
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+---
+# Source: csi-driver-lvm/templates/external-provisioner-rbac.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-provisioner
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+---
+# Source: csi-driver-lvm/templates/external-resizer-rbac.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-resizer
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+---
+# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: external-lvmplugin-runner-metalstack-csilvm
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["list", "get"]
+---
+# Source: csi-driver-lvm/templates/external-attacher-rbac.yaml
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: external-attacher-runner-metalstack-csilvm
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+---
+# Source: csi-driver-lvm/templates/external-provisioner-rbac.yaml
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: external-provisioner-runner-metalstack-csilvm
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["get", "list"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+---
+# Source: csi-driver-lvm/templates/external-resizer-rbac.yaml
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: external-resizer-runner-metalstack-csilvm
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+---
+# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-lvmplugin-role-metalstack-csilvm
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+subjects:
+  - kind: ServiceAccount
+    name: csi-lvmplugin
+    namespace: metalstack
+roleRef:
+  kind: ClusterRole
+  name: external-lvmplugin-runner-metalstack-csilvm
+  apiGroup: rbac.authorization.k8s.io
+---
+# Source: csi-driver-lvm/templates/external-attacher-rbac.yaml
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-attacher-role-metalstack-csilvm
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+subjects:
+  - kind: ServiceAccount
+    name: csi-attacher
+    namespace: metalstack
+roleRef:
+  kind: ClusterRole
+  name: external-attacher-runner-metalstack-csilvm
+  apiGroup: rbac.authorization.k8s.io
+---
+# Source: csi-driver-lvm/templates/external-provisioner-rbac.yaml
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-provisioner-role-metalstack-csilvm
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+subjects:
+  - kind: ServiceAccount
+    name: csi-provisioner
+    namespace: metalstack
+roleRef:
+  kind: ClusterRole
+  name: external-provisioner-runner-metalstack-csilvm
+  apiGroup: rbac.authorization.k8s.io
+---
+# Source: csi-driver-lvm/templates/external-resizer-rbac.yaml
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-resizer-role-metalstack-csilvm
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+subjects:
+  - kind: ServiceAccount
+    name: csi-resizer
+    namespace: metalstack
+roleRef:
+  kind: ClusterRole
+  name: external-resizer-runner-metalstack-csilvm
+  apiGroup: rbac.authorization.k8s.io
+---
+# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: external-lvmplugin-cfg
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+rules:
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+---
+# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-lvmplugin
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "create", "delete"]
+---
+# Source: csi-driver-lvm/templates/external-attacher-rbac.yaml
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: external-attacher-cfg
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+rules:
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+---
+# Source: csi-driver-lvm/templates/external-provisioner-rbac.yaml
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: external-provisioner-cfg
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+rules:
+- apiGroups: [""]
+  resources: ["endpoints"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+---
+# Source: csi-driver-lvm/templates/external-resizer-rbac.yaml
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: external-resizer-cfg
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+rules:
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+---
+# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-lvmplugin-role-cfg
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+subjects:
+  - kind: ServiceAccount
+    name: csi-lvmplugin
+    namespace: metalstack
+roleRef:
+  kind: Role
+  name: external-lvmplugin-cfg
+  apiGroup: rbac.authorization.k8s.io
+---
+# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-lvmplugin-role
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+subjects:
+  - kind: ServiceAccount
+    name: csi-lvmplugin
+    namespace: metalstack
+roleRef:
+  kind: Role
+  name: csi-lvmplugin
+  apiGroup: rbac.authorization.k8s.io
+---
+# Source: csi-driver-lvm/templates/external-attacher-rbac.yaml
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-attacher-role-cfg
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+subjects:
+  - kind: ServiceAccount
+    name: csi-attacher
+    namespace: metalstack
+roleRef:
+  kind: Role
+  name: external-attacher-cfg
+  apiGroup: rbac.authorization.k8s.io
+---
+# Source: csi-driver-lvm/templates/external-provisioner-rbac.yaml
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-provisioner-role-cfg
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+subjects:
+  - kind: ServiceAccount
+    name: csi-provisioner
+    namespace: metalstack
+roleRef:
+  kind: Role
+  name: external-provisioner-cfg
+  apiGroup: rbac.authorization.k8s.io
+---
+# Source: csi-driver-lvm/templates/external-resizer-rbac.yaml
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-resizer-role-cfg
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+subjects:
+  - kind: ServiceAccount
+    name: csi-resizer
+    namespace: metalstack
+roleRef:
+  kind: Role
+  name: external-resizer-cfg
+  apiGroup: rbac.authorization.k8s.io
+---
+# Source: csi-driver-lvm/templates/csi-lvm-attacher.yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: csi-lvm-attacher
+  labels:
+    app: csi-lvm-attacher
+    heritage: Helm
+    release: metalstack-csilvm
+spec:
+  selector:
+    app: csi-lvm-attacher
+  ports:
+    - name: dummy
+      port: 12345
+---
+# Source: csi-driver-lvm/templates/csi-lvm-plugin-deployment.yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: csi-lvmplugin
+  labels:
+    app: csi-lvmplugin
+    heritage: Helm
+    release: metalstack-csilvm
+spec:
+  selector:
+    app: csi-lvmplugin
+  ports:
+    - name: dummy
+      port: 12345
+---
+# Source: csi-driver-lvm/templates/csi-lvm-provisioner.yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: csi-lvm-provisioner
+  labels:
+    app: csi-lvm-provisioner
+    heritage: Helm
+    release: metalstack-csilvm
+spec:
+  selector:
+    app: csi-lvm-provisioner
+  ports:
+    - name: dummy
+      port: 12345
+---
+# Source: csi-driver-lvm/templates/csi-lvm-resizer.yaml
+kind: Service
+apiVersion: v1
+metadata:
+  name: csi-lvm-resizer
+  labels:
+    app: csi-lvm-resizer
+    heritage: Helm
+    release: metalstack-csilvm
+spec:
+  selector:
+    app: csi-lvm-resizer
+  ports:
+    - name: dummy
+      port: 12345
+---
+# Source: csi-driver-lvm/templates/csi-lvm-plugin-deployment.yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: csi-lvmplugin
+spec:
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: csi-lvmplugin
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: csi-lvmplugin
+    spec:
+{% if kubernetes_metalstack_csilvm_node_selector is defined %}
+      nodeSelector:
+        {{ kubernetes_metalstack_csilvm_node_selector | to_nice_yaml(indent=2) | indent(width=8) -}}
+{% endif %}
+{% if kubernetes_metalstack_csilvm_node_affinity is defined %}
+      affinity:
+        nodeAffinity:
+          {{ kubernetes_metalstack_csilvm_node_affinity | to_nice_yaml(indent=2) | indent(width=10) -}}
+{% endif %}
+      serviceAccountName: csi-lvmplugin
+      containers:
+      - args:
+        - --v=5
+        - --csi-address=/csi/csi.sock
+        - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-lvm/csi.sock
+        env:
+        - name: KUBE_NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
+        image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v1.3.0
+        imagePullPolicy: IfNotPresent
+        name: node-driver-registrar
+        resources: {}
+        securityContext:
+          privileged: true
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /csi
+          name: socket-dir
+        - mountPath: /registration
+          name: registration-dir
+      - args:
+        - --drivername=lvm.csi.metal-stack.io
+        - --endpoint=$(CSI_ENDPOINT)
+        - --devices=$(CSI_DEVICESPATTERN)
+        - --nodeid=$(KUBE_NODE_NAME)
+        - --vgname=$(CSI_VGNAME)
+        - --namespace=$(CSI_NAMESPACE)
+        - --provisionerimage=$(CSI_PROVISIONER_IMAGE)
+        - --pullpolicy=$(CSI_PULL_POLICY)
+        env:
+        - name: CSI_ENDPOINT
+          value: unix:///csi/csi.sock
+        - name: KUBE_NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
+        - name: CSI_DEVICESPATTERN
+          value: "{{ kubernetes_metalstack_csilvm_device_pattern }}"
+        - name: CSI_VGNAME
+          value: "{{ kubernetes_metalstack_csilvm_vg }}"
+        - name: CSI_NAMESPACE
+          value: metalstack
+        - name: CSI_PROVISIONER_IMAGE
+          value: "metalstack/csi-lvmplugin-provisioner:v0.4.1"
+        - name: CSI_PULL_POLICY
+          value: IfNotPresent
+        image: "metalstack/lvmplugin:v0.4.1"
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          failureThreshold: 5
+          httpGet:
+            path: /healthz
+            port: healthz
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 2
+          successThreshold: 1
+          timeoutSeconds: 3
+        name: lvm
+        ports:
+        - containerPort: 9898
+          name: healthz
+          protocol: TCP
+        resources: {}
+        securityContext:
+          privileged: true
+        terminationMessagePath: /termination.log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /csi
+          name: socket-dir
+        - mountPath: /var/lib/kubelet/pods
+          mountPropagation: Bidirectional
+          name: mountpoint-dir
+        - mountPath: /var/lib/kubelet/plugins
+          mountPropagation: Bidirectional
+          name: plugins-dir
+        - mountPath: /dev
+          name: dev-dir
+          mountPropagation: Bidirectional
+        - mountPath: /lib/modules
+          name: mod-dir
+        - mountPath: /etc/lvm/backup
+          name: lvmbackup
+          mountPropagation: Bidirectional
+        - mountPath: /etc/lvm/cache
+          name: lvmcache
+          mountPropagation: Bidirectional
+        - mountPath: /run/lock/lvm
+          name: lvmlock
+          mountPropagation: Bidirectional
+      - args:
+        - --csi-address=/csi/csi.sock
+        - --health-port=9898
+        image: k8s.gcr.io/sig-storage/livenessprobe:v2.2.0
+        imagePullPolicy: IfNotPresent
+        name: liveness-probe
+        resources: {}
+        terminationMessagePath: /dev/termination-log
+        terminationMessagePolicy: File
+        volumeMounts:
+        - mountPath: /csi
+          name: socket-dir
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - hostPath:
+          path: /var/lib/kubelet/plugins/csi-lvm
+          type: DirectoryOrCreate
+        name: socket-dir
+      - hostPath:
+          path: /var/lib/kubelet/pods
+          type: DirectoryOrCreate
+        name: mountpoint-dir
+      - hostPath:
+          path: /var/lib/kubelet/plugins_registry
+          type: Directory
+        name: registration-dir
+      - hostPath:
+          path: /var/lib/kubelet/plugins
+          type: Directory
+        name: plugins-dir
+      - hostPath:
+          path: /dev
+          type: Directory
+        name: dev-dir
+      - hostPath:
+          path: /lib/modules
+        name: mod-dir
+      - hostPath:
+          path: /etc/lvm/backup
+          type: DirectoryOrCreate
+        name: lvmbackup
+      - hostPath:
+          path: /etc/lvm/cache
+          type: DirectoryOrCreate
+        name: lvmcache
+      - hostPath:
+          path: /run/lock/lvm
+          type: DirectoryOrCreate
+        name: lvmlock
+---
+# Source: csi-driver-lvm/templates/csi-lvm-attacher.yaml
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: csi-lvm-attacher
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+spec:
+  serviceName: "csi-lvm-attacher"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: csi-lvm-attacher
+  template:
+    metadata:
+      labels:
+        app: csi-lvm-attacher
+    spec:
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - csi-lvmplugin
+            topologyKey: kubernetes.io/hostname
+      serviceAccountName: csi-attacher
+      containers:
+        - name: csi-attacher
+          image: k8s.gcr.io/sig-storage/csi-attacher:v2.2.1
+          args:
+            - --v=5
+            - --csi-address=/csi/csi.sock
+          securityContext:
+            # This is necessary only for systems with SELinux, where
+            # non-privileged sidecar containers cannot access unix domain socket
+            # created by privileged CSI driver container.
+            privileged: true
+          volumeMounts:
+          - mountPath: /csi
+            name: socket-dir
+
+      volumes:
+        - hostPath:
+            path: /var/lib/kubelet/plugins/csi-lvm
+            type: DirectoryOrCreate
+          name: socket-dir
+---
+# Source: csi-driver-lvm/templates/csi-lvm-provisioner.yaml
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: csi-lvm-provisioner
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+spec:
+  serviceName: "csi-lvm-provisioner"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: csi-lvm-provisioner
+  template:
+    metadata:
+      labels:
+        app: csi-lvm-provisioner
+    spec:
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - csi-lvmplugin
+            topologyKey: kubernetes.io/hostname
+      serviceAccountName: csi-provisioner
+      containers:
+        - name: csi-provisioner
+          image: k8s.gcr.io/sig-storage/csi-provisioner:v1.6.1
+          args:
+            - -v=5
+            - --csi-address=/csi/csi.sock
+            - --feature-gates=Topology=true
+          securityContext:
+            # This is necessary only for systems with SELinux, where
+            # non-privileged sidecar containers cannot access unix domain socket
+            # created by privileged CSI driver container.
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+      volumes:
+        - hostPath:
+            path: /var/lib/kubelet/plugins/csi-lvm
+            type: DirectoryOrCreate
+          name: socket-dir
+---
+# Source: csi-driver-lvm/templates/csi-lvm-resizer.yaml
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: csi-lvm-resizer
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+spec:
+  serviceName: "csi-lvm-resizer"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: csi-lvm-resizer
+  template:
+    metadata:
+      labels:
+        app: csi-lvm-resizer
+    spec:
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - csi-lvmplugin
+            topologyKey: kubernetes.io/hostname
+      serviceAccountName: csi-resizer
+      containers:
+        - name: csi-resizer
+          image: k8s.gcr.io/sig-storage/csi-resizer:v0.5.0
+          args:
+            - -v=5
+            - -csi-address=/csi/csi.sock
+          securityContext:
+            # This is necessary only for systems with SELinux, where
+            # non-privileged sidecar containers cannot access unix domain socket
+            # created by privileged CSI driver container.
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+      volumes:
+        - hostPath:
+            path: /var/lib/kubelet/plugins/csi-lvm
+            type: DirectoryOrCreate
+          name: socket-dir
+---
+# Source: csi-driver-lvm/templates/csi-lvm-driverinfo.yaml
+apiVersion: storage.k8s.io/v1beta1
+kind: CSIDriver
+metadata:
+  name: lvm.csi.metal-stack.io
+  labels:
+    heritage: Helm
+    release: metalstack-csilvm
+spec:
+  # Supports persistent and ephemeral inline volumes.
+  volumeLifecycleModes:
+  - Persistent
+  - Ephemeral
+  # To determine at runtime which mode a volume uses, pod info and its
+  # "csi.storage.k8s.io/ephemeral" entry are needed.
+  podInfoOnMount: true
diff --git a/roles/kubernetes/addons/metalstack-csilvm/templates/storageclass.yml.j2 b/roles/kubernetes/addons/metalstack-csilvm/templates/storageclass.yml.j2
new file mode 100644
index 00000000..e30bf1b8
--- /dev/null
+++ b/roles/kubernetes/addons/metalstack-csilvm/templates/storageclass.yml.j2
@@ -0,0 +1,6 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: "{{ item.key }}"
+provisioner: lvm.csi.metal-stack.io
+{{ item.value | to_nice_yaml(indent=2) }}
author	Christian Pointner <equinox@spreadspace.org>	2022-08-22 22:46:53 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2022-08-22 22:46:53 +0200
commit	6b3f1cf57d1a8b42658db6e3d7690e7904417728 (patch)
tree	5dcbaedb8fb9befcf3ae1c386bf7f5935a7cb023
parent	ch-equinox-(t450s\|ws): install helm (diff)