diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-08-22 22:46:53 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-08-22 22:46:53 +0200 |
commit | 6b3f1cf57d1a8b42658db6e3d7690e7904417728 (patch) | |
tree | 5dcbaedb8fb9befcf3ae1c386bf7f5935a7cb023 | |
parent | ch-equinox-(t450s|ws): install helm (diff) |
(WIP) addon for metalstack csi-lvmtopic/metalstack-csilvm
6 files changed, 857 insertions, 0 deletions
diff --git a/dan/k8s-emc.yml b/dan/k8s-emc.yml index 4bdc9dcf..51c10fec 100644 --- a/dan/k8s-emc.yml +++ b/dan/k8s-emc.yml @@ -37,3 +37,4 @@ roles: - role: kubernetes/addons/metrics-server - role: kubernetes/addons/openebs-zfs + - role: kubernetes/addons/metalstack-csilvm diff --git a/inventory/group_vars/k8s-emc/vars.yml b/inventory/group_vars/k8s-emc/vars.yml index f0308c91..0a926abb 100644 --- a/inventory/group_vars/k8s-emc/vars.yml +++ b/inventory/group_vars/k8s-emc/vars.yml @@ -67,3 +67,20 @@ kubernetes_openebs_zfs_storage_classes: parameters: fstype: "zfs" poolname: "storage" + +kubernetes_metalstack_csilvm_version: 0.4.1 +kubernetes_metalstack_csilvm_device_pattern: /dev/sda2 +kubernetes_metalstack_csilvm_vg: storage +kubernetes_metalstack_csilvm_node_affinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: streaming.spreadspace.org/edge + operator: Exists +kubernetes_metalstack_csilvm_storage_classes: + lvm-storage: + allowVolumeExpansion: yes + volumeBindingMode: WaitForFirstConsumer + reclaimPolicy: Delete + parameters: + fstype: "linear" diff --git a/roles/kubernetes/addons/metalstack-csilvm/defaults/main.yml b/roles/kubernetes/addons/metalstack-csilvm/defaults/main.yml new file mode 100644 index 00000000..3561b93e --- /dev/null +++ b/roles/kubernetes/addons/metalstack-csilvm/defaults/main.yml @@ -0,0 +1,21 @@ +--- +# kubernetes_metalstack_csilvm_version: 0.4.1 + +# kubernetes_metalstack_csilvm_device_pattern: +# kubernetes_metalstack_csilvm_vg: + +# kubernetes_metalstack_csilvm_node_selector: +# foo: bar + +# kubernetes_metalstack_csilvm_node_affinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchExpressions: +# - key: k8s.example.com/metalstack-csilvm +# operator: Exists + +kubernetes_metalstack_csilvm_storage_classes: {} + # foo: + # allowVolumeExpansion: true + # parameters: + # type: "linear" diff --git a/roles/kubernetes/addons/metalstack-csilvm/tasks/main.yml b/roles/kubernetes/addons/metalstack-csilvm/tasks/main.yml new file mode 100644 index 00000000..4183bedf --- /dev/null +++ b/roles/kubernetes/addons/metalstack-csilvm/tasks/main.yml @@ -0,0 +1,42 @@ +--- +- name: create base directory for metalstack-csilvm addon + file: + path: /etc/kubernetes/addons/metalstack-csilvm + state: directory + +- name: copy config for metalstack-csilvm + template: + src: "config.{{ kubernetes_metalstack_csilvm_version }}.yml.j2" + dest: /etc/kubernetes/addons/metalstack-csilvm/config.yml + +- name: check if metalstack-csilvm is already installed + check_mode: no + command: kubectl --kubeconfig /etc/kubernetes/admin.conf diff -f /etc/kubernetes/addons/metalstack-csilvm/config.yml + failed_when: false + changed_when: false + register: kube_metalstack_csilvm_config_diff_result + +- name: install metalstack-csilvm onto the cluster + when: kube_metalstack_csilvm_config_diff_result.rc != 0 + command: kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/addons/metalstack-csilvm/config.yml + + +- name: copy storageclasses config for metalstack-csilvm + loop: "{{ kubernetes_metalstack_csilvm_storage_classes | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: "storageclass.yml.j2" + dest: "/etc/kubernetes/addons/metalstack-csilvm/sc-{{ item.key }}.yml" + +- name: check if metalstack-csilvm storageclass already exists + loop: "{{ kubernetes_metalstack_csilvm_storage_classes | list }}" + check_mode: no + command: "kubectl --kubeconfig /etc/kubernetes/admin.conf diff -f /etc/kubernetes/addons/metalstack-csilvm/sc-{{ item }}.yml" + failed_when: false + changed_when: false + register: kube_metalstack_csilvm_sc_diff + +- name: install/update storageclasses for metalstack-csilvm + loop: "{{ kube_metalstack_csilvm_sc_diff.results | selectattr('rc', 'ne', 0) | map(attribute='item') }}" + command: "kubectl --kubeconfig /etc/kubernetes/admin.conf apply -f /etc/kubernetes/addons/metalstack-csilvm/sc-{{ item }}.yml" diff --git a/roles/kubernetes/addons/metalstack-csilvm/templates/config.0.4.1.yml.j2 b/roles/kubernetes/addons/metalstack-csilvm/templates/config.0.4.1.yml.j2 new file mode 100644 index 00000000..20b374af --- /dev/null +++ b/roles/kubernetes/addons/metalstack-csilvm/templates/config.0.4.1.yml.j2 @@ -0,0 +1,770 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: metalstack +--- +# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-lvmplugin + labels: + heritage: Helm + release: metalstack-csilvm +--- +# Source: csi-driver-lvm/templates/external-attacher-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-attacher + labels: + heritage: Helm + release: metalstack-csilvm +--- +# Source: csi-driver-lvm/templates/external-provisioner-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-provisioner + labels: + heritage: Helm + release: metalstack-csilvm +--- +# Source: csi-driver-lvm/templates/external-resizer-rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-resizer + labels: + heritage: Helm + release: metalstack-csilvm +--- +# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-lvmplugin-runner-metalstack-csilvm + labels: + heritage: Helm + release: metalstack-csilvm +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list", "get"] +--- +# Source: csi-driver-lvm/templates/external-attacher-rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-attacher-runner-metalstack-csilvm + labels: + heritage: Helm + release: metalstack-csilvm +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] +--- +# Source: csi-driver-lvm/templates/external-provisioner-rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-provisioner-runner-metalstack-csilvm + labels: + heritage: Helm + release: metalstack-csilvm +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] +--- +# Source: csi-driver-lvm/templates/external-resizer-rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-resizer-runner-metalstack-csilvm + labels: + heritage: Helm + release: metalstack-csilvm +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-lvmplugin-role-metalstack-csilvm + labels: + heritage: Helm + release: metalstack-csilvm +subjects: + - kind: ServiceAccount + name: csi-lvmplugin + namespace: metalstack +roleRef: + kind: ClusterRole + name: external-lvmplugin-runner-metalstack-csilvm + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-driver-lvm/templates/external-attacher-rbac.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-role-metalstack-csilvm + labels: + heritage: Helm + release: metalstack-csilvm +subjects: + - kind: ServiceAccount + name: csi-attacher + namespace: metalstack +roleRef: + kind: ClusterRole + name: external-attacher-runner-metalstack-csilvm + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-driver-lvm/templates/external-provisioner-rbac.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-role-metalstack-csilvm + labels: + heritage: Helm + release: metalstack-csilvm +subjects: + - kind: ServiceAccount + name: csi-provisioner + namespace: metalstack +roleRef: + kind: ClusterRole + name: external-provisioner-runner-metalstack-csilvm + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-driver-lvm/templates/external-resizer-rbac.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-resizer-role-metalstack-csilvm + labels: + heritage: Helm + release: metalstack-csilvm +subjects: + - kind: ServiceAccount + name: csi-resizer + namespace: metalstack +roleRef: + kind: ClusterRole + name: external-resizer-runner-metalstack-csilvm + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-lvmplugin-cfg + labels: + heritage: Helm + release: metalstack-csilvm +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-lvmplugin + labels: + heritage: Helm + release: metalstack-csilvm +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "watch", "list", "create", "delete"] +--- +# Source: csi-driver-lvm/templates/external-attacher-rbac.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-attacher-cfg + labels: + heritage: Helm + release: metalstack-csilvm +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: csi-driver-lvm/templates/external-provisioner-rbac.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-provisioner-cfg + labels: + heritage: Helm + release: metalstack-csilvm +rules: +- apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: csi-driver-lvm/templates/external-resizer-rbac.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-resizer-cfg + labels: + heritage: Helm + release: metalstack-csilvm +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-lvmplugin-role-cfg + labels: + heritage: Helm + release: metalstack-csilvm +subjects: + - kind: ServiceAccount + name: csi-lvmplugin + namespace: metalstack +roleRef: + kind: Role + name: external-lvmplugin-cfg + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-driver-lvm/templates/csi-lvm-plugin-rbac.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-lvmplugin-role + labels: + heritage: Helm + release: metalstack-csilvm +subjects: + - kind: ServiceAccount + name: csi-lvmplugin + namespace: metalstack +roleRef: + kind: Role + name: csi-lvmplugin + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-driver-lvm/templates/external-attacher-rbac.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-role-cfg + labels: + heritage: Helm + release: metalstack-csilvm +subjects: + - kind: ServiceAccount + name: csi-attacher + namespace: metalstack +roleRef: + kind: Role + name: external-attacher-cfg + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-driver-lvm/templates/external-provisioner-rbac.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-role-cfg + labels: + heritage: Helm + release: metalstack-csilvm +subjects: + - kind: ServiceAccount + name: csi-provisioner + namespace: metalstack +roleRef: + kind: Role + name: external-provisioner-cfg + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-driver-lvm/templates/external-resizer-rbac.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-resizer-role-cfg + labels: + heritage: Helm + release: metalstack-csilvm +subjects: + - kind: ServiceAccount + name: csi-resizer + namespace: metalstack +roleRef: + kind: Role + name: external-resizer-cfg + apiGroup: rbac.authorization.k8s.io +--- +# Source: csi-driver-lvm/templates/csi-lvm-attacher.yaml +kind: Service +apiVersion: v1 +metadata: + name: csi-lvm-attacher + labels: + app: csi-lvm-attacher + heritage: Helm + release: metalstack-csilvm +spec: + selector: + app: csi-lvm-attacher + ports: + - name: dummy + port: 12345 +--- +# Source: csi-driver-lvm/templates/csi-lvm-plugin-deployment.yaml +kind: Service +apiVersion: v1 +metadata: + name: csi-lvmplugin + labels: + app: csi-lvmplugin + heritage: Helm + release: metalstack-csilvm +spec: + selector: + app: csi-lvmplugin + ports: + - name: dummy + port: 12345 +--- +# Source: csi-driver-lvm/templates/csi-lvm-provisioner.yaml +kind: Service +apiVersion: v1 +metadata: + name: csi-lvm-provisioner + labels: + app: csi-lvm-provisioner + heritage: Helm + release: metalstack-csilvm +spec: + selector: + app: csi-lvm-provisioner + ports: + - name: dummy + port: 12345 +--- +# Source: csi-driver-lvm/templates/csi-lvm-resizer.yaml +kind: Service +apiVersion: v1 +metadata: + name: csi-lvm-resizer + labels: + app: csi-lvm-resizer + heritage: Helm + release: metalstack-csilvm +spec: + selector: + app: csi-lvm-resizer + ports: + - name: dummy + port: 12345 +--- +# Source: csi-driver-lvm/templates/csi-lvm-plugin-deployment.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: csi-lvmplugin +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: csi-lvmplugin + template: + metadata: + creationTimestamp: null + labels: + app: csi-lvmplugin + spec: +{% if kubernetes_metalstack_csilvm_node_selector is defined %} + nodeSelector: + {{ kubernetes_metalstack_csilvm_node_selector | to_nice_yaml(indent=2) | indent(width=8) -}} +{% endif %} +{% if kubernetes_metalstack_csilvm_node_affinity is defined %} + affinity: + nodeAffinity: + {{ kubernetes_metalstack_csilvm_node_affinity | to_nice_yaml(indent=2) | indent(width=10) -}} +{% endif %} + serviceAccountName: csi-lvmplugin + containers: + - args: + - --v=5 + - --csi-address=/csi/csi.sock + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-lvm/csi.sock + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v1.3.0 + imagePullPolicy: IfNotPresent + name: node-driver-registrar + resources: {} + securityContext: + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - args: + - --drivername=lvm.csi.metal-stack.io + - --endpoint=$(CSI_ENDPOINT) + - --devices=$(CSI_DEVICESPATTERN) + - --nodeid=$(KUBE_NODE_NAME) + - --vgname=$(CSI_VGNAME) + - --namespace=$(CSI_NAMESPACE) + - --provisionerimage=$(CSI_PROVISIONER_IMAGE) + - --pullpolicy=$(CSI_PULL_POLICY) + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: CSI_DEVICESPATTERN + value: "{{ kubernetes_metalstack_csilvm_device_pattern }}" + - name: CSI_VGNAME + value: "{{ kubernetes_metalstack_csilvm_vg }}" + - name: CSI_NAMESPACE + value: metalstack + - name: CSI_PROVISIONER_IMAGE + value: "metalstack/csi-lvmplugin-provisioner:v0.4.1" + - name: CSI_PULL_POLICY + value: IfNotPresent + image: "metalstack/lvmplugin:v0.4.1" + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + name: lvm + ports: + - containerPort: 9898 + name: healthz + protocol: TCP + resources: {} + securityContext: + privileged: true + terminationMessagePath: /termination.log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/plugins + mountPropagation: Bidirectional + name: plugins-dir + - mountPath: /dev + name: dev-dir + mountPropagation: Bidirectional + - mountPath: /lib/modules + name: mod-dir + - mountPath: /etc/lvm/backup + name: lvmbackup + mountPropagation: Bidirectional + - mountPath: /etc/lvm/cache + name: lvmcache + mountPropagation: Bidirectional + - mountPath: /run/lock/lvm + name: lvmlock + mountPropagation: Bidirectional + - args: + - --csi-address=/csi/csi.sock + - --health-port=9898 + image: k8s.gcr.io/sig-storage/livenessprobe:v2.2.0 + imagePullPolicy: IfNotPresent + name: liveness-probe + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /csi + name: socket-dir + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/csi-lvm + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins + type: Directory + name: plugins-dir + - hostPath: + path: /dev + type: Directory + name: dev-dir + - hostPath: + path: /lib/modules + name: mod-dir + - hostPath: + path: /etc/lvm/backup + type: DirectoryOrCreate + name: lvmbackup + - hostPath: + path: /etc/lvm/cache + type: DirectoryOrCreate + name: lvmcache + - hostPath: + path: /run/lock/lvm + type: DirectoryOrCreate + name: lvmlock +--- +# Source: csi-driver-lvm/templates/csi-lvm-attacher.yaml +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-lvm-attacher + labels: + heritage: Helm + release: metalstack-csilvm +spec: + serviceName: "csi-lvm-attacher" + replicas: 1 + selector: + matchLabels: + app: csi-lvm-attacher + template: + metadata: + labels: + app: csi-lvm-attacher + spec: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - csi-lvmplugin + topologyKey: kubernetes.io/hostname + serviceAccountName: csi-attacher + containers: + - name: csi-attacher + image: k8s.gcr.io/sig-storage/csi-attacher:v2.2.1 + args: + - --v=5 + - --csi-address=/csi/csi.sock + securityContext: + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/csi-lvm + type: DirectoryOrCreate + name: socket-dir +--- +# Source: csi-driver-lvm/templates/csi-lvm-provisioner.yaml +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-lvm-provisioner + labels: + heritage: Helm + release: metalstack-csilvm +spec: + serviceName: "csi-lvm-provisioner" + replicas: 1 + selector: + matchLabels: + app: csi-lvm-provisioner + template: + metadata: + labels: + app: csi-lvm-provisioner + spec: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - csi-lvmplugin + topologyKey: kubernetes.io/hostname + serviceAccountName: csi-provisioner + containers: + - name: csi-provisioner + image: k8s.gcr.io/sig-storage/csi-provisioner:v1.6.1 + args: + - -v=5 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + securityContext: + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/csi-lvm + type: DirectoryOrCreate + name: socket-dir +--- +# Source: csi-driver-lvm/templates/csi-lvm-resizer.yaml +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-lvm-resizer + labels: + heritage: Helm + release: metalstack-csilvm +spec: + serviceName: "csi-lvm-resizer" + replicas: 1 + selector: + matchLabels: + app: csi-lvm-resizer + template: + metadata: + labels: + app: csi-lvm-resizer + spec: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - csi-lvmplugin + topologyKey: kubernetes.io/hostname + serviceAccountName: csi-resizer + containers: + - name: csi-resizer + image: k8s.gcr.io/sig-storage/csi-resizer:v0.5.0 + args: + - -v=5 + - -csi-address=/csi/csi.sock + securityContext: + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/csi-lvm + type: DirectoryOrCreate + name: socket-dir +--- +# Source: csi-driver-lvm/templates/csi-lvm-driverinfo.yaml +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: lvm.csi.metal-stack.io + labels: + heritage: Helm + release: metalstack-csilvm +spec: + # Supports persistent and ephemeral inline volumes. + volumeLifecycleModes: + - Persistent + - Ephemeral + # To determine at runtime which mode a volume uses, pod info and its + # "csi.storage.k8s.io/ephemeral" entry are needed. + podInfoOnMount: true diff --git a/roles/kubernetes/addons/metalstack-csilvm/templates/storageclass.yml.j2 b/roles/kubernetes/addons/metalstack-csilvm/templates/storageclass.yml.j2 new file mode 100644 index 00000000..e30bf1b8 --- /dev/null +++ b/roles/kubernetes/addons/metalstack-csilvm/templates/storageclass.yml.j2 @@ -0,0 +1,6 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: "{{ item.key }}" +provisioner: lvm.csi.metal-stack.io +{{ item.value | to_nice_yaml(indent=2) }} |