diff --git a/openebs/README.md b/openebs/README.md new file mode 100644 index 0000000..12e3d22 --- /dev/null +++ b/openebs/README.md @@ -0,0 +1,11 @@ +# Raw file based local PV-s + +We currently only use `rawfile-localpv` portion of OpenEBS. + +The manifests were rendered using Helm template from https://github.com/openebs/rawfile-localpv +and subsequently modified + +``` +kubectl create namespace openebs +kubectl apply -n openebs -f rawfile.yaml +``` diff --git a/openebs/rawfile.yaml b/openebs/rawfile.yaml new file mode 100644 index 0000000..1e85378 --- /dev/null +++ b/openebs/rawfile.yaml @@ -0,0 +1,404 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rawfile-csi-driver + namespace: openebs +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rawfile-csi-provisioner +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["get"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rawfile-csi-broker +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rawfile-csi-resizer +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rawfile-csi-provisioner +subjects: + - kind: ServiceAccount + name: rawfile-csi-driver + namespace: openebs +roleRef: + kind: ClusterRole + name: rawfile-csi-provisioner + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rawfile-csi-broker +subjects: + - kind: ServiceAccount + name: rawfile-csi-driver + namespace: openebs +roleRef: + kind: ClusterRole + name: rawfile-csi-broker + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rawfile-csi-resizer +subjects: + - kind: ServiceAccount + name: rawfile-csi-driver + namespace: openebs +roleRef: + kind: ClusterRole + name: rawfile-csi-resizer + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: Service +metadata: + name: rawfile-csi-controller + namespace: openebs + labels: + app.kubernetes.io/name: rawfile-csi + component: controller +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: rawfile-csi + component: controller + clusterIP: None +--- +apiVersion: v1 +kind: Service +metadata: + name: rawfile-csi-node + namespace: openebs + labels: + app.kubernetes.io/name: rawfile-csi + component: node +spec: + type: ClusterIP + ports: + - name: metrics + port: 9100 + targetPort: metrics + protocol: TCP + selector: + app.kubernetes.io/name: rawfile-csi + component: node +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: rawfile-csi-node + namespace: openebs +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" + selector: + matchLabels: &selectorLabels + app.kubernetes.io/name: rawfile-csi + component: node + template: + metadata: + labels: *selectorLabels + spec: + serviceAccount: rawfile-csi-driver + priorityClassName: system-node-critical + tolerations: + - operator: "Exists" + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + - name: socket-dir + hostPath: + path: /var/lib/kubelet/plugins/rawfile-csi + type: DirectoryOrCreate + - name: mountpoint-dir + hostPath: + path: /var/lib/kubelet + type: DirectoryOrCreate + - name: data-dir + hostPath: + path: /var/csi/rawfile + type: DirectoryOrCreate + containers: + - name: csi-driver + image: "harbor.k-space.ee/k-space/rawfile-localpv:latest" + imagePullPolicy: Always + securityContext: + privileged: true + env: + - name: PROVISIONER_NAME + value: "rawfile.csi.openebs.io" + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: IMAGE_REPOSITORY + value: "harbor.k-space.ee/k-space/rawfile-localpv" + - name: IMAGE_TAG + value: "latest" + - name: NODE_ID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + ports: + - name: metrics + containerPort: 9100 + - name: csi-probe + containerPort: 9808 + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: mountpoint-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: data-dir + mountPath: /data + resources: + limits: + cpu: 1 + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + - name: node-driver-registrar + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0 + imagePullPolicy: IfNotPresent + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --health-port=9809 + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/rawfile-csi/csi.sock + ports: + - containerPort: 9809 + name: healthz + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 5 + timeoutSeconds: 5 + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: + limits: + cpu: 500m + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + - name: external-provisioner + image: k8s.gcr.io/sig-storage/csi-provisioner:v2.2.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--feature-gates=Topology=true" + - "--strict-topology" + - "--immediate-topology=false" + - "--timeout=120s" + - "--enable-capacity=true" + - "--capacity-ownerref-level=1" # DaemonSet + - "--node-deployment=true" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /csi +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: rawfile-csi-controller + namespace: openebs +spec: + replicas: 1 + serviceName: rawfile-csi + selector: + matchLabels: &selectorLabels + app.kubernetes.io/name: rawfile-csi + component: controller + template: + metadata: + labels: *selectorLabels + spec: + serviceAccount: rawfile-csi-driver + priorityClassName: system-cluster-critical + tolerations: + - key: "node-role.kubernetes.io/master" + operator: Equal + value: "true" + effect: NoSchedule + volumes: + - name: socket-dir + emptyDir: {} + containers: + - name: csi-driver + image: "harbor.k-space.ee/k-space/rawfile-localpv" + imagePullPolicy: Always + args: + - csi-driver + - --disable-metrics + env: + - name: PROVISIONER_NAME + value: "rawfile.csi.openebs.io" + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: IMAGE_REPOSITORY + value: "harbor.k-space.ee/k-space/rawfile-localpv" + - name: IMAGE_TAG + value: "latest" + volumeMounts: + - name: socket-dir + mountPath: /csi + ports: + - name: csi-probe + containerPort: 9808 + resources: + limits: + cpu: 1 + memory: 100Mi + requests: + cpu: 10m + memory: 100Mi + - name: external-resizer + image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--handle-volume-inuse-error=false" + env: + - name: ADDRESS + value: /csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: rawfile.csi.openebs.io +spec: + attachRequired: false + podInfoOnMount: true + fsGroupPolicy: File + storageCapacity: true + volumeLifecycleModes: + - Persistent +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: rawfile-ext4 +provisioner: rawfile.csi.openebs.io +reclaimPolicy: Retain +volumeBindingMode: WaitForFirstConsumer +allowVolumeExpansion: true +parameters: + fsType: "ext4" +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: rawfile-xfs +provisioner: rawfile.csi.openebs.io +reclaimPolicy: Retain +volumeBindingMode: WaitForFirstConsumer +allowVolumeExpansion: true +parameters: + fsType: "xfs"