--- apiVersion: v1 kind: ServiceAccount metadata: name: rawfile-csi-driver namespace: openebs --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: rawfile-csi-provisioner rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] verbs: ["get", "list"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] verbs: ["get", "list"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: [""] resources: ["pods"] verbs: ["get"] - apiGroups: ["apps"] resources: ["daemonsets"] verbs: ["get"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: rawfile-csi-broker rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get"] - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: rawfile-csi-resizer rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims/status"] verbs: ["patch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: rawfile-csi-provisioner subjects: - kind: ServiceAccount name: rawfile-csi-driver namespace: openebs roleRef: kind: ClusterRole name: rawfile-csi-provisioner apiGroup: rbac.authorization.k8s.io --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: rawfile-csi-broker subjects: - kind: ServiceAccount name: rawfile-csi-driver namespace: openebs roleRef: kind: ClusterRole name: rawfile-csi-broker apiGroup: rbac.authorization.k8s.io --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: rawfile-csi-resizer subjects: - kind: ServiceAccount name: rawfile-csi-driver namespace: openebs roleRef: kind: ClusterRole name: rawfile-csi-resizer apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: Service metadata: name: rawfile-csi-controller namespace: openebs labels: app.kubernetes.io/name: rawfile-csi component: controller spec: type: ClusterIP selector: app.kubernetes.io/name: rawfile-csi component: controller clusterIP: None --- apiVersion: v1 kind: Service metadata: name: rawfile-csi-node namespace: openebs labels: app.kubernetes.io/name: rawfile-csi component: node spec: type: ClusterIP ports: - name: metrics port: 9100 targetPort: metrics protocol: TCP selector: app.kubernetes.io/name: rawfile-csi component: node --- apiVersion: apps/v1 kind: DaemonSet metadata: name: rawfile-csi-node namespace: openebs spec: updateStrategy: rollingUpdate: maxUnavailable: "100%" selector: matchLabels: &selectorLabels app.kubernetes.io/name: rawfile-csi component: node template: metadata: labels: *selectorLabels spec: serviceAccount: rawfile-csi-driver priorityClassName: system-node-critical tolerations: - operator: "Exists" volumes: - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry type: Directory - name: socket-dir hostPath: path: /var/lib/kubelet/plugins/rawfile-csi type: DirectoryOrCreate - name: mountpoint-dir hostPath: path: /var/lib/kubelet type: DirectoryOrCreate - name: data-dir hostPath: path: /var/csi/rawfile type: DirectoryOrCreate containers: - name: csi-driver image: "harbor.k-space.ee/k-space/rawfile-localpv:latest" imagePullPolicy: Always securityContext: privileged: true env: - name: PROVISIONER_NAME value: "rawfile.csi.openebs.io" - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: IMAGE_REPOSITORY value: "harbor.k-space.ee/k-space/rawfile-localpv" - name: IMAGE_TAG value: "latest" - name: NODE_ID valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName ports: - name: metrics containerPort: 9100 - name: csi-probe containerPort: 9808 volumeMounts: - name: socket-dir mountPath: /csi - name: mountpoint-dir mountPath: /var/lib/kubelet mountPropagation: "Bidirectional" - name: data-dir mountPath: /data resources: limits: cpu: 1 memory: 100Mi requests: cpu: 10m memory: 100Mi - name: node-driver-registrar image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0 imagePullPolicy: IfNotPresent args: - --csi-address=$(ADDRESS) - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - --health-port=9809 env: - name: ADDRESS value: /csi/csi.sock - name: DRIVER_REG_SOCK_PATH value: /var/lib/kubelet/plugins/rawfile-csi/csi.sock ports: - containerPort: 9809 name: healthz livenessProbe: httpGet: path: /healthz port: healthz initialDelaySeconds: 5 timeoutSeconds: 5 volumeMounts: - name: socket-dir mountPath: /csi - name: registration-dir mountPath: /registration resources: limits: cpu: 500m memory: 100Mi requests: cpu: 10m memory: 100Mi - name: external-provisioner image: k8s.gcr.io/sig-storage/csi-provisioner:v2.2.2 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" - "--feature-gates=Topology=true" - "--strict-topology" - "--immediate-topology=false" - "--timeout=120s" - "--enable-capacity=true" - "--capacity-ownerref-level=1" # DaemonSet - "--node-deployment=true" env: - name: ADDRESS value: /csi/csi.sock - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name volumeMounts: - name: socket-dir mountPath: /csi --- apiVersion: apps/v1 kind: StatefulSet metadata: name: rawfile-csi-controller namespace: openebs spec: replicas: 1 serviceName: rawfile-csi selector: matchLabels: &selectorLabels app.kubernetes.io/name: rawfile-csi component: controller template: metadata: labels: *selectorLabels spec: serviceAccount: rawfile-csi-driver priorityClassName: system-cluster-critical tolerations: - key: "node-role.kubernetes.io/master" operator: Equal value: "true" effect: NoSchedule volumes: - name: socket-dir emptyDir: {} containers: - name: csi-driver image: "harbor.k-space.ee/k-space/rawfile-localpv" imagePullPolicy: Always args: - csi-driver - --disable-metrics env: - name: PROVISIONER_NAME value: "rawfile.csi.openebs.io" - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: IMAGE_REPOSITORY value: "harbor.k-space.ee/k-space/rawfile-localpv" - name: IMAGE_TAG value: "latest" volumeMounts: - name: socket-dir mountPath: /csi ports: - name: csi-probe containerPort: 9808 resources: limits: cpu: 1 memory: 100Mi requests: cpu: 10m memory: 100Mi - name: external-resizer image: k8s.gcr.io/sig-storage/csi-resizer:v1.4.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" - "--handle-volume-inuse-error=false" env: - name: ADDRESS value: /csi/csi.sock volumeMounts: - name: socket-dir mountPath: /csi --- apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: rawfile.csi.openebs.io spec: attachRequired: false podInfoOnMount: true fsGroupPolicy: File storageCapacity: true volumeLifecycleModes: - Persistent --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: rawfile-ext4 provisioner: rawfile.csi.openebs.io reclaimPolicy: Retain volumeBindingMode: WaitForFirstConsumer allowVolumeExpansion: true parameters: fsType: "ext4" --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: rawfile-xfs provisioner: rawfile.csi.openebs.io reclaimPolicy: Retain volumeBindingMode: WaitForFirstConsumer allowVolumeExpansion: true parameters: fsType: "xfs"