From b9dfe6ac44867d4f6585aa77968a396117ca9198 Mon Sep 17 00:00:00 2001 From: prateekpandey14 Date: Mon, 25 Feb 2019 16:32:32 +0530 Subject: [PATCH] Add Dockerfile and deployment files - Dockerfile to build docker image - Kubernetes deploy yaml files Signed-off-by: prateekpandey14 --- Dockerfile | 11 +++ Makefile | 9 +-- deploy/kubernetes/csi-attacher-rbac.yaml | 37 ++++++++++ deploy/kubernetes/csi-iscsi-attacher.yaml | 63 +++++++++++++++++ deploy/kubernetes/csi-iscsi-nodeplugin.yaml | 75 +++++++++++++++++++++ deploy/kubernetes/csi-nodeplugin-rbac.yaml | 34 ++++++++++ 6 files changed, 222 insertions(+), 7 deletions(-) create mode 100644 Dockerfile create mode 100644 deploy/kubernetes/csi-attacher-rbac.yaml create mode 100644 deploy/kubernetes/csi-iscsi-attacher.yaml create mode 100644 deploy/kubernetes/csi-iscsi-nodeplugin.yaml create mode 100644 deploy/kubernetes/csi-nodeplugin-rbac.yaml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..b34ddd3b --- /dev/null +++ b/Dockerfile @@ -0,0 +1,11 @@ +FROM centos:7.4.1708 + +LABEL maintainers="Kubernetes Authors" +LABEL description="Iscsi Driver" + +RUN yum -y install iscsi-initiator-utils && yum -y install epel-release && yum -y install jq && yum clean all + +COPY bin/iscsiplugin /iscsiplugin +ENTRYPOINT ["/iscsiplugin"] + + diff --git a/Makefile b/Makefile index 3dd509a7..35aea136 100644 --- a/Makefile +++ b/Makefile @@ -12,13 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -# TODO: -# - add a Dockerfile -# - uncomment the following lines -# - remove the "all: build-iscsiplugin" line -# CMDS=iscsiplugin -# all: build +CMDS=iscsiplugin -all: build-iscsiplugin +all: build include release-tools/build.make diff --git a/deploy/kubernetes/csi-attacher-rbac.yaml b/deploy/kubernetes/csi-attacher-rbac.yaml new file mode 100644 index 00000000..975fdd67 --- /dev/null +++ b/deploy/kubernetes/csi-attacher-rbac.yaml @@ -0,0 +1,37 @@ +# This YAML file contains RBAC API objects that are necessary to run external +# CSI attacher for nfs flex adapter + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-attacher + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-attacher-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-role +subjects: + - kind: ServiceAccount + name: csi-attacher + namespace: default +roleRef: + kind: ClusterRole + name: external-attacher-runner + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/csi-iscsi-attacher.yaml b/deploy/kubernetes/csi-iscsi-attacher.yaml new file mode 100644 index 00000000..1a67308f --- /dev/null +++ b/deploy/kubernetes/csi-iscsi-attacher.yaml @@ -0,0 +1,63 @@ +# This YAML file contains attacher & csi driver API objects that are necessary +# to run external CSI attacher for nfs + +kind: Service +apiVersion: v1 +metadata: + name: csi-iscsi-attacher + labels: + app: csi-iscsi-attacher +spec: + selector: + app: csi-iscsi-attacher + ports: + - name: dummy + port: 12345 + +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-iscsi-attacher +spec: + serviceName: "csi-attacher" + replicas: 1 + template: + metadata: + labels: + app: csi-iscsi-attacher + spec: + serviceAccount: csi-attacher + containers: + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v1.0.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + + - name: iscsi + image: quay.io/k8scsi/iscsiplugin:v1.0.0 + args : + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix://plugin/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /plugin + volumes: + - name: socket-dir + emptyDir: diff --git a/deploy/kubernetes/csi-iscsi-nodeplugin.yaml b/deploy/kubernetes/csi-iscsi-nodeplugin.yaml new file mode 100644 index 00000000..2ca93b41 --- /dev/null +++ b/deploy/kubernetes/csi-iscsi-nodeplugin.yaml @@ -0,0 +1,75 @@ +# This YAML file contains driver-registrar & csi driver nodeplugin API objects +# that are necessary to run CSI nodeplugin for nfs +kind: DaemonSet +apiVersion: apps/v1beta2 +metadata: + name: csi-iscsi-nodeplugin +spec: + selector: + matchLabels: + app: csi-iscsi-nodeplugin + template: + metadata: + labels: + app: csi-iscsi-nodeplugin + spec: + serviceAccount: csi-nodeplugin + hostNetwork: true + containers: + - name: node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.0.2 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/csi-iscsiplugin /registration/csi-iscsiplugin-reg.sock"] + args: + - --v=5 + - --csi-address=/plugin/csi.sock + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-iscsiplugin/csi.sock + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /plugin + - name: registration-dir + mountPath: /registration + - name: nfs + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: quay.io/k8scsi/iscsiplugin:v1.0.0 + args : + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix://plugin/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: plugin-dir + mountPath: /plugin + - name: pods-mount-dir + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + volumes: + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi-iscsiplugin + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + name: registration-dir diff --git a/deploy/kubernetes/csi-nodeplugin-rbac.yaml b/deploy/kubernetes/csi-nodeplugin-rbac.yaml new file mode 100644 index 00000000..530e067b --- /dev/null +++ b/deploy/kubernetes/csi-nodeplugin-rbac.yaml @@ -0,0 +1,34 @@ +# This YAML defines all API objects to create RBAC roles for CSI node plugin +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-nodeplugin + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-nodeplugin +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-nodeplugin +subjects: + - kind: ServiceAccount + name: csi-nodeplugin + namespace: default +roleRef: + kind: ClusterRole + name: csi-nodeplugin + apiGroup: rbac.authorization.k8s.io