Merge pull request kubernetes-csi#69 from PrasadG193/update-csi-drive…

…r-example

Use CSI Hostpath driver in example

deploy/example/backup-app/cluster-role-binding.yaml

@@ -5,8 +5,8 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: csi-snapshot-metadata-client
+  name: external-snapshot-metadata-client-runner
 subjects:
 - kind: ServiceAccount
   name: backup-app-service-account
-  namespace: backup-app-namespace
+  namespace: backup-app-namespace

deploy/example/csi-driver/README.md

@@ -1,6 +1,6 @@
-# Example snapshot-metadata Service with CSI Driver
+# Example snapshot-metadata Service with CSI Hostpath Driver
 
-This document illustrates how to install a CSI driver with the external-snapshot-metadata sidecar. You can use this example as a reference when installing a CSI driver with Changed Block Metadata (CBT) support in your cluster.
+This document illustrates how to install a CSI Hostpath driver with the external-snapshot-metadata sidecar. You can use this example as a reference when installing a CSI driver with Changed Block Metadata (CBT) support in your cluster.
 
 ## Prerequisites:
 
@@ -9,16 +9,16 @@ Ensure that you have installed the necessary ClusterRoles and CRDs as explained
 
 ## Installation
 
-In this example, we will deploy the snapshot-metadata service alongside a dummy CSI driver. While this example uses a dummy CSI driver, the steps may vary depending on the specific CSI driver you are using. Use the appropriate steps to deploy the CSI driver in your environment.
+In this example, we will deploy the snapshot-metadata service alongside a CSI Hostpath driver. While this example uses a CSI Hostpath driver, the steps may vary depending on the specific CSI driver you are using. Use the appropriate steps to deploy the CSI driver in your environment.
 
-**Steps to deploy snapshot-metadata with a dummy CSI driver:**
+**Steps to deploy snapshot-metadata with a CSI Hostpath driver:**
 
 1. Create a namespace
 
    ```bash
    $ kubectl create namespace csi-driver
    ```
-   If you prefer to use different namespace, update the `namespace` fields in `csi-driver-with-snapshot-metadata-sidecar.yaml`.
+   If you prefer to use different namespace, update the `namespace` fields in `csi-driver-cluster-role-binding.yaml` and `csi-driver-with-snapshot-metadata-sidecar.yaml`.
 
 2. Provision TLS Certs
 
@@ -28,15 +28,15 @@ In this example, we will deploy the snapshot-metadata service alongside a dummy
    NAMESPACE="csi-driver"
 
    # 1. Create extension file
-   echo "subjectAltName=DNS:.csi-driver,DNS:csi-dummyplugin.csi-driver,DNS:csi-dummyplugin.default,IP:0.0.0.0" > server-ext.cnf 
+   echo "subjectAltName=DNS:.csi-driver,DNS:csi-snapshot-metadata.csi-driver,DNS:csi-snapshot-metadata.default,IP:0.0.0.0" > server-ext.cnf 
 
    # 2. Generate CA's private key and self-signed certificate
-   openssl req -x509 -newkey rsa:4096 -days 365 -nodes -keyout ca-key.pem -out ca-cert.pem -subj "/CN=csi-dummyplugin.${NAMESPACE}"
+   openssl req -x509 -newkey rsa:4096 -days 365 -nodes -keyout ca-key.pem -out ca-cert.pem -subj "/CN=csi-snapshot-metadata.${NAMESPACE}"
 
    openssl x509 -in ca-cert.pem -noout -text
 
    # 2. Generate web server's private key and certificate signing request (CSR)
-   openssl req -newkey rsa:4096 -nodes -keyout server-key.pem -out server-req.pem -subj "/CN=csi-dummyplugin.${NAMESPACE}"
+   openssl req -newkey rsa:4096 -nodes -keyout server-key.pem -out server-req.pem -subj "/CN=csi-snapshot-metadata.${NAMESPACE}"
 
    # 3. Use CA's private key to sign web server's CSR and get back the signed certificate
    openssl x509 -req -in server-req.pem -days 60 -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile server-ext.cnf
@@ -47,22 +47,22 @@ In this example, we will deploy the snapshot-metadata service alongside a dummy
 3. Create a TLS secret 
 
    ```bash
-   $ kubectl create secret tls csi-dummyplugin-certs --namespace=csi-driver --cert=server-cert.pem --key=server-key.pem 
+   $ kubectl create secret tls csi-snapshot-metadata-certs --namespace=csi-driver --cert=server-cert.pem --key=server-key.pem 
    ```
 
 4. Create `SnapshotMetadataService` resource
 
-   The name of the `SnapshotMetadataService` resource must match the name of the CSI driver for which you want to enable the CBT feature. In this example, we will create a `SnapshotMetadataService` for the `dummy.csi.k8s.io` CSI driver.
+   The name of the `SnapshotMetadataService` resource must match the name of the CSI driver for which you want to enable the CBT feature. In this example, we will create a `SnapshotMetadataService` for the `hostpath.csi.k8s.io` CSI driver.
 
    Create a file named `snapshotmetadataservice.yaml` with the following content:
 
    ```yaml
    apiVersion: cbt.storage.k8s.io/v1alpha1
    kind: SnapshotMetadataService
    metadata:
-     name: dummy.csi.k8s.io
+     name: hostpath.csi.k8s.io
    spec:
-     address: csi-dummyplugin.csi-driver:6443
+     address: csi-snapshot-metadata.csi-driver:6443
      caCert: GENERATED_CA_CERT
      audience: 005e2583-91a3-4850-bd47-4bf32990fd00
    ```
@@ -93,4 +93,10 @@ In this example, we will deploy the snapshot-metadata service alongside a dummy
 
    ```bash
    $ kubectl create -f csi-driver-with-snapshot-metadata-sidecar.yaml --namespace csi-driver
+   ```
+
+7. Create k8s Service to expose communication with snapshot-metadata
+
+   ```bash
+   $ kubectl create -f csi-driver-service.yaml --namespace csi-driver
    ```

deploy/example/csi-driver/csi-driver-cluster-role-binding.yaml

@@ -1,13 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: csi-dummyplugin-cluster-role-binding
+  name: csi-snapshot-metadata-cluster-role
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: csi-snapshot-metadata-cluster-role
+  name: external-snapshot-metadata-runner
 subjects:
 - kind: ServiceAccount
-  name: csi-dummyplugin
+  name: csi-snapshot-metadata
   # Replace if want to install in other namespace
   namespace: csi-driver

deploy/example/csi-driver/csi-driver-service-account.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-snapshot-metadata
+  namespace: csi-driver

deploy/example/csi-driver/csi-driver-service.yaml

@@ -1,15 +1,15 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: csi-dummyplugin
+  name: csi-snapshot-metadata
   namespace: csi-driver
   labels:
-    app.kubernetes.io/name: csi-dummyplugin
+    app.kubernetes.io/name: csi-snapshot-metadata
 spec:
   ports:
-  - name: cbt
+  - name: snapshot-metadata
     port: 6443
     protocol: TCP
     targetPort: 50051
   selector:
-    app.kubernetes.io/name: csi-dummyplugin
+    app.kubernetes.io/name: csi-snapshot-metadata

deploy/example/csi-driver/csi-driver-with-snapshot-metadata-sidecar.yaml

@@ -1,71 +1,75 @@
+# This YAML file shows how to deploy the external-snapshot-metadata together
+# with the hostpath CSI driver.
+
+---
+kind: StatefulSet
 apiVersion: apps/v1
-kind: Deployment
 metadata:
-  name: csi-dummyplugin
+  name: csi-snapshot-metadata
   namespace: csi-driver
 spec:
+  serviceName: "csi-snapshot-metadata"
+  replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: csi-dummyplugin
-  replicas: 1
+      app.kubernetes.io/name: csi-snapshot-metadata
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: csi-dummyplugin
+        app.kubernetes.io/name: csi-snapshot-metadata
     spec:
-      serviceAccountName: csi-dummyplugin
+      serviceAccountName: csi-snapshot-metadata
       containers:
-      # TODO: replace with hostpath driver plugin once SNAPSHOT_METADATA service is available
-      # Currently, it points to the Mock implementation of CSI driver https://github.com/PrasadG193/sample-csi-cbt-service
-      - name: csi-dummyplugin
-        image: prasadg193/sample-csi-cbt-service:latest
-        args:
-        - "--endpoint=unix://csi/csi.sock"
-        env:
-        - name: "DRIVER_NAME"
-          value: "dummy.csi.k8s.io"
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - mountPath: /csi
-          name: socket-dir
-      - name: csi-snapshot-metadata
-        # TODO: Replace with build image once CI process is set
-        image: prasadg193/csi-snapshot-metadata:latest
-        command:
-        args:
-        - "-csi-address=unix:///csi/csi.sock"
-        - "-tls-cert=/tmp/certificates/tls.crt"
-        - "-tls-key=/tmp/certificates/tls.key"
-        readinessProbe:
-          exec:
-            command:
-            - "/bin/grpc_health_probe"
-            - "-addr=:50051"
-            - "-tls"
-            - "-tls-no-verify"
-          initialDelaySeconds: 5
-        livenessProbe:
-          exec:
-            command:
-            - "/bin/grpc_health_probe"
-            - "-addr=:50051"
-            - "-tls"
-            - "-tls-no-verify"
-          initialDelaySeconds: 10
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - name: server-certs
-          mountPath: /tmp/certificates
-          readOnly: true
-        - mountPath: /csi
-          name: socket-dir
+        - name: csi-snapshot-metadata
+          # TODO: Replace main tag with actual released tag once external-snapshot-metadata is released
+          image: gcr.io/k8s-staging-sig-storage/csi-snapshot-metadata:main
+          imagePullPolicy: "Always"
+          command:
+          args:
+          - "--csi-address=/csi/csi.sock"
+          - "--tls-cert=/tmp/certificates/tls.crt"
+          - "--tls-key=/tmp/certificates/tls.key"
+          readinessProbe:
+            exec:
+              command:
+              - "/bin/grpc_health_probe"
+              - "-addr=:50051"
+              - "-tls"
+              - "-tls-no-verify"
+            initialDelaySeconds: 5
+          volumeMounts:
+            - mountPath: /csi
+              name: socket-dir
+            - name: csi-snapshot-metadata-server-certs
+              mountPath: /tmp/certificates
+              readOnly: true
+        - name: hostpath
+          # TODO: Replace with correct repo and tag once support for
+          # SnapshotMetadata service is added
+          image: prasadg193/hostpathplugin:amd64-linux-canary
+          #image: registry.k8s.io/sig-storage/hostpathplugin:v1.11.0
+          args:
+            - "--v=5"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--nodeid=$(NODE_NAME)"
+            - "--enable-snapshot-metadata"
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
       volumes:
-      - name: server-certs
-        secret:
-          secretName: csi-dummyplugin-certs
-      - hostPath:
-          path: /var/lib/kubelet/plugins/cbt/csi-hostpath
-          type: DirectoryOrCreate
-        name: socket-dir
+        - name: socket-dir
+          emptyDir: {}
+        - name: csi-snapshot-metadata-server-certs
+          secret:
+            secretName: csi-snapshot-metadata-certs

deploy/snpashot-metadata-client-cluster-role.yaml → deploy/snapshot-metadata-client-cluster-role.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: csi-snapshot-metadata-client
+  name: external-snapshot-metadata-client-runner
 rules:
 - apiGroups:
   - snapshot.storage.k8s.io
@@ -27,4 +27,4 @@ rules:
   - serviceaccounts/token
   verbs:
   - create
-  - get
+  - get

deploy/snapshot-metadata-cluster-role.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: csi-snapshot-metadata-cluster-role
+  name: external-snapshot-metadata-runner
 rules:
 # To access snapshotmetadataservice resource
 - apiGroups: