-
Notifications
You must be signed in to change notification settings - Fork 211
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
deploy: support deploying sidecars in same pod as driver
The kubernetes-x.yy deployments now use the same pod for driver and sidecars, which is the usual way of deploying them. The alternative "-prow" deployments use separate pods for them to test that the individual RBAC rules are correct.
- Loading branch information
Showing
30 changed files
with
1,238 additions
and
98 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| The deployment for Kubernetes 1.18 uses CSIDriver v1 and | ||
| thus is incompatible with Kubernetes < 1.18. | ||
|
|
||
| It uses separate pods and service accounts for each sidecar. This is | ||
| not how they would normally be deployed. It gets done this way to test | ||
| that the individual RBAC rules are correct. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| ../util/deploy-hostpath.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| ../util/destroy-hostpath.sh |
File renamed without changes.
17 changes: 17 additions & 0 deletions
17
deploy/kubernetes-1.18-test/hostpath/csi-hostpath-driverinfo.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| apiVersion: storage.k8s.io/v1 | ||
| kind: CSIDriver | ||
| metadata: | ||
| name: hostpath.csi.k8s.io | ||
| labels: | ||
| app.kubernetes.io/instance: hostpath.csi.k8s.io | ||
| app.kubernetes.io/part-of: csi-driver-host-path | ||
| app.kubernetes.io/name: hostpath.csi.k8s.io | ||
| app.kubernetes.io/component: csi-driver | ||
| spec: | ||
| # Supports persistent and ephemeral inline volumes. | ||
| volumeLifecycleModes: | ||
| - Persistent | ||
| - Ephemeral | ||
| # To determine at runtime which mode a volume uses, pod info and its | ||
| # "csi.storage.k8s.io/ephemeral" entry are needed. | ||
| podInfoOnMount: true |
167 changes: 167 additions & 0 deletions
167
deploy/kubernetes-1.18-test/hostpath/csi-hostpath-plugin.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,167 @@ | ||
| kind: StatefulSet | ||
| apiVersion: apps/v1 | ||
| metadata: | ||
| name: csi-hostpathplugin | ||
| labels: | ||
| app.kubernetes.io/instance: hostpath.csi.k8s.io | ||
| app.kubernetes.io/part-of: csi-driver-host-path | ||
| app.kubernetes.io/name: csi-hostpathplugin | ||
| app.kubernetes.io/component: plugin | ||
| spec: | ||
| serviceName: "csi-hostpathplugin" | ||
| # One replica only: | ||
| # Host path driver only works when everything runs | ||
| # on a single node. We achieve that by starting it once and then | ||
| # co-locate all other pods via inter-pod affinity | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app.kubernetes.io/instance: hostpath.csi.k8s.io | ||
| app.kubernetes.io/part-of: csi-driver-host-path | ||
| app.kubernetes.io/name: csi-hostpathplugin | ||
| app.kubernetes.io/component: plugin | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/instance: hostpath.csi.k8s.io | ||
| app.kubernetes.io/part-of: csi-driver-host-path | ||
| app.kubernetes.io/name: csi-hostpathplugin | ||
| app.kubernetes.io/component: plugin | ||
| spec: | ||
| serviceAccountName: csi-external-health-monitor-controller | ||
| containers: | ||
| - name: hostpath | ||
| image: k8s.gcr.io/sig-storage/hostpathplugin:v1.6.2 | ||
| args: | ||
| - "--drivername=hostpath.csi.k8s.io" | ||
| - "--v=5" | ||
| - "--endpoint=$(CSI_ENDPOINT)" | ||
| - "--nodeid=$(KUBE_NODE_NAME)" | ||
| env: | ||
| - name: CSI_ENDPOINT | ||
| value: unix:///csi/csi.sock | ||
| - name: KUBE_NODE_NAME | ||
| valueFrom: | ||
| fieldRef: | ||
| apiVersion: v1 | ||
| fieldPath: spec.nodeName | ||
| securityContext: | ||
| privileged: true | ||
| ports: | ||
| - containerPort: 9898 | ||
| name: healthz | ||
| protocol: TCP | ||
| livenessProbe: | ||
| failureThreshold: 5 | ||
| httpGet: | ||
| path: /healthz | ||
| port: healthz | ||
| initialDelaySeconds: 10 | ||
| timeoutSeconds: 3 | ||
| periodSeconds: 2 | ||
| volumeMounts: | ||
| - mountPath: /csi | ||
| name: socket-dir | ||
| - mountPath: /var/lib/kubelet/pods | ||
| mountPropagation: Bidirectional | ||
| name: mountpoint-dir | ||
| - mountPath: /var/lib/kubelet/plugins | ||
| mountPropagation: Bidirectional | ||
| name: plugins-dir | ||
| - mountPath: /csi-data-dir | ||
| name: csi-data-dir | ||
| - mountPath: /dev | ||
| name: dev-dir | ||
|
|
||
| - name: liveness-probe | ||
| volumeMounts: | ||
| - mountPath: /csi | ||
| name: socket-dir | ||
| image: k8s.gcr.io/sig-storage/livenessprobe:v2.2.0 | ||
| args: | ||
| - --csi-address=/csi/csi.sock | ||
| - --health-port=9898 | ||
|
|
||
| - name: csi-external-health-monitor-agent | ||
| image: k8s.gcr.io/sig-storage/csi-external-health-monitor-agent:v0.2.0 | ||
| args: | ||
| - "--v=5" | ||
| - "--csi-address=$(ADDRESS)" | ||
| env: | ||
| - name: NODE_NAME | ||
| valueFrom: | ||
| fieldRef: | ||
| fieldPath: spec.nodeName | ||
| - name: ADDRESS | ||
| value: /csi/csi.sock | ||
| imagePullPolicy: "IfNotPresent" | ||
| volumeMounts: | ||
| - name: socket-dir | ||
| mountPath: /csi | ||
|
|
||
| - name: csi-external-health-monitor-controller | ||
| image: k8s.gcr.io/sig-storage/csi-external-health-monitor-controller:v0.2.0 | ||
| args: | ||
| - "--v=5" | ||
| - "--csi-address=$(ADDRESS)" | ||
| - "--leader-election" | ||
| env: | ||
| - name: ADDRESS | ||
| value: /csi/csi.sock | ||
| imagePullPolicy: "IfNotPresent" | ||
| volumeMounts: | ||
| - name: socket-dir | ||
| mountPath: /csi | ||
|
|
||
| - name: node-driver-registrar | ||
| image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1 | ||
| args: | ||
| - --v=5 | ||
| - --csi-address=/csi/csi.sock | ||
| - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-hostpath/csi.sock | ||
| securityContext: | ||
| # This is necessary only for systems with SELinux, where | ||
| # non-privileged sidecar containers cannot access unix domain socket | ||
| # created by privileged CSI driver container. | ||
| privileged: true | ||
| env: | ||
| - name: KUBE_NODE_NAME | ||
| valueFrom: | ||
| fieldRef: | ||
| apiVersion: v1 | ||
| fieldPath: spec.nodeName | ||
| volumeMounts: | ||
| - mountPath: /csi | ||
| name: socket-dir | ||
| - mountPath: /registration | ||
| name: registration-dir | ||
| - mountPath: /csi-data-dir | ||
| name: csi-data-dir | ||
|
|
||
| volumes: | ||
| - hostPath: | ||
| path: /var/lib/kubelet/plugins/csi-hostpath | ||
| type: DirectoryOrCreate | ||
| name: socket-dir | ||
| - hostPath: | ||
| path: /var/lib/kubelet/pods | ||
| type: DirectoryOrCreate | ||
| name: mountpoint-dir | ||
| - hostPath: | ||
| path: /var/lib/kubelet/plugins_registry | ||
| type: Directory | ||
| name: registration-dir | ||
| - hostPath: | ||
| path: /var/lib/kubelet/plugins | ||
| type: Directory | ||
| name: plugins-dir | ||
| - hostPath: | ||
| # 'path' is where PV data is persisted on host. | ||
| # using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot | ||
| path: /var/lib/csi-hostpath-data/ | ||
| type: DirectoryOrCreate | ||
| name: csi-data-dir | ||
| - hostPath: | ||
| path: /dev | ||
| type: Directory | ||
| name: dev-dir |
File renamed without changes.
File renamed without changes.
11 changes: 11 additions & 0 deletions
11
deploy/kubernetes-1.18-test/hostpath/csi-hostpath-snapshotclass.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| apiVersion: snapshot.storage.k8s.io/v1beta1 | ||
| kind: VolumeSnapshotClass | ||
| metadata: | ||
| name: csi-hostpath-snapclass | ||
| labels: | ||
| app.kubernetes.io/instance: hostpath.csi.k8s.io | ||
| app.kubernetes.io/part-of: csi-driver-host-path | ||
| app.kubernetes.io/name: csi-hostpath-snapclass | ||
| app.kubernetes.io/component: volumesnapshotclass | ||
| driver: hostpath.csi.k8s.io #csi-hostpath | ||
| deletionPolicy: Delete |
File renamed without changes.
83 changes: 83 additions & 0 deletions
83
deploy/kubernetes-1.18-test/hostpath/csi-hostpath-testing.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,83 @@ | ||
| # WARNING: this is only for testing purposes. Do not install in a production | ||
| # cluster. | ||
| # | ||
| # This exposes the hostpath's Unix domain csi.sock as a TCP port to the | ||
| # outside world. The mapping from Unix domain socket to TCP is done | ||
| # by socat. | ||
| # | ||
| # This is useful for testing with csi-sanity or csc. | ||
|
|
||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: hostpath-service | ||
| labels: | ||
| app.kubernetes.io/instance: hostpath.csi.k8s.io | ||
| app.kubernetes.io/part-of: csi-driver-host-path | ||
| app.kubernetes.io/name: csi-hostpath-socat | ||
| app.kubernetes.io/component: socat | ||
| spec: | ||
| type: NodePort | ||
| selector: | ||
| app.kubernetes.io/instance: hostpath.csi.k8s.io | ||
| app.kubernetes.io/part-of: csi-driver-host-path | ||
| app.kubernetes.io/name: csi-hostpath-socat | ||
| app.kubernetes.io/component: socat | ||
| ports: | ||
| - port: 10000 # fixed port inside the pod, dynamically allocated port outside | ||
| --- | ||
| kind: StatefulSet | ||
| apiVersion: apps/v1 | ||
| metadata: | ||
| name: csi-hostpath-socat | ||
| labels: | ||
| app.kubernetes.io/instance: hostpath.csi.k8s.io | ||
| app.kubernetes.io/part-of: csi-driver-host-path | ||
| app.kubernetes.io/name: csi-hostpath-socat | ||
| app.kubernetes.io/component: socat | ||
| spec: | ||
| serviceName: "csi-hostpath-socat" | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app.kubernetes.io/instance: hostpath.csi.k8s.io | ||
| app.kubernetes.io/part-of: csi-driver-host-path | ||
| app.kubernetes.io/name: csi-hostpath-socat | ||
| app.kubernetes.io/component: socat | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app.kubernetes.io/instance: hostpath.csi.k8s.io | ||
| app.kubernetes.io/part-of: csi-driver-host-path | ||
| app.kubernetes.io/name: csi-hostpath-socat | ||
| app.kubernetes.io/component: socat | ||
| spec: | ||
| affinity: | ||
| podAffinity: | ||
| requiredDuringSchedulingIgnoredDuringExecution: | ||
| - labelSelector: | ||
| matchExpressions: | ||
| - key: app.kubernetes.io/instance | ||
| operator: In | ||
| values: | ||
| - hostpath.csi.k8s.io | ||
| topologyKey: kubernetes.io/hostname | ||
| containers: | ||
| - name: socat | ||
| image: alpine/socat:1.0.3 | ||
| args: | ||
| - tcp-listen:10000,fork,reuseaddr | ||
| - unix-connect:/csi/csi.sock | ||
| securityContext: | ||
| # This is necessary only for systems with SELinux, where | ||
| # non-privileged sidecar containers cannot access unix domain socket | ||
| # created by privileged CSI driver container. | ||
| privileged: true | ||
| volumeMounts: | ||
| - mountPath: /csi | ||
| name: socket-dir | ||
| volumes: | ||
| - hostPath: | ||
| path: /var/lib/kubelet/plugins/csi-hostpath | ||
| type: DirectoryOrCreate | ||
| name: socket-dir |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| # This file describes how to test this deployment of the CSI hostpath driver | ||
| # using the Kubernetes 1.17 E2E test suite. For details see: | ||
| # https://github.com/kubernetes/kubernetes/tree/v1.17.0/test/e2e/storage/external | ||
|
|
||
| StorageClass: | ||
| FromName: true | ||
| SnapshotClass: | ||
| FromName: true | ||
| DriverInfo: | ||
| Name: hostpath.csi.k8s.io | ||
| SupportedSizeRange: | ||
| Min: 1Mi | ||
| Capabilities: | ||
| block: true | ||
| controllerExpansion: true | ||
| exec: true | ||
| multipods: true | ||
| nodeExpansion: true | ||
| persistence: true | ||
| singleNodeVolume: true | ||
| snapshotDataSource: true | ||
| topology: true | ||
| InlineVolumes: | ||
| - shared: true |
Oops, something went wrong.