added kustomize template & k8s resources for sidecar

tparikh · tparikh · commit 58a5ee260863 · 2021-01-08T10:30:30.000-05:00
diff --git a/deploy/base/deployment.yaml b/deploy/base/deployment.yaml
@@ -0,0 +1,64 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: objectstorage-provisioner
+  namespace: objectstorage-provisioner-ns
+  labels:
+    app.kubernetes.io/part-of: container-object-storage-interface
+    app.kubernetes.io/component: provisioner
+    app.kubernetes.io/version: main
+    app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+spec:
+  replicas: 1
+  minReadySeconds: 30
+  progressDeadlineSeconds: 600
+  revisionHistoryLimit: 3
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app.kubernetes.io/part-of: container-object-storage-interface
+      app.kubernetes.io/component: provisioner
+      app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/part-of: container-object-storage-interface
+        app.kubernetes.io/component: provisioner
+        app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+    spec:
+      serviceAccountName: objectstorage-provisioner-sa
+      containers:
+      - name: objectstorage-sample-driver
+        image: quay.io/containerobjectstorage/objectstorage-sample-driver
+        imagePullPolicy: IfNotPresent
+        resources:
+          limits:
+            cpu: 1
+            memory: 1Gi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        envFrom:
+        - secretRef:
+            name: objectstorage-provisioner
+      - name: objectstorage-provisioner-sidecar
+        image: quay.io/containerobjectstorage/objectstorage-provisioner-sidecar
+        imagePullPolicy: IfNotPresent
+        resources:
+          limits:
+            cpu: 1
+            memory: 1Gi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        env:
+        - name: CONNECT_ADDRESS
+          valueFrom:
+            secretKeyRef:
+              name: objectstorage-provisioner
+              key: LISTEN_ADDRESS
diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ns.yaml
+- sa.yaml
+- rbac.yaml
+- secret.yaml
+- deployment.yaml
diff --git a/deploy/base/ns.yaml b/deploy/base/ns.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: objectstorage-provisioner-ns
diff --git a/deploy/base/out.yaml b/deploy/base/out.yaml
@@ -0,0 +1,150 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: objectstorage-provisioner-ns
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: provisioner
+    app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+    app.kubernetes.io/part-of: container-object-storage-interface
+    app.kubernetes.io/version: main
+  name: objectstorage-provisioner-sa
+  namespace: objectstorage-provisioner-ns
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/component: provisioner
+    app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+    app.kubernetes.io/part-of: container-object-storage-interface
+    app.kubernetes.io/version: main
+  name: objectstorage-provisioner-role
+  namespace: objectstorage-provisioner-ns
+rules:
+- apiGroups:
+  - objectstorage.k8s.io
+  resources:
+  - buckets
+  - bucketaccess
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+  - create
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - list
+  - watch
+  - create
+  - update
+  - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: provisioner
+    app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+    app.kubernetes.io/part-of: container-object-storage-interface
+    app.kubernetes.io/version: main
+  name: objectstorage-provisioner-role-binding
+  namespace: objectstorage-provisioner-ns
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: objectstorage-provisioner-role
+subjects:
+- kind: ServiceAccount
+  name: objectstorage-provisioner-sa
+  namespace: objectstorage-provisioner-ns
+---
+apiVersion: v1
+data:
+  ACCESS_KEY: IA==
+  S3_ENDPOINT: IA==
+  SECRET_KEY: IA==
+kind: Secret
+metadata:
+  labels:
+    app.kubernetes.io/component: provisioner
+    app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+    app.kubernetes.io/part-of: container-object-storage-interface
+    app.kubernetes.io/version: main
+  name: objectstorage-provisioner
+  namespace: objectstorage-provisioner-ns
+stringData:
+  LISTEN_ADDRESS: 0.0.0.0:9000
+type: Opaque
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: provisioner
+    app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+    app.kubernetes.io/part-of: container-object-storage-interface
+    app.kubernetes.io/version: main
+  name: objectstorage-provisioner
+  namespace: objectstorage-provisioner-ns
+spec:
+  minReadySeconds: 30
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: provisioner
+      app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+      app.kubernetes.io/part-of: container-object-storage-interface
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: provisioner
+        app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+        app.kubernetes.io/part-of: container-object-storage-interface
+    spec:
+      containers:
+      - envFrom:
+        - secretRef:
+            name: objectstorage-provisioner
+        image: quay.io/containerobjectstorage/objectstorage-sample-driver
+        imagePullPolicy: IfNotPresent
+        name: objectstorage-sample-driver
+        resources:
+          limits:
+            cpu: 1
+            memory: 1Gi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+      - env:
+        - name: CONNECT_ADDRESS
+          valueFrom:
+            secretKeyRef:
+              key: LISTEN_ADDRESS
+              name: objectstorage-provisioner
+        image: quay.io/containerobjectstorage/objectstorage-provisioner-sidecar
+        imagePullPolicy: IfNotPresent
+        name: objectstorage-provisioner-sidecar
+        resources:
+          limits:
+            cpu: 1
+            memory: 1Gi
+          requests:
+            cpu: 100m
+            memory: 100Mi
+      serviceAccountName: objectstorage-provisioner-sa
diff --git a/deploy/base/rbac.yaml b/deploy/base/rbac.yaml
@@ -0,0 +1,37 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: objectstorage-provisioner-role
+  namespace: objectstorage-provisioner-ns
+  labels:
+    app.kubernetes.io/part-of: container-object-storage-interface
+    app.kubernetes.io/component: provisioner
+    app.kubernetes.io/version: main
+    app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+rules:
+- apiGroups: ["objectstorage.k8s.io"]
+  resources: ["buckets", "bucketaccess"]
+  verbs: ["get", "list", "watch", "update", "create", "delete"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["list", "watch", "create", "update", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: objectstorage-provisioner-role-binding
+  namespace: objectstorage-provisioner-ns
+  labels:
+    app.kubernetes.io/part-of: container-object-storage-interface
+    app.kubernetes.io/component: provisioner
+    app.kubernetes.io/version: main
+    app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+subjects:
+  - kind: ServiceAccount
+    name: objectstorage-provisioner-sa
+    namespace: objectstorage-provisioner-ns
+roleRef:
+  kind: ClusterRole
+  name: objectstorage-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
diff --git a/deploy/base/sa.yaml b/deploy/base/sa.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: objectstorage-provisioner-sa
+  namespace: objectstorage-provisioner-ns
+  labels:
+    app.kubernetes.io/part-of: container-object-storage-interface
+    app.kubernetes.io/component: provisioner
+    app.kubernetes.io/version: main
+    app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
diff --git a/deploy/base/secret.yaml b/deploy/base/secret.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: objectstorage-provisioner
+  namespace: objectstorage-provisioner-ns
+  labels:
+    app.kubernetes.io/part-of: container-object-storage-interface
+    app.kubernetes.io/component: provisioner
+    app.kubernetes.io/version: main
+    app.kubernetes.io/name: container-object-storage-interface-provisioner-sidecar
+type: Opaque
+stringData:
+  LISTEN_ADDRESS: 0.0.0.0:9000
+data:
+  # set to space
+  S3_ENDPOINT: IA==
+  ACCESS_KEY: IA==
+  SECRET_KEY: IA==
