diff --git a/README.md b/README.md index 18e2aa0..615a8d3 100644 --- a/README.md +++ b/README.md @@ -1 +1,6 @@ -# csi-plugin \ No newline at end of file +# csi-plugin + +This repository contains Nutanix CSI driver deployment yamls for different OS +and kubernetes distributions. The repository also contains example usage for +the CSI driver. + \ No newline at end of file diff --git a/deploy/Centos/ntnx-csi-attacher.yaml b/deploy/Centos/ntnx-csi-attacher.yaml new file mode 100644 index 0000000..735e893 --- /dev/null +++ b/deploy/Centos/ntnx-csi-attacher.yaml @@ -0,0 +1,54 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the CSI Nutanix plugin compatible with Kubernetes >=v1.10 +# +# example usage: kubectl create -f + +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-attacher-ntnx-plugin + namespace: kube-system +spec: + serviceName: "csi-attacher-ntnx-plugin" + replicas: 1 + selector: + matchLabels: + app: csi-attacher-ntnx-plugin + template: + metadata: + labels: + app: csi-attacher-ntnx-plugin + spec: + serviceAccount: csi-attacher + containers: + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v1.0.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: nutanix-csi-plugin + image: ntnx/ntnx-csi:v1.0.1 + args : + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} diff --git a/deploy/Centos/ntnx-csi-node.yaml b/deploy/Centos/ntnx-csi-node.yaml new file mode 100644 index 0000000..3a063b6 --- /dev/null +++ b/deploy/Centos/ntnx-csi-node.yaml @@ -0,0 +1,103 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the CSI Nutanix plugin compatible with Kubernetes >=v1.10 +# +# example usage: kubectl create -f + +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-ntnx-plugin + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-ntnx-plugin + template: + metadata: + labels: + app: csi-ntnx-plugin + spec: + serviceAccount: csi-ntnx-plugin + hostNetwork: true + containers: + - name: driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.0.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/com.nutanix.csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration + - name: csi-ntnx-plugin + securityContext: + privileged: true + allowPrivilegeEscalation: true + image: ntnx/ntnx-csi:v1.0.1 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(NODE_ID)" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - mountPath: /dev + name: device-dir + - mountPath: /etc/iscsi + name: iscsi-dir + - mountPath: /sbin/iscsiadm + name: iscsiadm + - mountPath: /lib/modules + name: lib-dir + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/com.nutanix.csi/ + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev + - name: iscsi-dir + hostPath: + path: /etc/iscsi + type: Directory + - name: iscsiadm + hostPath: + path: /sbin/iscsiadm + type: File + - name: lib-dir + hostPath: + path: /lib/modules + type: Directory diff --git a/deploy/Centos/ntnx-csi-provisioner.yaml b/deploy/Centos/ntnx-csi-provisioner.yaml new file mode 100644 index 0000000..05b323e --- /dev/null +++ b/deploy/Centos/ntnx-csi-provisioner.yaml @@ -0,0 +1,59 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the CSI Nutanix plugin compatible with Kubernetes >=v1.10 +# +# example usage: kubectl create -f + +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-provisioner-ntnx-plugin + namespace: kube-system +spec: + serviceName: "csi-provisioner-ntnx-plugin" + replicas: 1 + selector: + matchLabels: + app: csi-provisioner-ntnx-plugin + template: + metadata: + labels: + app: csi-provisioner-ntnx-plugin + spec: + serviceAccount: csi-provisioner + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.0.1 + args: + - "--provisioner=com.nutanix.csi" + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: nutanix-csi-plugin + image: ntnx/ntnx-csi:v1.0.1 + securityContext: + privileged: true + allowPrivilegeEscalation: true + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(NODE_ID)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} diff --git a/deploy/Centos/ntnx-csi-rbac.yaml b/deploy/Centos/ntnx-csi-rbac.yaml new file mode 100644 index 0000000..cb30737 --- /dev/null +++ b/deploy/Centos/ntnx-csi-rbac.yaml @@ -0,0 +1,166 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the CSI Nutanix plugin compatible with Kubernetes >=v1.10 +# +# example usage: kubectl create -f + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-attacher + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-attacher-runner + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-role + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-attacher + namespace: kube-system +roleRef: + kind: ClusterRole + name: external-attacher-runner + apiGroup: rbac.authorization.k8s.io + +--- +# needed for StatefulSet +kind: Service +apiVersion: v1 +metadata: + name: csi-attacher-ntnx-plugin + namespace: kube-system + labels: + app: csi-attacher-ntnx-plugin +spec: + selector: + app: csi-attacher-ntnx-plugin + ports: + - name: dummy + port: 12345 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-provisioner + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-provisioner-runner + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-role + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-provisioner + namespace: kube-system +roleRef: + kind: ClusterRole + name: external-provisioner-runner + apiGroup: rbac.authorization.k8s.io +--- +# needed for StatefulSet +kind: Service +apiVersion: v1 +metadata: + name: csi-provisioner-ntnx-plugin + namespace: kube-system + labels: + app: csi-provisioner-ntnx-plugin +spec: + selector: + app: csi-provisioner-ntnx-plugin + ports: + - name: dummy + port: 12345 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-ntnx-plugin + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-ntnx-plugin + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "update"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-ntnx-plugin + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-ntnx-plugin + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-ntnx-plugin + apiGroup: rbac.authorization.k8s.io + diff --git a/deploy/Openshift/README b/deploy/Openshift/README new file mode 100644 index 0000000..30db592 --- /dev/null +++ b/deploy/Openshift/README @@ -0,0 +1 @@ +This deployment yamls is tested with openshift 3.11 diff --git a/deploy/Openshift/ntnx-csi-attacher.yaml b/deploy/Openshift/ntnx-csi-attacher.yaml new file mode 100644 index 0000000..66f17d5 --- /dev/null +++ b/deploy/Openshift/ntnx-csi-attacher.yaml @@ -0,0 +1,54 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the CSI Nutanix plugin compatible with Kubernetes >=v1.10 +# +# example usage: kubectl create -f + +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-attacher-ntnx-plugin + namespace: kube-system +spec: + serviceName: "csi-attacher-ntnx-plugin" + replicas: 1 + selector: + matchLabels: + app: csi-attacher-ntnx-plugin + template: + metadata: + labels: + app: csi-attacher-ntnx-plugin + spec: + serviceAccount: csi-attacher + containers: + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v0.4.2 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: nutanix-csi-plugin + image: ntnx/ntnx-csi:beta2 + args : + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} diff --git a/deploy/Openshift/ntnx-csi-node.yaml b/deploy/Openshift/ntnx-csi-node.yaml new file mode 100644 index 0000000..d24c2ab --- /dev/null +++ b/deploy/Openshift/ntnx-csi-node.yaml @@ -0,0 +1,106 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the CSI Nutanix plugin compatible with Kubernetes >=v1.10 +# +# example usage: kubectl create -f + +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-ntnx-plugin + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-ntnx-plugin + template: + metadata: + labels: + app: csi-ntnx-plugin + spec: + serviceAccount: csi-ntnx-plugin + hostNetwork: true + containers: + - name: driver-registrar + securityContext: + privileged: true + allowPrivilegeEscalation: true + image: quay.io/k8scsi/driver-registrar:v0.4.2 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/com.nutanix.csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration + - name: csi-ntnx-plugin + securityContext: + privileged: true + allowPrivilegeEscalation: true + image: ntnx/ntnx-csi:beta2 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(NODE_ID)" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/origin/openshift.local.volumes/pods/ + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - mountPath: /dev + name: device-dir + - mountPath: /etc/iscsi + name: iscsi-dir + - mountPath: /sbin/iscsiadm + name: iscsiadm + - mountPath: /lib/modules + name: lib-dir + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins/ + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/com.nutanix.csi + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/origin/openshift.local.volumes/pods/ + type: Directory + - name: device-dir + hostPath: + path: /dev + - name: iscsi-dir + hostPath: + path: /etc/iscsi + type: Directory + - name: iscsiadm + hostPath: + path: /sbin/iscsiadm + type: File + - name: lib-dir + hostPath: + path: /lib/modules + type: Directory diff --git a/deploy/Openshift/ntnx-csi-provisioner.yaml b/deploy/Openshift/ntnx-csi-provisioner.yaml new file mode 100644 index 0000000..ca65712 --- /dev/null +++ b/deploy/Openshift/ntnx-csi-provisioner.yaml @@ -0,0 +1,59 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the CSI Nutanix plugin compatible with Kubernetes >=v1.10 +# +# example usage: kubectl create -f + +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-provisioner-ntnx-plugin + namespace: kube-system +spec: + serviceName: "csi-provisioner-ntnx-plugin" + replicas: 1 + selector: + matchLabels: + app: csi-provisioner-ntnx-plugin + template: + metadata: + labels: + app: csi-provisioner-ntnx-plugin + spec: + serviceAccount: csi-provisioner + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v0.4.2 + args: + - "--provisioner=com.nutanix.csi" + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: nutanix-csi-plugin + image: ntnx/ntnx-csi:beta2 + securityContext: + privileged: true + allowPrivilegeEscalation: true + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(NODE_ID)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} diff --git a/deploy/Openshift/ntnx-csi-rbac.yaml b/deploy/Openshift/ntnx-csi-rbac.yaml new file mode 100644 index 0000000..cb30737 --- /dev/null +++ b/deploy/Openshift/ntnx-csi-rbac.yaml @@ -0,0 +1,166 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the CSI Nutanix plugin compatible with Kubernetes >=v1.10 +# +# example usage: kubectl create -f + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-attacher + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-attacher-runner + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-role + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-attacher + namespace: kube-system +roleRef: + kind: ClusterRole + name: external-attacher-runner + apiGroup: rbac.authorization.k8s.io + +--- +# needed for StatefulSet +kind: Service +apiVersion: v1 +metadata: + name: csi-attacher-ntnx-plugin + namespace: kube-system + labels: + app: csi-attacher-ntnx-plugin +spec: + selector: + app: csi-attacher-ntnx-plugin + ports: + - name: dummy + port: 12345 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-provisioner + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-provisioner-runner + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-role + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-provisioner + namespace: kube-system +roleRef: + kind: ClusterRole + name: external-provisioner-runner + apiGroup: rbac.authorization.k8s.io +--- +# needed for StatefulSet +kind: Service +apiVersion: v1 +metadata: + name: csi-provisioner-ntnx-plugin + namespace: kube-system + labels: + app: csi-provisioner-ntnx-plugin +spec: + selector: + app: csi-provisioner-ntnx-plugin + ports: + - name: dummy + port: 12345 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-ntnx-plugin + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-ntnx-plugin + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "update"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-ntnx-plugin + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-ntnx-plugin + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-ntnx-plugin + apiGroup: rbac.authorization.k8s.io + diff --git a/deploy/Ubuntu1804/ntnx-csi-attacher.yaml b/deploy/Ubuntu1804/ntnx-csi-attacher.yaml new file mode 100644 index 0000000..735e893 --- /dev/null +++ b/deploy/Ubuntu1804/ntnx-csi-attacher.yaml @@ -0,0 +1,54 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the CSI Nutanix plugin compatible with Kubernetes >=v1.10 +# +# example usage: kubectl create -f + +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-attacher-ntnx-plugin + namespace: kube-system +spec: + serviceName: "csi-attacher-ntnx-plugin" + replicas: 1 + selector: + matchLabels: + app: csi-attacher-ntnx-plugin + template: + metadata: + labels: + app: csi-attacher-ntnx-plugin + spec: + serviceAccount: csi-attacher + containers: + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v1.0.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: nutanix-csi-plugin + image: ntnx/ntnx-csi:v1.0.1 + args : + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} diff --git a/deploy/Ubuntu1804/ntnx-csi-node.yaml b/deploy/Ubuntu1804/ntnx-csi-node.yaml new file mode 100644 index 0000000..1ca527a --- /dev/null +++ b/deploy/Ubuntu1804/ntnx-csi-node.yaml @@ -0,0 +1,109 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the CSI Nutanix plugin compatible with Kubernetes >=v1.10 +# +# example usage: kubectl create -f + +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-ntnx-plugin + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-ntnx-plugin + template: + metadata: + labels: + app: csi-ntnx-plugin + spec: + serviceAccount: csi-ntnx-plugin + hostNetwork: true + containers: + - name: driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.0.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/com.nutanix.csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration + - name: csi-ntnx-plugin + securityContext: + privileged: true + allowPrivilegeEscalation: true + image: ntnx/ntnx-csi:v1.0.1 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(NODE_ID)" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - mountPath: /dev + name: device-dir + - mountPath: /etc/iscsi + name: iscsi-dir + - mountPath: /sbin/iscsiadm + name: iscsiadm + - mountPath: /lib/modules + name: lib-dir + - mountPath: /usr/lib64/libisns-nocrypto.so.0 + name: ubuntu-lib + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/com.nutanix.csi/ + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev + - name: iscsi-dir + hostPath: + path: /etc/iscsi + type: Directory + - name: iscsiadm + hostPath: + path: /sbin/iscsiadm + type: File + - name: lib-dir + hostPath: + path: /lib/modules + type: Directory + - name: ubuntu-lib + hostPath: + path: /lib/x86_64-linux-gnu/libisns-nocrypto.so.0 + type: File diff --git a/deploy/Ubuntu1804/ntnx-csi-provisioner.yaml b/deploy/Ubuntu1804/ntnx-csi-provisioner.yaml new file mode 100644 index 0000000..05b323e --- /dev/null +++ b/deploy/Ubuntu1804/ntnx-csi-provisioner.yaml @@ -0,0 +1,59 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the CSI Nutanix plugin compatible with Kubernetes >=v1.10 +# +# example usage: kubectl create -f + +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-provisioner-ntnx-plugin + namespace: kube-system +spec: + serviceName: "csi-provisioner-ntnx-plugin" + replicas: 1 + selector: + matchLabels: + app: csi-provisioner-ntnx-plugin + template: + metadata: + labels: + app: csi-provisioner-ntnx-plugin + spec: + serviceAccount: csi-provisioner + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.0.1 + args: + - "--provisioner=com.nutanix.csi" + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: nutanix-csi-plugin + image: ntnx/ntnx-csi:v1.0.1 + securityContext: + privileged: true + allowPrivilegeEscalation: true + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(NODE_ID)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} diff --git a/deploy/Ubuntu1804/ntnx-csi-rbac.yaml b/deploy/Ubuntu1804/ntnx-csi-rbac.yaml new file mode 100644 index 0000000..cb30737 --- /dev/null +++ b/deploy/Ubuntu1804/ntnx-csi-rbac.yaml @@ -0,0 +1,166 @@ +# Copyright 2018 Nutanix Inc +# +# Configuration to deploy the CSI Nutanix plugin compatible with Kubernetes >=v1.10 +# +# example usage: kubectl create -f + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-attacher + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-attacher-runner + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-attacher-role + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-attacher + namespace: kube-system +roleRef: + kind: ClusterRole + name: external-attacher-runner + apiGroup: rbac.authorization.k8s.io + +--- +# needed for StatefulSet +kind: Service +apiVersion: v1 +metadata: + name: csi-attacher-ntnx-plugin + namespace: kube-system + labels: + app: csi-attacher-ntnx-plugin +spec: + selector: + app: csi-attacher-ntnx-plugin + ports: + - name: dummy + port: 12345 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-provisioner + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-provisioner-runner + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-provisioner-role + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-provisioner + namespace: kube-system +roleRef: + kind: ClusterRole + name: external-provisioner-runner + apiGroup: rbac.authorization.k8s.io +--- +# needed for StatefulSet +kind: Service +apiVersion: v1 +metadata: + name: csi-provisioner-ntnx-plugin + namespace: kube-system + labels: + app: csi-provisioner-ntnx-plugin +spec: + selector: + app: csi-provisioner-ntnx-plugin + ports: + - name: dummy + port: 12345 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-ntnx-plugin + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-ntnx-plugin + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "update"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-ntnx-plugin + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-ntnx-plugin + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-ntnx-plugin + apiGroup: rbac.authorization.k8s.io + diff --git a/example/ABS/claim1.yaml b/example/ABS/claim1.yaml new file mode 100644 index 0000000..64fe1a7 --- /dev/null +++ b/example/ABS/claim1.yaml @@ -0,0 +1,12 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: claim1 +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + storageClassName: acs-abs + diff --git a/example/ABS/ntnx-secret.yaml b/example/ABS/ntnx-secret.yaml new file mode 100644 index 0000000..4c9ca0a --- /dev/null +++ b/example/ABS/ntnx-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: ntnx-secret + namespace: default +data: + # base64 encoded prism-ip:prism-port:admin:password. + # E.g.: echo -n "10.6.47.155:9440:admin:mypassword" | base64 + key: MTAuNS52NS4xNTU6OTQ0MDphZG1pbjpOdXRhbml4LjEyMw== diff --git a/example/ABS/rc-nginx.yaml b/example/ABS/rc-nginx.yaml new file mode 100644 index 0000000..3a30e00 --- /dev/null +++ b/example/ABS/rc-nginx.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: server +spec: + replicas: 1 + selector: + role: server + template: + metadata: + labels: + role: server + spec: + containers: + - name: server + image: nginx + volumeMounts: + - mountPath: /var/lib/www/html + name: mypvc + volumes: + - name: mypvc + persistentVolumeClaim: + claimName: claim1 + diff --git a/example/ABS/sc.yaml b/example/ABS/sc.yaml new file mode 100644 index 0000000..c34f3e4 --- /dev/null +++ b/example/ABS/sc.yaml @@ -0,0 +1,13 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: acs-abs +provisioner: com.nutanix.csi +parameters: + csiProvisionerSecretName: ntnx-secret + csiProvisionerSecretNamespace: default + csiNodePublishSecretName: ntnx-secret + csiNodePublishSecretNamespace: default + dataServiceEndPoint: 10.40.144.216 + storageContainer: default-container-84242740336979 + fsType: ext4 diff --git a/example/AFS/claim2.yaml b/example/AFS/claim2.yaml new file mode 100644 index 0000000..a7682b4 --- /dev/null +++ b/example/AFS/claim2.yaml @@ -0,0 +1,12 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: claim2 +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 30Gi + storageClassName: acs-afs + diff --git a/example/AFS/rc-nginx.yaml b/example/AFS/rc-nginx.yaml new file mode 100644 index 0000000..938a640 --- /dev/null +++ b/example/AFS/rc-nginx.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: server +spec: + replicas: 1 + selector: + role: server + template: + metadata: + labels: + role: server + spec: + containers: + - name: server + image: bitnami/nginx + volumeMounts: + - mountPath: /var/lib/www/html + name: mypvc + volumes: + - name: mypvc + persistentVolumeClaim: + claimName: claim2 + diff --git a/example/AFS/rc-nginx2.yaml b/example/AFS/rc-nginx2.yaml new file mode 100644 index 0000000..5cb18e4 --- /dev/null +++ b/example/AFS/rc-nginx2.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: server2 +spec: + replicas: 1 + selector: + role: server + template: + metadata: + labels: + role: server + spec: + securityContext: + runAsUser: 200 + containers: + - name: server + image: bitnami/nginx + volumeMounts: + - mountPath: /var/lib/www/html + name: mypvc + volumes: + - name: mypvc + persistentVolumeClaim: + claimName: claim2 + diff --git a/example/AFS/sc.yaml b/example/AFS/sc.yaml new file mode 100644 index 0000000..31d3639 --- /dev/null +++ b/example/AFS/sc.yaml @@ -0,0 +1,8 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: acs-afs +provisioner: com.nutanix.csi +parameters: + nfsServer: 10.51.11.8 + nfsPath: nfs-test-path