From a4443b618c6e92f97064a270b800f1b55899a597 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Sun, 7 Jun 2020 21:05:04 -0700 Subject: [PATCH] copied from moosefs --- deploy/kubernetes/provisioner.yaml | 102 ------ deploy/kubernetes/sample-busybox-pod.yaml | 16 + deploy/kubernetes/sample-seaweedfs-pvc.yaml | 11 + deploy/kubernetes/seaweedfs-csi.yaml | 384 ++++++++++++++++++++ 4 files changed, 411 insertions(+), 102 deletions(-) delete mode 100644 deploy/kubernetes/provisioner.yaml create mode 100644 deploy/kubernetes/sample-busybox-pod.yaml create mode 100644 deploy/kubernetes/sample-seaweedfs-pvc.yaml create mode 100644 deploy/kubernetes/seaweedfs-csi.yaml diff --git a/deploy/kubernetes/provisioner.yaml b/deploy/kubernetes/provisioner.yaml deleted file mode 100644 index 226257e..0000000 --- a/deploy/kubernetes/provisioner.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: csi-provisioner-sa - namespace: default ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: external-provisioner-runner -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: csi-provisioner-role -subjects: - - kind: ServiceAccount - name: csi-provisioner-sa - namespace: default -roleRef: - kind: ClusterRole - name: external-provisioner-runner - apiGroup: rbac.authorization.k8s.io ---- -kind: Service -apiVersion: v1 -metadata: - name: csi-provisioner-seaweedfs - namespace: default - labels: - app: csi-provisioner-seaweedfs -spec: - selector: - app: csi-provisioner-seaweedfs - ports: - - name: dummy - port: 12345 ---- -kind: StatefulSet -apiVersion: apps/v1beta1 -metadata: - name: csi-provisioner-seaweedfs - namespace: default -spec: - serviceName: "csi-provisioner-seaweedfs" - replicas: 1 - template: - metadata: - labels: - app: csi-provisioner-seaweedfs - spec: - serviceAccount: csi-provisioner-sa - containers: - - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v1.1.0 - args: - - "--provisioner=seaweedfs-csi-driver" - - "--csi-address=$(ADDRESS)" - - "--v=4" - env: - - name: ADDRESS - value: /var/lib/kubelet/plugins/seaweedfs-csi-driver/csi.sock - imagePullPolicy: "IfNotPresent" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/kubelet/plugins/seaweedfs-csi-driver - - name: csi-seaweedfs - image: seaweedfs/csi:v1.1.1 - args: - - "--endpoint=$(CSI_ENDPOINT)" - - "--nodeid=$(NODE_ID)" - - "--v=4" - env: - - name: CSI_ENDPOINT - value: unix:///var/lib/kubelet/plugins/seaweedfs-csi-driver/csi.sock - - name: NODE_ID - valueFrom: - fieldRef: - fieldPath: spec.nodeName - imagePullPolicy: "Always" - volumeMounts: - - name: socket-dir - mountPath: /var/lib/kubelet/plugins/seaweedfs-csi-driver - volumes: - - name: socket-dir - emptyDir: {} diff --git a/deploy/kubernetes/sample-busybox-pod.yaml b/deploy/kubernetes/sample-busybox-pod.yaml new file mode 100644 index 0000000..dce2be4 --- /dev/null +++ b/deploy/kubernetes/sample-busybox-pod.yaml @@ -0,0 +1,16 @@ +kind: Pod +apiVersion: v1 +metadata: + name: my-csi-app +spec: + containers: + - name: my-frontend + image: busybox + volumeMounts: + - mountPath: "/data" + name: seaweedfs-volume + command: [ "sleep", "1000000" ] + volumes: + - name: seaweedfs-volume + persistentVolumeClaim: + claimName: seaweedfs-csi-pvc diff --git a/deploy/kubernetes/sample-seaweedfs-pvc.yaml b/deploy/kubernetes/sample-seaweedfs-pvc.yaml new file mode 100644 index 0000000..619e258 --- /dev/null +++ b/deploy/kubernetes/sample-seaweedfs-pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: seaweedfs-csi-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi # In case of EP, this value does not have any effect + storageClassName: seaweedfs-storage diff --git a/deploy/kubernetes/seaweedfs-csi.yaml b/deploy/kubernetes/seaweedfs-csi.yaml new file mode 100644 index 0000000..5cb1f3f --- /dev/null +++ b/deploy/kubernetes/seaweedfs-csi.yaml @@ -0,0 +1,384 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: csinodeinfos.csi.storage.k8s.io +spec: + group: csi.storage.k8s.io + names: + kind: CSINodeInfo + plural: csinodeinfos + scope: Cluster + validation: + openAPIV3Schema: + properties: + csiDrivers: + description: List of CSI drivers running on the node and their properties. + items: + properties: + driver: + description: The CSI driver that this object refers to. + type: string + nodeID: + description: The node from the driver point of view. + type: string + topologyKeys: + description: List of keys supported by the driver. + items: + type: string + type: array + type: array + version: v1alpha1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: seaweedfs-storage + namespace: kube-system + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: com.seaweedfs.csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-seaweedfs-controller-sa + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-seaweedfs-node-sa + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-seaweedfs-provisioner-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-seaweedfs-provisioner-binding +subjects: + - kind: ServiceAccount + name: csi-seaweedfs-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-seaweedfs-provisioner-role + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-seaweedfs-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-seaweedfs-attacher-binding +subjects: + - kind: ServiceAccount + name: csi-seaweedfs-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-seaweedfs-attacher-role + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-seaweedfs-snapshotter-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-seaweedfs-snapshotter-binding +subjects: + - kind: ServiceAccount + name: csi-seaweedfs-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-seaweedfs-snapshotter-role + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-seaweedfs-driver-registrar-controller-role +rules: + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csidrivers"] + verbs: ["create", "delete"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-seaweedfs-driver-registrar-controller-binding +subjects: + - kind: ServiceAccount + name: csi-seaweedfs-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-seaweedfs-driver-registrar-controller-role + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-seaweedfs-driver-registrar-node-role +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-seaweedfs-driver-registrar-node-binding +subjects: + - kind: ServiceAccount + name: csi-seaweedfs-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-seaweedfs-driver-registrar-node-role + apiGroup: rbac.authorization.k8s.io +--- +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: csi-seaweedfs-controller + namespace: kube-system +spec: + serviceName: "csi-seaweedfs" + replicas: 1 + template: + metadata: + labels: + app: csi-seaweedfs-controller + role: csi-seaweedfs + spec: + priorityClassName: system-cluster-critical + serviceAccount: csi-seaweedfs-controller-sa + containers: + # provisioner + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.0.1 + args: + - "--provisioner=com.seaweedfs.csi" + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + # attacher + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v1.0.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + # Driver registrar + - name: csi-driver-registrar + image: quay.io/k8scsi/csi-cluster-driver-registrar:v1.0.1 + args: + - "--v=5" + - "--pod-info-mount-version=\"v1\"" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + # SeaweedFs Plugin + - name: seaweedfs-csi-plugin + image: chrislusf/seaweedfs-csi-driver:latest + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--filer=$(SEAWEEDFS_FILER)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: SEAWEEDFS_FILER + value: "192.X.X.X:8888" # host and port of your SeaweedFs filer + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} +--- +kind: DaemonSet +apiVersion: apps/v1beta2 +metadata: + name: csi-seaweedfs-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-seaweedfs-node + template: + metadata: + labels: + app: csi-seaweedfs-node + role: csi-seaweedfs + spec: + priorityClassName: system-node-critical + serviceAccount: csi-seaweedfs-node-sa + hostNetwork: true + containers: + - name: driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.0.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/com.seaweedfs.csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration/ + - name: csi-seaweedfs-plugin + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: chrislusf/seaweedfs-csi-driver:latest + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--filer=$(SEAWEEDFS_FILER)" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: SEAWEEDFS_FILER + value: "192.X.X.X:8888" # host and port of your SeaweedFs filer + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - mountPath: /dev + name: device-dir + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/com.seaweedfs.csi + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev \ No newline at end of file