Skip to content

Commit

Permalink
Add csi driver
Browse files Browse the repository at this point in the history 
Signed-off-by: michal.gubricky <[email protected]>
  • Loading branch information
@michal-gubricky
michal-gubricky committed Jun 26, 2024
1 parent 1818a47 commit 27b8be0
Show file tree
Hide file tree
Showing 9 changed files with 1,359 additions and 0 deletions.
6 changes: 6 additions & 0 deletions providers/kubevirt/alpha/1-29/cluster-addon-values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,9 @@ values: |
commonLabels:
domain: "{{ .Cluster.spec.controlPlaneEndpoint.host }}"
clusterAddonVersion: "v1"
{{- range .Cluster.spec.topology.variables }}
{{- if and (eq .name "csi_driver") .value }}
csi:
enable: {{ .value }}
{{- end }}
{{- end }}
331 changes: 331 additions & 0 deletions providers/kubevirt/alpha/1-29/cluster-addon/templates/csi-driver-tenant-template.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,331 @@
{{- if .Values.csi.enable }}
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: csi.kubevirt.io
spec:
attachRequired: true
podInfoOnMount: true
fsGroupPolicy: ReadWriteOnceWithFSType
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubevirt-csi-controller-sa
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt-csi-controller-cr
rules:
- apiGroups: ['']
resources: ['persistentvolumes']
verbs: ['create', 'delete', 'get', 'list', 'watch', 'update', 'patch']
- apiGroups: ['']
resources: ['secrets']
verbs: ['get', 'list']
- apiGroups: ['']
resources: ['persistentvolumeclaims']
verbs: ['get', 'list', 'watch', 'update']
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["update", "patch"]
- apiGroups: ['']
resources: ['nodes']
verbs: ['get', 'list', 'watch']
- apiGroups: ['storage.k8s.io']
resources: ['volumeattachments']
verbs: ['get', 'list', 'watch', 'update', 'patch']
- apiGroups: ['storage.k8s.io']
resources: ['storageclasses']
verbs: ['get', 'list', 'watch']
- apiGroups: ['csi.storage.k8s.io']
resources: ['csidrivers']
verbs: ['get', 'list', 'watch', 'update', 'create']
- apiGroups: ['']
resources: ['events']
verbs: ['list', 'watch', 'create', 'update', 'patch']
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["update"]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattachments/status" ]
verbs: [ "get", "list", "watch", "update", "patch" ]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["security.openshift.io"]
resources: ["securitycontextconstraints"]
verbs: ["use"]
resourceNames: ["privileged"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubevirt-csi-controller-binding
subjects:
- kind: ServiceAccount
name: kubevirt-csi-controller-sa
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: kubevirt-csi-controller-cr
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubevirt-csi-node-sa
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubevirt-csi-snapshot-sa
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt-csi-node-cr
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["security.openshift.io"]
resources: ["securitycontextconstraints"]
verbs: ["use"]
resourceNames: ["privileged"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["list"]

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: external-snapshotter-runner
rules:
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubevirt-csi-node-binding
subjects:
- kind: ServiceAccount
name: kubevirt-csi-node-sa
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: kubevirt-csi-node-cr
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-snapshotter-role
subjects:
- kind: ServiceAccount
name: kubevirt-csi-snapshot-sa
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
# change the name also here if the ClusterRole gets renamed
name: external-snapshotter-runner
apiGroup: rbac.authorization.k8s.io
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: kubevirt-csi-node
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app: kubevirt-csi-driver
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: kubevirt-csi-driver
spec:
serviceAccount: kubevirt-csi-node-sa
priorityClassName: system-node-critical
tolerations:
- operator: Exists
containers:
- name: csi-driver
securityContext:
privileged: true
allowPrivilegeEscalation: true
imagePullPolicy: Always
image: registry.dnation.cloud/test-mg/kubevirt-csi-driver:latest
args:
- "--endpoint=unix:/csi/csi.sock"
- "--node-name=$(KUBE_NODE_NAME)"
- "--run-node-service=true"
- "--run-controller-service=false"
- "--v=5"
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: kubelet-dir
mountPath: /var/lib/kubelet
mountPropagation: "Bidirectional"
- name: plugin-dir
mountPath: /csi
- name: device-dir
mountPath: /dev
- name: udev
mountPath: /run/udev
ports:
- name: healthz
containerPort: 10300
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 10
failureThreshold: 5
resources:
requests:
memory: 50Mi
cpu: 10m
- name: csi-node-driver-registrar
image: quay.io/openshift/origin-csi-node-driver-registrar:latest
args:
- "--csi-address=$(ADDRESS)"
- "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
- "--v=5"
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "rm -rf /registration/csi.kubevirt.io-reg.sock /csi/csi.sock"]
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: /var/lib/kubelet/plugins/csi.kubevirt.io/csi.sock
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
resources:
requests:
memory: 20Mi
cpu: 5m
- name: csi-liveness-probe
image: quay.io/openshift/origin-csi-livenessprobe:latest
args:
- "--csi-address=/csi/csi.sock"
- "--probe-timeout=3s"
- "--health-port=10300"
volumeMounts:
- name: plugin-dir
mountPath: /csi
resources:
requests:
memory: 20Mi
cpu: 5m
volumes:
- name: kubelet-dir
hostPath:
path: /var/lib/kubelet
type: Directory
- name: plugin-dir
hostPath:
path: /var/lib/kubelet/plugins/csi.kubevirt.io/
type: DirectoryOrCreate
- name: registration-dir
hostPath:
path: /var/lib/kubelet/plugins_registry/
type: Directory
- name: device-dir
hostPath:
path: /dev
type: Directory
- name: udev
hostPath:
path: /run/udev
---
apiVersion: v1
kind: ConfigMap
metadata:
name: driver-config
namespace: {{ .Release.Namespace }}
data:
infraClusterNamespace:
infraClusterLabels: csi-driver/cluster=tenant
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: kubevirt
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: csi.kubevirt.io
parameters:
infraStorageClassName: standard
bus: scsi
---
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
name: kubevirt-csi-snapclass
driver: csi.kubevirt.io
deletionPolicy: Delete
{{- end }}
Loading

0 comments on commit 27b8be0

Please sign in to comment.