diff --git a/Dockerfile b/Dockerfile index fee3fa53..343b278b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,5 @@ FROM centos:7 -FROM centos:7 - # Update the CentOS repository configuration RUN sed -i 's|mirrorlist=http://mirrorlist.centos.org/?|#mirrorlist=http://mirrorlist.centos.org/?|g' /etc/yum.repos.d/CentOS-*.repo && \ sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*.repo diff --git a/helm/operator/templates/hwameistorcluster.yaml b/helm/operator/templates/hwameistorcluster.yaml index 57f05860..74b916fc 100644 --- a/helm/operator/templates/hwameistorcluster.yaml +++ b/helm/operator/templates/hwameistorcluster.yaml @@ -254,8 +254,8 @@ spec: operator: DoesNotExist chartVersion: "v0.4.1" storageClass: - allowVolumeExpansion: true - reclaimPolicy: "Delete" + allowVolumeExpansion: {{ $.Values.storageClass.allowVolumeExpansion }} + reclaimPolicy: {{ $.Values.storageClass.reclaimPolicy }} fsType: "xfs" dataLoadManager: diff --git a/helm/operator/values.yaml b/helm/operator/values.yaml index 1d3978a6..d4322bb4 100644 --- a/helm/operator/values.yaml +++ b/helm/operator/values.yaml @@ -183,6 +183,13 @@ dataLoadInit: imageRepository: hwameistor/dataload-init tag: v0.0.1 +# StorageClass Settings +storageClass: + # If allowed, volume can be expanded by modify pvc related field + allowVolumeExpansion: true + reclaimPolicy: Retain + +#storageClassReclaimPolicy: Retain > Delete #datasetDefaultPoolClass: NVMe > SSD > HDD # diskReserve example diff --git a/pkg/install/rbac/rbac.go b/pkg/install/rbac/rbac.go index abfb1c53..27276732 100644 --- a/pkg/install/rbac/rbac.go +++ b/pkg/install/rbac/rbac.go @@ -33,13 +33,109 @@ var clusterRole = rbacv1.ClusterRole{ }, Rules: []rbacv1.PolicyRule{ { - APIGroups: []string{"*"}, - Resources: []string{"*"}, + APIGroups: []string{"apiextensions.k8s.io"}, + Resources: []string{"customresourcedefinitions"}, Verbs: []string{"*"}, }, { - NonResourceURLs: []string{"*"}, - Verbs: []string{"*"}, + APIGroups: []string{""}, + Resources: []string{"nodes"}, + Verbs: []string{"get", "list", "watch"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"persistentvolumes", "pods/binding", "pods/status"}, + Verbs: []string{"get", "list", "watch", "create", "delete", "update", "patch"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"persistentvolumeclaims"}, + Verbs: []string{"get", "list", "watch", "update", "patch"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"persistentvolumeclaims/status"}, + Verbs: []string{"update", "patch"}, + }, + { + APIGroups: []string{"storage.k8s.io"}, + Resources: []string{"storageclasses"}, + Verbs: []string{"get", "list", "watch", "create", "update"}, + }, + { + APIGroups: []string{"storage.k8s.io"}, + Resources: []string{"volumeattachments", "volumeattachments/status"}, + Verbs: []string{"get", "list", "watch", "update", "patch", "delete"}, + }, + { + APIGroups: []string{"apps"}, + Resources: []string{"deployments", "daemonsets"}, + Verbs: []string{"get"}, + }, + { + APIGroups: []string{"apps"}, + Resources: []string{"replicasets", "statefulsets"}, + Verbs: []string{"get", "list", "watch"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"pods", "services", "replicationcontrollers"}, + Verbs: []string{"get", "list", "watch"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"namespaces"}, + Verbs: []string{"get", "list", "watch", "update", "patch"}, + }, + { + APIGroups: []string{"policy"}, + Resources: []string{"poddisruptionbudgets"}, + Verbs: []string{"get", "list", "watch", "update", "patch"}, + }, + { + APIGroups: []string{"", "events.k8s.io"}, + Resources: []string{"events"}, + Verbs: []string{"get", "list", "watch", "create", "update"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"secrets"}, + Verbs: []string{"get", "list", "create"}, + }, + { + APIGroups: []string{"snapshot.storage.k8s.io"}, + Resources: []string{"volumesnapshots", "volumesnapshotcontents", "volumesnapshotclasses", "volumesnapshots/status", "volumesnapshotcontents/status"}, + Verbs: []string{"get", "list", "watch", "create", "delete", "update", "patch"}, + }, + { + APIGroups: []string{"storage.k8s.io"}, + Resources: []string{"csinodes", "csidrivers", "csistoragecapacities"}, + Verbs: []string{"get", "list", "watch", "update"}, + }, + { + APIGroups: []string{"admissionregistration.k8s.io"}, + Resources: []string{"mutatingwebhookconfigurations"}, + Verbs: []string{"get", "list", "watch", "update", "create"}, + }, + { + APIGroups: []string{"batch"}, + Resources: []string{"jobs"}, + Verbs: []string{"get", "list", "watch", "update", "create", "delete"}, + }, + { + APIGroups: []string{"coordination.k8s.io"}, + Resources: []string{"leases"}, + Verbs: []string{"get", "list", "watch", "update", "create"}, + }, + { + APIGroups: []string{""}, + Resources: []string{"configmaps"}, + Verbs: []string{"get", "list", "watch", "update", "create"}, + }, + { + APIGroups: []string{"hwameistor.io"}, + Resources: []string{"*"}, + Verbs: []string{"get", "list", "watch", "update", "create", "delete", "patch"}, }, }, } diff --git a/pkg/install/storageclass/storageclass.go b/pkg/install/storageclass/storageclass.go index c97933f4..9db2b9a2 100644 --- a/pkg/install/storageclass/storageclass.go +++ b/pkg/install/storageclass/storageclass.go @@ -34,7 +34,7 @@ func NewMaintainer(cli client.Client, clusterInstance *hwameistoroperatorv1alpha var volumeBindingWaitForFirstConsumer = storagev1.VolumeBindingWaitForFirstConsumer var defaultAllowVolumeExpansionBooleanValue = true -var defaultReclaimPolicy = corev1.PersistentVolumeReclaimDelete +var defaultReclaimPolicy = corev1.PersistentVolumeReclaimRetain var defaultDiskType = "HDD" var defaultFSType = "xfs"