Skip to content
This repository has been archived by the owner on Oct 21, 2020. It is now read-only.

Commit

Permalink
Merge pull request #74 from wongma7/ulimit
Browse files Browse the repository at this point in the history
Release nfs-provisioner v1.0.7
  • Loading branch information
wongma7 authored Apr 18, 2017
2 parents 3b9b4d1 + 47da5bd commit b00811f
Show file tree
Hide file tree
Showing 15 changed files with 31 additions and 18 deletions.
3 changes: 3 additions & 0 deletions nfs/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# v1.0.7
- Set a high limit for maximum number of files Ganesha may have open (setrlimit RLIMIT_NOFILE) -- this requires the additional SYS_RESOURCE capability, if not available the provisioner will still start but with a warning

# v1.0.6
- Reduce image size by a lot

Expand Down
2 changes: 1 addition & 1 deletion nfs/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

[![Docker Repository on Quay](https://quay.io/repository/kubernetes_incubator/nfs-provisioner/status "Docker Repository on Quay")](https://quay.io/repository/kubernetes_incubator/nfs-provisioner)
```
quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6
quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7
```

nfs-provisioner is an out-of-tree dynamic provisioner for Kubernetes 1.4. You can use it to quickly & easily deploy shared storage that works almost anywhere. Or it can help you write your own out-of-tree dynamic provisioner by serving as an example implementation of the requirements detailed in [the proposal](https://github.com/kubernetes/kubernetes/pull/30285). Go [here](./docs/demo) for a demo of how to use it and [here](../docs/demo/hostpath-provisioner) for an example of how to write your own.
Expand Down
3 changes: 2 additions & 1 deletion nfs/deploy/kubernetes/auth/daemonset-sa.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
app: nfs-provisioner
containers:
- name: nfs-provisioner
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7
ports:
- name: nfs
containerPort: 2049
Expand All @@ -29,6 +29,7 @@ spec:
capabilities:
add:
- DAC_READ_SEARCH
- SYS_RESOURCE
args:
- "-provisioner=example.com/nfs"
env:
Expand Down
3 changes: 2 additions & 1 deletion nfs/deploy/kubernetes/auth/deployment-sa.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ spec:
serviceAccount: nfs-provisioner
containers:
- name: nfs-provisioner
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7
ports:
- name: nfs
containerPort: 2049
Expand All @@ -49,6 +49,7 @@ spec:
capabilities:
add:
- DAC_READ_SEARCH
- SYS_RESOURCE
args:
- "-provisioner=example.com/nfs"
env:
Expand Down
1 change: 1 addition & 0 deletions nfs/deploy/kubernetes/auth/openshift-scc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ allowHostPorts: false
allowPrivilegedContainer: false
allowedCapabilities:
- DAC_READ_SEARCH
- SYS_RESOURCE
apiVersion: v1
defaultAddCapabilities: null
fsGroup:
Expand Down
3 changes: 2 additions & 1 deletion nfs/deploy/kubernetes/auth/pod-sa.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ spec:
serviceAccount: nfs-provisioner
containers:
- name: nfs-provisioner
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7
ports:
- name: nfs
containerPort: 2049
Expand All @@ -21,6 +21,7 @@ spec:
capabilities:
add:
- DAC_READ_SEARCH
- SYS_RESOURCE
args:
- "-provisioner=example.com/nfs"
- "-grace-period=0"
Expand Down
1 change: 1 addition & 0 deletions nfs/deploy/kubernetes/auth/psp.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ spec:
rule: RunAsAny
allowedCapabilities:
- DAC_READ_SEARCH
- SYS_RESOURCE
runAsUser:
rule: RunAsAny
seLinux:
Expand Down
3 changes: 2 additions & 1 deletion nfs/deploy/kubernetes/auth/statefulset-sa.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ spec:
terminationGracePeriodSeconds: 0
containers:
- name: nfs-provisioner
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7
ports:
- name: nfs
containerPort: 2049
Expand All @@ -51,6 +51,7 @@ spec:
capabilities:
add:
- DAC_READ_SEARCH
- SYS_RESOURCE
args:
- "-provisioner=example.com/nfs"
env:
Expand Down
3 changes: 2 additions & 1 deletion nfs/deploy/kubernetes/daemonset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ spec:
app: nfs-provisioner
containers:
- name: nfs-provisioner
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7
ports:
- name: nfs
containerPort: 2049
Expand All @@ -28,6 +28,7 @@ spec:
capabilities:
add:
- DAC_READ_SEARCH
- SYS_RESOURCE
args:
- "-provisioner=example.com/nfs"
env:
Expand Down
3 changes: 2 additions & 1 deletion nfs/deploy/kubernetes/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ spec:
spec:
containers:
- name: nfs-provisioner
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7
ports:
- name: nfs
containerPort: 2049
Expand All @@ -48,6 +48,7 @@ spec:
capabilities:
add:
- DAC_READ_SEARCH
- SYS_RESOURCE
args:
- "-provisioner=example.com/nfs"
env:
Expand Down
2 changes: 1 addition & 1 deletion nfs/deploy/kubernetes/pod.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
spec:
containers:
- name: nfs-provisioner
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7
ports:
- name: nfs
containerPort: 2049
Expand Down
3 changes: 2 additions & 1 deletion nfs/deploy/kubernetes/statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ spec:
terminationGracePeriodSeconds: 0
containers:
- name: nfs-provisioner
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7
ports:
- name: nfs
containerPort: 2049
Expand All @@ -50,6 +50,7 @@ spec:
capabilities:
add:
- DAC_READ_SEARCH
- SYS_RESOURCE
args:
- "-provisioner=example.com/nfs"
env:
Expand Down
3 changes: 2 additions & 1 deletion nfs/docs/demo/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ spec:
spec:
containers:
- name: nfs-provisioner
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6
image: quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7
ports:
- name: nfs
containerPort: 2049
Expand All @@ -48,6 +48,7 @@ spec:
capabilities:
add:
- DAC_READ_SEARCH
- SYS_RESOURCE
args:
- "-provisioner=example.com/nfs"
- "-grace-period=10"
Expand Down
14 changes: 7 additions & 7 deletions nfs/docs/deployment.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ $ make container
If you are running in Kubernetes, it will pull the image from Quay for you. Or you can do it yourself.

```
$ docker pull quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6
$ docker pull quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7
```

## Deploying the provisioner
Expand Down Expand Up @@ -95,23 +95,23 @@ daemonset "nfs-provisioner" created

The container is going to need to run with one of `master` or `kubeconfig` set. For the `kubeconfig` argument to work, the config file, and any certificate files it references by path like `certificate-authority: /var/run/kubernetes/apiserver.crt`, need to be inside the container somehow. This can be done by creating Docker volumes, or copying the files into the folder where the Dockerfile is and adding lines like `COPY config /.kube/config` to the Dockerfile before building the image.

Run nfs-provisioner with `provisioner` equal to the name you decided on, and one of `master` or `kubeconfig` set. It needs to be run with capability `DAC_READ_SEARCH`. If you are using Docker 1.10 or newer, it also needs a more permissive seccomp profile: `unconfined` or `deploy/docker/nfs-provisioner-seccomp.json`.
Run nfs-provisioner with `provisioner` equal to the name you decided on, and one of `master` or `kubeconfig` set. It needs to be run with capability `DAC_READ_SEARCH` in order for Ganesha to work. Optionally, it should be run also with capability `SYS_RESOURCE` so that it can set a higher limit for the number of opened files Ganesha may have. If you are using Docker 1.10 or newer, it also needs a more permissive seccomp profile: `unconfined` or `deploy/docker/nfs-provisioner-seccomp.json`.

You may want to specify the hostname the NFS server exports from, i.e. the server IP to put on PVs, by setting the `server-hostname` flag.

```
$ docker run --cap-add DAC_READ_SEARCH \
$ docker run --cap-add DAC_READ_SEARCH --cap-add SYS_RESOURCE \
--security-opt seccomp:deploy/docker/nfs-provisioner-seccomp.json \
-v $HOME/.kube:/.kube:Z \
quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6 \
quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7 \
-provisioner=example.com/nfs \
-kubeconfig=/.kube/config
```
or
```
$ docker run --cap-add DAC_READ_SEARCH \
$ docker run --cap-add DAC_READ_SEARCH --cap-add SYS_RESOURCE \
--security-opt seccomp:deploy/docker/nfs-provisioner-seccomp.json \
quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6 \
quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7 \
-provisioner=example.com/nfs \
-master=http://172.17.0.1:8080
```
Expand All @@ -126,7 +126,7 @@ With the two above options, the run command will look something like this.
$ docker run --privileged \
-v $HOME/.kube:/.kube:Z \
-v /xfs:/export:Z \
quay.io/kubernetes_incubator/nfs-provisioner:v1.0.6 \
quay.io/kubernetes_incubator/nfs-provisioner:v1.0.7 \
-provisioner=example.com/nfs \
-kubeconfig=/.kube/config \
-enable-xfs-quota=true
Expand Down
2 changes: 1 addition & 1 deletion nfs/test/e2e/e2e_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@ func startProvisionerPod(c clientset.Interface, ns string) *v1.Pod {
Image: "quay.io/kubernetes_incubator/nfs-provisioner:latest",
SecurityContext: &v1.SecurityContext{
Capabilities: &v1.Capabilities{
Add: []v1.Capability{"DAC_READ_SEARCH"},
Add: []v1.Capability{"DAC_READ_SEARCH", "SYS_RESOURCE"},
},
},
Args: []string{
Expand Down

0 comments on commit b00811f

Please sign in to comment.