diff options
Diffstat (limited to 'kud/deployment_infra/images/pmem-csi-direct.yaml')
-rw-r--r-- | kud/deployment_infra/images/pmem-csi-direct.yaml | 375 |
1 files changed, 375 insertions, 0 deletions
diff --git a/kud/deployment_infra/images/pmem-csi-direct.yaml b/kud/deployment_infra/images/pmem-csi-direct.yaml new file mode 100644 index 00000000..7591a493 --- /dev/null +++ b/kud/deployment_infra/images/pmem-csi-direct.yaml @@ -0,0 +1,375 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-controller + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-external-provisioner-cfg + namespace: default +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-external-provisioner-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-csi-provisioner-role-cfg + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-external-provisioner-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-controller + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-csi-provisioner-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-external-provisioner-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-controller + namespace: default +--- +apiVersion: v1 +kind: Service +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-controller + namespace: default +spec: + ports: + - port: 10000 + selector: + app: pmem-csi-controller + pmem-csi.intel.com/deployment: direct-production +--- +apiVersion: v1 +kind: Service +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-metrics + namespace: default +spec: + ports: + - port: 10010 + selector: + app: pmem-csi-controller + pmem-csi.intel.com/deployment: direct-production + type: NodePort +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-controller + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: pmem-csi-controller + pmem-csi.intel.com/deployment: direct-production + serviceName: pmem-csi-controller + template: + metadata: + labels: + app: pmem-csi-controller + pmem-csi.intel.com/deployment: direct-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -drivername=pmem-csi.intel.com + - -mode=controller + - -endpoint=unix:///csi/csi-controller.sock + - -registryEndpoint=tcp://0.0.0.0:10000 + - -metricsListen=:10010 + - -nodeid=$(KUBE_NODE_NAME) + - -caFile=/certs/ca.crt + - -certFile=/certs/tls.crt + - -keyFile=/certs/tls.key + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: Always + name: pmem-driver + securityContext: + privileged: true + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /certs/ + name: registry-cert + - mountPath: /csi + name: plugin-socket-dir + - args: + - --timeout=5m + - --v=3 + - --csi-address=/csi/csi-controller.sock + - --feature-gates=Topology=true + - --strict-topology=true + - --timeout=5m + - --strict-topology=true + image: quay.io/k8scsi/csi-provisioner:v1.2.1 + imagePullPolicy: Always + name: external-provisioner + volumeMounts: + - mountPath: /csi + name: plugin-socket-dir + serviceAccount: pmem-csi-controller + volumes: + - emptyDir: null + name: plugin-socket-dir + - name: registry-cert + secret: + secretName: pmem-csi-registry-secrets +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-node + namespace: default +spec: + selector: + matchLabels: + app: pmem-csi-node + pmem-csi.intel.com/deployment: direct-production + template: + metadata: + labels: + app: pmem-csi-node + pmem-csi.intel.com/deployment: direct-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -deviceManager=ndctl + - -v=3 + - -drivername=pmem-csi.intel.com + - -mode=node + - -endpoint=$(CSI_ENDPOINT) + - -nodeid=$(KUBE_NODE_NAME) + - -controllerEndpoint=tcp://$(KUBE_POD_IP):10001 + - -registryEndpoint=tcp://pmem-csi-controller:10000 + - -caFile=/certs/ca.crt + - -certFile=/certs/tls.crt + - -keyFile=/certs/tls.key + - -statePath=/var/lib/pmem-csi.intel.com + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/pmem-csi.intel.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: KUBE_POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: Always + name: pmem-driver + securityContext: + privileged: true + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: pods-dir + - mountPath: /certs/ + name: registry-cert + - mountPath: /dev + name: dev-dir + - mountPath: /var/lib/pmem-csi.intel.com + mountPropagation: Bidirectional + name: pmem-state-dir + - mountPath: /sys + name: sys-dir + - args: + - -v=3 + - --kubelet-registration-path=/var/lib/pmem-csi.intel.com/csi.sock + - --csi-address=/pmem-csi/csi.sock + image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 + imagePullPolicy: Always + name: driver-registrar + volumeMounts: + - mountPath: /pmem-csi + name: pmem-state-dir + - mountPath: /registration + name: registration-dir + nodeSelector: + storage: pmem + volumes: + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: pods-dir + - name: registry-cert + secret: + secretName: pmem-csi-node-secrets + - hostPath: + path: /var/lib/pmem-csi.intel.com + type: DirectoryOrCreate + name: pmem-state-dir + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir +--- +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi.intel.com +spec: + attachRequired: false + podInfoOnMount: true + #volumeLifecycleModes: + #- Persistent + #- Ephemeral |