diff --git a/README.md b/README.md index 3ff323bf..09767dee 100644 --- a/README.md +++ b/README.md @@ -12,9 +12,9 @@ This is a repository for [NFS](https://en.wikipedia.org/wiki/Network_File_System |driver version | supported k8s version | status | |----------------|-----------------------|--------| |master branch | 1.21+ | GA | +|v4.2.0 | 1.21+ | GA | |v4.1.0 | 1.20+ | GA | |v4.0.0 | 1.20+ | GA | -|v3.1.0 | 1.19+ | beta | ### Install driver on a Kubernetes cluster > [install NFS CSI driver on microk8s](https://microk8s.io/docs/nfs) diff --git a/charts/README.md b/charts/README.md index f62a55ff..8e2628aa 100644 --- a/charts/README.md +++ b/charts/README.md @@ -15,7 +15,7 @@ ### install a specific version ```console helm repo add csi-driver-nfs https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts -helm install csi-driver-nfs csi-driver-nfs/csi-driver-nfs --namespace kube-system --version v4.1.0 +helm install csi-driver-nfs csi-driver-nfs/csi-driver-nfs --namespace kube-system --version v4.2.0 ``` ### install driver with customized driver name, deployment name diff --git a/charts/index.yaml b/charts/index.yaml index 70985884..12cfbc60 100644 --- a/charts/index.yaml +++ b/charts/index.yaml @@ -2,26 +2,44 @@ apiVersion: v1 entries: csi-driver-nfs: - apiVersion: v1 - appVersion: v4.1.0 - created: "2022-07-05T06:47:20.800889706Z" + appVersion: v4.2.0 + created: "2023-02-19T02:51:49.961415855Z" description: CSI NFS Driver for Kubernetes - digest: f6c513b1f58bc7508032c7609738756f8690555f0e23a3a2ba02dbbd585b7ead + digest: 8a3646bc218ad90d28ebd4fe7e3b3b3221c122c0f80ef82d0cafc9a49f84f75f + name: csi-driver-nfs + urls: + - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/latest/csi-driver-nfs-v4.2.0.tgz + version: v4.2.0 + - apiVersion: v1 + appVersion: v4.2.0 + created: "2023-02-19T02:51:49.972069164Z" + description: CSI NFS Driver for Kubernetes + digest: e702f6c9be35f2649f5736ca5fcdc40ab1c6a235f41e7fb2472d208e8a5ebf47 + name: csi-driver-nfs + urls: + - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/v4.2.0/csi-driver-nfs-v4.2.0.tgz + version: v4.2.0 + - apiVersion: v1 + appVersion: v4.1.0 + created: "2023-02-19T02:51:49.971650409Z" + description: CSI NFS Driver for Kubernetes + digest: b2baa2f129976cf2981c8873290aac509aa3c5937ffc319fbf69fbe3271c23eb name: csi-driver-nfs urls: - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/v4.1.0/csi-driver-nfs-v4.1.0.tgz version: v4.1.0 - apiVersion: v1 appVersion: v4.0.0 - created: "2022-07-05T06:47:20.800130103Z" + created: "2023-02-19T02:51:49.970588504Z" description: CSI NFS Driver for Kubernetes - digest: cb537287512ce9f99adaead8cd4904ed7284780bdc44c9b8d6705e66f28bfa5c + digest: 3145fd12225a639908b14675c8ae1f272bc0e57ffa2895b6f17411486a24229d name: csi-driver-nfs urls: - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/v4.0.0/csi-driver-nfs-v4.0.0.tgz version: v4.0.0 - apiVersion: v1 appVersion: v3.1.0 - created: "2022-07-05T06:47:20.7993494Z" + created: "2023-02-19T02:51:49.969792999Z" description: CSI NFS Driver for Kubernetes digest: 7e51bb9188b013195cafc265102fa365de9ec5513780e1dfc5363289f811a4d9 name: csi-driver-nfs @@ -30,7 +48,7 @@ entries: version: v3.1.0 - apiVersion: v1 appVersion: v3.0.0 - created: "2022-07-05T06:47:20.798650697Z" + created: "2023-02-19T02:51:49.965979851Z" description: CSI NFS Driver for Kubernetes digest: 44406231cd5cdada1c62a0541b93b4f5d5a70ccc8c50b33553a8692fe6cfae96 name: csi-driver-nfs @@ -39,20 +57,11 @@ entries: version: v3.0.0 - apiVersion: v1 appVersion: v2.0.0 - created: "2022-07-05T06:47:20.798008295Z" + created: "2023-02-19T02:51:49.965226537Z" description: CSI NFS Driver for Kubernetes digest: 1a32c6fc016526fe19a0c9e0dfbe83d0ddde67ced533bb5f5d24d713f706c613 name: csi-driver-nfs urls: - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/v2.0.0/csi-driver-nfs-v2.0.0.tgz version: v2.0.0 - - apiVersion: v1 - appVersion: latest - created: "2022-07-05T06:47:20.797517293Z" - description: CSI NFS Driver for Kubernetes - digest: 6bdf28e22cf06093e29b8a4ddddfb7a5eed253e0519fa1cd2f7ce2b4ea82abb6 - name: csi-driver-nfs - urls: - - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/latest/csi-driver-nfs-v0.0.0.tgz - version: v0.0.0 -generated: "2022-07-05T06:47:20.796518189Z" +generated: "2023-02-19T02:51:49.960808852Z" diff --git a/charts/latest/csi-driver-nfs-v0.0.0.tgz b/charts/latest/csi-driver-nfs-v0.0.0.tgz deleted file mode 100644 index ff259e77..00000000 Binary files a/charts/latest/csi-driver-nfs-v0.0.0.tgz and /dev/null differ diff --git a/charts/latest/csi-driver-nfs-v4.2.0.tgz b/charts/latest/csi-driver-nfs-v4.2.0.tgz new file mode 100644 index 00000000..30fa0a38 Binary files /dev/null and b/charts/latest/csi-driver-nfs-v4.2.0.tgz differ diff --git a/charts/latest/csi-driver-nfs/Chart.yaml b/charts/latest/csi-driver-nfs/Chart.yaml index c73b9f8e..ff1bbcf8 100755 --- a/charts/latest/csi-driver-nfs/Chart.yaml +++ b/charts/latest/csi-driver-nfs/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: latest +appVersion: v4.2.0 description: CSI NFS Driver for Kubernetes name: csi-driver-nfs -version: v0.0.0 +version: v4.2.0 diff --git a/charts/latest/csi-driver-nfs/values.yaml b/charts/latest/csi-driver-nfs/values.yaml index 5ebaaa03..f5c33311 100755 --- a/charts/latest/csi-driver-nfs/values.yaml +++ b/charts/latest/csi-driver-nfs/values.yaml @@ -1,8 +1,8 @@ customLabels: {} image: nfs: - repository: gcr.io/k8s-staging-sig-storage/nfsplugin - tag: canary + repository: registry.k8s.io/sig-storage/nfsplugin + tag: v4.2.0 pullPolicy: IfNotPresent csiProvisioner: repository: registry.k8s.io/sig-storage/csi-provisioner diff --git a/charts/v4.2.0/csi-driver-nfs-v4.2.0.tgz b/charts/v4.2.0/csi-driver-nfs-v4.2.0.tgz new file mode 100644 index 00000000..560838d9 Binary files /dev/null and b/charts/v4.2.0/csi-driver-nfs-v4.2.0.tgz differ diff --git a/charts/v4.2.0/csi-driver-nfs/.helmignore b/charts/v4.2.0/csi-driver-nfs/.helmignore new file mode 100644 index 00000000..50af0317 --- /dev/null +++ b/charts/v4.2.0/csi-driver-nfs/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/v4.2.0/csi-driver-nfs/Chart.yaml b/charts/v4.2.0/csi-driver-nfs/Chart.yaml new file mode 100644 index 00000000..ff1bbcf8 --- /dev/null +++ b/charts/v4.2.0/csi-driver-nfs/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: v4.2.0 +description: CSI NFS Driver for Kubernetes +name: csi-driver-nfs +version: v4.2.0 diff --git a/charts/v4.2.0/csi-driver-nfs/templates/NOTES.txt b/charts/v4.2.0/csi-driver-nfs/templates/NOTES.txt new file mode 100644 index 00000000..cecf3b9e --- /dev/null +++ b/charts/v4.2.0/csi-driver-nfs/templates/NOTES.txt @@ -0,0 +1,5 @@ + The CSI NFS Driver is getting deployed to your cluster. + +To check CSI NFS Driver pods status, please run: + + kubectl --namespace={{ .Release.Namespace }} get pods --selector="app.kubernetes.io/instance={{ .Release.Name }}" --watch \ No newline at end of file diff --git a/charts/v4.2.0/csi-driver-nfs/templates/_helpers.tpl b/charts/v4.2.0/csi-driver-nfs/templates/_helpers.tpl new file mode 100644 index 00000000..901a53f1 --- /dev/null +++ b/charts/v4.2.0/csi-driver-nfs/templates/_helpers.tpl @@ -0,0 +1,19 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* Expand the name of the chart.*/}} +{{- define "nfs.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* labels for helm resources */}} +{{- define "nfs.labels" -}} +labels: + app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/managed-by: "{{ .Release.Service }}" + app.kubernetes.io/name: "{{ template "nfs.name" . }}" + app.kubernetes.io/version: "{{ .Chart.AppVersion }}" + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + {{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 2 -}} + {{- end }} +{{- end -}} diff --git a/charts/v4.2.0/csi-driver-nfs/templates/csi-nfs-controller.yaml b/charts/v4.2.0/csi-driver-nfs/templates/csi-nfs-controller.yaml new file mode 100644 index 00000000..9190b673 --- /dev/null +++ b/charts/v4.2.0/csi-driver-nfs/templates/csi-nfs-controller.yaml @@ -0,0 +1,123 @@ +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ .Values.controller.name }} + namespace: {{ .Release.Namespace }} +{{ include "nfs.labels" . | indent 2 }} +spec: + replicas: {{ .Values.controller.replicas }} + selector: + matchLabels: + app: {{ .Values.controller.name }} + strategy: + type: {{ .Values.controller.strategyType }} + template: + metadata: +{{ include "nfs.labels" . | indent 6 }} + app: {{ .Values.controller.name }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + hostNetwork: true # controller also needs to mount nfs to create dir + dnsPolicy: {{ .Values.controller.dnsPolicy }} + serviceAccountName: {{ .Values.serviceAccount.controller }} +{{- with .Values.controller.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- if .Values.controller.runOnMaster}} + node-role.kubernetes.io/master: "" + {{- end}} + {{- if .Values.controller.runOnControlPlane}} + node-role.kubernetes.io/control-plane: "" + {{- end}} +{{- with .Values.controller.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} + priorityClassName: system-cluster-critical +{{- with .Values.controller.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + containers: + - name: csi-provisioner + image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}" + args: + - "-v=2" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--leader-election-namespace={{ .Release.Namespace }}" + - "--extra-create-metadata=true" + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} + volumeMounts: + - mountPath: /csi + name: socket-dir + resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} + - name: liveness-probe + image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --health-port={{ .Values.controller.livenessProbe.healthPort }} + - --v=2 + imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} + - name: nfs + image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + imagePullPolicy: {{ .Values.image.nfs.pullPolicy }} + args: + - "--v={{ .Values.controller.logLevel }}" + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + - "--drivername={{ .Values.driver.name }}" + - "--mount-permissions={{ .Values.driver.mountPermissions }}" + - "--working-mount-dir={{ .Values.controller.workingMountDir }}" + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + ports: + - containerPort: {{ .Values.controller.livenessProbe.healthPort }} + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + volumeMounts: + - name: pods-mount-dir + mountPath: {{ .Values.kubeletDir }}/pods + mountPropagation: "Bidirectional" + - mountPath: /csi + name: socket-dir + resources: {{- toYaml .Values.controller.resources.nfs | nindent 12 }} + volumes: + - name: pods-mount-dir + hostPath: + path: {{ .Values.kubeletDir }}/pods + type: Directory + - name: socket-dir + emptyDir: {} diff --git a/charts/v4.2.0/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml b/charts/v4.2.0/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml new file mode 100644 index 00000000..a6afd896 --- /dev/null +++ b/charts/v4.2.0/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: {{ .Values.driver.name }} +spec: + attachRequired: false + volumeLifecycleModes: + - Persistent + {{- if .Values.feature.enableInlineVolume}} + - Ephemeral + {{- end}} + {{- if .Values.feature.enableFSGroupPolicy}} + fsGroupPolicy: File + {{- end}} diff --git a/charts/v4.2.0/csi-driver-nfs/templates/csi-nfs-node.yaml b/charts/v4.2.0/csi-driver-nfs/templates/csi-nfs-node.yaml new file mode 100644 index 00000000..b9f819fc --- /dev/null +++ b/charts/v4.2.0/csi-driver-nfs/templates/csi-nfs-node.yaml @@ -0,0 +1,134 @@ +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: {{ .Values.node.name }} + namespace: {{ .Release.Namespace }} +{{ include "nfs.labels" . | indent 2 }} +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: {{ .Values.node.maxUnavailable }} + type: RollingUpdate + selector: + matchLabels: + app: {{ .Values.node.name }} + template: + metadata: +{{ include "nfs.labels" . | indent 6 }} + app: {{ .Values.node.name }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + hostNetwork: true # original nfs connection would be broken without hostNetwork setting + dnsPolicy: {{ .Values.controller.dnsPolicy }} + serviceAccountName: csi-nfs-node-sa +{{- with .Values.node.affinity }} + affinity: +{{ toYaml . | indent 8 }} +{{- end }} + nodeSelector: + kubernetes.io/os: linux +{{- with .Values.node.nodeSelector }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.node.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} +{{- end }} + containers: + - name: liveness-probe + image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --health-port={{ .Values.node.livenessProbe.healthPort }} + - --v=2 + imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} + - name: node-driver-registrar + image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" + livenessProbe: + exec: + command: + - /csi-node-driver-registrar + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --mode=kubelet-registration-probe + initialDelaySeconds: 30 + timeoutSeconds: 15 + args: + - --v=2 + - --csi-address=/csi/csi.sock + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + env: + - name: DRIVER_REG_SOCK_PATH + value: {{ .Values.kubeletDir }}/plugins/csi-nfsplugin/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }} + - name: nfs + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}" + args : + - "--v={{ .Values.node.logLevel }}" + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + - "--drivername={{ .Values.driver.name }}" + - "--mount-permissions={{ .Values.driver.mountPermissions }}" + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + ports: + - containerPort: {{ .Values.node.livenessProbe.healthPort }} + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + imagePullPolicy: {{ .Values.image.nfs.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: {{ .Values.kubeletDir }}/pods + mountPropagation: "Bidirectional" + resources: {{- toYaml .Values.node.resources.nfs | nindent 12 }} + volumes: + - name: socket-dir + hostPath: + path: {{ .Values.kubeletDir }}/plugins/csi-nfsplugin + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: {{ .Values.kubeletDir }}/pods + type: Directory + - hostPath: + path: {{ .Values.kubeletDir }}/plugins_registry + type: Directory + name: registration-dir diff --git a/charts/v4.2.0/csi-driver-nfs/templates/rbac-csi-nfs.yaml b/charts/v4.2.0/csi-driver-nfs/templates/rbac-csi-nfs.yaml new file mode 100644 index 00000000..bc94431d --- /dev/null +++ b/charts/v4.2.0/csi-driver-nfs/templates/rbac-csi-nfs.yaml @@ -0,0 +1,64 @@ +{{- if .Values.serviceAccount.create -}} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-{{ .Values.rbac.name }}-controller-sa + namespace: {{ .Release.Namespace }} +{{ include "nfs.labels" . | indent 2 }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-{{ .Values.rbac.name }}-node-sa + namespace: {{ .Release.Namespace }} +{{ include "nfs.labels" . | indent 2 }} +--- +{{- end }} + +{{ if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-external-provisioner-role +{{ include "nfs.labels" . | indent 2 }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-csi-provisioner-binding +{{ include "nfs.labels" . | indent 2 }} +subjects: + - kind: ServiceAccount + name: csi-{{ .Values.rbac.name }}-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Values.rbac.name }}-external-provisioner-role + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/charts/v4.2.0/csi-driver-nfs/values.yaml b/charts/v4.2.0/csi-driver-nfs/values.yaml new file mode 100644 index 00000000..f5c33311 --- /dev/null +++ b/charts/v4.2.0/csi-driver-nfs/values.yaml @@ -0,0 +1,116 @@ +customLabels: {} +image: + nfs: + repository: registry.k8s.io/sig-storage/nfsplugin + tag: v4.2.0 + pullPolicy: IfNotPresent + csiProvisioner: + repository: registry.k8s.io/sig-storage/csi-provisioner + tag: v3.3.0 + pullPolicy: IfNotPresent + livenessProbe: + repository: registry.k8s.io/sig-storage/livenessprobe + tag: v2.8.0 + pullPolicy: IfNotPresent + nodeDriverRegistrar: + repository: registry.k8s.io/sig-storage/csi-node-driver-registrar + tag: v2.6.2 + pullPolicy: IfNotPresent + +serviceAccount: + create: true # When true, service accounts will be created for you. Set to false if you want to use your own. + controller: csi-nfs-controller-sa # Name of Service Account to be created or used + +rbac: + create: true + name: nfs + +driver: + name: nfs.csi.k8s.io + mountPermissions: 0 + +feature: + enableFSGroupPolicy: true + enableInlineVolume: false + +kubeletDir: /var/lib/kubelet + +controller: + name: csi-nfs-controller + replicas: 1 + strategyType: Recreate + runOnMaster: false + runOnControlPlane: false + livenessProbe: + healthPort: 29652 + logLevel: 5 + workingMountDir: "/tmp" + dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst + affinity: {} + nodeSelector: {} + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/controlplane" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + resources: + csiProvisioner: + limits: + memory: 400Mi + requests: + cpu: 10m + memory: 20Mi + livenessProbe: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + nfs: + limits: + memory: 200Mi + requests: + cpu: 10m + memory: 20Mi + +node: + name: csi-nfs-node + dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst + maxUnavailable: 1 + logLevel: 5 + livenessProbe: + healthPort: 29653 + affinity: {} + nodeSelector: {} + tolerations: + - operator: "Exists" + resources: + livenessProbe: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + nodeDriverRegistrar: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + nfs: + limits: + memory: 300Mi + requests: + cpu: 10m + memory: 20Mi + +## Reference to one or more secrets to be used when pulling images +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +imagePullSecrets: [] +# - name: "image-pull-secret" diff --git a/deploy/csi-nfs-controller.yaml b/deploy/csi-nfs-controller.yaml index c35cc586..300ae2bf 100644 --- a/deploy/csi-nfs-controller.yaml +++ b/deploy/csi-nfs-controller.yaml @@ -68,7 +68,7 @@ spec: cpu: 10m memory: 20Mi - name: nfs - image: gcr.io/k8s-staging-sig-storage/nfsplugin:canary + image: registry.k8s.io/sig-storage/nfsplugin:v4.2.0 securityContext: privileged: true capabilities: diff --git a/deploy/csi-nfs-node.yaml b/deploy/csi-nfs-node.yaml index b4754fd0..e102603a 100644 --- a/deploy/csi-nfs-node.yaml +++ b/deploy/csi-nfs-node.yaml @@ -79,7 +79,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: gcr.io/k8s-staging-sig-storage/nfsplugin:canary + image: registry.k8s.io/sig-storage/nfsplugin:v4.2.0 args: - "-v=5" - "--nodeid=$(NODE_ID)" diff --git a/deploy/v4.2.0/csi-nfs-controller.yaml b/deploy/v4.2.0/csi-nfs-controller.yaml new file mode 100644 index 00000000..300ae2bf --- /dev/null +++ b/deploy/v4.2.0/csi-nfs-controller.yaml @@ -0,0 +1,119 @@ +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: csi-nfs-controller + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app: csi-nfs-controller + template: + metadata: + labels: + app: csi-nfs-controller + spec: + hostNetwork: true # controller also needs to mount nfs to create dir + dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst + serviceAccountName: csi-nfs-controller-sa + nodeSelector: + kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node + priorityClassName: system-cluster-critical + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/controlplane" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + containers: + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.3.0 + args: + - "-v=2" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--leader-election-namespace=kube-system" + - "--extra-create-metadata=true" + env: + - name: ADDRESS + value: /csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir + resources: + limits: + memory: 400Mi + requests: + cpu: 10m + memory: 20Mi + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.8.0 + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --health-port=29652 + - --v=2 + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: nfs + image: registry.k8s.io/sig-storage/nfsplugin:v4.2.0 + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + imagePullPolicy: IfNotPresent + args: + - "-v=5" + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + ports: + - containerPort: 29652 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + volumeMounts: + - name: pods-mount-dir + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + - mountPath: /csi + name: socket-dir + resources: + limits: + memory: 200Mi + requests: + cpu: 10m + memory: 20Mi + volumes: + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: socket-dir + emptyDir: {} diff --git a/deploy/v4.2.0/csi-nfs-driverinfo.yaml b/deploy/v4.2.0/csi-nfs-driverinfo.yaml new file mode 100644 index 00000000..ce1f04ff --- /dev/null +++ b/deploy/v4.2.0/csi-nfs-driverinfo.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: nfs.csi.k8s.io +spec: + attachRequired: false + volumeLifecycleModes: + - Persistent + fsGroupPolicy: File diff --git a/deploy/v4.2.0/csi-nfs-node.yaml b/deploy/v4.2.0/csi-nfs-node.yaml new file mode 100644 index 00000000..e102603a --- /dev/null +++ b/deploy/v4.2.0/csi-nfs-node.yaml @@ -0,0 +1,131 @@ +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-nfs-node + namespace: kube-system +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: csi-nfs-node + template: + metadata: + labels: + app: csi-nfs-node + spec: + hostNetwork: true # original nfs connection would be broken without hostNetwork setting + dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst + serviceAccountName: csi-nfs-node-sa + nodeSelector: + kubernetes.io/os: linux + tolerations: + - operator: "Exists" + containers: + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.8.0 + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --health-port=29653 + - --v=2 + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: node-driver-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.6.2 + args: + - --v=2 + - --csi-address=/csi/csi.sock + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + livenessProbe: + exec: + command: + - /csi-node-driver-registrar + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --mode=kubelet-registration-probe + initialDelaySeconds: 30 + timeoutSeconds: 15 + env: + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/csi-nfsplugin/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: nfs + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: registry.k8s.io/sig-storage/nfsplugin:v4.2.0 + args: + - "-v=5" + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + ports: + - containerPort: 29653 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + resources: + limits: + memory: 300Mi + requests: + cpu: 10m + memory: 20Mi + volumes: + - name: socket-dir + hostPath: + path: /var/lib/kubelet/plugins/csi-nfsplugin + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + name: registration-dir diff --git a/deploy/v4.2.0/rbac-csi-nfs.yaml b/deploy/v4.2.0/rbac-csi-nfs.yaml new file mode 100644 index 00000000..45c80e93 --- /dev/null +++ b/deploy/v4.2.0/rbac-csi-nfs.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-nfs-controller-sa + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-nfs-node-sa + namespace: kube-system +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: nfs-external-provisioner-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: nfs-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: csi-nfs-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: nfs-external-provisioner-role + apiGroup: rbac.authorization.k8s.io diff --git a/docs/install-csi-driver-v4.2.0.md b/docs/install-csi-driver-v4.2.0.md new file mode 100644 index 00000000..be572d22 --- /dev/null +++ b/docs/install-csi-driver-v4.2.0.md @@ -0,0 +1,45 @@ +# Install NFS CSI driver v4.2.0 version on a kubernetes cluster + +If you have already installed Helm, you can also use it to install this driver. Please check [Installation with Helm](../charts/README.md). + +## Install with kubectl + - Option#1. remote install +```console +curl -skSL https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/v4.2.0/deploy/install-driver.sh | bash -s v4.2.0 -- +``` + + - Option#2. local install +```console +git clone https://github.com/kubernetes-csi/csi-driver-nfs.git +cd csi-driver-nfs +./deploy/install-driver.sh v4.2.0 local +``` + +- check pods status: +```console +kubectl -n kube-system get pod -o wide -l app=csi-nfs-controller +kubectl -n kube-system get pod -o wide -l app=csi-nfs-node +``` + +example output: + +```console +NAME READY STATUS RESTARTS AGE IP NODE +csi-nfs-controller-56bfddd689-dh5tk 4/4 Running 0 35s 10.240.0.19 k8s-agentpool-22533604-0 +csi-nfs-node-cvgbs 3/3 Running 0 35s 10.240.0.35 k8s-agentpool-22533604-1 +csi-nfs-node-dr4s4 3/3 Running 0 35s 10.240.0.4 k8s-agentpool-22533604-0 +``` + +### clean up NFS CSI driver + - Option#1. remote uninstall +```console +curl -skSL https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/v4.2.0/deploy/uninstall-driver.sh | bash -s v4.2.0 -- +``` + + - Option#2. local uninstall +```console +git clone https://github.com/kubernetes-csi/csi-driver-nfs.git +cd csi-driver-nfs +git checkout v4.2.0 +./deploy/uninstall-driver.sh v4.2.0 local +``` diff --git a/docs/install-nfs-csi-driver.md b/docs/install-nfs-csi-driver.md index 59af8c66..ea3ada03 100644 --- a/docs/install-nfs-csi-driver.md +++ b/docs/install-nfs-csi-driver.md @@ -1,6 +1,6 @@ ## Install NFS CSI driver on a Kubernetes cluster - [install CSI driver master version](./install-csi-driver-master.md)(only for testing purpose) + - [install CSI driver v4.2.0 version](./install-csi-driver-v4.2.0.md) - [install CSI driver v4.1.0 version](./install-csi-driver-v4.1.0.md) - [install CSI driver v4.0.0 version](./install-csi-driver-v4.0.0.md) - - [install CSI driver v3.1.0 version](./install-csi-driver-v3.1.0.md)