Merge pull request #13 from chakri-nelluri/nfs

Add NFS deployment files

pkg/nfs/README.md

@@ -1,14 +1,40 @@
 # CSI NFS driver
 
-## Usage:
+
+## Kubernetes
+### Requirements
+
+The folllowing feature gates and runtime config have to be enabled to deploy the driver
+
+```
+FEATURE_GATES=CSIPersistentVolume=true,MountPropagation=true
+RUNTIME_CONFIG="storage.k8s.io/v1alpha1=true"
+```
+
+Mountprogpation requries support for privileged containers. So, make sure privileged containers are enabled in the cluster.
+
+### Example local-up-cluster.sh
+
+```ALLOW_PRIVILEGED=true FEATURE_GATES=CSIPersistentVolume=true,MountPropagation=true RUNTIME_CONFIG="storage.k8s.io/v1alpha1=true" LOG_LEVEL=5 hack/local-up-cluster.sh```
+
+### Deploy
+
+```kubectl -f deploy/kubernetes create```
+
+### Example Nginx application
+Please update the NFS Server & share information in nginx.yaml file.
+
+```kubectl -f examples/kubernetes/nginx.yaml create```
+
+## Using CSC tool
 
 ### Start NFS driver
 ```
 $ sudo ../_output/nfsdriver --endpoint tcp://127.0.0.1:10000 --nodeid CSINode
 ```
 
-### Test using csc
-Get ```csc``` tool from https://github.com/chakri-nelluri/gocsi/tree/master/csc
+## Test
+Get ```csc``` tool from https://github.com/thecodeteam/gocsi/tree/master/csc
 
 #### Get plugin info
 ```

pkg/nfs/deploy/kubernetes/csi-attacher-nfsplugin.yaml

@@ -0,0 +1,64 @@
+# This YAML file contains attacher & csi driver API objects that are necessary
+# to run external CSI attacher for nfs
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: csi-attacher-nfsplugin
+  labels:
+    app: csi-attacher-nfsplugin
+spec:
+  selector:
+    app: csi-attacher-nfsplugin
+  ports:
+    - name: dummy
+      port: 12345
+
+---
+kind: StatefulSet
+apiVersion: apps/v1beta1
+metadata:
+  name: csi-attacher-nfsplugin
+spec:
+  serviceName: "csi-attacher"
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: csi-attacher-nfsplugin
+    spec:
+      serviceAccount: csi-attacher
+      containers:
+        - name: csi-attacher
+          image: docker.io/k8scsi/csi-attacher
+          args:
+            - "--v=5"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: /var/lib/csi/sockets/pluginproxy/csi.sock
+          imagePullPolicy: "IfNotPresent"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy/
+
+        - name: nfs
+          image: docker.io/k8s/nfsplugin:v0.1
+          args :
+            - "--nodeid=$(NODE_ID)"
+            - "--endpoint=$(CSI_ENDPOINT)"
+          env:
+            - name: NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: CSI_ENDPOINT
+              value: unix://plugin/csi.sock
+          imagePullPolicy: "IfNotPresent"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /plugin
+      volumes:
+        - name: socket-dir
+          emptyDir:
+

pkg/nfs/deploy/kubernetes/csi-attacher-rbac.yaml

@@ -0,0 +1,37 @@
+# This YAML file contains RBAC API objects that are necessary to run external
+# CSI attacher for nfs flex adapter
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-attacher
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: external-attacher-runner
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-attacher-role
+subjects:
+  - kind: ServiceAccount
+    name: csi-attacher
+    namespace: default
+roleRef:
+  kind: ClusterRole
+  name: external-attacher-runner
+  apiGroup: rbac.authorization.k8s.io

pkg/nfs/deploy/kubernetes/csi-nodeplugin-nfsplugin.yaml

@@ -0,0 +1,66 @@
+# This YAML file contains driver-registrar & csi driver nodeplugin API objects
+# that are necessary to run CSI nodeplugin for nfs
+kind: DaemonSet
+apiVersion: apps/v1beta2
+metadata:
+  name: csi-nodeplugin-nfsplugin
+spec:
+  selector:
+    matchLabels:
+      app: csi-nodeplugin-nfsplugin
+  template:
+    metadata:
+      labels:
+        app: csi-nodeplugin-nfsplugin
+    spec:
+      serviceAccount: csi-nodeplugin
+      hostNetwork: true
+      containers:
+        - name: driver-registrar
+          image: docker.io/k8scsi/driver-registrar
+          args:
+            - "--v=5"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: /plugin/csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /plugin
+        - name: nfs
+          securityContext:
+            privileged: true
+            capabilities:
+              add: ["SYS_ADMIN"]
+            allowPrivilegeEscalation: true
+          image: docker.io/k8s/nfsplugin:v0.1
+          args :
+            - "--nodeid=$(NODE_ID)"
+            - "--endpoint=$(CSI_ENDPOINT)"
+          env:
+            - name: NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: CSI_ENDPOINT
+              value: unix://plugin/csi.sock
+          imagePullPolicy: "IfNotPresent"
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /plugin
+            - name: pods-mount-dir
+              mountPath: /var/lib/kubelet/pods
+              mountPropagation: "Bidirectional"
+      volumes:
+        - name: plugin-dir
+          hostPath:
+            path: /var/lib/kubelet/plugins/csi-nfsplugin
+            type: DirectoryOrCreate
+        - name: pods-mount-dir
+          hostPath:
+            path: /var/lib/kubelet/pods
+            type: Directory

pkg/nfs/deploy/kubernetes/csi-nodeplugin-rbac.yaml

@@ -0,0 +1,34 @@
+# This YAML defines all API objects to create RBAC roles for CSI node plugin
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-nodeplugin
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-nodeplugin
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-nodeplugin
+subjects:
+  - kind: ServiceAccount
+    name: csi-nodeplugin
+    namespace: default
+roleRef:
+  kind: ClusterRole
+  name: csi-nodeplugin
+  apiGroup: rbac.authorization.k8s.io

pkg/nfs/dockerfile/Dockerfile

@@ -0,0 +1,8 @@
+FROM centos:7.4.1708
+
+# Copy nfsplugin from build _output directory
+COPY nfsplugin /nfsplugin
+
+RUN yum -y install nfs-utils && yum -y install epel-release && yum -y install jq && yum clean all
+
+ENTRYPOINT ["/nfsplugin"]

pkg/nfs/driver.go

@@ -35,7 +35,7 @@ type driver struct {
 }
 
 const (
-	driverName = "NFS"
+	driverName = "csi-nfsplugin"
 )
 
 var (
@@ -70,5 +70,8 @@ func NewNodeServer(d *driver) *nodeServer {
 }
 
 func (d *driver) Run() {
-	csicommon.RunNodePublishServer(d.endpoint, d.csiDriver, NewNodeServer(d))
+	csicommon.Serve(d.endpoint,
+		csicommon.NewDefaultIdentityServer(d.csiDriver),
+			csicommon.NewDefaultControllerServer(d.csiDriver),
+				NewNodeServer(d))
 }

pkg/nfs/examples/kubernetes/nginx.yaml

@@ -0,0 +1,52 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: data-nfsplugin
+  labels:
+    name: data-nfsplugin
+  annotations:
+    csi.volume.kubernetes.io/volume-attributes: '{"server": "10.10.10.10", "share": "share"}'
+spec:
+  accessModes:
+  - ReadWriteOnce
+  capacity:
+    storage: 100Gi
+  csi:
+    driver: csi-nfsplugin
+    volumeHandle: data-id
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: data-nfsplugin
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+  selector:
+    matchExpressions:
+    - key: name
+      operator: In
+      values: ["data-nfsplugin"]
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx 
+spec:
+  containers:
+  - image: maersk/nginx
+    imagePullPolicy: Always
+    name: nginx
+    ports:
+    - containerPort: 80
+      protocol: TCP
+    volumeMounts:
+      - mountPath: /var/www
+        name: data-nfsplugin 
+  volumes:
+  - name: data-nfsplugin
+    persistentVolumeClaim:
+      claimName: data-nfsplugin