Merge pull request #206 from andyzhangx/fsgrouppolicy
feat: support fsGroupPolicy feature
This commit is contained in:
Andy Zhang
GitHub
commit
d5d8a80c76
11
Makefile
11
Makefile
@ -42,6 +42,9 @@ REGISTRY_NAME ?= $(shell echo $(REGISTRY) | sed "s/.azurecr.io//g")
|
|||||||
IMAGE_TAG = $(REGISTRY)/$(IMAGENAME):$(IMAGE_VERSION)
|
IMAGE_TAG = $(REGISTRY)/$(IMAGENAME):$(IMAGE_VERSION)
|
||||||
IMAGE_TAG_LATEST = $(REGISTRY)/$(IMAGENAME):latest
|
IMAGE_TAG_LATEST = $(REGISTRY)/$(IMAGENAME):latest
|
||||||
|
|
||||||
|
E2E_HELM_OPTIONS ?= --set image.nfs.repository=$(REGISTRY)/$(IMAGENAME) --set image.nfs.tag=$(IMAGE_VERSION) --set image.nfs.pullPolicy=Always
|
||||||
|
E2E_HELM_OPTIONS += ${EXTRA_HELM_OPTIONS}
|
||||||
|
|
||||||
all: nfs
|
all: nfs
|
||||||
|
|
||||||
.PHONY: verify
|
.PHONY: verify
|
||||||
@ -112,11 +115,9 @@ install-helm:
|
|||||||
e2e-bootstrap: install-helm
|
e2e-bootstrap: install-helm
|
||||||
docker pull $(IMAGE_TAG) || make container push
|
docker pull $(IMAGE_TAG) || make container push
|
||||||
helm install csi-driver-nfs ./charts/latest/csi-driver-nfs --namespace kube-system --wait --timeout=15m -v=5 --debug \
|
helm install csi-driver-nfs ./charts/latest/csi-driver-nfs --namespace kube-system --wait --timeout=15m -v=5 --debug \
|
||||||
--set image.nfs.repository=$(REGISTRY)/$(IMAGENAME) \
|
${E2E_HELM_OPTIONS} \
|
||||||
--set image.nfs.tag=$(IMAGE_VERSION) \
|
--set controller.logLevel=8 \
|
||||||
--set image.nfs.pullPolicy=Always
|
--set node.logLevel=8
|
||||||
--set controller.logLevel=8
|
|
||||||
--set node.logLevel=8
|
|
||||||
|
|
||||||
.PHONY: e2e-teardown
|
.PHONY: e2e-teardown
|
||||||
e2e-teardown:
|
e2e-teardown:
|
||||||
|
|||||||
@ -3,6 +3,11 @@
|
|||||||
## Prerequisites
|
## Prerequisites
|
||||||
- [install Helm](https://helm.sh/docs/intro/quickstart/#install-helm)
|
- [install Helm](https://helm.sh/docs/intro/quickstart/#install-helm)
|
||||||
|
|
||||||
|
### Tips
|
||||||
|
- `--set controller.runOnMaster=true` could make csi-nfs-controller only run on master node
|
||||||
|
- `--set feature.enableFSGroupPolicy=true` could enable `fsGroupPolicy` on a k8s 1.20+ cluster
|
||||||
|
- `--set controller.replicas=1` could set replica of csi-nfs-controller as `1`
|
||||||
|
|
||||||
## install latest version
|
## install latest version
|
||||||
```console
|
```console
|
||||||
helm repo add csi-driver-nfs https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
|
helm repo add csi-driver-nfs https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
|
||||||
@ -31,6 +36,7 @@ The following table lists the configurable parameters of the latest NFS CSI Driv
|
|||||||
|
|
||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
|---------------------------------------------------|------------------------------------------------------------|-------------------------------------------------------------------|
|
|---------------------------------------------------|------------------------------------------------------------|-------------------------------------------------------------------|
|
||||||
|
| `feature.enableFSGroupPolicy` | enable `fsGroupPolicy` on a k8s 1.20+ cluster | `false` |
|
||||||
| `image.nfs.repository` | csi-driver-nfs docker image | gcr.io/k8s-staging-sig-storage/nfsplugin |
|
| `image.nfs.repository` | csi-driver-nfs docker image | gcr.io/k8s-staging-sig-storage/nfsplugin |
|
||||||
| `image.nfs.tag` | csi-driver-nfs docker image tag | amd64-linux-canary |
|
| `image.nfs.tag` | csi-driver-nfs docker image tag | amd64-linux-canary |
|
||||||
| `image.nfs.pullPolicy` | csi-driver-nfs image pull policy | IfNotPresent |
|
| `image.nfs.pullPolicy` | csi-driver-nfs image pull policy | IfNotPresent |
|
||||||
|
|||||||
Binary file not shown.
@ -6,3 +6,6 @@ spec:
|
|||||||
attachRequired: false
|
attachRequired: false
|
||||||
volumeLifecycleModes:
|
volumeLifecycleModes:
|
||||||
- Persistent
|
- Persistent
|
||||||
|
{{- if .Values.feature.enableFSGroupPolicy}}
|
||||||
|
fsGroupPolicy: File
|
||||||
|
{{- end}}
|
||||||
|
|||||||
@ -29,6 +29,9 @@ node:
|
|||||||
livenessProbe:
|
livenessProbe:
|
||||||
healthPort: 29653
|
healthPort: 29653
|
||||||
|
|
||||||
|
feature:
|
||||||
|
enableFSGroupPolicy: false
|
||||||
|
|
||||||
## Reference to one or more secrets to be used when pulling images
|
## Reference to one or more secrets to be used when pulling images
|
||||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||||
##
|
##
|
||||||
|
|||||||
@ -28,7 +28,10 @@ setup_e2e_binaries() {
|
|||||||
curl -sL https://storage.googleapis.com/kubernetes-release/release/v1.21.0/kubernetes-test-linux-amd64.tar.gz --output e2e-tests.tar.gz
|
curl -sL https://storage.googleapis.com/kubernetes-release/release/v1.21.0/kubernetes-test-linux-amd64.tar.gz --output e2e-tests.tar.gz
|
||||||
tar -xvf e2e-tests.tar.gz && rm e2e-tests.tar.gz
|
tar -xvf e2e-tests.tar.gz && rm e2e-tests.tar.gz
|
||||||
|
|
||||||
# install the csi driver nfs
|
# enable fsGroupPolicy (only available from k8s 1.20)
|
||||||
|
export EXTRA_HELM_OPTIONS="--set feature.enableFSGroupPolicy=true"
|
||||||
|
|
||||||
|
# install csi driver
|
||||||
mkdir -p /tmp/csi && cp deploy/example/storageclass-nfs.yaml /tmp/csi/storageclass.yaml
|
mkdir -p /tmp/csi && cp deploy/example/storageclass-nfs.yaml /tmp/csi/storageclass.yaml
|
||||||
make e2e-bootstrap
|
make e2e-bootstrap
|
||||||
make install-nfs-server
|
make install-nfs-server
|
||||||
|
|||||||
@ -10,3 +10,4 @@ DriverInfo:
|
|||||||
exec: true
|
exec: true
|
||||||
multipods: true
|
multipods: true
|
||||||
RWX: true
|
RWX: true
|
||||||
|
fsGroup: true
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user