-
Notifications
You must be signed in to change notification settings - Fork 20
/
csi-beegfs-node.yaml
156 lines (154 loc) · 5.8 KB
/
csi-beegfs-node.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# Copyright 2021 NetApp, Inc. All Rights Reserved.
# Licensed under the Apache License, Version 2.0.
# Do not modify this file. Changes may be overwritten in subsequent driver versions.
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: csi-beegfs-node
spec:
selector:
matchLabels:
app: csi-beegfs-node
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: beegfs
labels:
app: csi-beegfs-node
spec:
serviceAccountName: csi-beegfs-node-sa
hostNetwork: true # Required to find an available connClientPortUDP on the host.
containers:
- name: node-driver-registrar
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0
args:
- --csi-address=/csi/csi.sock
- --kubelet-registration-path=/var/lib/kubelet/plugins/beegfs.csi.netapp.com/csi.sock
- -v=$(LOG_LEVEL)
env:
- name: LOG_LEVEL
value: "3"
securityContext:
# On SELinux enabled systems, a non-privileged sidecar container cannot access the unix domain socket
# created by the privileged driver container.
privileged: true
volumeMounts:
- mountPath: /csi
name: socket-dir
- mountPath: /registration
name: registration-dir
resources:
limits:
memory: 128Mi
requests:
cpu: 80m
memory: 10Mi
- name: beegfs
image: ghcr.io/thinkparq/beegfs-csi-driver:v1.6.0
args:
- --driver-name=beegfs.csi.netapp.com
- --node-id=$(KUBE_NODE_NAME)
- --endpoint=unix://csi/csi.sock
- --config-path=/csi/config/csi-beegfs-config.yaml
- --connauth-path=/csi/connauth/csi-beegfs-connauth.yaml
- -v=$(LOG_LEVEL)
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: LOG_LEVEL
value: "3"
securityContext:
# Privileged is required for bidirectional mount propagation and to run the mount command.
# Adding the SYS_ADMIN capability is insufficient in certain environments (e.g. when AppArmor is enabled).
privileged: true
ports:
- containerPort: 9898
hostPort: 9898 # Must be same as containerPort when hostNetwork=true.
name: healthz
protocol: TCP
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
periodSeconds: 2
successThreshold: 1
timeoutSeconds: 3
volumeMounts:
- mountPath: /host
mountPropagation: Bidirectional
name: host-dir
readOnly: true # We should NOT write arbitrarily to the host filesystem.
# Because we chwrap mount/umount, we must propagate the container's /host mounts to the node.
- mountPath: /var/lib/kubelet/pods
# We must know whether a directory is a mount point in order to decide how to handle it.
mountPropagation: HostToContainer
name: pods-mount-dir
- mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi
# We must know whether a directory is a mount point in order to decide how to handle it.
mountPropagation: HostToContainer
name: plugins-mount-dir
- mountPath: /csi
name: socket-dir
- mountPath: /csi/config
name: config-dir
- mountPath: /csi/connauth
name: connauth-dir
resources:
limits:
memory: 128Mi
requests:
cpu: 100m
memory: 20Mi
- name: liveness-probe
volumeMounts:
- mountPath: /csi
name: socket-dir
image: registry.k8s.io/sig-storage/livenessprobe:v2.10.0
args:
- --csi-address=/csi/csi.sock
- --health-port=9898
resources:
limits:
memory: 128Mi
requests:
cpu: 60m
memory: 20Mi
volumes:
# The plugin uses host-dir and chwrap to execute binaries installed on the host itself.
- hostPath:
path: /
type: Directory
name: host-dir
# Kubernetes mounts pod volumes at locations like
# /var/lib/kubelet/pods/########-####-####-####-############/volumes/kubernetes.io~csi/pvc-########/mount.
- hostPath:
path: /var/lib/kubelet/pods
type: DirectoryOrCreate
name: pods-mount-dir
# Kubernetes mounts global volumes at locations like
# /var/lib/kubelet/plugins/kubernetes.io/csi/pv/pvc-########/globalmount.
- hostPath:
path: /var/lib/kubelet/plugins/kubernetes.io/csi
type: DirectoryOrCreate
name: plugins-mount-dir
- hostPath:
path: /var/lib/kubelet/plugins_registry
type: Directory
name: registration-dir
# The node services creates its socket in this directory. This is the same directory the controller service
# (csi-beegfs-controller.yaml) stores client configuration files inside.
- hostPath:
path: /var/lib/kubelet/plugins/beegfs.csi.netapp.com
type: DirectoryOrCreate
name: socket-dir
- configMap:
name: csi-beegfs-config # kustomized
name: config-dir
- secret:
secretName: csi-beegfs-connauth # kustomized
name: connauth-dir