Implement dynamic provisioning for FSx for Lustre PV (#14)

* Add unit test * Add sanity tests * Update makefile for building and pushing docker image * Update controller manifest with external provisioner with secrets
kubernetes-sigs · Feb 7, 2019 · 1cf0007 · 1cf0007
1 parent 8718773
commit 1cf0007
Show file tree

Hide file tree

Showing 23 changed files with 1,781 additions and 159 deletions.
diff --git a/Makefile b/Makefile
@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+IMAGE=chengpan/aws-fsx-csi-driver
 VERSION=0.1.0
 
 .PHONY: aws-fsx-csi-driver
@@ -22,3 +23,16 @@ aws-fsx-csi-driver:
 .PHONY: test
 test:
 	go test -v -race ./pkg/...
+
+.PHONY: test-sanity
+test-sanity:
+	go test -v ./tests/sanity/...
+
+.PHONY: image
+image:
+	docker build -t $(IMAGE):testing .
+
+.PHONY: push
+push:
+	docker push $(IMAGE):testing
+
diff --git a/deploy/kubernetes/controller.yaml b/deploy/kubernetes/controller.yaml
@@ -6,11 +6,44 @@ metadata:
 
 ---
 
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: external-provisioner-role
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+
+---
+
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-provisioner-binding
+subjects:
+  - kind: ServiceAccount
+    name: csi-controller-sa
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: external-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+
+---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: external-attacher-role
-  namespace: default
 rules:
   - apiGroups: [""]
     resources: ["persistentvolumes"]
@@ -27,8 +60,7 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: csi-attacher-role
-  namespace: default
+  name: csi-attacher-binding
 subjects:
   - kind: ServiceAccount
     name: csi-controller-sa
@@ -69,6 +101,30 @@ spec:
           env:
             - name: CSI_ENDPOINT
               value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: aws-secret
+                  key: key_id
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: aws-secret
+                  key: access_key
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy/
+        - name: csi-provisioner
+          image: quay.io/k8scsi/csi-provisioner:v0.4.1
+          imagePullPolicy: Always
+          args:
+            - --provisioner=fsx.csi.aws.com
+            - --csi-address=$(ADDRESS)
+            - --connection-timeout=5m
+            - --v=5
+          env:
+            - name: ADDRESS
+              value: /var/lib/csi/sockets/pluginproxy/csi.sock
           volumeMounts:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/

diff --git a/examples/kubernetes/dynamic_provisioning/claim.yaml b/examples/kubernetes/dynamic_provisioning/claim.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: fsx-claim
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: fsx-sc
+  resources:
+    requests:
+      storage: 5Gi
diff --git a/examples/kubernetes/dynamic_provisioning/pod.yaml b/examples/kubernetes/dynamic_provisioning/pod.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: fsx-app
+spec:
+  containers:
+  - name: app
+    image: centos
+    command: ["/bin/sh"]
+    args: ["-c", "while true; do echo $(date -u) >> /data/out.txt; sleep 5; done"]
+    volumeMounts:
+    - name: persistent-storage
+      mountPath: /data
+  volumes:
+  - name: persistent-storage
+    persistentVolumeClaim:
+      claimName: fsx-claim
diff --git a/examples/kubernetes/dynamic_provisioning/storageclass.yaml b/examples/kubernetes/dynamic_provisioning/storageclass.yaml
@@ -0,0 +1,8 @@
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: fsx-sc
+provisioner: fsx.csi.aws.com
+parameters:
+  subnetId: subnet-056da83524edbe641
+  securityGroupIds: sg-086f61ea73388fb6b
diff --git a/go.mod b/go.mod
@@ -3,10 +3,19 @@ module github.com/kubernetes-sigs/aws-fsx-csi-driver
 require (
 	github.com/aws/aws-sdk-go v1.16.5
 	github.com/container-storage-interface/spec v0.3.0
+	github.com/davecgh/go-spew v1.1.0 // indirect
 	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 	github.com/golang/mock v1.2.0
-	github.com/golangci/golangci-lint v1.12.5 // indirect
+	github.com/golang/protobuf v1.2.0
+	github.com/kubernetes-csi/csi-test v0.3.0-2
+	github.com/onsi/ginkgo v1.7.0
+	github.com/onsi/gomega v1.4.3
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/spf13/afero v1.1.0 // indirect
+	github.com/stretchr/testify v1.2.1 // indirect
+	golang.org/x/net v0.0.0-20180906233101-161cd47e91fd
 	google.golang.org/grpc v1.16.0
+	k8s.io/apimachinery v0.0.0-20190205091131-4b4ea28f2790
 	k8s.io/klog v0.1.0 // indirect
 	k8s.io/kubernetes v1.13.1
 	k8s.io/utils v0.0.0-20181115163542-0d26856f57b3 // indirect