Permalink
Cannot retrieve contributors at this time
# Copyright 2018 DigitalOcean | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
# Configuration to deploy release version of the CSI DigitalOcean | |
# plugin (https://github.com/digitalocean/csi-digitalocean) compatible with | |
# Kubernetes >=v1.10 | |
# | |
# example usage: kubectl create -f <this_file> | |
--- | |
kind: StorageClass | |
apiVersion: storage.k8s.io/v1 | |
metadata: | |
name: do-block-storage | |
namespace: kube-system | |
annotations: | |
storageclass.kubernetes.io/is-default-class: "true" | |
provisioner: com.digitalocean.csi.dobs | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: csi-attacher | |
namespace: kube-system | |
--- | |
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: external-attacher-runner | |
namespace: kube-system | |
rules: | |
- apiGroups: [""] | |
resources: ["secrets"] | |
verbs: ["get", "list"] | |
- apiGroups: [""] | |
resources: ["events"] | |
verbs: ["get", "list", "watch", "update"] | |
- apiGroups: [""] | |
resources: ["persistentvolumes"] | |
verbs: ["get", "list", "watch", "update"] | |
- apiGroups: [""] | |
resources: ["nodes"] | |
verbs: ["get", "list", "watch"] | |
- apiGroups: ["storage.k8s.io"] | |
resources: ["volumeattachments"] | |
verbs: ["get", "list", "watch", "update"] | |
--- | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: csi-attacher-role | |
namespace: kube-system | |
subjects: | |
- kind: ServiceAccount | |
name: csi-attacher | |
namespace: kube-system | |
roleRef: | |
kind: ClusterRole | |
name: external-attacher-runner | |
apiGroup: rbac.authorization.k8s.io | |
--- | |
# needed for StatefulSet | |
kind: Service | |
apiVersion: v1 | |
metadata: | |
name: csi-attacher-doplugin | |
namespace: kube-system | |
labels: | |
app: csi-attacher-doplugin | |
spec: | |
selector: | |
app: csi-attacher-doplugin | |
ports: | |
- name: dummy | |
port: 12345 | |
--- | |
kind: StatefulSet | |
apiVersion: apps/v1beta1 | |
metadata: | |
name: csi-attacher-doplugin | |
namespace: kube-system | |
spec: | |
serviceName: "csi-attacher-doplugin" | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
app: csi-attacher-doplugin | |
spec: | |
serviceAccount: csi-attacher | |
containers: | |
- name: csi-attacher | |
image: quay.io/k8scsi/csi-attacher:v0.2.0 | |
args: | |
- "--v=5" | |
- "--csi-address=$(ADDRESS)" | |
env: | |
- name: ADDRESS | |
value: /var/lib/csi/sockets/pluginproxy/csi.sock | |
imagePullPolicy: "IfNotPresent" | |
volumeMounts: | |
- name: socket-dir | |
mountPath: /var/lib/csi/sockets/pluginproxy/ | |
- name: digitalocean-csi-plugin | |
image: digitalocean/do-csi-plugin:v0.1.1 | |
args : | |
- "--endpoint=$(CSI_ENDPOINT)" | |
- "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" | |
- "--url=$(DIGITALOCEAN_API_URL)" | |
env: | |
- name: CSI_ENDPOINT | |
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock | |
- name: DIGITALOCEAN_API_URL | |
value: https://api.digitalocean.com/ | |
- name: DIGITALOCEAN_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
name: digitalocean | |
key: access-token | |
imagePullPolicy: "IfNotPresent" | |
volumeMounts: | |
- name: socket-dir | |
mountPath: /var/lib/csi/sockets/pluginproxy/ | |
volumes: | |
- name: socket-dir | |
emptyDir: {} | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: csi-provisioner | |
namespace: kube-system | |
--- | |
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: external-provisioner-runner | |
namespace: kube-system | |
rules: | |
- apiGroups: [""] | |
resources: ["secrets"] | |
verbs: ["get", "list"] | |
- apiGroups: [""] | |
resources: ["persistentvolumes"] | |
verbs: ["get", "list", "watch", "create", "delete"] | |
- apiGroups: [""] | |
resources: ["persistentvolumeclaims"] | |
verbs: ["get", "list", "watch", "update"] | |
- apiGroups: ["storage.k8s.io"] | |
resources: ["storageclasses"] | |
verbs: ["get", "list", "watch"] | |
- apiGroups: [""] | |
resources: ["events"] | |
verbs: ["list", "watch", "create", "update", "patch"] | |
--- | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: csi-provisioner-role | |
namespace: kube-system | |
subjects: | |
- kind: ServiceAccount | |
name: csi-provisioner | |
namespace: kube-system | |
roleRef: | |
kind: ClusterRole | |
name: external-provisioner-runner | |
apiGroup: rbac.authorization.k8s.io | |
--- | |
# needed for StatefulSet | |
kind: Service | |
apiVersion: v1 | |
metadata: | |
name: csi-provisioner-doplugin | |
namespace: kube-system | |
labels: | |
app: csi-provisioner-doplugin | |
spec: | |
selector: | |
app: csi-provisioner-doplugin | |
ports: | |
- name: dummy | |
port: 12345 | |
--- | |
kind: StatefulSet | |
apiVersion: apps/v1beta1 | |
metadata: | |
name: csi-provisioner-doplugin | |
namespace: kube-system | |
spec: | |
serviceName: "csi-provisioner-doplugin" | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
app: csi-provisioner-doplugin | |
spec: | |
serviceAccount: csi-provisioner | |
containers: | |
- name: csi-provisioner | |
image: quay.io/k8scsi/csi-provisioner:v0.2.0 | |
args: | |
- "--provisioner=com.digitalocean.csi.dobs" | |
- "--csi-address=$(ADDRESS)" | |
- "--v=5" | |
env: | |
- name: ADDRESS | |
value: /var/lib/csi/sockets/pluginproxy/csi.sock | |
imagePullPolicy: "IfNotPresent" | |
volumeMounts: | |
- name: socket-dir | |
mountPath: /var/lib/csi/sockets/pluginproxy/ | |
- name: digitalocean-csi-plugin | |
image: digitalocean/do-csi-plugin:v0.1.1 | |
args : | |
- "--endpoint=$(CSI_ENDPOINT)" | |
- "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" | |
- "--url=$(DIGITALOCEAN_API_URL)" | |
env: | |
- name: CSI_ENDPOINT | |
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock | |
- name: DIGITALOCEAN_API_URL | |
value: https://api.digitalocean.com/ | |
- name: DIGITALOCEAN_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
name: digitalocean | |
key: access-token | |
imagePullPolicy: "IfNotPresent" | |
volumeMounts: | |
- name: socket-dir | |
mountPath: /var/lib/csi/sockets/pluginproxy/ | |
volumes: | |
- name: socket-dir | |
emptyDir: {} | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: csi-doplugin | |
namespace: kube-system | |
--- | |
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: csi-doplugin | |
namespace: kube-system | |
rules: | |
- apiGroups: [""] | |
resources: ["secrets"] | |
verbs: ["get", "list"] | |
- apiGroups: [""] | |
resources: ["nodes"] | |
verbs: ["get", "list", "update"] | |
- apiGroups: [""] | |
resources: ["namespaces"] | |
verbs: ["get", "list"] | |
- apiGroups: [""] | |
resources: ["persistentvolumes"] | |
verbs: ["get", "list", "watch", "update"] | |
- apiGroups: ["storage.k8s.io"] | |
resources: ["volumeattachments"] | |
verbs: ["get", "list", "watch", "update"] | |
--- | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: csi-doplugin | |
namespace: kube-system | |
subjects: | |
- kind: ServiceAccount | |
name: csi-doplugin | |
namespace: kube-system | |
roleRef: | |
kind: ClusterRole | |
name: csi-doplugin | |
apiGroup: rbac.authorization.k8s.io | |
--- | |
kind: DaemonSet | |
apiVersion: apps/v1beta2 | |
metadata: | |
name: csi-doplugin | |
namespace: kube-system | |
spec: | |
selector: | |
matchLabels: | |
app: csi-doplugin | |
template: | |
metadata: | |
labels: | |
app: csi-doplugin | |
spec: | |
serviceAccount: csi-doplugin | |
hostNetwork: true | |
containers: | |
- name: driver-registrar | |
image: quay.io/k8scsi/driver-registrar:v0.2.0 | |
args: | |
- "--v=5" | |
- "--csi-address=$(ADDRESS)" | |
env: | |
- name: ADDRESS | |
value: /csi/csi.sock | |
- name: KUBE_NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
volumeMounts: | |
- name: plugin-dir | |
mountPath: /csi/ | |
# TODO(arslan): the registrar is not implemented yet | |
# - name: registrar-socket-dir | |
# mountPath: /var/lib/csi/sockets/ | |
- name: csi-doplugin | |
securityContext: | |
privileged: true | |
capabilities: | |
add: ["SYS_ADMIN"] | |
allowPrivilegeEscalation: true | |
image: digitalocean/do-csi-plugin:v0.1.1 | |
args : | |
- "--endpoint=$(CSI_ENDPOINT)" | |
- "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" | |
- "--url=$(DIGITALOCEAN_API_URL)" | |
env: | |
- name: CSI_ENDPOINT | |
value: unix:///csi/csi.sock | |
- name: DIGITALOCEAN_API_URL | |
value: https://api.digitalocean.com/ | |
- name: DIGITALOCEAN_ACCESS_TOKEN | |
valueFrom: | |
secretKeyRef: | |
name: digitalocean | |
key: access-token | |
imagePullPolicy: "IfNotPresent" | |
volumeMounts: | |
- name: plugin-dir | |
mountPath: /csi | |
- name: pods-mount-dir | |
mountPath: /var/lib/kubelet | |
# needed so that any mounts setup inside this container are | |
# propagated back to the host machine. | |
mountPropagation: "Bidirectional" | |
- mountPath: /dev | |
name: device-dir | |
volumes: | |
# TODO(arslan): the registar is not implemented yet | |
#- name: registrar-socket-dir | |
# hostPath: | |
# path: /var/lib/kubelet/device-plugins/ | |
# type: DirectoryOrCreate | |
- name: plugin-dir | |
hostPath: | |
path: /var/lib/kubelet/plugins/com.digitalocean.csi.dobs | |
type: DirectoryOrCreate | |
- name: pods-mount-dir | |
hostPath: | |
path: /var/lib/kubelet | |
type: Directory | |
- name: device-dir | |
hostPath: | |
path: /dev |