deployment enhancements

README.md

@@ -8,46 +8,62 @@ This repository hosts the CSI Hostpath driver and all of its build and dependent
 - Access to terminal with `kubectl` installed
 
 ## Deployment
-The easiest way to test the Hostpath driver is to run `deploy/deploy-hostpath.sh` script as shown:
+The easiest way to test the Hostpath driver is to run the `deploy-hostpath.sh` script for the Kubernetes version used by
+the cluster as shown below for Kubernetes 1.13. This creates the deployment that is maintained specifically for that
+release of Kubernetes. However, other deployments may also work. For details see the individual READMEs.
 
 ```shell
-$ deploy/deploy-hostpath.sh
+$ deploy/kubernetes-1.13/deploy-hostpath.sh
 ```
 
 You should see an output similar to the following printed on the terminal showing the application of rbac rules and the result of deploying the hostpath driver, external provisioner, external attacher and snapshotter components:
 
 ```shell
 applying RBAC rules
+kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-provisioner/v1.0.1/deploy/kubernetes/rbac.yaml
 serviceaccount/csi-provisioner created
 clusterrole.rbac.authorization.k8s.io/external-provisioner-runner created
 clusterrolebinding.rbac.authorization.k8s.io/csi-provisioner-role created
 role.rbac.authorization.k8s.io/external-provisioner-cfg created
 rolebinding.rbac.authorization.k8s.io/csi-provisioner-role-cfg created
+kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-attacher/v1.0.1/deploy/kubernetes/rbac.yaml
 serviceaccount/csi-attacher created
 clusterrole.rbac.authorization.k8s.io/external-attacher-runner created
 clusterrolebinding.rbac.authorization.k8s.io/csi-attacher-role created
 role.rbac.authorization.k8s.io/external-attacher-cfg created
 rolebinding.rbac.authorization.k8s.io/csi-attacher-role-cfg created
+kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/v1.0.1/deploy/kubernetes/rbac.yaml
 serviceaccount/csi-snapshotter created
 clusterrole.rbac.authorization.k8s.io/external-snapshotter-runner created
 clusterrolebinding.rbac.authorization.k8s.io/csi-snapshotter-role created
 deploying hostpath components
+   deploy/kubernetes-1.13/hostpath/csi-hostpath-attacher.yaml
+        using           image: quay.io/k8scsi/csi-attacher:v1.0.1
 service/csi-hostpath-attacher created
 statefulset.apps/csi-hostpath-attacher created
+   deploy/kubernetes-1.13/hostpath/csi-hostpath-plugin.yaml
+        using           image: quay.io/k8scsi/csi-node-driver-registrar:v1.0.2
+        using           image: quay.io/k8scsi/hostpathplugin:v1.0.1
+        using           image: quay.io/k8scsi/livenessprobe:v1.0.2
+service/csi-hostpathplugin created
 statefulset.apps/csi-hostpathplugin created
+   deploy/kubernetes-1.13/hostpath/csi-hostpath-provisioner.yaml
+        using           image: quay.io/k8scsi/csi-provisioner:v1.0.1
 service/csi-hostpath-provisioner created
 statefulset.apps/csi-hostpath-provisioner created
-deploying snapshotter
-volumesnapshotclass.snapshot.storage.k8s.io/csi-hostpath-snapclass created
+   deploy/kubernetes-1.13/hostpath/csi-hostpath-snapshotter.yaml
+        using           image: quay.io/k8scsi/csi-snapshotter:v1.0.1
 service/csi-hostpath-snapshotter created
 statefulset.apps/csi-hostpath-snapshotter created
+   deploy/kubernetes-1.13/hostpath/csi-hostpath-testing.yaml
+        using           image: alpine/socat:1.0.3
+service/hostpath-service created
+statefulset.apps/csi-hostpath-socat created
+23:16:10 waiting for hostpath deployment to complete, attempt #0
+deploying snapshotclass
+volumesnapshotclass.snapshot.storage.k8s.io/csi-hostpath-snapclass created
 ```
 
-The script can also install CRDs that are needed for alpha features,
-but as this is something that should be done by the cluster
-provisioning tool it is disabled in the script by default. For this
-and other customizations see the source code of the deploy script.
-
 The [livenessprobe side-container](https://github.com/kubernetes-csi/livenessprobe) provided by the CSI community is deployed with the CSI driver to provide the liveness checking of the CSI services.
 
 ## Run example application and validate

deploy/kubernetes-1.13/README.md

@@ -0,0 +1,7 @@
+The deployment for Kubernetes 1.13 uses CSI 1.0 and thus is
+incompatible with older Kubernetes releases.
+
+The sidecar images rely on the CRDs for CSIDriverInfo and CSINodeInfo,
+which were replaced with builtin APIs in Kubernetes 1.14. They can be
+deployed on Kubernetes 1.14 if the CRDs are installed, but features
+relying on these CRDs (like topology) are unlikely to work.

deploy/kubernetes-1.13/deploy-hostpath.sh

@@ -0,0 +1 @@
+../util/deploy-hostpath.sh

deploy/hostpath/csi-hostpath-attacher.yaml → deploy/kubernetes-1.13/hostpath/csi-hostpath-attacher.yaml

@@ -41,13 +41,9 @@ spec:
       containers:
         - name: csi-attacher
           image: quay.io/k8scsi/csi-attacher:v1.0.1
-          imagePullPolicy: Always
           args:
             - --v=5
-            - --csi-address=$(ADDRESS)
-          env:
-            - name: ADDRESS
-              value: /csi/csi.sock
+            - --csi-address=/csi/csi.sock
           volumeMounts:
           - mountPath: /csi
             name: socket-dir

deploy/hostpath/csi-hostpath-plugin.yaml → deploy/kubernetes-1.13/hostpath/csi-hostpath-plugin.yaml

@@ -38,7 +38,6 @@ spec:
       containers:
         - name: node-driver-registrar
           image: quay.io/k8scsi/csi-node-driver-registrar:v1.0.2
-          imagePullPolicy: Always
           lifecycle:
             preStop:
               exec:
@@ -77,7 +76,6 @@ spec:
                 fieldRef:
                   apiVersion: v1
                   fieldPath: spec.nodeName
-          imagePullPolicy: Always
           securityContext:
             privileged: true
           ports:

deploy/hostpath/csi-hostpath-provisioner.yaml → deploy/kubernetes-1.13/hostpath/csi-hostpath-provisioner.yaml

@@ -42,13 +42,9 @@ spec:
         - name: csi-provisioner
           image: quay.io/k8scsi/csi-provisioner:v1.0.1
           args:
-            - "--provisioner=csi-hostpath"
-            - "--csi-address=$(ADDRESS)"
-            - "--connection-timeout=15s"
-          env:
-            - name: ADDRESS
-              value: /csi/csi.sock
-          imagePullPolicy: Always
+            - -v=5
+            - --csi-address=/csi/csi.sock
+            - --connection-timeout=15s
           volumeMounts:
             - mountPath: /csi
               name: socket-dir

deploy/snapshotter/csi-hostpath-snapshotter.yaml → deploy/kubernetes-1.13/hostpath/csi-hostpath-snapshotter.yaml

@@ -42,12 +42,9 @@ spec:
         - name: csi-snapshotter
           image: quay.io/k8scsi/csi-snapshotter:v1.0.1
           args:
-            - "--csi-address=$(ADDRESS)"
-            - "--connection-timeout=15s"
-          env:
-            - name: ADDRESS
-              value: /csi/csi.sock
-          imagePullPolicy: Always
+            - -v=5
+            - --csi-address=/csi/csi.sock
+            - --connection-timeout=15s
           volumeMounts:
             - mountPath: /csi
               name: socket-dir

deploy/kubernetes-1.13/hostpath/csi-hostpath-testing.yaml

@@ -0,0 +1,59 @@
+# WARNING: this is only for testing purposes. Do not install in a production
+# cluster.
+#
+# This exposes the hostpath's Unix domain csi.sock as a TCP port to the
+# outside world. The mapping from Unix domain socket to TCP is done
+# by socat.
+#
+# This is useful for testing with csi-sanity or csc.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: hostpath-service
+spec:
+  type: NodePort
+  selector:
+    app: csi-hostpath-socat
+  ports:
+  - port: 10000 # fixed port inside the pod, dynamically allocated port outside
+---
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: csi-hostpath-socat
+spec:
+  serviceName: "csi-hostpath-socat"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: csi-hostpath-socat
+  template:
+    metadata:
+      labels:
+        app: csi-hostpath-socat
+    spec:
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - csi-hostpathplugin
+            topologyKey: kubernetes.io/hostname
+      containers:
+        - name: socat
+          image: alpine/socat:1.0.3
+          args:
+            - tcp-listen:10000,fork,reuseaddr
+            - unix-connect:/csi/csi.sock
+          volumeMounts:
+          - mountPath: /csi
+            name: socket-dir
+      volumes:
+        - hostPath:
+            path: /var/lib/kubelet/plugins/csi-hostpath
+            type: DirectoryOrCreate
+          name: socket-dir

deploy/kubernetes-1.14

@@ -0,0 +1 @@
+master

deploy/kubernetes-latest

@@ -0,0 +1 @@
+kubernetes-1.14

deploy/master/README.md

@@ -0,0 +1,11 @@
+The deployment for master uses CSI 1.0 and thus is incompatible with
+Kubernetes < 1.13.
+
+It uses the APIs for CSIDriverInfo and CSINodeInfo that were
+introduced in Kubernetes 1.14, so features depending on those (like
+topology) will not work on Kubernetes 1.13. But because this example
+deployment does not enable those features, it can run on Kubernetes
+1.13.
+
+WARNING: this example uses the "canary" images. It can break at any
+time.

deploy/master/deploy-hostpath.sh

@@ -0,0 +1 @@
+../util/deploy-hostpath.sh

deploy/master/hostpath/csi-hostpath-attacher.yaml

@@ -0,0 +1,55 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: csi-hostpath-attacher
+  labels:
+    app: csi-hostpath-attacher
+spec:
+  selector:
+    app: csi-hostpath-attacher
+  ports:
+    - name: dummy
+      port: 12345
+
+---
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: csi-hostpath-attacher
+spec:
+  serviceName: "csi-hostpath-attacher"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: csi-hostpath-attacher
+  template:
+    metadata:
+      labels:
+        app: csi-hostpath-attacher
+    spec:
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - csi-hostpathplugin
+            topologyKey: kubernetes.io/hostname
+      serviceAccountName: csi-attacher
+      containers:
+        - name: csi-attacher
+          image: quay.io/k8scsi/csi-attacher:canary # TODO: replace with released version
+          args:
+            - --v=5
+            - --csi-address=/csi/csi.sock
+          volumeMounts:
+          - mountPath: /csi
+            name: socket-dir
+
+      volumes:
+        - hostPath:
+            path: /var/lib/kubelet/plugins/csi-hostpath
+            type: DirectoryOrCreate
+          name: socket-dir