diff --git a/Jenkinsfile b/Jenkinsfile index f4eb7981f..4d8c9ac00 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -189,15 +189,15 @@ pipeline { // (more tests, runs longer, thus gets to use the existing worker) stage('Testing') { parallel { - stage('1.24') { + stage('1.25') { steps { // Skip production, i.e. run testing. - TestInVM("", "", "fedora", "", "1.24", "Top.Level..[[:alpha:]]*-production[[:space:]]", "") + TestInVM("", "", "fedora", "", "1.25", "Top.Level..[[:alpha:]]*-production[[:space:]]", "") } } // When adding or removing coverage workers, update the "Code Coverage" step below! - stage('coverage-1.24') { + stage('coverage-1.25') { when { beforeAgent true not { changeRequest() } @@ -206,11 +206,23 @@ pipeline { label "pmem-csi" } steps { - TestInVM("fedora-coverage-1.24", "coverage-", "fedora", "", "1.24", "", "${env.COVERAGE_SKIP}") + TestInVM("fedora-coverage-1.25", "coverage-", "fedora", "", "1.25", "", "${env.COVERAGE_SKIP}") } } // All others set up their own worker. + stage('1.24') { + when { + beforeAgent true + not { changeRequest() } + } + agent { + label "pmem-csi" + } + steps { + TestInVM("fedora-1.24", "", "fedora", "", "1.24", "", "") + } + } stage('1.23') { when { beforeAgent true @@ -334,7 +346,7 @@ git push origin HEAD:master } steps { // Restore -coverage.out files. - unstash '1.24-coverage' + unstash '1.25-coverage' unstash '1.21-coverage' // Merge and convert to Cobertura XML. diff --git a/Makefile b/Makefile index 32cd8cf33..0900ae131 100644 --- a/Makefile +++ b/Makefile @@ -183,6 +183,7 @@ KUSTOMIZE_KUBERNETES_VERSIONS = \ 1.22 \ 1.23 \ 1.24 \ + 1.25 \ KUSTOMIZE += $(foreach version,$(KUSTOMIZE_KUBERNETES_VERSIONS),$(subst X.XX,$(version),$(KUSTOMIZE_KUBERNETES_OUTPUT))) diff --git a/deploy/kubernetes-1.25/direct/kustomization.yaml b/deploy/kubernetes-1.25/direct/kustomization.yaml new file mode 100644 index 000000000..b4145a62f --- /dev/null +++ b/deploy/kubernetes-1.25/direct/kustomization.yaml @@ -0,0 +1 @@ +resources: [ pmem-csi.yaml ] diff --git a/deploy/kubernetes-1.25/direct/pmem-csi.yaml b/deploy/kubernetes-1.25/direct/pmem-csi.yaml new file mode 100644 index 000000000..bb5841a52 --- /dev/null +++ b/deploy/kubernetes-1.25/direct/pmem-csi.yaml @@ -0,0 +1,728 @@ +# Generated with "make kustomize", do not edit! + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-external-provisioner-cfg + namespace: pmem-csi +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-webhooks-cfg + namespace: pmem-csi +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-external-provisioner-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-node-setup-runner +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-webhooks-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - patch + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-csi-provisioner-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-external-provisioner-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-node-openshift-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-webhooks-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-webhooks-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-csi-provisioner-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-external-provisioner-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-node-setup-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-node-setup-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-webhooks-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-webhooks-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-controller + namespace: pmem-csi +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + pmem-csi.intel.com/deployment: direct-production + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=webhooks + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -nodeSelector={"storage":"pmem"} + - -caFile= + - -certFile=/certs/tls.crt + - -keyFile=/certs/tls.key + - -schedulerListen=:8000 + - -metricsListen=:10010 + env: + - name: TERMINATION_LOG_PATH + value: /dev/termination-log + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 60 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /certs + name: webhook-cert + priorityClassName: system-cluster-critical + serviceAccountName: pmem-csi-intel-com-webhooks + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: webhook-cert + secret: + secretName: pmem-csi-intel-com-controller-secret +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-node + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + pmem-csi.intel.com/deployment: direct-production + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -deviceManager=direct + - -v=3 + - -logging-format=text + - -mode=node + - -endpoint=unix:///csi/csi.sock + - -nodeid=$(KUBE_NODE_NAME) + - -statePath=/var/lib/$(PMEM_CSI_DRIVER_NAME) + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -pmemPercentage=100 + - -metricsListen=:10010 + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 100m + memory: 250Mi + securityContext: + privileged: true + runAsUser: 0 + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: pods-dir + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/pmem-csi.intel.com + mountPropagation: Bidirectional + name: pmem-state-dir + - args: + - -v=3 + - --kubelet-registration-path=/var/lib/kubelet/plugins/$(PMEM_CSI_DRIVER_NAME)/csi.sock + - --csi-address=/csi/csi.sock + - --timeout=10s + env: + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1 + imagePullPolicy: IfNotPresent + name: driver-registrar + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - args: + - -v=3 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + - --node-deployment=true + - --strict-topology=true + - --immediate-topology=false + - --timeout=5m + - --default-fstype=ext4 + - --worker-threads=5 + - --enable-capacity + - --metrics-address=:10011 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: registry.k8s.io/sig-storage/csi-provisioner:v3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: external-provisioner + ports: + - containerPort: 10011 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: + storage: pmem + priorityClassName: system-node-critical + serviceAccountName: pmem-csi-intel-com-controller + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/pmem-csi.intel.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: pods-dir + - hostPath: + path: /var/lib/pmem-csi.intel.com + type: DirectoryOrCreate + name: pmem-state-dir + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + pmem-csi.intel.com/deployment: direct-production + template: + metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=force-convert-raw-namespaces + - -nodeSelector={"storage":"pmem"} + - -nodeid=$(KUBE_NODE_NAME) + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + name: pmem-driver + securityContext: + privileged: true + runAsUser: 0 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + nodeSelector: + pmem-csi.intel.com/convert-raw-namespaces: force + serviceAccountName: pmem-csi-intel-com-node-setup + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi.intel.com +spec: + attachRequired: false + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/deploy/kubernetes-1.25/direct/testing/kustomization.yaml b/deploy/kubernetes-1.25/direct/testing/kustomization.yaml new file mode 100644 index 000000000..b4145a62f --- /dev/null +++ b/deploy/kubernetes-1.25/direct/testing/kustomization.yaml @@ -0,0 +1 @@ +resources: [ pmem-csi.yaml ] diff --git a/deploy/kubernetes-1.25/direct/testing/pmem-csi.yaml b/deploy/kubernetes-1.25/direct/testing/pmem-csi.yaml new file mode 100644 index 000000000..661d3cff6 --- /dev/null +++ b/deploy/kubernetes-1.25/direct/testing/pmem-csi.yaml @@ -0,0 +1,802 @@ +# Generated with "make kustomize", do not edit! + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-external-provisioner-cfg + namespace: pmem-csi +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-webhooks-cfg + namespace: pmem-csi +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-external-provisioner-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node-setup-runner +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-webhooks-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - patch + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-csi-provisioner-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-external-provisioner-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node-openshift-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-webhooks-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-webhooks-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-csi-provisioner-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-external-provisioner-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node-setup-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-node-setup-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-webhooks-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-webhooks-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-controller + namespace: pmem-csi +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + pmem-csi.intel.com/deployment: direct-testing + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=webhooks + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -nodeSelector={"storage":"pmem"} + - -caFile= + - -certFile=/certs/tls.crt + - -keyFile=/certs/tls.key + - -schedulerListen=:8000 + - -metricsListen=:10010 + - -v=5 + env: + - name: TERMINATION_LOG_PATH + value: /dev/termination-log + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 60 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /certs + name: webhook-cert + priorityClassName: system-cluster-critical + serviceAccountName: pmem-csi-intel-com-webhooks + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: webhook-cert + secret: + secretName: pmem-csi-intel-com-controller-secret +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + pmem-csi.intel.com/deployment: direct-testing + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -deviceManager=direct + - -v=3 + - -logging-format=text + - -mode=node + - -endpoint=unix:///csi/csi.sock + - -nodeid=$(KUBE_NODE_NAME) + - -statePath=/var/lib/$(PMEM_CSI_DRIVER_NAME) + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -pmemPercentage=100 + - -metricsListen=:10010 + - -v=5 + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 100m + memory: 250Mi + securityContext: + privileged: true + runAsUser: 0 + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: pods-dir + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/pmem-csi.intel.com + mountPropagation: Bidirectional + name: pmem-state-dir + - args: + - -v=3 + - --kubelet-registration-path=/var/lib/kubelet/plugins/$(PMEM_CSI_DRIVER_NAME)/csi.sock + - --csi-address=/csi/csi.sock + - --timeout=10s + - -v=5 + env: + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1 + imagePullPolicy: IfNotPresent + name: driver-registrar + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - args: + - -v=3 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + - --node-deployment=true + - --strict-topology=true + - --immediate-topology=false + - --timeout=5m + - --default-fstype=ext4 + - --worker-threads=5 + - --enable-capacity + - --metrics-address=:10011 + - -v=5 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: registry.k8s.io/sig-storage/csi-provisioner:v3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: external-provisioner + ports: + - containerPort: 10011 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: + storage: pmem + priorityClassName: system-node-critical + serviceAccountName: pmem-csi-intel-com-controller + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/pmem-csi.intel.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: pods-dir + - hostPath: + path: /var/lib/pmem-csi.intel.com + type: DirectoryOrCreate + name: pmem-state-dir + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + pmem-csi.intel.com/deployment: direct-testing + template: + metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=force-convert-raw-namespaces + - -nodeSelector={"storage":"pmem"} + - -nodeid=$(KUBE_NODE_NAME) + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + name: pmem-driver + securityContext: + privileged: true + runAsUser: 0 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + nodeSelector: + pmem-csi.intel.com/convert-raw-namespaces: force + serviceAccountName: pmem-csi-intel-com-node-setup + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node-testing + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-testing + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node-testing + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-testing + pmem-csi.intel.com/deployment: direct-testing + template: + metadata: + labels: + app.kubernetes.io/component: node-testing + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-testing + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - args: + - -s + - tcp-listen:9735,fork,reuseaddr + - unix-connect:/csi/csi.sock + image: alpine/socat:1.0.3 + name: socat + ports: + - containerPort: 9735 + name: csi-socket + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi/pv + mountPropagation: Bidirectional + name: staging-dir + nodeSelector: + storage: pmem + priorityClassName: system-node-critical + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/pmem-csi.intel.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi/pv + type: DirectoryOrCreate + name: staging-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi.intel.com +spec: + attachRequired: false + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/deploy/kubernetes-1.25/lvm/kustomization.yaml b/deploy/kubernetes-1.25/lvm/kustomization.yaml new file mode 100644 index 000000000..b4145a62f --- /dev/null +++ b/deploy/kubernetes-1.25/lvm/kustomization.yaml @@ -0,0 +1 @@ +resources: [ pmem-csi.yaml ] diff --git a/deploy/kubernetes-1.25/lvm/pmem-csi.yaml b/deploy/kubernetes-1.25/lvm/pmem-csi.yaml new file mode 100644 index 000000000..2cb71513f --- /dev/null +++ b/deploy/kubernetes-1.25/lvm/pmem-csi.yaml @@ -0,0 +1,728 @@ +# Generated with "make kustomize", do not edit! + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-external-provisioner-cfg + namespace: pmem-csi +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-webhooks-cfg + namespace: pmem-csi +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-external-provisioner-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-node-setup-runner +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-webhooks-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - patch + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-csi-provisioner-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-external-provisioner-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-node-openshift-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-webhooks-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-webhooks-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-csi-provisioner-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-external-provisioner-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-node-setup-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-node-setup-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-webhooks-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-webhooks-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-controller + namespace: pmem-csi +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + pmem-csi.intel.com/deployment: lvm-production + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=webhooks + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -nodeSelector={"storage":"pmem"} + - -caFile= + - -certFile=/certs/tls.crt + - -keyFile=/certs/tls.key + - -schedulerListen=:8000 + - -metricsListen=:10010 + env: + - name: TERMINATION_LOG_PATH + value: /dev/termination-log + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 60 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /certs + name: webhook-cert + priorityClassName: system-cluster-critical + serviceAccountName: pmem-csi-intel-com-webhooks + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: webhook-cert + secret: + secretName: pmem-csi-intel-com-controller-secret +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-node + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + pmem-csi.intel.com/deployment: lvm-production + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -deviceManager=lvm + - -v=3 + - -logging-format=text + - -mode=node + - -endpoint=unix:///csi/csi.sock + - -nodeid=$(KUBE_NODE_NAME) + - -statePath=/var/lib/$(PMEM_CSI_DRIVER_NAME) + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -pmemPercentage=100 + - -metricsListen=:10010 + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 100m + memory: 250Mi + securityContext: + privileged: true + runAsUser: 0 + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: pods-dir + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/pmem-csi.intel.com + mountPropagation: Bidirectional + name: pmem-state-dir + - args: + - -v=3 + - --kubelet-registration-path=/var/lib/kubelet/plugins/$(PMEM_CSI_DRIVER_NAME)/csi.sock + - --csi-address=/csi/csi.sock + - --timeout=10s + env: + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1 + imagePullPolicy: IfNotPresent + name: driver-registrar + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - args: + - -v=3 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + - --node-deployment=true + - --strict-topology=true + - --immediate-topology=false + - --timeout=5m + - --default-fstype=ext4 + - --worker-threads=5 + - --enable-capacity + - --metrics-address=:10011 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: registry.k8s.io/sig-storage/csi-provisioner:v3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: external-provisioner + ports: + - containerPort: 10011 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: + storage: pmem + priorityClassName: system-node-critical + serviceAccountName: pmem-csi-intel-com-controller + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/pmem-csi.intel.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: pods-dir + - hostPath: + path: /var/lib/pmem-csi.intel.com + type: DirectoryOrCreate + name: pmem-state-dir + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + pmem-csi.intel.com/deployment: lvm-production + template: + metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=force-convert-raw-namespaces + - -nodeSelector={"storage":"pmem"} + - -nodeid=$(KUBE_NODE_NAME) + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + name: pmem-driver + securityContext: + privileged: true + runAsUser: 0 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + nodeSelector: + pmem-csi.intel.com/convert-raw-namespaces: force + serviceAccountName: pmem-csi-intel-com-node-setup + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi.intel.com +spec: + attachRequired: false + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/deploy/kubernetes-1.25/lvm/testing/kustomization.yaml b/deploy/kubernetes-1.25/lvm/testing/kustomization.yaml new file mode 100644 index 000000000..b4145a62f --- /dev/null +++ b/deploy/kubernetes-1.25/lvm/testing/kustomization.yaml @@ -0,0 +1 @@ +resources: [ pmem-csi.yaml ] diff --git a/deploy/kubernetes-1.25/lvm/testing/pmem-csi.yaml b/deploy/kubernetes-1.25/lvm/testing/pmem-csi.yaml new file mode 100644 index 000000000..44e94397d --- /dev/null +++ b/deploy/kubernetes-1.25/lvm/testing/pmem-csi.yaml @@ -0,0 +1,802 @@ +# Generated with "make kustomize", do not edit! + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-external-provisioner-cfg + namespace: pmem-csi +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-webhooks-cfg + namespace: pmem-csi +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-external-provisioner-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node-setup-runner +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-webhooks-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - patch + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-csi-provisioner-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-external-provisioner-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node-openshift-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-webhooks-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-webhooks-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-csi-provisioner-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-external-provisioner-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node-setup-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-node-setup-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-webhooks-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-webhooks-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-controller + namespace: pmem-csi +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + pmem-csi.intel.com/deployment: lvm-testing + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=webhooks + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -nodeSelector={"storage":"pmem"} + - -caFile= + - -certFile=/certs/tls.crt + - -keyFile=/certs/tls.key + - -schedulerListen=:8000 + - -metricsListen=:10010 + - -v=5 + env: + - name: TERMINATION_LOG_PATH + value: /dev/termination-log + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 60 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /certs + name: webhook-cert + priorityClassName: system-cluster-critical + serviceAccountName: pmem-csi-intel-com-webhooks + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: webhook-cert + secret: + secretName: pmem-csi-intel-com-controller-secret +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + pmem-csi.intel.com/deployment: lvm-testing + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -deviceManager=lvm + - -v=3 + - -logging-format=text + - -mode=node + - -endpoint=unix:///csi/csi.sock + - -nodeid=$(KUBE_NODE_NAME) + - -statePath=/var/lib/$(PMEM_CSI_DRIVER_NAME) + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -pmemPercentage=100 + - -metricsListen=:10010 + - -v=5 + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 100m + memory: 250Mi + securityContext: + privileged: true + runAsUser: 0 + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: pods-dir + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/pmem-csi.intel.com + mountPropagation: Bidirectional + name: pmem-state-dir + - args: + - -v=3 + - --kubelet-registration-path=/var/lib/kubelet/plugins/$(PMEM_CSI_DRIVER_NAME)/csi.sock + - --csi-address=/csi/csi.sock + - --timeout=10s + - -v=5 + env: + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1 + imagePullPolicy: IfNotPresent + name: driver-registrar + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - args: + - -v=3 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + - --node-deployment=true + - --strict-topology=true + - --immediate-topology=false + - --timeout=5m + - --default-fstype=ext4 + - --worker-threads=5 + - --enable-capacity + - --metrics-address=:10011 + - -v=5 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: registry.k8s.io/sig-storage/csi-provisioner:v3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: external-provisioner + ports: + - containerPort: 10011 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: + storage: pmem + priorityClassName: system-node-critical + serviceAccountName: pmem-csi-intel-com-controller + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/pmem-csi.intel.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: pods-dir + - hostPath: + path: /var/lib/pmem-csi.intel.com + type: DirectoryOrCreate + name: pmem-state-dir + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + pmem-csi.intel.com/deployment: lvm-testing + template: + metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=force-convert-raw-namespaces + - -nodeSelector={"storage":"pmem"} + - -nodeid=$(KUBE_NODE_NAME) + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + name: pmem-driver + securityContext: + privileged: true + runAsUser: 0 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + nodeSelector: + pmem-csi.intel.com/convert-raw-namespaces: force + serviceAccountName: pmem-csi-intel-com-node-setup + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node-testing + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-testing + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node-testing + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-testing + pmem-csi.intel.com/deployment: lvm-testing + template: + metadata: + labels: + app.kubernetes.io/component: node-testing + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-testing + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - args: + - -s + - tcp-listen:9735,fork,reuseaddr + - unix-connect:/csi/csi.sock + image: alpine/socat:1.0.3 + name: socat + ports: + - containerPort: 9735 + name: csi-socket + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi/pv + mountPropagation: Bidirectional + name: staging-dir + nodeSelector: + storage: pmem + priorityClassName: system-node-critical + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/pmem-csi.intel.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi/pv + type: DirectoryOrCreate + name: staging-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi.intel.com +spec: + attachRequired: false + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/deploy/kubernetes-1.25/pmem-csi-direct-testing.yaml b/deploy/kubernetes-1.25/pmem-csi-direct-testing.yaml new file mode 100644 index 000000000..661d3cff6 --- /dev/null +++ b/deploy/kubernetes-1.25/pmem-csi-direct-testing.yaml @@ -0,0 +1,802 @@ +# Generated with "make kustomize", do not edit! + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-external-provisioner-cfg + namespace: pmem-csi +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-webhooks-cfg + namespace: pmem-csi +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-external-provisioner-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node-setup-runner +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-webhooks-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - patch + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-csi-provisioner-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-external-provisioner-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node-openshift-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-webhooks-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-webhooks-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-csi-provisioner-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-external-provisioner-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node-setup-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-node-setup-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-webhooks-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-webhooks-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-controller + namespace: pmem-csi +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + pmem-csi.intel.com/deployment: direct-testing + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=webhooks + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -nodeSelector={"storage":"pmem"} + - -caFile= + - -certFile=/certs/tls.crt + - -keyFile=/certs/tls.key + - -schedulerListen=:8000 + - -metricsListen=:10010 + - -v=5 + env: + - name: TERMINATION_LOG_PATH + value: /dev/termination-log + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 60 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /certs + name: webhook-cert + priorityClassName: system-cluster-critical + serviceAccountName: pmem-csi-intel-com-webhooks + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: webhook-cert + secret: + secretName: pmem-csi-intel-com-controller-secret +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + pmem-csi.intel.com/deployment: direct-testing + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -deviceManager=direct + - -v=3 + - -logging-format=text + - -mode=node + - -endpoint=unix:///csi/csi.sock + - -nodeid=$(KUBE_NODE_NAME) + - -statePath=/var/lib/$(PMEM_CSI_DRIVER_NAME) + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -pmemPercentage=100 + - -metricsListen=:10010 + - -v=5 + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 100m + memory: 250Mi + securityContext: + privileged: true + runAsUser: 0 + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: pods-dir + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/pmem-csi.intel.com + mountPropagation: Bidirectional + name: pmem-state-dir + - args: + - -v=3 + - --kubelet-registration-path=/var/lib/kubelet/plugins/$(PMEM_CSI_DRIVER_NAME)/csi.sock + - --csi-address=/csi/csi.sock + - --timeout=10s + - -v=5 + env: + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1 + imagePullPolicy: IfNotPresent + name: driver-registrar + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - args: + - -v=3 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + - --node-deployment=true + - --strict-topology=true + - --immediate-topology=false + - --timeout=5m + - --default-fstype=ext4 + - --worker-threads=5 + - --enable-capacity + - --metrics-address=:10011 + - -v=5 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: registry.k8s.io/sig-storage/csi-provisioner:v3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: external-provisioner + ports: + - containerPort: 10011 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: + storage: pmem + priorityClassName: system-node-critical + serviceAccountName: pmem-csi-intel-com-controller + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/pmem-csi.intel.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: pods-dir + - hostPath: + path: /var/lib/pmem-csi.intel.com + type: DirectoryOrCreate + name: pmem-state-dir + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + pmem-csi.intel.com/deployment: direct-testing + template: + metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=force-convert-raw-namespaces + - -nodeSelector={"storage":"pmem"} + - -nodeid=$(KUBE_NODE_NAME) + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + name: pmem-driver + securityContext: + privileged: true + runAsUser: 0 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + nodeSelector: + pmem-csi.intel.com/convert-raw-namespaces: force + serviceAccountName: pmem-csi-intel-com-node-setup + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node-testing + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-testing + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi-intel-com-node-testing + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-testing + pmem-csi.intel.com/deployment: direct-testing + template: + metadata: + labels: + app.kubernetes.io/component: node-testing + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-testing + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - args: + - -s + - tcp-listen:9735,fork,reuseaddr + - unix-connect:/csi/csi.sock + image: alpine/socat:1.0.3 + name: socat + ports: + - containerPort: 9735 + name: csi-socket + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi/pv + mountPropagation: Bidirectional + name: staging-dir + nodeSelector: + storage: pmem + priorityClassName: system-node-critical + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/pmem-csi.intel.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi/pv + type: DirectoryOrCreate + name: staging-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + labels: + pmem-csi.intel.com/deployment: direct-testing + name: pmem-csi.intel.com +spec: + attachRequired: false + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/deploy/kubernetes-1.25/pmem-csi-direct.yaml b/deploy/kubernetes-1.25/pmem-csi-direct.yaml new file mode 100644 index 000000000..bb5841a52 --- /dev/null +++ b/deploy/kubernetes-1.25/pmem-csi-direct.yaml @@ -0,0 +1,728 @@ +# Generated with "make kustomize", do not edit! + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-external-provisioner-cfg + namespace: pmem-csi +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-webhooks-cfg + namespace: pmem-csi +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-external-provisioner-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-node-setup-runner +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-webhooks-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - patch + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-csi-provisioner-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-external-provisioner-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-node-openshift-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-webhooks-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-webhooks-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-csi-provisioner-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-external-provisioner-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-node-setup-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-node-setup-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-webhooks-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-webhooks-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-controller + namespace: pmem-csi +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + pmem-csi.intel.com/deployment: direct-production + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=webhooks + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -nodeSelector={"storage":"pmem"} + - -caFile= + - -certFile=/certs/tls.crt + - -keyFile=/certs/tls.key + - -schedulerListen=:8000 + - -metricsListen=:10010 + env: + - name: TERMINATION_LOG_PATH + value: /dev/termination-log + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 60 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /certs + name: webhook-cert + priorityClassName: system-cluster-critical + serviceAccountName: pmem-csi-intel-com-webhooks + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: webhook-cert + secret: + secretName: pmem-csi-intel-com-controller-secret +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-node + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + pmem-csi.intel.com/deployment: direct-production + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -deviceManager=direct + - -v=3 + - -logging-format=text + - -mode=node + - -endpoint=unix:///csi/csi.sock + - -nodeid=$(KUBE_NODE_NAME) + - -statePath=/var/lib/$(PMEM_CSI_DRIVER_NAME) + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -pmemPercentage=100 + - -metricsListen=:10010 + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 100m + memory: 250Mi + securityContext: + privileged: true + runAsUser: 0 + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: pods-dir + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/pmem-csi.intel.com + mountPropagation: Bidirectional + name: pmem-state-dir + - args: + - -v=3 + - --kubelet-registration-path=/var/lib/kubelet/plugins/$(PMEM_CSI_DRIVER_NAME)/csi.sock + - --csi-address=/csi/csi.sock + - --timeout=10s + env: + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1 + imagePullPolicy: IfNotPresent + name: driver-registrar + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - args: + - -v=3 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + - --node-deployment=true + - --strict-topology=true + - --immediate-topology=false + - --timeout=5m + - --default-fstype=ext4 + - --worker-threads=5 + - --enable-capacity + - --metrics-address=:10011 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: registry.k8s.io/sig-storage/csi-provisioner:v3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: external-provisioner + ports: + - containerPort: 10011 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: + storage: pmem + priorityClassName: system-node-critical + serviceAccountName: pmem-csi-intel-com-controller + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/pmem-csi.intel.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: pods-dir + - hostPath: + path: /var/lib/pmem-csi.intel.com + type: DirectoryOrCreate + name: pmem-state-dir + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + pmem-csi.intel.com/deployment: direct-production + template: + metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: direct-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=force-convert-raw-namespaces + - -nodeSelector={"storage":"pmem"} + - -nodeid=$(KUBE_NODE_NAME) + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + name: pmem-driver + securityContext: + privileged: true + runAsUser: 0 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + nodeSelector: + pmem-csi.intel.com/convert-raw-namespaces: force + serviceAccountName: pmem-csi-intel-com-node-setup + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + labels: + pmem-csi.intel.com/deployment: direct-production + name: pmem-csi.intel.com +spec: + attachRequired: false + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/deploy/kubernetes-1.25/pmem-csi-lvm-testing.yaml b/deploy/kubernetes-1.25/pmem-csi-lvm-testing.yaml new file mode 100644 index 000000000..44e94397d --- /dev/null +++ b/deploy/kubernetes-1.25/pmem-csi-lvm-testing.yaml @@ -0,0 +1,802 @@ +# Generated with "make kustomize", do not edit! + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-external-provisioner-cfg + namespace: pmem-csi +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-webhooks-cfg + namespace: pmem-csi +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-external-provisioner-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node-setup-runner +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-webhooks-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - patch + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-csi-provisioner-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-external-provisioner-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node-openshift-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-webhooks-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-webhooks-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-csi-provisioner-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-external-provisioner-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node-setup-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-node-setup-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-webhooks-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-webhooks-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-controller + namespace: pmem-csi +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + pmem-csi.intel.com/deployment: lvm-testing + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=webhooks + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -nodeSelector={"storage":"pmem"} + - -caFile= + - -certFile=/certs/tls.crt + - -keyFile=/certs/tls.key + - -schedulerListen=:8000 + - -metricsListen=:10010 + - -v=5 + env: + - name: TERMINATION_LOG_PATH + value: /dev/termination-log + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 60 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /certs + name: webhook-cert + priorityClassName: system-cluster-critical + serviceAccountName: pmem-csi-intel-com-webhooks + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: webhook-cert + secret: + secretName: pmem-csi-intel-com-controller-secret +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + pmem-csi.intel.com/deployment: lvm-testing + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -deviceManager=lvm + - -v=3 + - -logging-format=text + - -mode=node + - -endpoint=unix:///csi/csi.sock + - -nodeid=$(KUBE_NODE_NAME) + - -statePath=/var/lib/$(PMEM_CSI_DRIVER_NAME) + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -pmemPercentage=100 + - -metricsListen=:10010 + - -v=5 + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 100m + memory: 250Mi + securityContext: + privileged: true + runAsUser: 0 + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: pods-dir + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/pmem-csi.intel.com + mountPropagation: Bidirectional + name: pmem-state-dir + - args: + - -v=3 + - --kubelet-registration-path=/var/lib/kubelet/plugins/$(PMEM_CSI_DRIVER_NAME)/csi.sock + - --csi-address=/csi/csi.sock + - --timeout=10s + - -v=5 + env: + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1 + imagePullPolicy: IfNotPresent + name: driver-registrar + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - args: + - -v=3 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + - --node-deployment=true + - --strict-topology=true + - --immediate-topology=false + - --timeout=5m + - --default-fstype=ext4 + - --worker-threads=5 + - --enable-capacity + - --metrics-address=:10011 + - -v=5 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: registry.k8s.io/sig-storage/csi-provisioner:v3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: external-provisioner + ports: + - containerPort: 10011 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: + storage: pmem + priorityClassName: system-node-critical + serviceAccountName: pmem-csi-intel-com-controller + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/pmem-csi.intel.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: pods-dir + - hostPath: + path: /var/lib/pmem-csi.intel.com + type: DirectoryOrCreate + name: pmem-state-dir + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + pmem-csi.intel.com/deployment: lvm-testing + template: + metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=force-convert-raw-namespaces + - -nodeSelector={"storage":"pmem"} + - -nodeid=$(KUBE_NODE_NAME) + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + name: pmem-driver + securityContext: + privileged: true + runAsUser: 0 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + nodeSelector: + pmem-csi.intel.com/convert-raw-namespaces: force + serviceAccountName: pmem-csi-intel-com-node-setup + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node-testing + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-testing + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi-intel-com-node-testing + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-testing + pmem-csi.intel.com/deployment: lvm-testing + template: + metadata: + labels: + app.kubernetes.io/component: node-testing + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-testing + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-testing + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - args: + - -s + - tcp-listen:9735,fork,reuseaddr + - unix-connect:/csi/csi.sock + image: alpine/socat:1.0.3 + name: socat + ports: + - containerPort: 9735 + name: csi-socket + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi/pv + mountPropagation: Bidirectional + name: staging-dir + nodeSelector: + storage: pmem + priorityClassName: system-node-critical + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/pmem-csi.intel.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi/pv + type: DirectoryOrCreate + name: staging-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-testing + name: pmem-csi.intel.com +spec: + attachRequired: false + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/deploy/kubernetes-1.25/pmem-csi-lvm.yaml b/deploy/kubernetes-1.25/pmem-csi-lvm.yaml new file mode 100644 index 000000000..2cb71513f --- /dev/null +++ b/deploy/kubernetes-1.25/pmem-csi-lvm.yaml @@ -0,0 +1,728 @@ +# Generated with "make kustomize", do not edit! + +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-external-provisioner-cfg + namespace: pmem-csi +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - csistoragecapacities + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-webhooks-cfg + namespace: pmem-csi +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-external-provisioner-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-node-setup-runner +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-webhooks-runner +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - patch + - update + - create +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - csinodes + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-csi-provisioner-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-external-provisioner-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-node-openshift-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-webhooks-role-cfg + namespace: pmem-csi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pmem-csi-intel-com-webhooks-cfg +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-csi-provisioner-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-external-provisioner-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-controller + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-node-setup-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-node-setup-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-webhooks-role +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pmem-csi-intel-com-webhooks-runner +subjects: +- kind: ServiceAccount + name: pmem-csi-intel-com-webhooks + namespace: pmem-csi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-controller + namespace: pmem-csi +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + pmem-csi.intel.com/deployment: lvm-production + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-controller + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=webhooks + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -nodeSelector={"storage":"pmem"} + - -caFile= + - -certFile=/certs/tls.crt + - -keyFile=/certs/tls.key + - -schedulerListen=:8000 + - -metricsListen=:10010 + env: + - name: TERMINATION_LOG_PATH + value: /dev/termination-log + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 60 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /certs + name: webhook-cert + priorityClassName: system-cluster-critical + serviceAccountName: pmem-csi-intel-com-webhooks + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - name: webhook-cert + secret: + secretName: pmem-csi-intel-com-controller-secret +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-node + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + pmem-csi.intel.com/deployment: lvm-production + template: + metadata: + annotations: + pmem-csi.intel.com/scrape: containers + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -deviceManager=lvm + - -v=3 + - -logging-format=text + - -mode=node + - -endpoint=unix:///csi/csi.sock + - -nodeid=$(KUBE_NODE_NAME) + - -statePath=/var/lib/$(PMEM_CSI_DRIVER_NAME) + - -drivername=$(PMEM_CSI_DRIVER_NAME) + - -pmemPercentage=100 + - -metricsListen=:10010 + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: pmem-driver + ports: + - containerPort: 10010 + name: metrics + resources: + requests: + cpu: 100m + memory: 250Mi + securityContext: + privileged: true + runAsUser: 0 + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics/simple + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: pods-dir + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/pmem-csi.intel.com + mountPropagation: Bidirectional + name: pmem-state-dir + - args: + - -v=3 + - --kubelet-registration-path=/var/lib/kubelet/plugins/$(PMEM_CSI_DRIVER_NAME)/csi.sock + - --csi-address=/csi/csi.sock + - --timeout=10s + env: + - name: PMEM_CSI_DRIVER_NAME + value: pmem-csi.intel.com + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1 + imagePullPolicy: IfNotPresent + name: driver-registrar + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - args: + - -v=3 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + - --node-deployment=true + - --strict-topology=true + - --immediate-topology=false + - --timeout=5m + - --default-fstype=ext4 + - --worker-threads=5 + - --enable-capacity + - --metrics-address=:10011 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + image: registry.k8s.io/sig-storage/csi-provisioner:v3.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: external-provisioner + ports: + - containerPort: 10011 + name: metrics + resources: + requests: + cpu: 12m + memory: 128Mi + securityContext: + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 300 + httpGet: + path: /metrics + port: metrics + scheme: HTTP + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /csi + name: socket-dir + nodeSelector: + storage: pmem + priorityClassName: system-node-critical + serviceAccountName: pmem-csi-intel-com-controller + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/pmem-csi.intel.com + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: pods-dir + - hostPath: + path: /var/lib/pmem-csi.intel.com + type: DirectoryOrCreate + name: pmem-state-dir + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi-intel-com-node-setup + namespace: pmem-csi +spec: + selector: + matchLabels: + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + pmem-csi.intel.com/deployment: lvm-production + template: + metadata: + labels: + app.kubernetes.io/component: node-setup + app.kubernetes.io/instance: pmem-csi.intel.com + app.kubernetes.io/name: pmem-csi-node-setup + app.kubernetes.io/part-of: pmem-csi + pmem-csi.intel.com/deployment: lvm-production + pmem-csi.intel.com/webhook: ignore + spec: + containers: + - command: + - /usr/local/bin/pmem-csi-driver + - -v=3 + - -logging-format=text + - -mode=force-convert-raw-namespaces + - -nodeSelector={"storage":"pmem"} + - -nodeid=$(KUBE_NODE_NAME) + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: TERMINATION_LOG_PATH + value: /tmp/termination-log + image: intel/pmem-csi-driver:canary + imagePullPolicy: IfNotPresent + name: pmem-driver + securityContext: + privileged: true + runAsUser: 0 + terminationMessagePath: /tmp/termination-log + volumeMounts: + - mountPath: /dev + name: dev-dir + - mountPath: /sys + name: sys-dir + - mountPath: /host-sys + name: sys-dir + nodeSelector: + pmem-csi.intel.com/convert-raw-namespaces: force + serviceAccountName: pmem-csi-intel-com-node-setup + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /dev + type: DirectoryOrCreate + name: dev-dir + - hostPath: + path: /sys + type: DirectoryOrCreate + name: sys-dir +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + labels: + pmem-csi.intel.com/deployment: lvm-production + name: pmem-csi.intel.com +spec: + attachRequired: false + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/test/setup-fedora-govm.sh b/test/setup-fedora-govm.sh index 20f4ad834..ce1e0d438 100755 --- a/test/setup-fedora-govm.sh +++ b/test/setup-fedora-govm.sh @@ -59,6 +59,7 @@ EOF 1.22) packages+=" kubelet-1.22.12-0 kubeadm-1.22.12-0 kubectl-1.22.12-0";; 1.23) packages+=" kubelet-1.23.9-0 kubeadm-1.23.9-0 kubectl-1.23.9-0";; 1.24) packages+=" kubelet-1.24.3-0 kubeadm-1.24.3-0 kubectl-1.24.3-0";; + 1.25) packages+=" kubelet-1.25.0-0 kubeadm-1.25.0-0 kubectl-1.25.0-0";; *) echo >&2 "Kubernetes version ${TEST_KUBERNETES_VERSION} not supported, package list in $0 must be updated."; exit 1;; esac packages+=" --disableexcludes=kubernetes" diff --git a/test/test-config.sh b/test/test-config.sh index eb270ac54..2b419d40d 100644 --- a/test/test-config.sh +++ b/test/test-config.sh @@ -157,7 +157,7 @@ fi # is installed instead of the latest one. Ignored when # using Clear Linux as OS because with Clear Linux we have # to use the Kubernetes version that ships with it. -: ${TEST_KUBERNETES_VERSION:=1.24} +: ${TEST_KUBERNETES_VERSION:=1.25} # Can be used to pick one of potentially severally of the # pre-generated deploy/kubernetes- deployment