From a5362c2c3e29cee8bb46bd0b5604e7afc0c178b0 Mon Sep 17 00:00:00 2001 From: Humble Chirammal Date: Fri, 23 Apr 2021 14:55:04 +0530 Subject: [PATCH 1/2] Add deployment artifacts for iscsi csi driver deployment Signed-off-by: Humble Chirammal --- deploy/csi-iscsi-driverinfo.yaml | 9 +++ deploy/csi-iscsi-node.yaml | 109 +++++++++++++++++++++++++++++++ deploy/install-driver.sh | 39 +++++++++++ pkg/iscsi/driver.go | 4 +- 4 files changed, 159 insertions(+), 2 deletions(-) create mode 100644 deploy/csi-iscsi-driverinfo.yaml create mode 100644 deploy/csi-iscsi-node.yaml create mode 100755 deploy/install-driver.sh diff --git a/deploy/csi-iscsi-driverinfo.yaml b/deploy/csi-iscsi-driverinfo.yaml new file mode 100644 index 00000000..83ae3b9c --- /dev/null +++ b/deploy/csi-iscsi-driverinfo.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: iscsi.csi.k8s.io +spec: + attachRequired: false + volumeLifecycleModes: + - Persistent diff --git a/deploy/csi-iscsi-node.yaml b/deploy/csi-iscsi-node.yaml new file mode 100644 index 00000000..139dc4a1 --- /dev/null +++ b/deploy/csi-iscsi-node.yaml @@ -0,0 +1,109 @@ +--- +# This YAML file contains driver-registrar & csi driver nodeplugin API objects +# that are necessary to run CSI nodeplugin for iscsi +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-iscsi-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-iscsi-node + template: + metadata: + labels: + app: csi-iscsi-node + spec: + hostNetwork: true # original iscsi connection would be broken without hostNetwork setting + dnsPolicy: ClusterFirstWithHostNet + nodeSelector: + kubernetes.io/os: linux + containers: + - name: liveness-probe + image: k8s.gcr.io/sig-storage/livenessprobe:v2.1.0 + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --health-port=29653 + - --v=2 + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: node-driver-registrar + image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.1.0 + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/iscsi.csi.k8s.io /registration/iscsi.csi.k8s.io-reg.sock"] + args: + - --v=2 + - --csi-address=/csi/csi.sock + - --kubelet-registration-path=/var/lib/kubelet/plugins/iscsi.csi.k8s.io/csi.sock + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: iscsi + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: quay.io/humble/csi-iscsi:v0.1 + args: + - "-v=5" + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + ports: + - containerPort: 29653 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + volumes: + - name: socket-dir + hostPath: + path: /var/lib/kubelet/plugins/iscsi.csi.k8s.io + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + name: registration-dir diff --git a/deploy/install-driver.sh b/deploy/install-driver.sh new file mode 100755 index 00000000..fc4054e6 --- /dev/null +++ b/deploy/install-driver.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +# Copyright 2020 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -euo pipefail + +ver="master" +if [[ "$#" -gt 0 ]]; then + ver="$1" +fi + +repo="https://raw.githubusercontent.com/kubernetes-csi/csi-driver-iscsi/$ver/deploy" +if [[ "$#" -gt 1 ]]; then + if [[ "$2" == *"local"* ]]; then + echo "use local deploy" + repo="./deploy" + fi +fi + +if [ $ver != "master" ]; then + repo="$repo/$ver" +fi + +echo "Installing iscsi CSI driver, version: $ver ..." +kubectl apply -f $repo/csi-iscsi-driverinfo.yaml +kubectl apply -f $repo/csi-iscsi-node.yaml +echo 'iscsi CSI driver installed successfully.' diff --git a/pkg/iscsi/driver.go b/pkg/iscsi/driver.go index 8b23a062..3efbeb3a 100644 --- a/pkg/iscsi/driver.go +++ b/pkg/iscsi/driver.go @@ -35,11 +35,11 @@ type driver struct { } const ( - driverName = "ISCSI" + driverName = "iscsi.csi.k8s.io" ) var ( - version = "1.0.0-rc2" + version = "1.0.0" ) func NewDriver(nodeID, endpoint string) *driver { From b585bbee781707c9e2e3a4048808a68caed9bc36 Mon Sep 17 00:00:00 2001 From: Humble Chirammal Date: Wed, 26 May 2021 21:22:01 +0530 Subject: [PATCH 2/2] Change example pv.yaml for new iscsi csi driver name Signed-off-by: Humble Chirammal --- cmd/iscsiplugin/main.go | 2 +- deploy/csi-iscsi-driverinfo.yaml | 2 +- deploy/csi-iscsi-node.yaml | 36 +++++++++++++++++++++++++------- deploy/install-driver.sh | 6 +++--- examples/kubernetes/pv.yaml | 2 +- 5 files changed, 35 insertions(+), 13 deletions(-) diff --git a/cmd/iscsiplugin/main.go b/cmd/iscsiplugin/main.go index 47a8b2d7..0236b158 100644 --- a/cmd/iscsiplugin/main.go +++ b/cmd/iscsiplugin/main.go @@ -41,7 +41,7 @@ func main() { flag.CommandLine.Parse([]string{}) cmd := &cobra.Command{ - Use: "ISCSI", + Use: "iscsi.csi.k8s.io", Short: "CSI based ISCSI driver", Run: func(cmd *cobra.Command, args []string) { handle() diff --git a/deploy/csi-iscsi-driverinfo.yaml b/deploy/csi-iscsi-driverinfo.yaml index 83ae3b9c..ea014624 100644 --- a/deploy/csi-iscsi-driverinfo.yaml +++ b/deploy/csi-iscsi-driverinfo.yaml @@ -1,5 +1,5 @@ --- -apiVersion: storage.k8s.io/v1beta1 +apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: iscsi.csi.k8s.io diff --git a/deploy/csi-iscsi-node.yaml b/deploy/csi-iscsi-node.yaml index 139dc4a1..047c725c 100644 --- a/deploy/csi-iscsi-node.yaml +++ b/deploy/csi-iscsi-node.yaml @@ -38,11 +38,12 @@ spec: cpu: 10m memory: 20Mi - name: node-driver-registrar + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + securityContext: + privileged: true image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.1.0 - lifecycle: - preStop: - exec: - command: ["/bin/sh", "-c", "rm -rf /registration/iscsi.csi.k8s.io /registration/iscsi.csi.k8s.io-reg.sock"] args: - --v=2 - --csi-address=/csi/csi.sock @@ -63,7 +64,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: quay.io/humble/csi-iscsi:v0.1 + image: quay.io/humble/csi-iscsi:v0.2 args: - "-v=5" - "--nodeid=$(NODE_ID)" @@ -94,6 +95,15 @@ spec: - name: pods-mount-dir mountPath: /var/lib/kubelet/pods mountPropagation: "Bidirectional" + - name: host-dev + mountPath: /dev + - name: host-sys + mountPath: /sys + - name: host-mount + mountPath: /run/mount + - name: lib-modules + mountPath: /lib/modules + readOnly: true volumes: - name: socket-dir hostPath: @@ -103,7 +113,19 @@ spec: hostPath: path: /var/lib/kubelet/pods type: Directory - - hostPath: + - name: registration-dir + hostPath: path: /var/lib/kubelet/plugins_registry type: Directory - name: registration-dir + - name: host-dev + hostPath: + path: /dev + - name: host-sys + hostPath: + path: /sys + - name: host-mount + hostPath: + path: /run/mount + - name: lib-modules + hostPath: + path: /lib/modules diff --git a/deploy/install-driver.sh b/deploy/install-driver.sh index fc4054e6..d53054b9 100755 --- a/deploy/install-driver.sh +++ b/deploy/install-driver.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2020 The Kubernetes Authors. +# Copyright 2021 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,7 +33,7 @@ if [ $ver != "master" ]; then repo="$repo/$ver" fi -echo "Installing iscsi CSI driver, version: $ver ..." +echo "Installing iscsi.csi.k8s.io CSI driver, version: $ver ..." kubectl apply -f $repo/csi-iscsi-driverinfo.yaml kubectl apply -f $repo/csi-iscsi-node.yaml -echo 'iscsi CSI driver installed successfully.' +echo 'iscsi.csi.k8s.io CSI driver installed successfully.' diff --git a/examples/kubernetes/pv.yaml b/examples/kubernetes/pv.yaml index e7c452ae..287cc6f4 100644 --- a/examples/kubernetes/pv.yaml +++ b/examples/kubernetes/pv.yaml @@ -11,7 +11,7 @@ spec: capacity: storage: 1Gi csi: - driver: ISCSI + driver: iscsi.csi.k8s.io volumeHandle: iscsi-data-id volumeAttributes: targetPortal: "192.168.122.145:3260"