From a314988c996a586bbe75aa983b8b6a1738ba5cb8 Mon Sep 17 00:00:00 2001 From: Adrien Date: Wed, 22 Apr 2020 16:11:23 +0200 Subject: [PATCH] Add linode block storage --- bin/gen_list.sh | 16 +- defaults/main.yml | 5 +- ...r-attacher-binding-ClusterRoleBinding.yaml | 13 ++ ...rovisioner-binding-ClusterRoleBinding.yaml | 13 ++ .../csi-controller-sa-ServiceAccount.yaml | 6 + ...napshotter-binding-ClusterRoleBinding.yaml | 13 ++ .../csi-linode-controller-StatefulSet.yaml | 104 +++++++++++++ files/linode/csi-linode-node-DaemonSet.yaml | 142 ++++++++++++++++++ files/linode/csi-node-sa-ServiceAccount.yaml | 7 + ...orage.k8s.io-CustomResourceDefinition.yaml | 31 ++++ ...orage.k8s.io-CustomResourceDefinition.yaml | 57 +++++++ ...-registrar-binding-ClusterRoleBinding.yaml | 13 ++ .../driver-registrar-role-ClusterRole.yaml | 12 ++ .../external-attacher-role-ClusterRole.yaml | 19 +++ ...external-provisioner-role-ClusterRole.yaml | 28 ++++ ...external-snapshotter-role-ClusterRole.yaml | 28 ++++ files/linode/get-linode-id-ConfigMap.yaml | 20 +++ .../linode-block-storage-StorageClass.yaml | 7 + ...ode-block-storage-retain-StorageClass.yaml | 7 + .../linodebs.csi.linode.com-CSIDriver.yaml | 8 + tasks/linode.yml | 54 +++++++ tasks/main.yml | 1 + 22 files changed, 602 insertions(+), 2 deletions(-) create mode 100644 files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml create mode 100644 files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml create mode 100644 files/linode/csi-controller-sa-ServiceAccount.yaml create mode 100644 files/linode/csi-controller-snapshotter-binding-ClusterRoleBinding.yaml create mode 100644 files/linode/csi-linode-controller-StatefulSet.yaml create mode 100644 files/linode/csi-linode-node-DaemonSet.yaml create mode 100644 files/linode/csi-node-sa-ServiceAccount.yaml create mode 100644 files/linode/csidrivers.csi.storage.k8s.io-CustomResourceDefinition.yaml create mode 100644 files/linode/csinodeinfos.csi.storage.k8s.io-CustomResourceDefinition.yaml create mode 100644 files/linode/driver-registrar-binding-ClusterRoleBinding.yaml create mode 100644 files/linode/driver-registrar-role-ClusterRole.yaml create mode 100644 files/linode/external-attacher-role-ClusterRole.yaml create mode 100644 files/linode/external-provisioner-role-ClusterRole.yaml create mode 100644 files/linode/external-snapshotter-role-ClusterRole.yaml create mode 100644 files/linode/get-linode-id-ConfigMap.yaml create mode 100644 files/linode/linode-block-storage-StorageClass.yaml create mode 100644 files/linode/linode-block-storage-retain-StorageClass.yaml create mode 100644 files/linode/linodebs.csi.linode.com-CSIDriver.yaml create mode 100644 tasks/linode.yml diff --git a/bin/gen_list.sh b/bin/gen_list.sh index d748d5c..81eab89 100755 --- a/bin/gen_list.sh +++ b/bin/gen_list.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash wget https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml kubernetes-split-yaml local-path-storage.yaml > generated.log mv local{,.old} @@ -7,3 +7,17 @@ cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) sed 's|/opt/local-path-provisioner|/mnt/local|' -i local/local-path-config-ConfigMap.yaml #mv local-path-storage.yaml local-path-storage_$(date +%Y%m%d).yaml rm -fr local.old generated.log local-path-storage.yaml + + +#git clone https://github.com/linode/linode-blockstorage-csi-driver.git +#mv linode{,.old} +#mv linode-blockstorage-csi-driver/pkg/linode-bs/deploy/kubernetes linode +#rm -fr linode-blockstorage-csi-driver linode.old +# https://raw.githubusercontent.com/linode/linode-blockstorage-csi-driver/master/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver-v0.1.4.yaml +wget https://raw.githubusercontent.com/linode/linode-blockstorage-csi-driver/master/pkg/linode-bs/deploy/releases/linode-blockstorage-csi-driver.yaml +kubernetes-split-yaml linode-blockstorage-csi-driver.yaml > generated.log +mv linode{,.old} +mv generated linode +cat generated.log | while read LIGNE; do if [ $(echo "${LIGNE}" | grep -c ^File) -eq 1 ]; then echo -n "${LIGNE} "; else echo "${LIGNE}"; fi; done | grep ^File | sort -V | sed 's|.*\(generated/\)\(.*\.yaml\)| - "linode/\2"|' +sed -e /is-default-class/d -e /annotations/d -i linode/linode-block-storage-StorageClass.yaml +rm -fr linode.old generated.log linode-blockstorage-csi-driver.yaml diff --git a/defaults/main.yml b/defaults/main.yml index 24eaaa4..ca691a2 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,3 +1,6 @@ -my_context: flamykube +my_context: minikube storage_localpath: true +storage_linode: false + +# local-path, linode-block-storage, linode-block-storage-retain storage_default_storageclass: local-path \ No newline at end of file diff --git a/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml b/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml new file mode 100644 index 0000000..7428d30 --- /dev/null +++ b/files/linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml @@ -0,0 +1,13 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-controller-attacher-binding + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: external-attacher-role + apiGroup: rbac.authorization.k8s.io diff --git a/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml b/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml new file mode 100644 index 0000000..ec150d2 --- /dev/null +++ b/files/linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml @@ -0,0 +1,13 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-controller-provisioner-binding + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: external-provisioner-role + apiGroup: rbac.authorization.k8s.io diff --git a/files/linode/csi-controller-sa-ServiceAccount.yaml b/files/linode/csi-controller-sa-ServiceAccount.yaml new file mode 100644 index 0000000..ed6829b --- /dev/null +++ b/files/linode/csi-controller-sa-ServiceAccount.yaml @@ -0,0 +1,6 @@ +##### Controller Service Account, Roles, Rolebindings +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-controller-sa + namespace: kube-system diff --git a/files/linode/csi-controller-snapshotter-binding-ClusterRoleBinding.yaml b/files/linode/csi-controller-snapshotter-binding-ClusterRoleBinding.yaml new file mode 100644 index 0000000..a408a9d --- /dev/null +++ b/files/linode/csi-controller-snapshotter-binding-ClusterRoleBinding.yaml @@ -0,0 +1,13 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-controller-snapshotter-binding + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-controller-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: external-snapshotter-role + apiGroup: rbac.authorization.k8s.io diff --git a/files/linode/csi-linode-controller-StatefulSet.yaml b/files/linode/csi-linode-controller-StatefulSet.yaml new file mode 100644 index 0000000..82b6832 --- /dev/null +++ b/files/linode/csi-linode-controller-StatefulSet.yaml @@ -0,0 +1,104 @@ +# pkg/linode-bs/deploy/kubernetes/06-ss-csi-linode-controller.yaml +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: csi-linode-controller + namespace: kube-system +spec: + serviceName: "csi-linode" + replicas: 1 + selector: + matchLabels: + app: csi-linode-controller + template: + metadata: + labels: + app: csi-linode-controller + role: csi-linode + spec: + serviceAccount: csi-controller-sa + initContainers: + - name: init + image: bitnami/kubectl:1.16.3-debian-10-r36 + command: + - /scripts/get-linode-id.sh + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: linode-info + mountPath: /linode-info + - name: get-linode-id + mountPath: /scripts + containers: + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:v1.0.0 + args: + - "--volume-name-prefix=pvc" + - "--volume-name-uuid-length=16" + - "--csi-address=$(ADDRESS)" + - "--v=2" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:v1.0.0 + args: + - "--v=2" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: linode-csi-plugin + image: linode/linode-blockstorage-csi-driver:v0.1.4 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(LINODE_TOKEN)" + - "--url=$(LINODE_API_URL)" + - "--node=$(NODE_NAME)" + - "--bs-prefix=$(LINODE_BS_PREFIX)" + - "--v=2" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: LINODE_API_URL + value: https://api.linode.com/v4 + - name: LINODE_BS_PREFIX + value: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: LINODE_TOKEN + valueFrom: + secretKeyRef: + name: linode + key: token + imagePullPolicy: "Always" + volumeMounts: + - name: linode-info + mountPath: /linode-info + - name: get-linode-id + mountPath: /scripts + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} + - name: linode-info + emptyDir: {} + - name: get-linode-id + configMap: + name: get-linode-id + # octal mode 755 + defaultMode: 493 diff --git a/files/linode/csi-linode-node-DaemonSet.yaml b/files/linode/csi-linode-node-DaemonSet.yaml new file mode 100644 index 0000000..fb9cbe1 --- /dev/null +++ b/files/linode/csi-linode-node-DaemonSet.yaml @@ -0,0 +1,142 @@ +# pkg/linode-bs/deploy/kubernetes/07-ds-csi-linode-node.yaml +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-linode-node + namespace: kube-system +spec: + selector: + matchLabels: + app: csi-linode-node + template: + metadata: + labels: + app: csi-linode-node + role: csi-linode + spec: + serviceAccount: csi-node-sa + initContainers: + - name: init + image: bitnami/kubectl:1.16.3-debian-10-r36 + command: + - /scripts/get-linode-id.sh + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: linode-info + mountPath: /linode-info + - name: get-linode-id + mountPath: /scripts + hostNetwork: true + containers: + - name: driver-registrar + image: quay.io/k8scsi/driver-registrar:v1.0-canary + args: + - "--v=2" + - "--csi-address=$(ADDRESS)" + - "--mode=node-register" + - "--driver-requires-attachment=true" + - "--pod-info-mount-version=\"v1\"" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/linodebs.csi.linode.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration/ + - name: csi-linode-plugin + image: linode/linode-blockstorage-csi-driver:v0.1.4 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(LINODE_TOKEN)" + - "--url=$(LINODE_API_URL)" + - "--node=$(NODE_NAME)" + - "--v=2" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: LINODE_API_URL + value: https://api.linode.com/v4 + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: LINODE_TOKEN + valueFrom: + secretKeyRef: + name: linode + key: token + imagePullPolicy: "Always" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: linode-info + mountPath: /linode-info + - name: get-linode-id + mountPath: /scripts + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - mountPath: /dev + name: device-dir + volumes: + - name: linode-info + emptyDir: {} + - name: get-linode-id + configMap: + name: get-linode-id + defaultMode: 493 + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/linodebs.csi.linode.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev + # The following mounts are required to trigger host udevadm from container + - name: udev-rules-etc + hostPath: + path: /etc/udev + type: Directory + - name: udev-rules-lib + hostPath: + path: /lib/udev + type: Directory + - name: udev-socket + hostPath: + path: /run/udev + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory diff --git a/files/linode/csi-node-sa-ServiceAccount.yaml b/files/linode/csi-node-sa-ServiceAccount.yaml new file mode 100644 index 0000000..c04a804 --- /dev/null +++ b/files/linode/csi-node-sa-ServiceAccount.yaml @@ -0,0 +1,7 @@ +# pkg/linode-bs/deploy/kubernetes/03-accounts-roles-bindings.yaml +##### Node Service Account, Roles, RoleBindings +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-node-sa + namespace: kube-system diff --git a/files/linode/csidrivers.csi.storage.k8s.io-CustomResourceDefinition.yaml b/files/linode/csidrivers.csi.storage.k8s.io-CustomResourceDefinition.yaml new file mode 100644 index 0000000..6d4456d --- /dev/null +++ b/files/linode/csidrivers.csi.storage.k8s.io-CustomResourceDefinition.yaml @@ -0,0 +1,31 @@ +# pkg/linode-bs/deploy/kubernetes/02-csi-driver.yaml +# Requires CSIDriverRegistry feature gate (alpha in 1.12) +# xref: https://raw.githubusercontent.com/kubernetes/csi-api/master/pkg/crd/manifests/csinodeinfo.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: csidrivers.csi.storage.k8s.io + labels: + addonmanager.kubernetes.io/mode: Reconcile +spec: + version: v1alpha1 + group: csi.storage.k8s.io + names: + kind: CSIDriver + plural: csidrivers + scope: Cluster + validation: + openAPIV3Schema: + properties: + spec: + description: Specification of the CSI Driver. + properties: + attachRequired: + description: Indicates this CSI volume driver requires an attach operation, + and that Kubernetes should call attach and wait for any attach operation + to complete before proceeding to mount. + type: boolean + podInfoOnMountVersion: + description: Indicates this CSI volume driver requires additional pod + information (like podName, podUID, etc.) during mount operations. + type: string diff --git a/files/linode/csinodeinfos.csi.storage.k8s.io-CustomResourceDefinition.yaml b/files/linode/csinodeinfos.csi.storage.k8s.io-CustomResourceDefinition.yaml new file mode 100644 index 0000000..0e0488f --- /dev/null +++ b/files/linode/csinodeinfos.csi.storage.k8s.io-CustomResourceDefinition.yaml @@ -0,0 +1,57 @@ +# pkg/linode-bs/deploy/kubernetes/01-csi-nodeinfo.yaml +# Requires CSINodeInfo feature gate (alpha in 1.12) +# xref: https://raw.githubusercontent.com/kubernetes/csi-api/master/pkg/crd/manifests/csidriver.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: csinodeinfos.csi.storage.k8s.io + labels: + addonmanager.kubernetes.io/mode: Reconcile +spec: + group: csi.storage.k8s.io + version: v1alpha1 + names: + kind: CSINodeInfo + plural: csinodeinfos + scope: Cluster + validation: + openAPIV3Schema: + properties: + spec: + description: Specification of CSINodeInfo + properties: + drivers: + description: List of CSI drivers running on the node and their specs. + type: array + items: + properties: + name: + description: The CSI driver that this object refers to. + type: string + nodeID: + description: The node from the driver point of view. + type: string + topologyKeys: + description: List of keys supported by the driver. + items: + type: string + type: array + status: + description: Status of CSINodeInfo + properties: + drivers: + description: List of CSI drivers running on the node and their statuses. + type: array + items: + properties: + name: + description: The CSI driver that this object refers to. + type: string + available: + description: Whether the CSI driver is installed. + type: boolean + volumePluginMechanism: + description: Indicates to external components the required mechanism + to use for any in-tree plugins replaced by this driver. + pattern: in-tree|csi + type: string diff --git a/files/linode/driver-registrar-binding-ClusterRoleBinding.yaml b/files/linode/driver-registrar-binding-ClusterRoleBinding.yaml new file mode 100644 index 0000000..b1a11d0 --- /dev/null +++ b/files/linode/driver-registrar-binding-ClusterRoleBinding.yaml @@ -0,0 +1,13 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: driver-registrar-binding + namespace: kube-system +subjects: + - kind: ServiceAccount + name: csi-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: driver-registrar-role + apiGroup: rbac.authorization.k8s.io diff --git a/files/linode/driver-registrar-role-ClusterRole.yaml b/files/linode/driver-registrar-role-ClusterRole.yaml new file mode 100644 index 0000000..669966d --- /dev/null +++ b/files/linode/driver-registrar-role-ClusterRole.yaml @@ -0,0 +1,12 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: driver-registrar-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] diff --git a/files/linode/external-attacher-role-ClusterRole.yaml b/files/linode/external-attacher-role-ClusterRole.yaml new file mode 100644 index 0000000..640b508 --- /dev/null +++ b/files/linode/external-attacher-role-ClusterRole.yaml @@ -0,0 +1,19 @@ +# xref: https://github.com/kubernetes-csi/external-attacher/blob/master/deploy/kubernetes/rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-attacher-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] diff --git a/files/linode/external-provisioner-role-ClusterRole.yaml b/files/linode/external-provisioner-role-ClusterRole.yaml new file mode 100644 index 0000000..74a5e87 --- /dev/null +++ b/files/linode/external-provisioner-role-ClusterRole.yaml @@ -0,0 +1,28 @@ +# xref: https://github.com/kubernetes-csi/external-provisioner/blob/master/deploy/kubernetes/rbac.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-provisioner-role + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] diff --git a/files/linode/external-snapshotter-role-ClusterRole.yaml b/files/linode/external-snapshotter-role-ClusterRole.yaml new file mode 100644 index 0000000..397b3a0 --- /dev/null +++ b/files/linode/external-snapshotter-role-ClusterRole.yaml @@ -0,0 +1,28 @@ +# xref: https://github.com/kubernetes-csi/external-snapshotter/blob/master/deploy/kubernetes/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: external-snapshotter-role + namespace: kube-system +rules: +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] +- apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["watch", "get", "list"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["create"] diff --git a/files/linode/get-linode-id-ConfigMap.yaml b/files/linode/get-linode-id-ConfigMap.yaml new file mode 100644 index 0000000..3663faa --- /dev/null +++ b/files/linode/get-linode-id-ConfigMap.yaml @@ -0,0 +1,20 @@ +# pkg/linode-bs/deploy/kubernetes/08-cm-get-linode-id.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: get-linode-id + namespace: kube-system + labels: + app: csi-linode +data: + get-linode-id.sh: |- + #!/bin/bash -efu + id="$(kubectl get node/"${NODE_NAME}" -o jsonpath='{.spec.providerID}')" + if [[ ! -z "${id}" ]]; then + echo "${id}" + echo -n "${id:9}" > /linode-info/linode-id + exit 0 + fi + echo "Provider ID not found" + # Exit here so that we wait for the CCM to initialize the provider ID + exit 1 diff --git a/files/linode/linode-block-storage-StorageClass.yaml b/files/linode/linode-block-storage-StorageClass.yaml new file mode 100644 index 0000000..51f100d --- /dev/null +++ b/files/linode/linode-block-storage-StorageClass.yaml @@ -0,0 +1,7 @@ +# pkg/linode-bs/deploy/kubernetes/05-csi-storageclass.yaml +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: linode-block-storage + namespace: kube-system +provisioner: linodebs.csi.linode.com diff --git a/files/linode/linode-block-storage-retain-StorageClass.yaml b/files/linode/linode-block-storage-retain-StorageClass.yaml new file mode 100644 index 0000000..623dc84 --- /dev/null +++ b/files/linode/linode-block-storage-retain-StorageClass.yaml @@ -0,0 +1,7 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: linode-block-storage-retain + namespace: kube-system +provisioner: linodebs.csi.linode.com +reclaimPolicy: Retain diff --git a/files/linode/linodebs.csi.linode.com-CSIDriver.yaml b/files/linode/linodebs.csi.linode.com-CSIDriver.yaml new file mode 100644 index 0000000..ad5217a --- /dev/null +++ b/files/linode/linodebs.csi.linode.com-CSIDriver.yaml @@ -0,0 +1,8 @@ +# pkg/linode-bs/deploy/kubernetes/04-csi-driver-instance.yaml +apiVersion: csi.storage.k8s.io/v1alpha1 +kind: CSIDriver +metadata: + name: linodebs.csi.linode.com +spec: + attachRequired: true + podInfoOnMountVersion: "v1" diff --git a/tasks/linode.yml b/tasks/linode.yml new file mode 100644 index 0000000..4654366 --- /dev/null +++ b/tasks/linode.yml @@ -0,0 +1,54 @@ +--- +# https://github.com/linode/linode-blockstorage-csi-driver + - name: Defined linode-storage state to present + set_fact: + storage_linode_state: present + when: + - storage_linode|bool + + - name: find state of linode-storage + set_fact: + storage_linode_state: absent + when: + - not storage_linode|bool + + - name: Add secret for Linode Access Key + k8s: + state: "{{ storage_linode_state }}" + context: "{{ my_context }}" + definition: + apiVersion: v1 + kind: Secret + metadata: + name: linode + namespace: kube-system + type: Opaque + stringData: + token: "{{ LINODE_TOKEN }}" + region: "{{ LINODE_REGION }}" + + - name: linode-storage need to be {{ storage_linode_state }} + k8s: + state: "{{ storage_linode_state }}" + context: "{{ my_context }}" + merge_type: merge + resource_definition: "{{ lookup('file', item) | from_yaml }}" + with_items: + - "linode/csinodeinfos.csi.storage.k8s.io-CustomResourceDefinition.yaml" + - "linode/csidrivers.csi.storage.k8s.io-CustomResourceDefinition.yaml" + - "linode/csi-node-sa-ServiceAccount.yaml" + - "linode/driver-registrar-role-ClusterRole.yaml" + - "linode/driver-registrar-binding-ClusterRoleBinding.yaml" + - "linode/csi-controller-sa-ServiceAccount.yaml" + - "linode/external-provisioner-role-ClusterRole.yaml" + - "linode/csi-controller-provisioner-binding-ClusterRoleBinding.yaml" + - "linode/external-attacher-role-ClusterRole.yaml" + - "linode/csi-controller-attacher-binding-ClusterRoleBinding.yaml" + - "linode/external-snapshotter-role-ClusterRole.yaml" + - "linode/csi-controller-snapshotter-binding-ClusterRoleBinding.yaml" + - "linode/linodebs.csi.linode.com-CSIDriver.yaml" + - "linode/linode-block-storage-StorageClass.yaml" + - "linode/linode-block-storage-retain-StorageClass.yaml" + - "linode/csi-linode-controller-StatefulSet.yaml" + - "linode/csi-linode-node-DaemonSet.yaml" + - "linode/get-linode-id-ConfigMap.yaml" diff --git a/tasks/main.yml b/tasks/main.yml index 606cf9f..7b4d3ad 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,6 +1,7 @@ - name: Local Path setup block: - include_tasks: "local.yml" + - include_tasks: "linode.yml" - name: Select the default StorageClass k8s: