diff --git a/deploy/cephfs/kubernetes/csi-attacher-rbac.yaml b/deploy/cephfs/kubernetes/csi-attacher-rbac.yaml index 97037313b..76aba986c 100644 --- a/deploy/cephfs/kubernetes/csi-attacher-rbac.yaml +++ b/deploy/cephfs/kubernetes/csi-attacher-rbac.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: csi-attacher + name: cephfs-csi-attacher --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: external-attacher-runner + name: cephfs-external-attacher-runner rules: - apiGroups: [""] resources: ["events"] @@ -26,12 +26,12 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-attacher-role + name: cephfs-csi-attacher-role subjects: - kind: ServiceAccount - name: csi-attacher + name: cephfs-csi-attacher namespace: default roleRef: kind: ClusterRole - name: external-attacher-runner + name: cephfs-external-attacher-runner apiGroup: rbac.authorization.k8s.io diff --git a/deploy/cephfs/kubernetes/csi-cephfsplugin-attacher.yaml b/deploy/cephfs/kubernetes/csi-cephfsplugin-attacher.yaml index 86f0b42a4..f4e88dc40 100644 --- a/deploy/cephfs/kubernetes/csi-cephfsplugin-attacher.yaml +++ b/deploy/cephfs/kubernetes/csi-cephfsplugin-attacher.yaml @@ -24,7 +24,7 @@ spec: labels: app: csi-cephfsplugin-attacher spec: - serviceAccount: csi-attacher + serviceAccount: cephfs-csi-attacher containers: - name: csi-cephfsplugin-attacher image: quay.io/k8scsi/csi-attacher:v1.0.0 diff --git a/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml b/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml index 0be20a75b..6ee94834b 100644 --- a/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml +++ b/deploy/cephfs/kubernetes/csi-cephfsplugin-provisioner.yaml @@ -24,7 +24,7 @@ spec: labels: app: csi-cephfsplugin-provisioner spec: - serviceAccount: csi-provisioner + serviceAccount: cephfs-csi-provisioner containers: - name: csi-provisioner image: quay.io/k8scsi/csi-provisioner:v1.0.0 @@ -44,7 +44,7 @@ spec: privileged: true capabilities: add: ["SYS_ADMIN"] - image: 127.0.0.1/root/cephfsplugin:v1.0.0 + image: quay.io/cephcsi/cephfsplugin:v1.0.0 args : - "--nodeid=$(NODE_ID)" - "--endpoint=$(CSI_ENDPOINT)" diff --git a/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml b/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml index 186f3d55e..ef1c18c44 100644 --- a/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml +++ b/deploy/cephfs/kubernetes/csi-cephfsplugin.yaml @@ -11,7 +11,7 @@ spec: labels: app: csi-cephfsplugin spec: - serviceAccount: csi-nodeplugin + serviceAccount: cephfs-csi-nodeplugin hostNetwork: true # to use e.g. Rook orchestrated cluster, and mons' FQDN is # resolved through k8s service, set dns policy to cluster first diff --git a/deploy/cephfs/kubernetes/csi-nodeplugin-rbac.yaml b/deploy/cephfs/kubernetes/csi-nodeplugin-rbac.yaml index e6cdec0f8..b5773e8f6 100644 --- a/deploy/cephfs/kubernetes/csi-nodeplugin-rbac.yaml +++ b/deploy/cephfs/kubernetes/csi-nodeplugin-rbac.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: csi-nodeplugin + name: cephfs-csi-nodeplugin --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-nodeplugin + name: cephfs-csi-nodeplugin rules: - apiGroups: [""] resources: ["nodes"] @@ -29,12 +29,12 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-nodeplugin + name: cephfs-csi-nodeplugin subjects: - kind: ServiceAccount - name: csi-nodeplugin + name: cephfs-csi-nodeplugin namespace: default roleRef: kind: ClusterRole - name: csi-nodeplugin + name: cephfs-csi-nodeplugin apiGroup: rbac.authorization.k8s.io diff --git a/deploy/cephfs/kubernetes/csi-provisioner-rbac.yaml b/deploy/cephfs/kubernetes/csi-provisioner-rbac.yaml index 6fdf42399..327ba9d5c 100644 --- a/deploy/cephfs/kubernetes/csi-provisioner-rbac.yaml +++ b/deploy/cephfs/kubernetes/csi-provisioner-rbac.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: csi-provisioner + name: cephfs-csi-provisioner --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: external-provisioner-runner + name: cephfs-external-provisioner-runner rules: - apiGroups: [""] resources: ["secrets"] @@ -32,12 +32,12 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-provisioner-role + name: cephfs-csi-provisioner-role subjects: - kind: ServiceAccount - name: csi-provisioner + name: cephfs-csi-provisioner namespace: default roleRef: kind: ClusterRole - name: external-provisioner-runner + name: cephfs-external-provisioner-runner apiGroup: rbac.authorization.k8s.io diff --git a/deploy/rbd/kubernetes/csi-attacher-rbac.yaml b/deploy/rbd/kubernetes/csi-attacher-rbac.yaml index 97037313b..731f02e4e 100644 --- a/deploy/rbd/kubernetes/csi-attacher-rbac.yaml +++ b/deploy/rbd/kubernetes/csi-attacher-rbac.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: csi-attacher + name: rbd-csi-attacher --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: external-attacher-runner + name: rbd-external-attacher-runner rules: - apiGroups: [""] resources: ["events"] @@ -26,12 +26,12 @@ rules: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-attacher-role + name: rbd-csi-attacher-role subjects: - kind: ServiceAccount - name: csi-attacher + name: rbd-csi-attacher namespace: default roleRef: kind: ClusterRole - name: external-attacher-runner + name: rbd-external-attacher-runner apiGroup: rbac.authorization.k8s.io diff --git a/deploy/rbd/kubernetes/csi-nodeplugin-rbac.yaml b/deploy/rbd/kubernetes/csi-nodeplugin-rbac.yaml index 29be8e737..795683ef0 100644 --- a/deploy/rbd/kubernetes/csi-nodeplugin-rbac.yaml +++ b/deploy/rbd/kubernetes/csi-nodeplugin-rbac.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: csi-nodeplugin + name: rbd-csi-nodeplugin --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-nodeplugin + name: rbd-csi-nodeplugin rules: - apiGroups: [""] resources: ["nodes"] @@ -23,18 +23,18 @@ rules: verbs: ["get", "list", "watch", "update"] - apiGroups: [""] resources: ["configmaps"] - verbs: ["get", "list", "create", "delete"] + verbs: ["get", "list"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-nodeplugin + name: rbd-csi-nodeplugin subjects: - kind: ServiceAccount - name: csi-nodeplugin + name: rbd-csi-nodeplugin namespace: default roleRef: kind: ClusterRole - name: csi-nodeplugin + name: rbd-csi-nodeplugin apiGroup: rbac.authorization.k8s.io diff --git a/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml b/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml index 4eb2510cf..6913e08c4 100644 --- a/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml +++ b/deploy/rbd/kubernetes/csi-provisioner-rbac.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: csi-provisioner + name: rbd-csi-provisioner --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: external-provisioner-runner + name: rbd-external-provisioner-runner rules: - apiGroups: [""] resources: ["secrets"] @@ -27,17 +27,20 @@ rules: - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "create", "update"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "create", "delete"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: csi-provisioner-role + name: rbd-csi-provisioner-role subjects: - kind: ServiceAccount - name: csi-provisioner + name: rbd-csi-provisioner namespace: default roleRef: kind: ClusterRole - name: external-provisioner-runner + name: rbd-external-provisioner-runner apiGroup: rbac.authorization.k8s.io diff --git a/deploy/rbd/kubernetes/csi-rbdplugin-attacher.yaml b/deploy/rbd/kubernetes/csi-rbdplugin-attacher.yaml index 19e9ee17b..f14172831 100644 --- a/deploy/rbd/kubernetes/csi-rbdplugin-attacher.yaml +++ b/deploy/rbd/kubernetes/csi-rbdplugin-attacher.yaml @@ -24,7 +24,7 @@ spec: labels: app: csi-rbdplugin-attacher spec: - serviceAccount: csi-attacher + serviceAccount: rbd-csi-attacher containers: - name: csi-rbdplugin-attacher image: quay.io/k8scsi/csi-attacher:v1.0.0 diff --git a/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml index 90d5c410b..223419f54 100644 --- a/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml +++ b/deploy/rbd/kubernetes/csi-rbdplugin-provisioner.yaml @@ -24,7 +24,7 @@ spec: labels: app: csi-rbdplugin-provisioner spec: - serviceAccount: csi-provisioner + serviceAccount: rbd-csi-provisioner containers: - name: csi-provisioner image: quay.io/k8scsi/csi-provisioner:canary @@ -33,12 +33,63 @@ spec: - "--v=5" env: - name: ADDRESS - value: /var/lib/kubelet/plugins/csi-rbdplugin/csi.sock + value: /var/lib/kubelet/plugins/csi-rbdplugin/csi-provisioner.sock imagePullPolicy: "IfNotPresent" volumeMounts: - name: socket-dir mountPath: /var/lib/kubelet/plugins/csi-rbdplugin + - name: csi-rbdplugin + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + image: quay.io/cephcsi/rbdplugin:v1.0.0 + args : + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + - "--v=5" + - "--drivername=csi-rbdplugin" + - "--containerized=true" + - "--metadatastorage=k8s_configmap" + env: + - name: HOST_ROOTFS + value: "/rootfs" + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CSI_ENDPOINT + value: unix://var/lib/kubelet/plugins/csi-rbdplugin/csi-provisioner.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/kubelet/plugins/csi-rbdplugin + - mountPath: /dev + name: host-dev + - mountPath: /rootfs + name: host-rootfs + - mountPath: /sys + name: host-sys + - mountPath: /lib/modules + name: lib-modules + readOnly: true volumes: + - name: host-dev + hostPath: + path: /dev + - name: host-rootfs + hostPath: + path: / + - name: host-sys + hostPath: + path: /sys + - name: lib-modules + hostPath: + path: /lib/modules - name: socket-dir hostPath: path: /var/lib/kubelet/plugins/csi-rbdplugin diff --git a/deploy/rbd/kubernetes/csi-rbdplugin.yaml b/deploy/rbd/kubernetes/csi-rbdplugin.yaml index 66c8d57ee..8cf9787bb 100644 --- a/deploy/rbd/kubernetes/csi-rbdplugin.yaml +++ b/deploy/rbd/kubernetes/csi-rbdplugin.yaml @@ -11,7 +11,7 @@ spec: labels: app: csi-rbdplugin spec: - serviceAccount: csi-nodeplugin + serviceAccount: rbd-csi-nodeplugin hostNetwork: true hostPID: true # to use e.g. Rook orchestrated cluster, and mons' FQDN is