# This manifest is autogenerated via `make manifests` command # Do the modification to the device-driver.yaml in directory deploy/yamls/ # and then run `make manifests` command # This manifest deploys the OpenEBS Device control plane components, # with associated CRs & RBAC rules. # Create the OpenEBS namespace # This is the default namespace where the Device driver will create all # its resources. If we want to change it to use a different namespace # modify this to create the new namespace and also modify the DEVICE_DRIVER_NAMESPACE # env for the Device Driver's controller and agent deployments. # please note that this should be changed while initial setup, once Device Driver # is deployed with a namespace, we should never modify it as old resources will # not be available under the new namespace and Device Driver looks for all the resources # in the DEVICE_DRIVER_NAMESPACE namespace passed as an env. apiVersion: v1 kind: Namespace metadata: name: openebs ############################################## ########### ############ ########### DeviceVolume CRD ############ ########### ############ ############################################## # DeviceVolume CRD is autogenerated via `make manifests` command. # Do the modification in the code and run the `make manifests` command # to generate the CRD definition --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null name: devicevolumes.local.openebs.io spec: group: local.openebs.io names: kind: DeviceVolume listKind: DeviceVolumeList plural: devicevolumes shortNames: - devicevol singular: devicevolume scope: Namespaced versions: - additionalPrinterColumns: - description: Node where the volume is created jsonPath: .spec.ownerNodeID name: Node type: string - description: Size of the volume jsonPath: .spec.capacity name: Size type: string - description: Status of the volume jsonPath: .status.state name: Status type: string - description: Age of the volume jsonPath: .metadata.creationTimestamp name: Age type: date name: v1alpha1 schema: openAPIV3Schema: description: DeviceVolume represents a Device based volume properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: VolumeInfo defines Device info properties: capacity: description: Capacity of the volume minLength: 1 type: string devname: description: device name this is the name that will be stored on the meta partition on the disk minLength: 1 type: string ownerNodeID: description: OwnerNodeID is the Node ID where the ZPOOL is running which is where the volume has been provisioned. OwnerNodeID can not be edited after the volume has been provisioned. minLength: 1 type: string required: - capacity - devname - ownerNodeID type: object status: description: VolStatus string that specifies the current state of the volume provisioning request. properties: error: description: Error denotes the error occurred during provisioning a volume. Error field should only be set when State becomes Failed. properties: code: description: VolumeErrorCode represents the error code to represent specific class of errors. type: string message: type: string type: object state: description: State specifies the current state of the volume provisioning request. The state "Pending" means that the volume creation request has not processed yet. The state "Ready" means that the volume has been created and it is ready for the use. enum: - Pending - Ready - Failed type: string type: object required: - spec type: object served: true storage: true subresources: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] ############################################## ########### ############ ########### DeviceNode CRD ############ ########### ############ ############################################## # DeviceVolume CRD is autogenerated via `make manifests` command. # Do the modification in the code and run the `make manifests` command # to generate the CRD definition --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.0 creationTimestamp: null name: devicenodes.local.openebs.io spec: group: local.openebs.io names: kind: DeviceNode listKind: DeviceNodeList plural: devicenodes singular: devicenode scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: DeviceNode records information about all devices available in a node. In general, the openebs node-agent creates the DeviceNode object & periodically synchronizing the devices available in the node. DeviceNode has an owner reference pointing to the corresponding node object. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string devices: items: description: Device specifies attributes of a given device that exists on node. properties: free: anyOf: - type: integer - type: string description: Free specifies the available capacity of the device. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true name: description: Name of the device(from the meta partition) minLength: 1 type: string size: anyOf: - type: integer - type: string description: Size specifies the total size of the device. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true uuid: description: UUID denotes a unique identity of a device. minLength: 1 type: string required: - free - name - size - uuid type: object type: array kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object required: - devices type: object served: true storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: v1 kind: Service metadata: name: openebs-device-node-service namespace: kube-system labels: name: openebs-device-node spec: clusterIP: None ports: - name: metrics port: 9501 targetPort: 9501 selector: app: openebs-device-node --- # Create the CSI Driver object apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: device.csi.openebs.io spec: # do not require volumeattachment attachRequired: false podInfoOnMount: true storageCapacity: true --- ############################################## ########### ############ ########### Controller plugin ############ ########### ############ ############################################## kind: ServiceAccount apiVersion: v1 metadata: name: openebs-device-controller-sa namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: openebs-device-provisioner-role rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["namespaces"] verbs: ["*"] - apiGroups: [""] resources: ["persistentvolumes", "services"] verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: [""] resources: ["persistentvolumeclaims/status"] verbs: ["update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses", "csinodes"] verbs: ["get", "list", "watch"] - apiGroups: [ "storage.k8s.io" ] resources: [ "csistoragecapacities"] verbs: ["*"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["*"] resources: ["devicevolumes", "devicenodes"] verbs: ["*"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: openebs-device-provisioner-binding subjects: - kind: ServiceAccount name: openebs-device-controller-sa namespace: kube-system roleRef: kind: ClusterRole name: openebs-device-provisioner-role apiGroup: rbac.authorization.k8s.io --- kind: StatefulSet apiVersion: apps/v1 metadata: name: openebs-device-controller namespace: kube-system labels: openebs.io/component-name: openebs-device-controller openebs.io/version: ci spec: selector: matchLabels: app: openebs-device-controller role: openebs-device serviceName: "openebs-device" replicas: 1 template: metadata: labels: app: openebs-device-controller role: openebs-device openebs.io/component-name: openebs-device-controller openebs.io/version: ci spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app operator: In values: - openebs-device-controller topologyKey: "kubernetes.io/hostname" priorityClassName: system-cluster-critical serviceAccountName: openebs-device-controller-sa containers: - name: csi-provisioner image: registry.k8s.io/sig-storage/csi-provisioner:v3.5.0 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" - "--v=5" - "--feature-gates=Topology=true" - "--strict-topology" - "--leader-election" - "--enable-capacity=true" - "--extra-create-metadata=true" env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: openebs-device-plugin image: openebs/device-driver:ci imagePullPolicy: IfNotPresent env: - name: OPENEBS_CONTROLLER_DRIVER value: controller - name: OPENEBS_CSI_ENDPOINT value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock - name: DEVICE_DRIVER_NAMESPACE value: openebs - name: OPENEBS_IO_INSTALLER_TYPE value: "device-operator" - name: OPENEBS_IO_ENABLE_ANALYTICS value: "true" args : - "--endpoint=$(OPENEBS_CSI_ENDPOINT)" - "--plugin=$(OPENEBS_CONTROLLER_DRIVER)" volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ volumes: - name: socket-dir emptyDir: {} --- ######################################## ########### ############ ########### Node plugin ############ ########### ############ ######################################## apiVersion: v1 kind: ServiceAccount metadata: name: openebs-device-node-sa namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: openebs-device-driver-registrar-role rules: - apiGroups: [""] resources: ["events"] verbs: ["get", "list", "watch", "create", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumes", "nodes", "services"] verbs: ["get", "list"] - apiGroups: ["*"] resources: ["devicevolumes", "devicenodes"] verbs: ["get", "list", "watch", "create", "update", "patch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: openebs-device-driver-registrar-binding subjects: - kind: ServiceAccount name: openebs-device-node-sa namespace: kube-system roleRef: kind: ClusterRole name: openebs-device-driver-registrar-role apiGroup: rbac.authorization.k8s.io --- kind: DaemonSet apiVersion: apps/v1 metadata: name: openebs-device-node namespace: kube-system labels: openebs.io/component-name: openebs-device-node openebs.io/version: ci spec: selector: matchLabels: app: openebs-device-node updateStrategy: rollingUpdate: maxUnavailable: 100% type: RollingUpdate template: metadata: labels: app: openebs-device-node role: openebs-device openebs.io/component-name: openebs-device-node openebs.io/version: ci spec: priorityClassName: system-node-critical serviceAccountName: openebs-device-node-sa hostNetwork: true containers: - name: csi-node-driver-registrar image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0 imagePullPolicy: IfNotPresent args: - "--v=5" - "--csi-address=$(ADDRESS)" - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" lifecycle: preStop: exec: command: ["/bin/sh", "-c", "rm -rf /registration/device-localpv /registration/device-localpv-reg.sock"] env: - name: ADDRESS value: /plugin/csi.sock - name: DRIVER_REG_SOCK_PATH value: /var/lib/kubelet/plugins/device-localpv/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: NODE_DRIVER value: openebs-device volumeMounts: - name: plugin-dir mountPath: /plugin - name: registration-dir mountPath: /registration - name: openebs-device-plugin securityContext: privileged: true allowPrivilegeEscalation: true image: openebs/device-driver:ci imagePullPolicy: IfNotPresent args: - "--nodeid=$(OPENEBS_NODE_ID)" - "--endpoint=$(OPENEBS_CSI_ENDPOINT)" - "--plugin=$(OPENEBS_NODE_DRIVER)" - "--listen-address=$(METRICS_LISTEN_ADDRESS)" env: - name: OPENEBS_NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: OPENEBS_CSI_ENDPOINT value: unix:///plugin/csi.sock - name: OPENEBS_NODE_DRIVER value: agent - name: DEVICE_DRIVER_NAMESPACE value: openebs - name: METRICS_LISTEN_ADDRESS value: :9501 volumeMounts: - name: plugin-dir mountPath: /plugin - name: device-dir mountPath: /dev - name: pods-mount-dir mountPath: /var/lib/kubelet/ # needed so that any mounts setup inside this container are # propagated back to the host machine. mountPropagation: "Bidirectional" volumes: - name: device-dir hostPath: path: /dev type: Directory - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry/ type: DirectoryOrCreate - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins/device-localpv/ type: DirectoryOrCreate - name: pods-mount-dir hostPath: path: /var/lib/kubelet/ type: Directory