Skip to content

add manifests for the aws-fsx-csi-driver #8823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: dev
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
112 changes: 112 additions & 0 deletions cluster/manifests/aws-fsx-csi-driver/controller-deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
# Source: aws-fsx-csi-driver/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: fsx-csi-controller
namespace: kube-system
labels:
application: kubernetes
component: aws-fsx-csi-driver
spec:
replicas: 2
selector:
matchLabels:
deployment: fsx-csi-controller
template:
metadata:
labels:
deployment: fsx-csi-controller
application: kubernetes
component: aws-fsx-csi-driver
spec:
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: fsx-csi-controller-sa
priorityClassName: system-cluster-critical
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
tolerationSeconds: 300
containers:
- name: fsx-plugin
image: container-registry.zalando.net/teapot/aws-fsx-csi-driver:v1.3.0-master-25
imagePullPolicy: IfNotPresent
args:
- --mode=controller
- --endpoint=$(CSI_ENDPOINT)
- --logging-format=text
- --v=2
env:
- name: CSI_ENDPOINT
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
- name: CSI_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: aws-secret
key: key_id
optional: true
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: aws-secret
key: access_key
optional: true
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
ports:
- name: healthz
containerPort: 9910
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 2
failureThreshold: 5
- name: csi-provisioner
image: container-registry.zalando.net/teapot/external-provisioner:v5.1.0-eks-1-31-10-master-24
args:
- --csi-address=$(ADDRESS)
- --v=2
- --timeout=5m
- --extra-create-metadata
- --leader-election=true
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: csi-resizer
image: container-registry.zalando.net/teapot/external-resizer:v1.12.0-eks-1-31-10-master-24
args:
- --csi-address=$(ADDRESS)
- --v=2
- --leader-election=true
- --timeout=5m
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: liveness-probe
image: container-registry.zalando.net/teapot/livenessprobe:v2.14.0-eks-1-31-10-master-24
args:
- --csi-address=/csi/csi.sock
- --health-port=9910
volumeMounts:
- name: socket-dir
mountPath: /csi
volumes:
- name: socket-dir
emptyDir: {}
8 changes: 8 additions & 0 deletions cluster/manifests/aws-fsx-csi-driver/csi-driver.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Source: aws-fsx-csi-driver/templates/csidriver.yaml
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: fsx.csi.aws.com
spec:
attachRequired: false
fsGroupPolicy: ReadWriteOnceWithFSType
117 changes: 117 additions & 0 deletions cluster/manifests/aws-fsx-csi-driver/daemonset.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,117 @@
# Source: aws-fsx-csi-driver/templates/node-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fsx-csi-node
namespace: kube-system
labels:
application: kubernetes
component: aws-fsx-csi-driver
spec:
selector:
matchLabels:
daemonset: fsx-csi-node
application: kubernetes
component: aws-fsx-csi-driver
template:
metadata:
labels:
daemonset: fsx-csi-node
application: kubernetes
component: aws-fsx-csi-driver
spec:
nodeSelector:
kubernetes.io/os: linux
dnsPolicy: ClusterFirst
serviceAccountName: fsx-csi-node-sa
priorityClassName: system-node-critical
tolerations:
- operator: Exists
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: eks.amazonaws.com/compute-type
operator: NotIn
values:
- fargate
containers:
- name: fsx-plugin
securityContext:
privileged: true
image: container-registry.zalando.net/teapot/aws-fsx-csi-driver:v1.3.0-master-25
imagePullPolicy: IfNotPresent
args:
- --mode=node
- --endpoint=$(CSI_ENDPOINT)
- --logging-format=text
- --v=2
env:
- name: CSI_ENDPOINT
value: unix:/csi/csi.sock
- name: CSI_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: kubelet-dir
mountPath: /var/lib/kubelet
mountPropagation: "Bidirectional"
- name: plugin-dir
mountPath: /csi
ports:
- name: healthz
containerPort: 9810
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 2
failureThreshold: 5
- name: node-driver-registrar
image: container-registry.zalando.net/teapot/node-driver-registrar:v2.12.0-eks-1-31-10-master-24
imagePullPolicy: IfNotPresent
args:
- --csi-address=$(ADDRESS)
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --v=2
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: /var/lib/kubelet/plugins/fsx.csi.aws.com/csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
- name: liveness-probe
image: container-registry.zalando.net/teapot/livenessprobe:v2.14.0-eks-1-31-10-master-24
imagePullPolicy: IfNotPresent
args:
- --csi-address=/csi/csi.sock
- --health-port=9810
volumeMounts:
- mountPath: /csi
name: plugin-dir
volumes:
- name: kubelet-dir
hostPath:
path: /opt/podruntime/kubelet
type: Directory
- name: registration-dir
hostPath:
path: /opt/podruntime/kubelet/plugins_registry/
type: Directory
- name: plugin-dir
hostPath:
path: /opt/podruntime/kubelet/plugins/fsx.csi.aws.com/
type: DirectoryOrCreate
147 changes: 147 additions & 0 deletions cluster/manifests/aws-fsx-csi-driver/rbac.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,147 @@
# Source: aws-fsx-csi-driver/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fsx-csi-controller-sa
namespace: kube-system
labels:
application: kubernetes
component: aws-fsx-csi-driver
---
# Source: aws-fsx-csi-driver/templates/node-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: fsx-csi-node-sa
namespace: kube-system
labels:
application: kubernetes
component: aws-fsx-csi-driver
---
# Source: aws-fsx-csi-driver/templates/clusterrole-csi-node.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fsx-csi-node-role
labels:
application: kubernetes
component: aws-fsx-csi-driver
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "patch"]
---
# Source: aws-fsx-csi-driver/templates/controller-serviceaccount.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fsx-csi-external-provisioner-role
labels:
application: kubernetes
component: aws-fsx-csi-driver
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
---
# Source: aws-fsx-csi-driver/templates/controller-serviceaccount.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fsx-external-resizer-role
labels:
application: kubernetes
component: aws-fsx-csi-driver
rules:
# The following rule should be uncommented for plugins that require secrets
# for provisioning.
# - apiGroups: [""]
# resources: ["secrets"]
# verbs: ["get", "list", "watch"]
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "get", "list", "watch", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims/status" ]
verbs: [ "update", "patch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch" ]
---
# Source: aws-fsx-csi-driver/templates/clusterrolebinding-csi-node.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fsx-csi-node-getter-binding
labels:
application: kubernetes
component: aws-fsx-csi-driver
subjects:
- kind: ServiceAccount
name: fsx-csi-node-sa
namespace: default
roleRef:
kind: ClusterRole
name: fsx-csi-node-role
apiGroup: rbac.authorization.k8s.io
---
# Source: aws-fsx-csi-driver/templates/controller-serviceaccount.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fsx-csi-external-provisioner-binding
labels:
application: kubernetes
component: aws-fsx-csi-driver
subjects:
- kind: ServiceAccount
name: fsx-csi-controller-sa
namespace: default
roleRef:
kind: ClusterRole
name: fsx-csi-external-provisioner-role
apiGroup: rbac.authorization.k8s.io
---
# Source: aws-fsx-csi-driver/templates/controller-serviceaccount.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: fsx-csi-resizer-binding
labels:
application: kubernetes
component: aws-fsx-csi-driver
subjects:
- kind: ServiceAccount
name: fsx-csi-controller-sa
namespace: default
roleRef:
kind: ClusterRole
name: fsx-external-resizer-role
apiGroup: rbac.authorization.k8s.io