diff --git a/README.md b/README.md index d987f1f..75c46e8 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,7 @@ Predominantly 3 things are needed: from `nfs-client-provisioner` to `democratic-csi`) - https://gist.github.com/deefdragon/d58a4210622ff64088bd62a5d8a4e8cc (migrating between storage classes using `velero`) +- https://github.com/fenio/k8s-truenas (NFS/iSCSI over API with TrueNAS Scale) ## Node Prep @@ -186,7 +187,7 @@ node: and continue your democratic installation as usuall with other iscsi drivers. -#### Privilged Namespace +#### Privileged Namespace democratic-csi requires privileged access to the nodes, so the namespace should allow for privileged pods. One way of doing it is via [namespace labels](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/). Add the followin label to the democratic-csi installation namespace `pod-security.kubernetes.io/enforce=privileged` ``` diff --git a/docs/Nomad/examples/democratic-csi-iscsi-node.hcl b/docs/Nomad/examples/democratic-csi-iscsi-node.hcl index c5817c5..4bf753c 100644 --- a/docs/Nomad/examples/democratic-csi-iscsi-node.hcl +++ b/docs/Nomad/examples/democratic-csi-iscsi-node.hcl @@ -11,6 +11,10 @@ job "democratic-csi-iscsi-node" { env { CSI_NODE_ID = "${attr.unique.hostname}" + + # if you run into a scenario where your iscsi volumes are zeroed each time they are mounted, + # you can configure the fs detection system used with the following envvar: + #FILESYSTEM_TYPE_DETECTION_STRATEGY = "blkid" } config { @@ -38,6 +42,15 @@ job "democratic-csi-iscsi-node" { source = "/" readonly=false } + + # if you run into a scenario where your iscsi volumes are zeroed each time they are mounted, + # you can try uncommenting the following additional mount block: + #mount { + # type = "bind" + # target = "/run/udev" + # source = "/run/udev" + # readonly = true + #} } template { diff --git a/examples/freenas-api-iscsi.yaml b/examples/freenas-api-iscsi.yaml index 210cfed..5871bcf 100644 --- a/examples/freenas-api-iscsi.yaml +++ b/examples/freenas-api-iscsi.yaml @@ -42,6 +42,7 @@ zfs: datasetParentName: tank/k8s/b/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tanks/k8s/b/snaps # "" (inherit), lz4, gzip-9, etc zvolCompression: diff --git a/examples/freenas-api-nfs.yaml b/examples/freenas-api-nfs.yaml index 97b8a53..1ec960e 100644 --- a/examples/freenas-api-nfs.yaml +++ b/examples/freenas-api-nfs.yaml @@ -37,6 +37,7 @@ zfs: datasetParentName: tank/k8s/a/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tank/k8s/a/snaps datasetEnableQuotas: true datasetEnableReservation: false diff --git a/examples/freenas-api-smb.yaml b/examples/freenas-api-smb.yaml index a8e0a84..9d13cef 100644 --- a/examples/freenas-api-smb.yaml +++ b/examples/freenas-api-smb.yaml @@ -42,6 +42,7 @@ zfs: datasetParentName: tank/k8s/a/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tank/k8s/a/snaps datasetEnableQuotas: true datasetEnableReservation: false diff --git a/examples/freenas-iscsi.yaml b/examples/freenas-iscsi.yaml index 0370d9f..a2de43f 100644 --- a/examples/freenas-iscsi.yaml +++ b/examples/freenas-iscsi.yaml @@ -51,6 +51,7 @@ zfs: datasetParentName: tank/k8s/b/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tanks/k8s/b/snaps # "" (inherit), lz4, gzip-9, etc zvolCompression: diff --git a/examples/freenas-nfs.yaml b/examples/freenas-nfs.yaml index 352c85c..3ed9ec4 100644 --- a/examples/freenas-nfs.yaml +++ b/examples/freenas-nfs.yaml @@ -47,6 +47,7 @@ zfs: datasetParentName: tank/k8s/a/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tank/k8s/a/snaps datasetEnableQuotas: true datasetEnableReservation: false diff --git a/examples/freenas-smb.yaml b/examples/freenas-smb.yaml index 8a2ed4d..8124e17 100644 --- a/examples/freenas-smb.yaml +++ b/examples/freenas-smb.yaml @@ -53,6 +53,7 @@ zfs: datasetParentName: tank/k8s/a/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tank/k8s/a/snaps datasetEnableQuotas: true datasetEnableReservation: false diff --git a/examples/node-manual-iscsi-pv.yaml b/examples/node-manual-iscsi-pv.yaml index a62cf63..8e94871 100644 --- a/examples/node-manual-iscsi-pv.yaml +++ b/examples/node-manual-iscsi-pv.yaml @@ -9,21 +9,6 @@ spec: accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain - # can be used to handle CHAP - # in the secret create the following keys: - # - # # any arbitrary iscsiadm entries can be add by creating keys starting with node-db. - # # if doing CHAP - # node-db.node.session.auth.authmethod: CHAP - # node-db.node.session.auth.username: foo - # node-db.node.session.auth.password: bar - # - # # if doing mutual CHAP - # node-db.node.session.auth.username_in: baz - # node-db.node.session.auth.password_in: bar - #nodeStageSecretRef: - # name: some name - # namespace: some namespace mountOptions: [] csi: driver: org.democratic-csi.node-manual @@ -31,6 +16,21 @@ spec: # can be ext4 or xfs fsType: ext4 volumeHandle: unique-volumeid # make sure it's a unique id in the cluster + # can be used to handle CHAP + # in the secret create the following keys: + # + # # any arbitrary iscsiadm entries can be add by creating keys starting with node-db. + # # if doing CHAP + # node-db.node.session.auth.authmethod: CHAP + # node-db.node.session.auth.username: foo + # node-db.node.session.auth.password: bar + # + # # if doing mutual CHAP + # node-db.node.session.auth.username_in: baz + # node-db.node.session.auth.password_in: bar + #nodeStageSecretRef: + # name: some name + # namespace: some namespace volumeAttributes: portal: #portals: ,,... diff --git a/examples/node-manual-smb-pv.yaml b/examples/node-manual-smb-pv.yaml index 82ef834..1a44ec0 100644 --- a/examples/node-manual-smb-pv.yaml +++ b/examples/node-manual-smb-pv.yaml @@ -9,9 +9,6 @@ spec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain - #nodeStageSecretRef: - # name: some name - # namespace: some namespace mountOptions: # creds can be entered into the node-stage-secret in the `mount_flags` key # the value should be: username=foo,password=bar @@ -22,6 +19,9 @@ spec: readOnly: false fsType: cifs volumeHandle: unique-volumeid # make sure it's a unique id in the cluster + #nodeStageSecretRef: + # name: some name + # namespace: some namespace volumeAttributes: server: host or ip share: someshare diff --git a/examples/zfs-generic-iscsi.yaml b/examples/zfs-generic-iscsi.yaml index b4f6aee..2aaf5d0 100644 --- a/examples/zfs-generic-iscsi.yaml +++ b/examples/zfs-generic-iscsi.yaml @@ -31,6 +31,7 @@ zfs: datasetParentName: tank/k8s/test # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots # "" (inherit), lz4, gzip-9, etc diff --git a/examples/zfs-generic-nfs.yaml b/examples/zfs-generic-nfs.yaml index e068c29..7b6a2d2 100644 --- a/examples/zfs-generic-nfs.yaml +++ b/examples/zfs-generic-nfs.yaml @@ -31,6 +31,7 @@ zfs: datasetParentName: tank/k8s/test # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots datasetEnableQuotas: true diff --git a/examples/zfs-generic-smb.yaml b/examples/zfs-generic-smb.yaml index db60cf3..cbc8f8f 100644 --- a/examples/zfs-generic-smb.yaml +++ b/examples/zfs-generic-smb.yaml @@ -32,6 +32,7 @@ zfs: datasetParentName: tank/k8s/test # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots datasetEnableQuotas: true