From 537497470df809b6bcd1d5ffd919676ac2b85a23 Mon Sep 17 00:00:00 2001 From: Bartosz Fenski Date: Thu, 9 Feb 2023 17:53:21 +0100 Subject: [PATCH 1/4] warning about removing / commenting out detachedSnapshotsDatasetParentName option --- examples/freenas-api-iscsi.yaml | 1 + examples/freenas-api-nfs.yaml | 1 + examples/freenas-api-smb.yaml | 1 + examples/freenas-iscsi.yaml | 1 + examples/freenas-nfs.yaml | 1 + examples/freenas-smb.yaml | 1 + examples/zfs-generic-iscsi.yaml | 1 + examples/zfs-generic-nfs.yaml | 1 + examples/zfs-generic-smb.yaml | 1 + 9 files changed, 9 insertions(+) diff --git a/examples/freenas-api-iscsi.yaml b/examples/freenas-api-iscsi.yaml index 210cfed..5871bcf 100644 --- a/examples/freenas-api-iscsi.yaml +++ b/examples/freenas-api-iscsi.yaml @@ -42,6 +42,7 @@ zfs: datasetParentName: tank/k8s/b/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tanks/k8s/b/snaps # "" (inherit), lz4, gzip-9, etc zvolCompression: diff --git a/examples/freenas-api-nfs.yaml b/examples/freenas-api-nfs.yaml index 97b8a53..1ec960e 100644 --- a/examples/freenas-api-nfs.yaml +++ b/examples/freenas-api-nfs.yaml @@ -37,6 +37,7 @@ zfs: datasetParentName: tank/k8s/a/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tank/k8s/a/snaps datasetEnableQuotas: true datasetEnableReservation: false diff --git a/examples/freenas-api-smb.yaml b/examples/freenas-api-smb.yaml index a8e0a84..9d13cef 100644 --- a/examples/freenas-api-smb.yaml +++ b/examples/freenas-api-smb.yaml @@ -42,6 +42,7 @@ zfs: datasetParentName: tank/k8s/a/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tank/k8s/a/snaps datasetEnableQuotas: true datasetEnableReservation: false diff --git a/examples/freenas-iscsi.yaml b/examples/freenas-iscsi.yaml index 0370d9f..a2de43f 100644 --- a/examples/freenas-iscsi.yaml +++ b/examples/freenas-iscsi.yaml @@ -51,6 +51,7 @@ zfs: datasetParentName: tank/k8s/b/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tanks/k8s/b/snaps # "" (inherit), lz4, gzip-9, etc zvolCompression: diff --git a/examples/freenas-nfs.yaml b/examples/freenas-nfs.yaml index 352c85c..3ed9ec4 100644 --- a/examples/freenas-nfs.yaml +++ b/examples/freenas-nfs.yaml @@ -47,6 +47,7 @@ zfs: datasetParentName: tank/k8s/a/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tank/k8s/a/snaps datasetEnableQuotas: true datasetEnableReservation: false diff --git a/examples/freenas-smb.yaml b/examples/freenas-smb.yaml index 8a2ed4d..8124e17 100644 --- a/examples/freenas-smb.yaml +++ b/examples/freenas-smb.yaml @@ -53,6 +53,7 @@ zfs: datasetParentName: tank/k8s/a/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tank/k8s/a/snaps datasetEnableQuotas: true datasetEnableReservation: false diff --git a/examples/zfs-generic-iscsi.yaml b/examples/zfs-generic-iscsi.yaml index b4f6aee..2aaf5d0 100644 --- a/examples/zfs-generic-iscsi.yaml +++ b/examples/zfs-generic-iscsi.yaml @@ -31,6 +31,7 @@ zfs: datasetParentName: tank/k8s/test # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots # "" (inherit), lz4, gzip-9, etc diff --git a/examples/zfs-generic-nfs.yaml b/examples/zfs-generic-nfs.yaml index e068c29..7b6a2d2 100644 --- a/examples/zfs-generic-nfs.yaml +++ b/examples/zfs-generic-nfs.yaml @@ -31,6 +31,7 @@ zfs: datasetParentName: tank/k8s/test # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots datasetEnableQuotas: true diff --git a/examples/zfs-generic-smb.yaml b/examples/zfs-generic-smb.yaml index db60cf3..cbc8f8f 100644 --- a/examples/zfs-generic-smb.yaml +++ b/examples/zfs-generic-smb.yaml @@ -32,6 +32,7 @@ zfs: datasetParentName: tank/k8s/test # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other + # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots datasetEnableQuotas: true From fcaa64e6124895abf0dd5e6c317dda4e70e9547d Mon Sep 17 00:00:00 2001 From: Daniel Carbone Date: Sun, 14 May 2023 20:05:40 -0500 Subject: [PATCH 2/4] Update democratic-csi-iscsi-node.hcl Adding suggested additional config to help with iscsi volumes being formatted each time they're mounted re: #215 --- docs/Nomad/examples/democratic-csi-iscsi-node.hcl | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/Nomad/examples/democratic-csi-iscsi-node.hcl b/docs/Nomad/examples/democratic-csi-iscsi-node.hcl index c5817c5..4bf753c 100644 --- a/docs/Nomad/examples/democratic-csi-iscsi-node.hcl +++ b/docs/Nomad/examples/democratic-csi-iscsi-node.hcl @@ -11,6 +11,10 @@ job "democratic-csi-iscsi-node" { env { CSI_NODE_ID = "${attr.unique.hostname}" + + # if you run into a scenario where your iscsi volumes are zeroed each time they are mounted, + # you can configure the fs detection system used with the following envvar: + #FILESYSTEM_TYPE_DETECTION_STRATEGY = "blkid" } config { @@ -38,6 +42,15 @@ job "democratic-csi-iscsi-node" { source = "/" readonly=false } + + # if you run into a scenario where your iscsi volumes are zeroed each time they are mounted, + # you can try uncommenting the following additional mount block: + #mount { + # type = "bind" + # target = "/run/udev" + # source = "/run/udev" + # readonly = true + #} } template { From 01eed24cb792b74d461b7750704417e49294b998 Mon Sep 17 00:00:00 2001 From: Bartosz Fenski Date: Thu, 8 Jun 2023 07:09:57 +0200 Subject: [PATCH 3/4] guide + typo --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d987f1f..75c46e8 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,7 @@ Predominantly 3 things are needed: from `nfs-client-provisioner` to `democratic-csi`) - https://gist.github.com/deefdragon/d58a4210622ff64088bd62a5d8a4e8cc (migrating between storage classes using `velero`) +- https://github.com/fenio/k8s-truenas (NFS/iSCSI over API with TrueNAS Scale) ## Node Prep @@ -186,7 +187,7 @@ node: and continue your democratic installation as usuall with other iscsi drivers. -#### Privilged Namespace +#### Privileged Namespace democratic-csi requires privileged access to the nodes, so the namespace should allow for privileged pods. One way of doing it is via [namespace labels](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/). Add the followin label to the democratic-csi installation namespace `pod-security.kubernetes.io/enforce=privileged` ``` From 8238e1beada53bfb1dab0db3a8ffb9e4acf7df4f Mon Sep 17 00:00:00 2001 From: CuBiC Date: Tue, 8 Aug 2023 16:18:56 +0200 Subject: [PATCH 4/4] fix: examples with wrong schema --- examples/node-manual-iscsi-pv.yaml | 30 +++++++++++++++--------------- examples/node-manual-smb-pv.yaml | 6 +++--- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/examples/node-manual-iscsi-pv.yaml b/examples/node-manual-iscsi-pv.yaml index a62cf63..8e94871 100644 --- a/examples/node-manual-iscsi-pv.yaml +++ b/examples/node-manual-iscsi-pv.yaml @@ -9,21 +9,6 @@ spec: accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain - # can be used to handle CHAP - # in the secret create the following keys: - # - # # any arbitrary iscsiadm entries can be add by creating keys starting with node-db. - # # if doing CHAP - # node-db.node.session.auth.authmethod: CHAP - # node-db.node.session.auth.username: foo - # node-db.node.session.auth.password: bar - # - # # if doing mutual CHAP - # node-db.node.session.auth.username_in: baz - # node-db.node.session.auth.password_in: bar - #nodeStageSecretRef: - # name: some name - # namespace: some namespace mountOptions: [] csi: driver: org.democratic-csi.node-manual @@ -31,6 +16,21 @@ spec: # can be ext4 or xfs fsType: ext4 volumeHandle: unique-volumeid # make sure it's a unique id in the cluster + # can be used to handle CHAP + # in the secret create the following keys: + # + # # any arbitrary iscsiadm entries can be add by creating keys starting with node-db. + # # if doing CHAP + # node-db.node.session.auth.authmethod: CHAP + # node-db.node.session.auth.username: foo + # node-db.node.session.auth.password: bar + # + # # if doing mutual CHAP + # node-db.node.session.auth.username_in: baz + # node-db.node.session.auth.password_in: bar + #nodeStageSecretRef: + # name: some name + # namespace: some namespace volumeAttributes: portal: #portals: ,,... diff --git a/examples/node-manual-smb-pv.yaml b/examples/node-manual-smb-pv.yaml index 82ef834..1a44ec0 100644 --- a/examples/node-manual-smb-pv.yaml +++ b/examples/node-manual-smb-pv.yaml @@ -9,9 +9,6 @@ spec: accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain - #nodeStageSecretRef: - # name: some name - # namespace: some namespace mountOptions: # creds can be entered into the node-stage-secret in the `mount_flags` key # the value should be: username=foo,password=bar @@ -22,6 +19,9 @@ spec: readOnly: false fsType: cifs volumeHandle: unique-volumeid # make sure it's a unique id in the cluster + #nodeStageSecretRef: + # name: some name + # namespace: some namespace volumeAttributes: server: host or ip share: someshare