Merge remote-tracking branch 'origin/master' into next

README.md

@@ -63,6 +63,7 @@ Predominantly 3 things are needed:
   from `nfs-client-provisioner` to `democratic-csi`)
 - https://gist.github.com/deefdragon/d58a4210622ff64088bd62a5d8a4e8cc
   (migrating between storage classes using `velero`)
+- https://github.com/fenio/k8s-truenas (NFS/iSCSI over API with TrueNAS Scale)
 
 ## Node Prep
 
@@ -186,7 +187,7 @@ node:
 
 and continue your democratic installation as usuall with other iscsi drivers.
 
-#### Privilged Namespace
+#### Privileged Namespace
 democratic-csi requires privileged access to the nodes, so the namespace should allow for privileged pods. One way of doing it is via [namespace labels](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/).
 Add the followin label to the democratic-csi installation namespace `pod-security.kubernetes.io/enforce=privileged`
 ```

docs/Nomad/examples/democratic-csi-iscsi-node.hcl

@@ -11,6 +11,10 @@ job "democratic-csi-iscsi-node" {
 
       env {
         CSI_NODE_ID = "${attr.unique.hostname}"
+        
+        # if you run into a scenario where your iscsi volumes are zeroed each time they are mounted,
+        # you can configure the fs detection system used with the following envvar:
+        #FILESYSTEM_TYPE_DETECTION_STRATEGY = "blkid"
       }
 
       config {
@@ -38,6 +42,15 @@ job "democratic-csi-iscsi-node" {
           source = "/"
           readonly=false
         }
+        
+        # if you run into a scenario where your iscsi volumes are zeroed each time they are mounted,
+        # you can try uncommenting the following additional mount block:
+        #mount {
+        #  type     = "bind"
+        #  target   = "/run/udev"
+        #  source   = "/run/udev"
+        #  readonly = true
+        #}
       }
 
       template {

examples/freenas-api-iscsi.yaml

@@ -42,6 +42,7 @@ zfs:
   datasetParentName: tank/k8s/b/vols
   # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
   # they may be siblings, but neither should be nested in the other 
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
   detachedSnapshotsDatasetParentName: tanks/k8s/b/snaps
   # "" (inherit), lz4, gzip-9, etc
   zvolCompression:

examples/freenas-api-nfs.yaml

@@ -37,6 +37,7 @@ zfs:
   datasetParentName: tank/k8s/a/vols
   # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
   # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
   detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
   datasetEnableQuotas: true
   datasetEnableReservation: false

examples/freenas-api-smb.yaml

@@ -42,6 +42,7 @@ zfs:
   datasetParentName: tank/k8s/a/vols
   # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
   # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
   detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
   datasetEnableQuotas: true
   datasetEnableReservation: false

examples/freenas-iscsi.yaml

@@ -51,6 +51,7 @@ zfs:
   datasetParentName: tank/k8s/b/vols
   # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
   # they may be siblings, but neither should be nested in the other 
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
   detachedSnapshotsDatasetParentName: tanks/k8s/b/snaps
   # "" (inherit), lz4, gzip-9, etc
   zvolCompression:

examples/freenas-nfs.yaml

@@ -47,6 +47,7 @@ zfs:
   datasetParentName: tank/k8s/a/vols
   # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
   # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
   detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
   datasetEnableQuotas: true
   datasetEnableReservation: false

examples/freenas-smb.yaml

@@ -53,6 +53,7 @@ zfs:
   datasetParentName: tank/k8s/a/vols
   # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
   # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
   detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
   datasetEnableQuotas: true
   datasetEnableReservation: false

examples/node-manual-iscsi-pv.yaml

@@ -9,21 +9,6 @@ spec:
   accessModes:
     - ReadWriteOnce
   persistentVolumeReclaimPolicy: Retain
-  # can be used to handle CHAP
-  # in the secret create the following keys:
-  #
-  #      # any arbitrary iscsiadm entries can be add by creating keys starting with node-db.<entry.name>
-  #      # if doing CHAP
-  #      node-db.node.session.auth.authmethod: CHAP
-  #      node-db.node.session.auth.username: foo
-  #      node-db.node.session.auth.password: bar
-  #
-  #      # if doing mutual CHAP
-  #      node-db.node.session.auth.username_in: baz
-  #      node-db.node.session.auth.password_in: bar
-  #nodeStageSecretRef:
-  #  name: some name
-  #  namespace: some namespace
   mountOptions: []
   csi:
     driver: org.democratic-csi.node-manual
@@ -31,6 +16,21 @@ spec:
     # can be ext4 or xfs
     fsType: ext4
     volumeHandle: unique-volumeid  # make sure it's a unique id in the cluster
+    # can be used to handle CHAP
+    # in the secret create the following keys:
+    #
+    #      # any arbitrary iscsiadm entries can be add by creating keys starting with node-db.<entry.name>
+    #      # if doing CHAP
+    #      node-db.node.session.auth.authmethod: CHAP
+    #      node-db.node.session.auth.username: foo
+    #      node-db.node.session.auth.password: bar
+    #
+    #      # if doing mutual CHAP
+    #      node-db.node.session.auth.username_in: baz
+    #      node-db.node.session.auth.password_in: bar
+    #nodeStageSecretRef:
+    #  name: some name
+    #  namespace: some namespace
     volumeAttributes:
       portal: <ip:port>
       #portals: <ip:port>,<ip:port>,...

examples/node-manual-smb-pv.yaml

@@ -9,9 +9,6 @@ spec:
   accessModes:
     - ReadWriteMany
   persistentVolumeReclaimPolicy: Retain
-  #nodeStageSecretRef:
-  #  name: some name
-  #  namespace: some namespace
   mountOptions:
     # creds can be entered into the node-stage-secret in the `mount_flags` key
     # the value should be: username=foo,password=bar
@@ -22,6 +19,9 @@ spec:
     readOnly: false
     fsType: cifs
     volumeHandle: unique-volumeid  # make sure it's a unique id in the cluster
+    #nodeStageSecretRef:
+    #  name: some name
+    #  namespace: some namespace
     volumeAttributes:
       server: host or ip
       share: someshare

examples/zfs-generic-iscsi.yaml

@@ -31,6 +31,7 @@ zfs:
   datasetParentName: tank/k8s/test
   # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
   # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
   detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots
 
   # "" (inherit), lz4, gzip-9, etc

examples/zfs-generic-nfs.yaml

@@ -31,6 +31,7 @@ zfs:
   datasetParentName: tank/k8s/test
   # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
   # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
   detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots
 
   datasetEnableQuotas: true

examples/zfs-generic-smb.yaml

@@ -32,6 +32,7 @@ zfs:
   datasetParentName: tank/k8s/test
   # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
   # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
   detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots
 
   datasetEnableQuotas: true