Merge remote-tracking branch 'origin/master' into next

2023-11-09 13:59:29 -05:00 · 2023-11-09 13:59:29 -05:00 · 300cae30fd
parent 4fc3c15133 1129c4120a
commit 300cae30fd
13 changed files with 42 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -63,6 +63,7 @@ Predominantly 3 things are needed:
  from `nfs-client-provisioner` to `democratic-csi`)
 - https://gist.github.com/deefdragon/d58a4210622ff64088bd62a5d8a4e8cc
  (migrating between storage classes using `velero`)
+- https://github.com/fenio/k8s-truenas (NFS/iSCSI over API with TrueNAS Scale)

 ## Node Prep

@ -186,7 +187,7 @@ node:

 and continue your democratic installation as usuall with other iscsi drivers.

-#### Privilged Namespace
+#### Privileged Namespace
 democratic-csi requires privileged access to the nodes, so the namespace should allow for privileged pods. One way of doing it is via [namespace labels](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/).
 Add the followin label to the democratic-csi installation namespace `pod-security.kubernetes.io/enforce=privileged`
 ```
--- a/docs/Nomad/examples/democratic-csi-iscsi-node.hcl
+++ b/docs/Nomad/examples/democratic-csi-iscsi-node.hcl
@ -11,6 +11,10 @@ job "democratic-csi-iscsi-node" {

      env {
        CSI_NODE_ID = "${attr.unique.hostname}"
+        
+        # if you run into a scenario where your iscsi volumes are zeroed each time they are mounted,
+        # you can configure the fs detection system used with the following envvar:
+        #FILESYSTEM_TYPE_DETECTION_STRATEGY = "blkid"
      }

      config {
@ -38,6 +42,15 @@ job "democratic-csi-iscsi-node" {
          source = "/"
          readonly=false
        }
+        
+        # if you run into a scenario where your iscsi volumes are zeroed each time they are mounted,
+        # you can try uncommenting the following additional mount block:
+        #mount {
+        #  type     = "bind"
+        #  target   = "/run/udev"
+        #  source   = "/run/udev"
+        #  readonly = true
+        #}
      }

      template {
--- a/examples/freenas-api-iscsi.yaml
+++ b/examples/freenas-api-iscsi.yaml
@ -42,6 +42,7 @@ zfs:
  datasetParentName: tank/k8s/b/vols
  # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
  # they may be siblings, but neither should be nested in the other 
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
  detachedSnapshotsDatasetParentName: tanks/k8s/b/snaps
  # "" (inherit), lz4, gzip-9, etc
  zvolCompression:
--- a/examples/freenas-api-nfs.yaml
+++ b/examples/freenas-api-nfs.yaml
@ -37,6 +37,7 @@ zfs:
  datasetParentName: tank/k8s/a/vols
  # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
  # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
  detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
  datasetEnableQuotas: true
  datasetEnableReservation: false
--- a/examples/freenas-api-smb.yaml
+++ b/examples/freenas-api-smb.yaml
@ -42,6 +42,7 @@ zfs:
  datasetParentName: tank/k8s/a/vols
  # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
  # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
  detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
  datasetEnableQuotas: true
  datasetEnableReservation: false
--- a/examples/freenas-iscsi.yaml
+++ b/examples/freenas-iscsi.yaml
@ -51,6 +51,7 @@ zfs:
  datasetParentName: tank/k8s/b/vols
  # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
  # they may be siblings, but neither should be nested in the other 
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
  detachedSnapshotsDatasetParentName: tanks/k8s/b/snaps
  # "" (inherit), lz4, gzip-9, etc
  zvolCompression:
--- a/examples/freenas-nfs.yaml
+++ b/examples/freenas-nfs.yaml
@ -47,6 +47,7 @@ zfs:
  datasetParentName: tank/k8s/a/vols
  # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
  # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
  detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
  datasetEnableQuotas: true
  datasetEnableReservation: false
--- a/examples/freenas-smb.yaml
+++ b/examples/freenas-smb.yaml
@ -53,6 +53,7 @@ zfs:
  datasetParentName: tank/k8s/a/vols
  # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
  # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
  detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
  datasetEnableQuotas: true
  datasetEnableReservation: false
--- a/examples/node-manual-iscsi-pv.yaml
+++ b/examples/node-manual-iscsi-pv.yaml
@ -9,6 +9,13 @@ spec:
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
+  mountOptions: []
+  csi:
+    driver: org.democratic-csi.node-manual
+    readOnly: false
+    # can be ext4 or xfs
+    fsType: ext4
+    volumeHandle: unique-volumeid  # make sure it's a unique id in the cluster
    # can be used to handle CHAP
    # in the secret create the following keys:
    #
@ -24,13 +31,6 @@ spec:
    #nodeStageSecretRef:
    #  name: some name
    #  namespace: some namespace
-  mountOptions: []
-  csi:
-    driver: org.democratic-csi.node-manual
-    readOnly: false
-    # can be ext4 or xfs
-    fsType: ext4
-    volumeHandle: unique-volumeid  # make sure it's a unique id in the cluster
    volumeAttributes:
      portal: <ip:port>
      #portals: <ip:port>,<ip:port>,...
--- a/examples/node-manual-smb-pv.yaml
+++ b/examples/node-manual-smb-pv.yaml
@ -9,9 +9,6 @@ spec:
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
-  #nodeStageSecretRef:
-  #  name: some name
-  #  namespace: some namespace
  mountOptions:
    # creds can be entered into the node-stage-secret in the `mount_flags` key
    # the value should be: username=foo,password=bar
@ -22,6 +19,9 @@ spec:
    readOnly: false
    fsType: cifs
    volumeHandle: unique-volumeid  # make sure it's a unique id in the cluster
+    #nodeStageSecretRef:
+    #  name: some name
+    #  namespace: some namespace
    volumeAttributes:
      server: host or ip
      share: someshare
--- a/examples/zfs-generic-iscsi.yaml
+++ b/examples/zfs-generic-iscsi.yaml
@ -31,6 +31,7 @@ zfs:
  datasetParentName: tank/k8s/test
  # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
  # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
  detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots

  # "" (inherit), lz4, gzip-9, etc
--- a/examples/zfs-generic-nfs.yaml
+++ b/examples/zfs-generic-nfs.yaml
@ -31,6 +31,7 @@ zfs:
  datasetParentName: tank/k8s/test
  # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
  # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
  detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots

  datasetEnableQuotas: true
--- a/examples/zfs-generic-smb.yaml
+++ b/examples/zfs-generic-smb.yaml
@ -32,6 +32,7 @@ zfs:
  datasetParentName: tank/k8s/test
  # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
  # they may be siblings, but neither should be nested in the other
+  # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
  detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots

  datasetEnableQuotas: true