public_git
/
democratic-csi
mirror of https://github.com/democratic-csi/democratic-csi.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into next

This commit is contained in:
Travis Glenn Hansen 2023-11-09 13:59:29 -05:00
parent 4fc3c15133 1129c4120a
commit 300cae30fd
13 changed files with 42 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -63,6 +63,7 @@ Predominantly 3 things are needed:
from `nfs-client-provisioner` to `democratic-csi`)
- https://gist.github.com/deefdragon/d58a4210622ff64088bd62a5d8a4e8cc
(migrating between storage classes using `velero`)
- https://github.com/fenio/k8s-truenas (NFS/iSCSI over API with TrueNAS Scale)
## Node Prep
@ -186,7 +187,7 @@ node:
and continue your democratic installation as usuall with other iscsi drivers.
#### Privilged Namespace
#### Privileged Namespace
democratic-csi requires privileged access to the nodes, so the namespace should allow for privileged pods. One way of doing it is via [namespace labels](https://kubernetes.io/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/).
Add the followin label to the democratic-csi installation namespace `pod-security.kubernetes.io/enforce=privileged`
```

13
docs/Nomad/examples/democratic-csi-iscsi-node.hcl
View File

@ -11,6 +11,10 @@ job "democratic-csi-iscsi-node" {
env {
CSI_NODE_ID = "${attr.unique.hostname}"
# if you run into a scenario where your iscsi volumes are zeroed each time they are mounted,
# you can configure the fs detection system used with the following envvar:
#FILESYSTEM_TYPE_DETECTION_STRATEGY = "blkid"
}
config {
@ -38,6 +42,15 @@ job "democratic-csi-iscsi-node" {
source = "/"
readonly=false
}
# if you run into a scenario where your iscsi volumes are zeroed each time they are mounted,
# you can try uncommenting the following additional mount block:
#mount {
# type = "bind"
# target = "/run/udev"
# source = "/run/udev"
# readonly = true
#}
}
template {

1
examples/freenas-api-iscsi.yaml
View File

@ -42,6 +42,7 @@ zfs:
datasetParentName: tank/k8s/b/vols
# do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
# they may be siblings, but neither should be nested in the other
# do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
detachedSnapshotsDatasetParentName: tanks/k8s/b/snaps
# "" (inherit), lz4, gzip-9, etc
zvolCompression:

1
examples/freenas-api-nfs.yaml
View File

@ -37,6 +37,7 @@ zfs:
datasetParentName: tank/k8s/a/vols
# do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
# they may be siblings, but neither should be nested in the other
# do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
datasetEnableQuotas: true
datasetEnableReservation: false

1
examples/freenas-api-smb.yaml
View File

@ -42,6 +42,7 @@ zfs:
datasetParentName: tank/k8s/a/vols
# do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
# they may be siblings, but neither should be nested in the other
# do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
datasetEnableQuotas: true
datasetEnableReservation: false

1
examples/freenas-iscsi.yaml
View File

@ -51,6 +51,7 @@ zfs:
datasetParentName: tank/k8s/b/vols
# do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
# they may be siblings, but neither should be nested in the other
# do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
detachedSnapshotsDatasetParentName: tanks/k8s/b/snaps
# "" (inherit), lz4, gzip-9, etc
zvolCompression:

1
examples/freenas-nfs.yaml
View File

@ -47,6 +47,7 @@ zfs:
datasetParentName: tank/k8s/a/vols
# do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
# they may be siblings, but neither should be nested in the other
# do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
datasetEnableQuotas: true
datasetEnableReservation: false

1
examples/freenas-smb.yaml
View File

@ -53,6 +53,7 @@ zfs:
datasetParentName: tank/k8s/a/vols
# do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
# they may be siblings, but neither should be nested in the other
# do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
detachedSnapshotsDatasetParentName: tank/k8s/a/snaps
datasetEnableQuotas: true
datasetEnableReservation: false

30
examples/node-manual-iscsi-pv.yaml
View File

@ -9,21 +9,6 @@ spec:
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
# can be used to handle CHAP
# in the secret create the following keys:
#
# # any arbitrary iscsiadm entries can be add by creating keys starting with node-db.<entry.name>
# # if doing CHAP
# node-db.node.session.auth.authmethod: CHAP
# node-db.node.session.auth.username: foo
# node-db.node.session.auth.password: bar
#
# # if doing mutual CHAP
# node-db.node.session.auth.username_in: baz
# node-db.node.session.auth.password_in: bar
#nodeStageSecretRef:
# name: some name
# namespace: some namespace
mountOptions: []
csi:
driver: org.democratic-csi.node-manual
@ -31,6 +16,21 @@ spec:
# can be ext4 or xfs
fsType: ext4
volumeHandle: unique-volumeid # make sure it's a unique id in the cluster
# can be used to handle CHAP
# in the secret create the following keys:
#
# # any arbitrary iscsiadm entries can be add by creating keys starting with node-db.<entry.name>
# # if doing CHAP
# node-db.node.session.auth.authmethod: CHAP
# node-db.node.session.auth.username: foo
# node-db.node.session.auth.password: bar
#
# # if doing mutual CHAP
# node-db.node.session.auth.username_in: baz
# node-db.node.session.auth.password_in: bar
#nodeStageSecretRef:
# name: some name
# namespace: some namespace
volumeAttributes:
portal: <ip:port>
#portals: <ip:port>,<ip:port>,...

6
examples/node-manual-smb-pv.yaml
View File

@ -9,9 +9,6 @@ spec:
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
#nodeStageSecretRef:
# name: some name
# namespace: some namespace
mountOptions:
# creds can be entered into the node-stage-secret in the `mount_flags` key
# the value should be: username=foo,password=bar
@ -22,6 +19,9 @@ spec:
readOnly: false
fsType: cifs
volumeHandle: unique-volumeid # make sure it's a unique id in the cluster
#nodeStageSecretRef:
# name: some name
# namespace: some namespace
volumeAttributes:
server: host or ip
share: someshare

1
examples/zfs-generic-iscsi.yaml
View File

@ -31,6 +31,7 @@ zfs:
datasetParentName: tank/k8s/test
# do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
# they may be siblings, but neither should be nested in the other
# do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots
# "" (inherit), lz4, gzip-9, etc

1
examples/zfs-generic-nfs.yaml
View File

@ -31,6 +31,7 @@ zfs:
datasetParentName: tank/k8s/test
# do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
# they may be siblings, but neither should be nested in the other
# do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots
datasetEnableQuotas: true

1
examples/zfs-generic-smb.yaml
View File

@ -32,6 +32,7 @@ zfs:
datasetParentName: tank/k8s/test
# do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
# they may be siblings, but neither should be nested in the other
# do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
detachedSnapshotsDatasetParentName: tanks/k8s/test-snapshots
datasetEnableQuotas: true