Merge pull request #225 from 5cat/talos-iscsi-support

adding support for talos.dev clusters iscsi

README.md

@@ -94,9 +94,9 @@ If you are running Kubernetes with rancher/rke please see the following:
 
 - https://github.com/rancher/rke/issues/1846
 
-```
-RHEL / CentOS
+#### RHEL / CentOS
 
+```
 # Install the following system packages
 sudo yum install -y lsscsi iscsi-initiator-utils sg3_utils device-mapper-multipath
 
@@ -110,10 +110,11 @@ sudo systemctl start iscsid multipathd
 # Start and enable iscsi
 sudo systemctl enable iscsi
 sudo systemctl start iscsi
+```
 
+#### Ubuntu / Debian
 
-Ubuntu / Debian
-
+```
 # Install the following system packages
 sudo apt-get install -y open-iscsi lsscsi sg3-utils multipath-tools scsitools
 
@@ -134,6 +135,45 @@ sudo systemctl enable open-iscsi.service
 sudo service open-iscsi start
 sudo systemctl status open-iscsi
 ```
+#### [Talos](https://www.talos.dev/)
+To use iscsi storage in kubernetes cluster in talos these steps are needed which are similar to the ones explained in https://www.talos.dev/v1.1/kubernetes-guides/configuration/replicated-local-storage-with-openebs-jiva/#patching-the-jiva-installation
+
+##### Patch nodes
+since talos does not have iscsi support by default, the iscsi extension is needed
+create a `patch.yaml` file with
+```yaml
+- op: add
+  path: /machine/install/extensions
+  value:
+    - image: ghcr.io/siderolabs/iscsi-tools:v0.1.1
+```
+and apply the patch across all of your nodes
+```bash
+talosctl -e <endpoint ip/hostname> -n <node ip/hostname> patch mc -p @patch.yaml
+```
+the extension will not activate until you "upgrade" the nodes, even if there is no update, use the latest version of talos installer.
+VERIFY THE TALOS VERSION IN THIS COMMAND BEFORE RUNNING IT AND READ THE [OpenEBS Jiva](https://www.talos.dev/v1.1/kubernetes-guides/configuration/replicated-local-storage-with-openebs-jiva/#patching-the-jiva-installation).
+upgrade all of the nodes in the cluster to get the extension
+```bash
+talosctl -e <endpoint ip/hostname> -n <node ip/hostname> upgrade --image=ghcr.io/siderolabs/installer:v1.1.1
+```
+
+in your `values.yaml` file make sure to enable these settings
+```yaml
+
+node:
+  hostPID: true
+  driver:
+    extraEnv:
+      - name: ISCSIADM_HOST_STRATEGY
+        value: nsenter
+      - name: ISCSIADM_HOST_PATH
+        value: /usr/local/sbin/iscsiadm
+    iscsiDirHostPath: /usr/local/etc/iscsi
+    iscsiDirHostPathType: ""
+```
+and continue your democratic installation as usuall with other iscsi drivers.
+
 
 ### freenas-smb
 

docker/iscsiadm

@@ -1,5 +1,24 @@
 #!/bin/bash
 
-# https://engineering.docker.com/2019/07/road-to-containing-iscsi/
+iscsiadm_host_strategy=$([ $ISCSIADM_HOST_STRATEGY ] && echo $ISCSIADM_HOST_STRATEGY || echo "chroot")
+iscsiadm_host_path=$( [ $ISCSIADM_HOST_PATH ] && echo $ISCSIADM_HOST_PATH || echo "/sbin/iscsiadm")
 
-chroot /host /usr/bin/env -i PATH="/usr/sbin:/usr/bin:/sbin:/bin" iscsiadm "${@:1}"
+case $iscsiadm_host_strategy in
+    chroot)
+        # https://engineering.docker.com/2019/07/road-to-containing-iscsi/
+        chroot /host /usr/bin/env -i PATH="/usr/sbin:/usr/bin:/sbin:/bin" iscsiadm "${@:1}"
+        ;;
+
+    nsenter)
+        # https://github.com/siderolabs/extensions/issues/38#issuecomment-1125403043
+        iscsid_pid=$(for proc in /proc/*/cmdline; do grep -q "iscsid -f" <<< $(cat $proc 2>/dev/null | tr "\0" " ") && echo $(basename $(dirname $proc)) && break; done)
+        if [ "$iscsid_pid" = "" ]; then
+            exit 1
+        fi
+        nsenter --mount="/proc/${iscsid_pid}/ns/mnt" --net="/proc/${iscsid_pid}/ns/net" -- $iscsiadm_host_path "${@:1}"
+        ;;
+
+    *)
+        exit 1
+        ;;
+esac