From 5a51799e23260d3af3517fe993de5e387752edef Mon Sep 17 00:00:00 2001 From: Jackie Li Date: Wed, 26 Apr 2017 21:12:08 +0100 Subject: [PATCH 01/49] nfs-client-provisioner fixes #5 --- .gitignore | 26 +++++ Dockerfile | 4 + README.md | 15 +++ build.sh | 3 + cmd/nfs-client-provisioner/provisioner.go | 129 ++++++++++++++++++++++ deploy/class.yaml | 5 + deploy/deployment.yaml | 31 ++++++ deploy/test-claim.yaml | 12 ++ deploy/test-pod.yaml | 21 ++++ 9 files changed, 246 insertions(+) create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 README.md create mode 100755 build.sh create mode 100644 cmd/nfs-client-provisioner/provisioner.go create mode 100644 deploy/class.yaml create mode 100644 deploy/deployment.yaml create mode 100644 deploy/test-claim.yaml create mode 100644 deploy/test-pod.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..f66bbe54 --- /dev/null +++ b/.gitignore @@ -0,0 +1,26 @@ +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe +*.test +*.prof + +nfs-client-provisioner diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..c11fce8d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,4 @@ +FROM alpine:3.5 +RUN apk update --no-cache && apk add ca-certificates +COPY nfs-client-provisioner /nfs-client-provisioner +ENTRYPOINT ["/nfs-client-provisioner"] \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 00000000..ecb1c1c1 --- /dev/null +++ b/README.md @@ -0,0 +1,15 @@ +# kubernetes nfs-client-provisioner +- pv provisioned as ${namespace}-${pvcName}-${pvName} +- pv recycled as archieved-${namespace}-${pvcName}-${pvName} + +# deploy +- modify and deploy `deploy/deployment.yaml` +- modify and deploy `deploy/class.yaml` + +# test +- `kubectl create -f deploy/test-claim.yaml` +- `kubectl create -f deploy/test-pod.yaml` +- check the folder and file "SUCCESS" created +- `kubectl delete -f deploy/test-pod.yaml` +- `kubectl delete -f deploy/test-claim.yaml` +- check the folder renamed diff --git a/build.sh b/build.sh new file mode 100755 index 00000000..3f33f69c --- /dev/null +++ b/build.sh @@ -0,0 +1,3 @@ +#!/bin/sh +CGO_ENABLED=0 go build ./cmd/nfs-client-provisioner #&& docker build -t quay.io/jackieli/nfs-client-provisioner . + diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go new file mode 100644 index 00000000..ded8fae8 --- /dev/null +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -0,0 +1,129 @@ +package main + +import ( + "errors" + "flag" + "fmt" + "os" + "path/filepath" + "strings" + + "github.com/golang/glog" + "github.com/kubernetes-incubator/external-storage/lib/controller" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/wait" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/pkg/api/v1" + "k8s.io/client-go/rest" +) + +const ( + provisionerNameKey = "PROVISIONER_NAME" +) + +type nfsProvisioner struct { + client kubernetes.Interface + server string + path string +} + +const ( + mountPath = "/persistentvolumes" +) + +var _ controller.Provisioner = &nfsProvisioner{} + +func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.PersistentVolume, error) { + if options.PVC.Spec.Selector != nil { + return nil, fmt.Errorf("claim Selector is not supported") + } + glog.V(4).Infof("nfs provisioner: VolumeOptions %v", options) + + pvcNamespace := options.PVC.Namespace + pvcName := options.PVC.Name + + pvName := strings.Join([]string{pvcNamespace, pvcName, options.PVName}, "-") + + fullPath := filepath.Join(mountPath, pvName) + glog.V(4).Infof("creating path %s", fullPath) + if err := os.MkdirAll(fullPath, 0777); err != nil { + return nil, errors.New("unable to create directory to provision new pv: " + err.Error()) + } + + path := filepath.Join(p.path, pvName) + + pv := &v1.PersistentVolume{ + ObjectMeta: metav1.ObjectMeta{ + Name: pvName, + }, + Spec: v1.PersistentVolumeSpec{ + PersistentVolumeReclaimPolicy: options.PersistentVolumeReclaimPolicy, + AccessModes: options.PVC.Spec.AccessModes, + Capacity: v1.ResourceList{ + v1.ResourceName(v1.ResourceStorage): options.PVC.Spec.Resources.Requests[v1.ResourceName(v1.ResourceStorage)], + }, + PersistentVolumeSource: v1.PersistentVolumeSource{ + NFS: &v1.NFSVolumeSource{ + Server: p.server, + Path: path, + ReadOnly: false, + }, + }, + }, + } + return pv, nil +} + +func (p *nfsProvisioner) Delete(volume *v1.PersistentVolume) error { + path := volume.Spec.PersistentVolumeSource.NFS.Path + pvName := filepath.Base(path) + oldPath := filepath.Join(mountPath, pvName) + archivePath := filepath.Join(mountPath, "archieved-"+pvName) + glog.V(4).Infof("archiving path %s to %s", oldPath, archivePath) + return os.Rename(oldPath, archivePath) +} + +func main() { + flag.Parse() + flag.Set("logtostderr", "true") + + server := os.Getenv("NFS_SERVER") + if server == "" { + glog.Fatal("NFS_SERVER not set") + } + path := os.Getenv("NFS_PATH") + if path == "" { + glog.Fatal("NFS_PATH not set") + } + provisionerName := os.Getenv(provisionerNameKey) + if provisionerName == "" { + glog.Fatalf("environment variable %s is not set! Please set it.", provisionerNameKey) + } + + // Create an InClusterConfig and use it to create a client for the controller + // to use to communicate with Kubernetes + config, err := rest.InClusterConfig() + if err != nil { + glog.Fatalf("Failed to create config: %v", err) + } + clientset, err := kubernetes.NewForConfig(config) + if err != nil { + glog.Fatalf("Failed to create client: %v", err) + } + + // The controller needs to know what the server version is because out-of-tree + // provisioners aren't officially supported until 1.5 + serverVersion, err := clientset.Discovery().ServerVersion() + if err != nil { + glog.Fatalf("Error getting server version: %v", err) + } + + clientNFSProvisioner := &nfsProvisioner{ + server: server, + path: path, + } + // Start the provision controller which will dynamically provision efs NFS + // PVs + pc := controller.NewProvisionController(clientset, provisionerName, clientNFSProvisioner, serverVersion.GitVersion) + pc.Run(wait.NeverStop) +} diff --git a/deploy/class.yaml b/deploy/class.yaml new file mode 100644 index 00000000..8e09cc1a --- /dev/null +++ b/deploy/class.yaml @@ -0,0 +1,5 @@ +apiVersion: storage.k8s.io/v1beta1 +kind: StorageClass +metadata: + name: managed-nfs-storage +provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml new file mode 100644 index 00000000..6595f33d --- /dev/null +++ b/deploy/deployment.yaml @@ -0,0 +1,31 @@ +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nfs-client-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + containers: + - name: nfs-client-provisioner + image: quay.io/jackieli/nfs-client-provisioner:v1 + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: 10.10.10.60 + - name: NFS_PATH + value: /ifs/kubernetes + volumes: + - name: nfs-client-root + nfs: + server: 10.10.10.60 + path: /ifs/kubernetes \ No newline at end of file diff --git a/deploy/test-claim.yaml b/deploy/test-claim.yaml new file mode 100644 index 00000000..4382e200 --- /dev/null +++ b/deploy/test-claim.yaml @@ -0,0 +1,12 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: test-claim + annotations: + volume.beta.kubernetes.io/storage-class: "managed-nfs-storage" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Mi \ No newline at end of file diff --git a/deploy/test-pod.yaml b/deploy/test-pod.yaml new file mode 100644 index 00000000..c58da791 --- /dev/null +++ b/deploy/test-pod.yaml @@ -0,0 +1,21 @@ +kind: Pod +apiVersion: v1 +metadata: + name: test-pod +spec: + containers: + - name: test-pod + image: gcr.io/google_containers/busybox:1.24 + command: + - "/bin/sh" + args: + - "-c" + - "touch /mnt/SUCCESS && exit 0 || exit 1" + volumeMounts: + - name: nfs-pvc + mountPath: "/mnt" + restartPolicy: "Never" + volumes: + - name: nfs-pvc + persistentVolumeClaim: + claimName: test-claim \ No newline at end of file From 8bb44ce8134492cae6088133d49c3f1fab637803 Mon Sep 17 00:00:00 2001 From: Jackie Li Date: Wed, 26 Apr 2017 21:30:49 +0100 Subject: [PATCH 02/49] add boilerplate required license terms --- Dockerfile | 16 +++++++++++++++- README.md | 2 +- build.sh | 15 ++++++++++++++- cmd/nfs-client-provisioner/provisioner.go | 16 ++++++++++++++++ deploy/deployment.yaml | 4 ++-- deploy/test-claim.yaml | 2 +- deploy/test-pod.yaml | 2 +- 7 files changed, 50 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index c11fce8d..47443653 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,18 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + FROM alpine:3.5 RUN apk update --no-cache && apk add ca-certificates COPY nfs-client-provisioner /nfs-client-provisioner -ENTRYPOINT ["/nfs-client-provisioner"] \ No newline at end of file +ENTRYPOINT ["/nfs-client-provisioner"] diff --git a/README.md b/README.md index ecb1c1c1..5d2638d3 100644 --- a/README.md +++ b/README.md @@ -12,4 +12,4 @@ - check the folder and file "SUCCESS" created - `kubectl delete -f deploy/test-pod.yaml` - `kubectl delete -f deploy/test-claim.yaml` -- check the folder renamed +- check the folder renamed to `archieve-???` diff --git a/build.sh b/build.sh index 3f33f69c..b90b9d36 100755 --- a/build.sh +++ b/build.sh @@ -1,3 +1,16 @@ #!/bin/sh -CGO_ENABLED=0 go build ./cmd/nfs-client-provisioner #&& docker build -t quay.io/jackieli/nfs-client-provisioner . +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +CGO_ENABLED=0 go build ./cmd/nfs-client-provisioner #&& docker build -t quay.io/jackieli/nfs-client-provisioner . diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index ded8fae8..06ccefae 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -1,3 +1,19 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package main import ( diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 6595f33d..e7bd5bf1 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -5,7 +5,7 @@ metadata: spec: replicas: 1 strategy: - type: Recreate + type: Recreate template: metadata: labels: @@ -28,4 +28,4 @@ spec: - name: nfs-client-root nfs: server: 10.10.10.60 - path: /ifs/kubernetes \ No newline at end of file + path: /ifs/kubernetes diff --git a/deploy/test-claim.yaml b/deploy/test-claim.yaml index 4382e200..9f7038bd 100644 --- a/deploy/test-claim.yaml +++ b/deploy/test-claim.yaml @@ -9,4 +9,4 @@ spec: - ReadWriteMany resources: requests: - storage: 1Mi \ No newline at end of file + storage: 1Mi diff --git a/deploy/test-pod.yaml b/deploy/test-pod.yaml index c58da791..e5e7b7fe 100644 --- a/deploy/test-pod.yaml +++ b/deploy/test-pod.yaml @@ -18,4 +18,4 @@ spec: volumes: - name: nfs-pvc persistentVolumeClaim: - claimName: test-claim \ No newline at end of file + claimName: test-claim From c916b18425c3e502406f2abd18532f8c8053e811 Mon Sep 17 00:00:00 2001 From: Jackie Li Date: Wed, 26 Apr 2017 22:06:03 +0100 Subject: [PATCH 03/49] fix spell error & add travis build --- README.md | 2 +- cmd/nfs-client-provisioner/provisioner.go | 2 +- deploy/deployment.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 5d2638d3..1d7c0e45 100644 --- a/README.md +++ b/README.md @@ -12,4 +12,4 @@ - check the folder and file "SUCCESS" created - `kubectl delete -f deploy/test-pod.yaml` - `kubectl delete -f deploy/test-claim.yaml` -- check the folder renamed to `archieve-???` +- check the folder renamed to `archived-???` diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 06ccefae..3ca2e918 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -94,7 +94,7 @@ func (p *nfsProvisioner) Delete(volume *v1.PersistentVolume) error { path := volume.Spec.PersistentVolumeSource.NFS.Path pvName := filepath.Base(path) oldPath := filepath.Join(mountPath, pvName) - archivePath := filepath.Join(mountPath, "archieved-"+pvName) + archivePath := filepath.Join(mountPath, "archived-"+pvName) glog.V(4).Infof("archiving path %s to %s", oldPath, archivePath) return os.Rename(oldPath, archivePath) } diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index e7bd5bf1..4105bafb 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: nfs-client-provisioner - image: quay.io/jackieli/nfs-client-provisioner:v1 + image: quay.io/external_storage/nfs-client-provisioner:v1 volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes From 48947b29d8bbb823fef73ffdb77278b5423e0311 Mon Sep 17 00:00:00 2001 From: Jackie Li Date: Wed, 26 Apr 2017 22:26:23 +0100 Subject: [PATCH 04/49] add owners --- OWNERS | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 OWNERS diff --git a/OWNERS b/OWNERS new file mode 100644 index 00000000..0ed58548 --- /dev/null +++ b/OWNERS @@ -0,0 +1,2 @@ +assignees: + - jackielii \ No newline at end of file From dc0d53aa2413349fe0a0ebb56ed4f177263aeb5d Mon Sep 17 00:00:00 2001 From: yangwangxing Date: Wed, 7 Jun 2017 13:28:01 +0800 Subject: [PATCH 05/49] Fix issue 149 - nfs-client-provisioner create folder with 755, not 777 REF: https://github.com/kubernetes-incubator/external-storage/issues/149 --- cmd/nfs-client-provisioner/provisioner.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 3ca2e918..07688ef5 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -65,6 +65,7 @@ func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.Persis if err := os.MkdirAll(fullPath, 0777); err != nil { return nil, errors.New("unable to create directory to provision new pv: " + err.Error()) } + os.Chmod(fullPath, 0777) path := filepath.Join(p.path, pvName) From ca3c75897cfcd71db9ff469b7a1f536d5bd00626 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Wed, 14 Jun 2017 15:32:18 -0400 Subject: [PATCH 06/49] Release nfs-client-provisioner v2.0.0 --- Dockerfile | 2 +- README.md | 6 ++++++ deploy/deployment.yaml | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 47443653..0c5fd100 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.5 +FROM alpine:3.6 RUN apk update --no-cache && apk add ca-certificates COPY nfs-client-provisioner /nfs-client-provisioner ENTRYPOINT ["/nfs-client-provisioner"] diff --git a/README.md b/README.md index 1d7c0e45..d5ad6a87 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,10 @@ # kubernetes nfs-client-provisioner + +[![Docker Repository on Quay](https://quay.io/repository/external_storage/nfs-client-provisioner/status "Docker Repository on Quay")](https://quay.io/repository/external_storage/nfs-client-provisioner) +``` +quay.io/external_storage/nfs-client-provisioner:v2.0.0 +``` + - pv provisioned as ${namespace}-${pvcName}-${pvName} - pv recycled as archieved-${namespace}-${pvcName}-${pvName} diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 4105bafb..924a6712 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: nfs-client-provisioner - image: quay.io/external_storage/nfs-client-provisioner:v1 + image: quay.io/external_storage/nfs-client-provisioner:v2.0.0 volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes From 8fb0e5cc1460a482976ed6bcd9feead20e82e06d Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Mon, 19 Jun 2017 12:26:12 -0400 Subject: [PATCH 07/49] Name PV as required by external provisioner contract --- cmd/nfs-client-provisioner/provisioner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 07688ef5..77c16a60 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -71,7 +71,7 @@ func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.Persis pv := &v1.PersistentVolume{ ObjectMeta: metav1.ObjectMeta{ - Name: pvName, + Name: options.PVName, }, Spec: v1.PersistentVolumeSpec{ PersistentVolumeReclaimPolicy: options.PersistentVolumeReclaimPolicy, From a82645d4ecdf75066f43c677aa2bd55d0e280fd7 Mon Sep 17 00:00:00 2001 From: Clayton O'Neill Date: Sun, 25 Jun 2017 19:08:00 -0400 Subject: [PATCH 08/49] Add RBAC examples for nfs-client Adds example configuration files for clusters that have RBAC enabled (1.6) or OpenShift users. This is mostly a cut and paste job from the EFS example. --- README.md | 29 ++++++++++++++++++++++++++ deploy/auth/clusterrole.yaml | 17 +++++++++++++++ deploy/auth/clusterrolebinding.yaml | 12 +++++++++++ deploy/auth/openshift-clusterrole.yaml | 17 +++++++++++++++ deploy/auth/serviceaccount.yaml | 4 ++++ 5 files changed, 79 insertions(+) create mode 100644 deploy/auth/clusterrole.yaml create mode 100644 deploy/auth/clusterrolebinding.yaml create mode 100644 deploy/auth/openshift-clusterrole.yaml create mode 100644 deploy/auth/serviceaccount.yaml diff --git a/README.md b/README.md index d5ad6a87..5a901579 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,35 @@ quay.io/external_storage/nfs-client-provisioner:v2.0.0 - modify and deploy `deploy/deployment.yaml` - modify and deploy `deploy/class.yaml` +# authorization + +If your cluster has RBAC enabled or you are running OpenShift you must +authorize the provisioner. If you are in a namespace/project other than +"default" either edit `deploy/auth/clusterrolebinding.yaml` or edit the `oadm +policy` command accordingly. + +## RBAC +```console +$ kubectl create -f deploy/auth/serviceaccount.yaml +serviceaccount "nfs-client-provisioner" created +$ kubectl create -f deploy/auth/clusterrole.yaml +clusterrole "nfs-client-provisioner-runner" created +$ kubectl create -f deploy/auth/clusterrolebinding.yaml +clusterrolebinding "run-nfs-client-provisioner" created +$ kubectl patch deployment nfs-client-provisioner -p '{"spec":{"template":{"spec":{"serviceAccount":"nfs-client-provisioner"}}}}' +``` + +## OpenShift +```console +$ oc create -f deploy/auth/serviceaccount.yaml +serviceaccount "nfs-client-provisioner" created +$ oc create -f deploy/auth/openshift-clusterrole.yaml +clusterrole "nfs-client-provisioner-runner" created +$ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:default:nfs-client-provisioner +$ oadm policy add-cluster-role-to-user nfs-client-provisioner-runner system:serviceaccount:default:nfs-client-provisioner +$ oc patch deployment nfs-client-provisioner -p '{"spec":{"template":{"spec":{"serviceAccount":"nfs-client-provisioner"}}}}' +``` + # test - `kubectl create -f deploy/test-claim.yaml` - `kubectl create -f deploy/test-pod.yaml` diff --git a/deploy/auth/clusterrole.yaml b/deploy/auth/clusterrole.yaml new file mode 100644 index 00000000..fe2a7561 --- /dev/null +++ b/deploy/auth/clusterrole.yaml @@ -0,0 +1,17 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1alpha1 +metadata: + name: nfs-client-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] diff --git a/deploy/auth/clusterrolebinding.yaml b/deploy/auth/clusterrolebinding.yaml new file mode 100644 index 00000000..54bd987c --- /dev/null +++ b/deploy/auth/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1alpha1 +metadata: + name: run-nfs-client-provisioner +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + namespace: default +roleRef: + kind: ClusterRole + name: nfs-client-provisioner-runner + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/auth/openshift-clusterrole.yaml b/deploy/auth/openshift-clusterrole.yaml new file mode 100644 index 00000000..beabc8f0 --- /dev/null +++ b/deploy/auth/openshift-clusterrole.yaml @@ -0,0 +1,17 @@ +kind: ClusterRole +apiVersion: v1 +metadata: + name: nfs-client-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] diff --git a/deploy/auth/serviceaccount.yaml b/deploy/auth/serviceaccount.yaml new file mode 100644 index 00000000..edead9ad --- /dev/null +++ b/deploy/auth/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nfs-client-provisioner From 53163dd4b2ff43fb1344abfe48bc1ff9a8a6c2d6 Mon Sep 17 00:00:00 2001 From: Steve Leon Date: Thu, 6 Jul 2017 14:53:47 -0700 Subject: [PATCH 09/49] Incorporate K8S API changes. - Importing API types from k8s.io/api - Update client-go and apimachinery version - Remove lib/helper and use the kubernetes one temporary --- cmd/nfs-client-provisioner/provisioner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 77c16a60..ccb0292b 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -26,10 +26,10 @@ import ( "github.com/golang/glog" "github.com/kubernetes-incubator/external-storage/lib/controller" + "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/kubernetes" - "k8s.io/client-go/pkg/api/v1" "k8s.io/client-go/rest" ) From 166056da73459563c8ae5f9127ab54cb0aa36505 Mon Sep 17 00:00:00 2001 From: Niklas Wik Date: Sat, 5 Aug 2017 16:28:57 +0300 Subject: [PATCH 10/49] Add support for ARM (Raspberry PI) for nfs-client - Reorganized to use Makefile for building - Added arm container for use in ARM based kubernetes clusters Signed-off-by: Niklas Wik --- Makefile | 45 ++++++++++++++++++++++++++ deploy/deployment-arm.yaml | 32 ++++++++++++++++++ build.sh => docker/arm/Dockerfile | 6 ++-- Dockerfile => docker/x86_64/Dockerfile | 0 4 files changed, 81 insertions(+), 2 deletions(-) create mode 100644 Makefile create mode 100644 deploy/deployment-arm.yaml rename build.sh => docker/arm/Dockerfile (77%) mode change 100755 => 100644 rename Dockerfile => docker/x86_64/Dockerfile (100%) diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..300ac356 --- /dev/null +++ b/Makefile @@ -0,0 +1,45 @@ +# Copyright 2016 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ifeq ($(REGISTRY),) + REGISTRY = quay.io/external_storage/ +endif +ifeq ($(VERSION),) + VERSION = latest +endif +IMAGE = $(REGISTRY)nfs-client-provisioner:$(VERSION) +IMAGE_ARM = $(REGISTRY)nfs-client-provisioner-arm:$(VERSION) +MUTABLE_IMAGE = $(REGISTRY)nfs-client-provisioner:latest + +all: build image build_arm image_arm + +container: build image build_arm image_arm + +build: + CGO_ENABLED=0 go build -o docker/x86_64/nfs-client-provisioner ./cmd/nfs-client-provisioner + +build_arm: + CGO_ENABLED=0 GOARCH=arm GOARM=7 go build -o docker/arm/nfs-client-provisioner ./cmd/nfs-client-provisioner + +image: + sudo docker build -t $(IMAGE) docker/x86_64 + +image_arm: + sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset + sudo docker build -t $(IMAGE_ARM) docker/arm + +push: + docker push $(IMAGE) + docker push $(MUTABLE_IMAGE) + docker push $(IMAGE_ARM) diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml new file mode 100644 index 00000000..9f09acca --- /dev/null +++ b/deploy/deployment-arm.yaml @@ -0,0 +1,32 @@ +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nfs-client-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + serviceAccount: nfs-client-provisioner + containers: + - name: nfs-client-provisioner + image: quay.io/external_storage/nfs-client-provisioner-arm:latest + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: 192.168.1.20 + - name: NFS_PATH + value: /mnt/kube_nfs + volumes: + - name: nfs-client-root + nfs: + server: 192.168.1.20 + path: /mnt/kube_nfs diff --git a/build.sh b/docker/arm/Dockerfile old mode 100755 new mode 100644 similarity index 77% rename from build.sh rename to docker/arm/Dockerfile index b90b9d36..ba60cc59 --- a/build.sh +++ b/docker/arm/Dockerfile @@ -1,4 +1,3 @@ -#!/bin/sh # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -13,4 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -CGO_ENABLED=0 go build ./cmd/nfs-client-provisioner #&& docker build -t quay.io/jackieli/nfs-client-provisioner . +FROM hypriot/rpi-alpine:3.6 +RUN apk update --no-cache && apk add ca-certificates +COPY nfs-client-provisioner /nfs-client-provisioner +ENTRYPOINT ["/nfs-client-provisioner"] diff --git a/Dockerfile b/docker/x86_64/Dockerfile similarity index 100% rename from Dockerfile rename to docker/x86_64/Dockerfile From c0716daca36b276c995266ce9b8c128dedcda503 Mon Sep 17 00:00:00 2001 From: Niklas Wik Date: Sat, 5 Aug 2017 16:34:04 +0300 Subject: [PATCH 11/49] Updated README with ARM instruction. Signed-off-by: Niklas Wik --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 5a901579..1ff23eea 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,9 @@ quay.io/external_storage/nfs-client-provisioner:v2.0.0 - modify and deploy `deploy/deployment.yaml` - modify and deploy `deploy/class.yaml` +## ARM based +To deploy on ARM based (Raspberry PI) use `deploy/deployment-arm.yaml` instead of `deploy/deployment.yaml` + # authorization If your cluster has RBAC enabled or you are running OpenShift you must From da48ed92e17edc5b2df12b93f1d88c02970a68c0 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Tue, 8 Aug 2017 13:19:29 -0400 Subject: [PATCH 12/49] Remove provisioner versioning from efs,cephfs,nfs-client; use latest tag instead --- README.md | 3 --- deploy/deployment.yaml | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/README.md b/README.md index 1ff23eea..1a212d58 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,6 @@ # kubernetes nfs-client-provisioner [![Docker Repository on Quay](https://quay.io/repository/external_storage/nfs-client-provisioner/status "Docker Repository on Quay")](https://quay.io/repository/external_storage/nfs-client-provisioner) -``` -quay.io/external_storage/nfs-client-provisioner:v2.0.0 -``` - pv provisioned as ${namespace}-${pvcName}-${pvName} - pv recycled as archieved-${namespace}-${pvcName}-${pvName} diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 924a6712..e4ee8942 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: nfs-client-provisioner - image: quay.io/external_storage/nfs-client-provisioner:v2.0.0 + image: quay.io/external_storage/nfs-client-provisioner:latest volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes From eb39ebd88ab765e4cdcab99ccd1ed431ca940a9e Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Tue, 8 Aug 2017 13:28:32 -0400 Subject: [PATCH 13/49] Add changelogs to provisioners missing them --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..f2725559 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,8 @@ +# v2.0.1 +- Add support for ARM (Raspberry PI). Image at `quay.io/external_storage/nfs-client-provisioner-arm`. (https://github.com/kubernetes-incubator/external-storage/pull/275) + +# v2.0.0 +- Fix issue 149 - nfs-client-provisioner create folder with 755, not 777 (https://github.com/kubernetes-incubator/external-storage/pull/150) + +# v1 +- Initial release \ No newline at end of file From e1104047827d570bce06afe52f346e0989ed4ea2 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Mon, 14 Aug 2017 17:57:29 -0400 Subject: [PATCH 14/49] Tag :latest in nfs-client Makefile --- Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index 300ac356..1a1a6972 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,7 @@ endif IMAGE = $(REGISTRY)nfs-client-provisioner:$(VERSION) IMAGE_ARM = $(REGISTRY)nfs-client-provisioner-arm:$(VERSION) MUTABLE_IMAGE = $(REGISTRY)nfs-client-provisioner:latest +MUTABLE_IMAGE_ARM = $(REGISTRY)nfs-client-provisioner-arm:latest all: build image build_arm image_arm @@ -34,12 +35,15 @@ build_arm: image: sudo docker build -t $(IMAGE) docker/x86_64 + sudo docker tag $(MUTABLE_IMAGE) $(IMAGE) image_arm: sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset sudo docker build -t $(IMAGE_ARM) docker/arm + sudo docker tag $(MUTABLE_IMAGE_ARM) $(IMAGE_ARM) push: docker push $(IMAGE) docker push $(MUTABLE_IMAGE) docker push $(IMAGE_ARM) + docker push $(MUTABLE_IMAGE_ARM) From a73de4048fa13b7d7a5d2bd30133f2d15662bf2f Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Tue, 15 Aug 2017 17:41:12 -0400 Subject: [PATCH 15/49] Fix nfs-client Makefile for real --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 1a1a6972..03316e24 100644 --- a/Makefile +++ b/Makefile @@ -34,12 +34,12 @@ build_arm: CGO_ENABLED=0 GOARCH=arm GOARM=7 go build -o docker/arm/nfs-client-provisioner ./cmd/nfs-client-provisioner image: - sudo docker build -t $(IMAGE) docker/x86_64 + sudo docker build -t $(MUTABLE_IMAGE) docker/x86_64 sudo docker tag $(MUTABLE_IMAGE) $(IMAGE) image_arm: sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset - sudo docker build -t $(IMAGE_ARM) docker/arm + sudo docker build -t $(MUTABLE_IMAGE_ARM) docker/arm sudo docker tag $(MUTABLE_IMAGE_ARM) $(IMAGE_ARM) push: From 2f94a0241ba05e73a32017e8cc2802e7cde74cb0 Mon Sep 17 00:00:00 2001 From: Aaron Crickenberger Date: Tue, 31 Oct 2017 17:47:21 -0700 Subject: [PATCH 16/49] Rename OWNERS assignees: to approvers: They are effectively the same, assignees is deprecated --- OWNERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/OWNERS b/OWNERS index 0ed58548..205e7e36 100644 --- a/OWNERS +++ b/OWNERS @@ -1,2 +1,2 @@ -assignees: - - jackielii \ No newline at end of file +approvers: + - jackielii From 407fa3f43529b3f13675a1ae2dd657ca06e3855c Mon Sep 17 00:00:00 2001 From: Lawrence Dudley Date: Mon, 12 Feb 2018 17:04:56 +0000 Subject: [PATCH 17/49] update kubernetes api versions to be current to 1.8.8 --- deploy/class.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/class.yaml b/deploy/class.yaml index 8e09cc1a..b53fe002 100644 --- a/deploy/class.yaml +++ b/deploy/class.yaml @@ -1,4 +1,4 @@ -apiVersion: storage.k8s.io/v1beta1 +apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: managed-nfs-storage From 95186ce5dc7e74fcb2986d7aa412d68516cc059e Mon Sep 17 00:00:00 2001 From: Charlie Drage Date: Thu, 8 Mar 2018 22:25:31 -0500 Subject: [PATCH 18/49] nfs-client: rbac no longer alpha, add serviceAccount to deployment RBCA is no longer alpha and thus `v1` is only needed. Service account has been added to deployment.yaml in order to get the example to work correctly. --- deploy/auth/clusterrole.yaml | 2 +- deploy/auth/clusterrolebinding.yaml | 2 +- deploy/deployment.yaml | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/auth/clusterrole.yaml b/deploy/auth/clusterrole.yaml index fe2a7561..0c29a3c0 100644 --- a/deploy/auth/clusterrole.yaml +++ b/deploy/auth/clusterrole.yaml @@ -1,5 +1,5 @@ kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1alpha1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nfs-client-provisioner-runner rules: diff --git a/deploy/auth/clusterrolebinding.yaml b/deploy/auth/clusterrolebinding.yaml index 54bd987c..0e949a27 100644 --- a/deploy/auth/clusterrolebinding.yaml +++ b/deploy/auth/clusterrolebinding.yaml @@ -1,5 +1,5 @@ kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1alpha1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: run-nfs-client-provisioner subjects: diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index e4ee8942..1b793676 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -11,6 +11,7 @@ spec: labels: app: nfs-client-provisioner spec: + serviceAccountName: nfs-client-provisioner containers: - name: nfs-client-provisioner image: quay.io/external_storage/nfs-client-provisioner:latest From cd2d72bc770202a7b0d913d383f4b44e6cc2b769 Mon Sep 17 00:00:00 2001 From: Felipe Musse Date: Fri, 9 Mar 2018 09:09:53 -0300 Subject: [PATCH 19/49] Update API version for RBAC objects --- deploy/auth/clusterrole.yaml | 2 +- deploy/auth/clusterrolebinding.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/auth/clusterrole.yaml b/deploy/auth/clusterrole.yaml index fe2a7561..0c29a3c0 100644 --- a/deploy/auth/clusterrole.yaml +++ b/deploy/auth/clusterrole.yaml @@ -1,5 +1,5 @@ kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1alpha1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nfs-client-provisioner-runner rules: diff --git a/deploy/auth/clusterrolebinding.yaml b/deploy/auth/clusterrolebinding.yaml index 54bd987c..0e949a27 100644 --- a/deploy/auth/clusterrolebinding.yaml +++ b/deploy/auth/clusterrolebinding.yaml @@ -1,5 +1,5 @@ kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1alpha1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: run-nfs-client-provisioner subjects: From 96c34294e227af1820b06621285ba875ac7545a5 Mon Sep 17 00:00:00 2001 From: Ian Chakeres Date: Sat, 10 Mar 2018 19:50:16 -0800 Subject: [PATCH 20/49] Fixed nfs-client Makefile, so that it builds on osx --- Makefile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 03316e24..453a0331 100644 --- a/Makefile +++ b/Makefile @@ -28,19 +28,19 @@ all: build image build_arm image_arm container: build image build_arm image_arm build: - CGO_ENABLED=0 go build -o docker/x86_64/nfs-client-provisioner ./cmd/nfs-client-provisioner + CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-extldflags "-static"' -o docker/x86_64/nfs-client-provisioner ./cmd/nfs-client-provisioner build_arm: - CGO_ENABLED=0 GOARCH=arm GOARM=7 go build -o docker/arm/nfs-client-provisioner ./cmd/nfs-client-provisioner - + CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build -a -ldflags '-extldflags "-static"' -o docker/arm/nfs-client-provisioner ./cmd/nfs-client-provisioner + image: - sudo docker build -t $(MUTABLE_IMAGE) docker/x86_64 - sudo docker tag $(MUTABLE_IMAGE) $(IMAGE) + docker build -t $(MUTABLE_IMAGE) docker/x86_64 + docker tag $(MUTABLE_IMAGE) $(IMAGE) image_arm: - sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset - sudo docker build -t $(MUTABLE_IMAGE_ARM) docker/arm - sudo docker tag $(MUTABLE_IMAGE_ARM) $(IMAGE_ARM) + docker run --rm --privileged multiarch/qemu-user-static:register --reset + docker build -t $(MUTABLE_IMAGE_ARM) docker/arm + docker tag $(MUTABLE_IMAGE_ARM) $(IMAGE_ARM) push: docker push $(IMAGE) From e2bee920ee80f06555061496225d807e1a89c984 Mon Sep 17 00:00:00 2001 From: Charlie Drage Date: Mon, 26 Mar 2018 16:05:11 -0400 Subject: [PATCH 21/49] Improves the README.md for nfs-client This commit elaborates on how to deploy nfs-client as well as modify and doing changes to the files before said deployment, updating the README.md to make deployment easier. --- README.md | 124 +++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 90 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index 1a212d58..cfb6db42 100644 --- a/README.md +++ b/README.md @@ -1,50 +1,106 @@ -# kubernetes nfs-client-provisioner +# Kubernetes NFS-Client Provisioner [![Docker Repository on Quay](https://quay.io/repository/external_storage/nfs-client-provisioner/status "Docker Repository on Quay")](https://quay.io/repository/external_storage/nfs-client-provisioner) -- pv provisioned as ${namespace}-${pvcName}-${pvName} -- pv recycled as archieved-${namespace}-${pvcName}-${pvName} -# deploy -- modify and deploy `deploy/deployment.yaml` -- modify and deploy `deploy/class.yaml` +`nfs-client` is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. -## ARM based -To deploy on ARM based (Raspberry PI) use `deploy/deployment-arm.yaml` instead of `deploy/deployment.yaml` +- Persistent volumes are provisioned as ${namespace}-${pvcName}-${pvName} +- Persistent volumes which are recycled as archieved-${namespace}-${pvcName}-${pvName} -# authorization +# How to deploy nfs-client to your cluster. -If your cluster has RBAC enabled or you are running OpenShift you must -authorize the provisioner. If you are in a namespace/project other than -"default" either edit `deploy/auth/clusterrolebinding.yaml` or edit the `oadm -policy` command accordingly. +To note, you must *already* have an NFS Server. -## RBAC -```console -$ kubectl create -f deploy/auth/serviceaccount.yaml -serviceaccount "nfs-client-provisioner" created -$ kubectl create -f deploy/auth/clusterrole.yaml -clusterrole "nfs-client-provisioner-runner" created -$ kubectl create -f deploy/auth/clusterrolebinding.yaml -clusterrolebinding "run-nfs-client-provisioner" created -$ kubectl patch deployment nfs-client-provisioner -p '{"spec":{"template":{"spec":{"serviceAccount":"nfs-client-provisioner"}}}}' +1. Editing: + +Note: To deploy to an ARM-based environment, use: `deploy/deployment-arm.yaml` instead, otherwise use `deploy/deployment.yaml`. +Modify `deploy/deployment.yaml` and change the values to your own NFS server: + + +```yaml + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: 10.10.10.60 + - name: NFS_PATH + value: /ifs/kubernetes + volumes: + - name: nfs-client-root + nfs: + server: 10.10.10.60 + path: /ifs/kubernetes ``` -## OpenShift -```console -$ oc create -f deploy/auth/serviceaccount.yaml +Modify `deploy/class.yaml` to match the same value indicated by `PROVISIONER_NAME`: + +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: managed-nfs-storage +provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' +``` + +2. Authorization + +If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" either edit `deploy/auth/clusterrolebinding.yaml` or edit the `oadm policy` command accordingly. + +Kubernetes: + +```sh +$ kubectl create -f deploy/auth/serviceaccount.yaml -f deploy/auth/clusterrole.yaml -f deploy/auth/clusterrolebinding.yaml +serviceaccount "nfs-client-provisioner" created +clusterrole "nfs-client-provisioner-runner" created +clusterrolebinding "run-nfs-client-provisioner" created +``` + +OpenShift: + +```sh +$ oc create -f deploy/auth/openshift-clusterrole.yaml -f deploy/auth/serviceaccount.yaml serviceaccount "nfs-client-provisioner" created -$ oc create -f deploy/auth/openshift-clusterrole.yaml clusterrole "nfs-client-provisioner-runner" created $ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:default:nfs-client-provisioner $ oadm policy add-cluster-role-to-user nfs-client-provisioner-runner system:serviceaccount:default:nfs-client-provisioner -$ oc patch deployment nfs-client-provisioner -p '{"spec":{"template":{"spec":{"serviceAccount":"nfs-client-provisioner"}}}}' ``` -# test -- `kubectl create -f deploy/test-claim.yaml` -- `kubectl create -f deploy/test-pod.yaml` -- check the folder and file "SUCCESS" created -- `kubectl delete -f deploy/test-pod.yaml` -- `kubectl delete -f deploy/test-claim.yaml` -- check the folder renamed to `archived-???` +3. Finally, test your environment! + +Now we'll test your NFS provisioner. + +Deploy: + +```sh +$ kubectl create -f deploy/test-claim.yaml -f deploy/test-pod.yaml +``` + +Now check your NFS Server for the file `SUCCESS`. + +```sh +kubectl delete -f deploy/test-pod.yaml -f deploy/test-claim.yaml +``` + +Now check the folder renamed to `archived-???`. + +4. Deploying your own PersistentVolumeClaim + +To deploy your own PVC, make sure that you have the correct `storage-class` as indicated by your `deploy/class.yaml` file. + +For example: + +```yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: test-claim + annotations: + volume.beta.kubernetes.io/storage-class: "managed-nfs-storage" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Mi +``` From 75f9bcccbc307e59b9cf4daf83efb255666ff05e Mon Sep 17 00:00:00 2001 From: Peter Grant Date: Thu, 15 Mar 2018 16:51:25 +0100 Subject: [PATCH 22/49] Add namespace extended attributes to directory --- cmd/nfs-client-provisioner/provisioner.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index ccb0292b..79c051df 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -26,6 +26,7 @@ import ( "github.com/golang/glog" "github.com/kubernetes-incubator/external-storage/lib/controller" + "github.com/pkg/xattr" "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -65,6 +66,9 @@ func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.Persis if err := os.MkdirAll(fullPath, 0777); err != nil { return nil, errors.New("unable to create directory to provision new pv: " + err.Error()) } + if err := xattr.Set(fullPath, "namespace", []byte(pvcNamespace)); err != nil { + return nil, errors.New("unable to set extended attributes on directory to provision new pv: " + err.Error()) + } os.Chmod(fullPath, 0777) path := filepath.Join(p.path, pvName) From 700393b2376830926f907d3af07680681cf1760b Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Mon, 18 Jun 2018 08:42:41 -0400 Subject: [PATCH 23/49] Revert "Add namespace extended attributes to directory" --- cmd/nfs-client-provisioner/provisioner.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 79c051df..ccb0292b 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -26,7 +26,6 @@ import ( "github.com/golang/glog" "github.com/kubernetes-incubator/external-storage/lib/controller" - "github.com/pkg/xattr" "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -66,9 +65,6 @@ func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.Persis if err := os.MkdirAll(fullPath, 0777); err != nil { return nil, errors.New("unable to create directory to provision new pv: " + err.Error()) } - if err := xattr.Set(fullPath, "namespace", []byte(pvcNamespace)); err != nil { - return nil, errors.New("unable to set extended attributes on directory to provision new pv: " + err.Error()) - } os.Chmod(fullPath, 0777) path := filepath.Join(p.path, pvName) From ec6a216177e86485d7fa1dff4635c37475ec97df Mon Sep 17 00:00:00 2001 From: Philippe Gagnon Date: Wed, 27 Jun 2018 18:54:33 -0400 Subject: [PATCH 24/49] Propagate StorageClass MountOptions to PVs created by nfs-client-provisioner --- cmd/nfs-client-provisioner/provisioner.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index ccb0292b..5f029308 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -76,6 +76,7 @@ func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.Persis Spec: v1.PersistentVolumeSpec{ PersistentVolumeReclaimPolicy: options.PersistentVolumeReclaimPolicy, AccessModes: options.PVC.Spec.AccessModes, + MountOptions: options.MountOptions, Capacity: v1.ResourceList{ v1.ResourceName(v1.ResourceStorage): options.PVC.Spec.Resources.Requests[v1.ResourceName(v1.ResourceStorage)], }, From 9debe1e4d362d0d40d448b69d0aa0ee29c690a9c Mon Sep 17 00:00:00 2001 From: Di Weng Date: Mon, 16 Jul 2018 12:34:24 +0800 Subject: [PATCH 25/49] Skip deletion if the corresponding directory is not found --- cmd/nfs-client-provisioner/provisioner.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 5f029308..85ba2a77 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -96,6 +96,10 @@ func (p *nfsProvisioner) Delete(volume *v1.PersistentVolume) error { path := volume.Spec.PersistentVolumeSource.NFS.Path pvName := filepath.Base(path) oldPath := filepath.Join(mountPath, pvName) + if _, err := os.Stat(oldPath); os.IsNotExist(err) { + glog.Warningf("path %s does not exist, deletion skipped", oldPath) + return nil + } archivePath := filepath.Join(mountPath, "archived-"+pvName) glog.V(4).Infof("archiving path %s to %s", oldPath, archivePath) return os.Rename(oldPath, archivePath) From 2b11b498c5497158bc02dd2ac273e2f97157c95e Mon Sep 17 00:00:00 2001 From: Gary Morse Date: Thu, 9 Aug 2018 11:32:54 -0400 Subject: [PATCH 26/49] Adds archiveOnDelete parameter to nfs-client provisioner --- README.md | 5 +-- cmd/nfs-client-provisioner/provisioner.go | 39 +++++++++++++++++++++++ deploy/class.yaml | 2 ++ 3 files changed, 44 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index cfb6db42..0041773f 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,6 @@ `nfs-client` is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. - Persistent volumes are provisioned as ${namespace}-${pvcName}-${pvName} -- Persistent volumes which are recycled as archieved-${namespace}-${pvcName}-${pvName} # How to deploy nfs-client to your cluster. @@ -41,6 +40,8 @@ kind: StorageClass metadata: name: managed-nfs-storage provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' +parameters: + archiveOnDelete: "false" # When set to "false" your PVs will not be archived by the provisioner upon deletion of the PVC. ``` 2. Authorization @@ -82,7 +83,7 @@ Now check your NFS Server for the file `SUCCESS`. kubectl delete -f deploy/test-pod.yaml -f deploy/test-claim.yaml ``` -Now check the folder renamed to `archived-???`. +Now check the folder has been deleted. 4. Deploying your own PersistentVolumeClaim diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 85ba2a77..eab741f0 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -22,11 +22,15 @@ import ( "fmt" "os" "path/filepath" + "strconv" "strings" + "k8s.io/kubernetes/pkg/apis/core/v1/helper" + "github.com/golang/glog" "github.com/kubernetes-incubator/external-storage/lib/controller" "k8s.io/api/core/v1" + storage "k8s.io/api/storage/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/kubernetes" @@ -100,9 +104,43 @@ func (p *nfsProvisioner) Delete(volume *v1.PersistentVolume) error { glog.Warningf("path %s does not exist, deletion skipped", oldPath) return nil } + // Get the storage class for this volume. + storageClass, err := p.getClassForVolume(volume) + if err != nil { + return err + } + // Determine if the "archiveOnDelete" parameter exists. + // If it exists and has a falsey value, delete the directory. + // Otherwise, archive it. + archiveOnDelete, exists := storageClass.Parameters["archiveOnDelete"] + archiveBool, err := strconv.ParseBool(archiveOnDelete) + if err != nil { + return err + } + if exists && !archiveBool { + return os.RemoveAll(oldPath) + } + archivePath := filepath.Join(mountPath, "archived-"+pvName) glog.V(4).Infof("archiving path %s to %s", oldPath, archivePath) return os.Rename(oldPath, archivePath) + +} + +// getClassForVolume returns StorageClass +func (p *nfsProvisioner) getClassForVolume(pv *v1.PersistentVolume) (*storage.StorageClass, error) { + if p.client == nil { + return nil, fmt.Errorf("Cannot get kube client") + } + className := helper.GetPersistentVolumeClass(pv) + if className == "" { + return nil, fmt.Errorf("Volume has no storage class") + } + class, err := p.client.StorageV1().StorageClasses().Get(className, metav1.GetOptions{}) + if err != nil { + return nil, err + } + return class, nil } func main() { @@ -141,6 +179,7 @@ func main() { } clientNFSProvisioner := &nfsProvisioner{ + client: clientset, server: server, path: path, } diff --git a/deploy/class.yaml b/deploy/class.yaml index b53fe002..4d3b4805 100644 --- a/deploy/class.yaml +++ b/deploy/class.yaml @@ -3,3 +3,5 @@ kind: StorageClass metadata: name: managed-nfs-storage provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' +parameters: + archiveOnDelete: "false" From f46a12bccb3af6e2f4908332b2acad2963fc1ab0 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Wed, 1 Aug 2018 14:12:12 -0400 Subject: [PATCH 27/49] Change all clusterroles to have endpoints permissions and reduced events permissions, consolidate where possible --- deploy/auth/clusterrole.yaml | 5 ++++- deploy/auth/openshift-clusterrole.yaml | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/deploy/auth/clusterrole.yaml b/deploy/auth/clusterrole.yaml index 0c29a3c0..0ecb088b 100644 --- a/deploy/auth/clusterrole.yaml +++ b/deploy/auth/clusterrole.yaml @@ -14,4 +14,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] + verbs: ["create", "update", "patch"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] \ No newline at end of file diff --git a/deploy/auth/openshift-clusterrole.yaml b/deploy/auth/openshift-clusterrole.yaml index beabc8f0..2f50f5b2 100644 --- a/deploy/auth/openshift-clusterrole.yaml +++ b/deploy/auth/openshift-clusterrole.yaml @@ -14,4 +14,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] + verbs: ["create", "update", "patch"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] From 9b94fa6ac252e8e43f5a2d77b597b7013253a121 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Wed, 15 Aug 2018 13:26:18 -0400 Subject: [PATCH 28/49] Fix archiveOnDelete parsing --- cmd/nfs-client-provisioner/provisioner.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index eab741f0..f7b3a559 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -113,12 +113,14 @@ func (p *nfsProvisioner) Delete(volume *v1.PersistentVolume) error { // If it exists and has a falsey value, delete the directory. // Otherwise, archive it. archiveOnDelete, exists := storageClass.Parameters["archiveOnDelete"] - archiveBool, err := strconv.ParseBool(archiveOnDelete) - if err != nil { - return err - } - if exists && !archiveBool { - return os.RemoveAll(oldPath) + if exists { + archiveBool, err := strconv.ParseBool(archiveOnDelete) + if err != nil { + return err + } + if !archiveBool { + return os.RemoveAll(oldPath) + } } archivePath := filepath.Join(mountPath, "archived-"+pvName) From af83d2c193ce7d11fb257b567b7e07cc61c5f901 Mon Sep 17 00:00:00 2001 From: Dave Johnson Date: Fri, 17 Aug 2018 14:19:42 -0400 Subject: [PATCH 29/49] Clarifications and minor formatting improvements. --- README.md | 108 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 66 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 0041773f..1a0472c9 100644 --- a/README.md +++ b/README.md @@ -2,51 +2,19 @@ [![Docker Repository on Quay](https://quay.io/repository/external_storage/nfs-client-provisioner/status "Docker Repository on Quay")](https://quay.io/repository/external_storage/nfs-client-provisioner) - -`nfs-client` is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. - -- Persistent volumes are provisioned as ${namespace}-${pvcName}-${pvName} +**nfs-client** is an automatic provisioner that use your *existing and already configured* NFS server to support dynamic provisioning of Kubernetes Persistent Volumes via Persistent Volume Claims. Persistent volumes are provisioned as ``${namespace}-${pvcName}-${pvName}``. # How to deploy nfs-client to your cluster. -To note, you must *already* have an NFS Server. +To note again, you must *already* have an NFS Server. -1. Editing: +**Step 1: Get connection information for your NFS server**. Make sure your NFS server as accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname. -Note: To deploy to an ARM-based environment, use: `deploy/deployment-arm.yaml` instead, otherwise use `deploy/deployment.yaml`. -Modify `deploy/deployment.yaml` and change the values to your own NFS server: +**Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``oc`` command. +Get all of the files in the [deploy](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client/deploy) directory of this repository. These instructions assume that you have cloned the [external-storage](https://github.com/kubernetes-incubator/external-storage) repository and have a bash-shell open in the ``nfs-client`` directory. -```yaml - env: - - name: PROVISIONER_NAME - value: fuseim.pri/ifs - - name: NFS_SERVER - value: 10.10.10.60 - - name: NFS_PATH - value: /ifs/kubernetes - volumes: - - name: nfs-client-root - nfs: - server: 10.10.10.60 - path: /ifs/kubernetes -``` - -Modify `deploy/class.yaml` to match the same value indicated by `PROVISIONER_NAME`: - -```yaml -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: managed-nfs-storage -provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' -parameters: - archiveOnDelete: "false" # When set to "false" your PVs will not be archived by the provisioner upon deletion of the PVC. -``` - -2. Authorization - -If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" either edit `deploy/auth/clusterrolebinding.yaml` or edit the `oadm policy` command accordingly. +**Step 3: Setup authorization**. If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" either edit `deploy/auth/clusterrolebinding.yaml` or edit the `oadm policy` command accordingly. Kubernetes: @@ -59,6 +27,8 @@ clusterrolebinding "run-nfs-client-provisioner" created OpenShift: +On some installations of OpenShift the default admin user does not have cluster-admin permissions. If these commands fail refer to the Red Hat OpenShift documentation for **User and Role Management** or contact Red Hat support to help you grant the right permissions to your admin user. + ```sh $ oc create -f deploy/auth/openshift-clusterrole.yaml -f deploy/auth/serviceaccount.yaml serviceaccount "nfs-client-provisioner" created @@ -67,7 +37,63 @@ $ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:default:nfs $ oadm policy add-cluster-role-to-user nfs-client-provisioner-runner system:serviceaccount:default:nfs-client-provisioner ``` -3. Finally, test your environment! +**Step 4: Configure the NFS-Client provisioner** + +Note: To deploy to an ARM-based environment, use: `deploy/deployment-arm.yaml` instead, otherwise use `deploy/deployment.yaml`. + +Next you must edit the provisioner's deployment file to add connection information for your NFS server. Edit `deploy/deployment.yaml` and replace the two occurances of with your server's hostname. + +```yaml +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nfs-client-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + serviceAccountName: nfs-client-provisioner + containers: + - name: nfs-client-provisioner + image: quay.io/external_storage/nfs-client-provisioner:latest + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: + - name: NFS_PATH + value: /var/nfs + volumes: + - name: nfs-client-root + nfs: + server: + path: /var/nfs +``` + +You may also want to change the PROVISIONER_NAME above from ``fuseim.pri/ifs`` to something more descriptive like ``nfs-storage``, but if you do remember to also change the PROVISIONER_NAME in the storage class definition below: + +This is `deploy/class.yaml` which defines the NFS-Client's Kubernetes Storage Class: + +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: managed-nfs-storage +provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' +parameters: + archiveOnDelete: "false" # When set to "false" your PVs will not be archived + # by the provisioner upon deletion of the PVC. +``` + +**Step 5: Finally, test your environment!** Now we'll test your NFS provisioner. @@ -85,9 +111,7 @@ kubectl delete -f deploy/test-pod.yaml -f deploy/test-claim.yaml Now check the folder has been deleted. -4. Deploying your own PersistentVolumeClaim - -To deploy your own PVC, make sure that you have the correct `storage-class` as indicated by your `deploy/class.yaml` file. +**Step 6: Deploying your own PersistentVolumeClaims**. To deploy your own PVC, make sure that you have the correct `storage-class` as indicated by your `deploy/class.yaml` file. For example: From 530aa450909a4d1d860022cfb60f9fe32fb58fd5 Mon Sep 17 00:00:00 2001 From: Dave Johnson Date: Mon, 20 Aug 2018 08:14:39 -0400 Subject: [PATCH 30/49] Fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1a0472c9..0ff2abb9 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ $ oadm policy add-cluster-role-to-user nfs-client-provisioner-runner system:serv Note: To deploy to an ARM-based environment, use: `deploy/deployment-arm.yaml` instead, otherwise use `deploy/deployment.yaml`. -Next you must edit the provisioner's deployment file to add connection information for your NFS server. Edit `deploy/deployment.yaml` and replace the two occurances of with your server's hostname. +Next you must edit the provisioner's deployment file to add connection information for your NFS server. Edit `deploy/deployment.yaml` and replace the two occurences of with your server's hostname. ```yaml kind: Deployment From fa44e1fcba922bd28702960a4888c2685d2345b5 Mon Sep 17 00:00:00 2001 From: Dave Johnson Date: Mon, 20 Aug 2018 08:18:30 -0400 Subject: [PATCH 31/49] Remove unecessary reference to Red Hat. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0ff2abb9..03e55c23 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ clusterrolebinding "run-nfs-client-provisioner" created OpenShift: -On some installations of OpenShift the default admin user does not have cluster-admin permissions. If these commands fail refer to the Red Hat OpenShift documentation for **User and Role Management** or contact Red Hat support to help you grant the right permissions to your admin user. +On some installations of OpenShift the default admin user does not have cluster-admin permissions. If these commands fail refer to the OpenShift documentation for **User and Role Management** or contact your OpenShift provider to help you grant the right permissions to your admin user. ```sh $ oc create -f deploy/auth/openshift-clusterrole.yaml -f deploy/auth/serviceaccount.yaml From 7df14ef767a695d67fdc5f942203bf206a300af2 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Wed, 22 Aug 2018 17:07:13 -0400 Subject: [PATCH 32/49] Distribute Role+Rolebinding everywhere instead of giving cluster-scoped endpoints r/w --- README.md | 20 +++++----- deploy/auth/clusterrole.yaml | 20 ---------- deploy/auth/clusterrolebinding.yaml | 12 ------ deploy/auth/openshift-clusterrole.yaml | 20 ---------- deploy/auth/serviceaccount.yaml | 4 -- deploy/deployment-arm.yaml | 5 +++ deploy/deployment.yaml | 5 +++ deploy/rbac.yaml | 54 ++++++++++++++++++++++++++ 8 files changed, 74 insertions(+), 66 deletions(-) delete mode 100644 deploy/auth/clusterrole.yaml delete mode 100644 deploy/auth/clusterrolebinding.yaml delete mode 100644 deploy/auth/openshift-clusterrole.yaml delete mode 100644 deploy/auth/serviceaccount.yaml create mode 100644 deploy/rbac.yaml diff --git a/README.md b/README.md index 03e55c23..4967ba49 100644 --- a/README.md +++ b/README.md @@ -14,15 +14,15 @@ To note again, you must *already* have an NFS Server. Get all of the files in the [deploy](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client/deploy) directory of this repository. These instructions assume that you have cloned the [external-storage](https://github.com/kubernetes-incubator/external-storage) repository and have a bash-shell open in the ``nfs-client`` directory. -**Step 3: Setup authorization**. If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" either edit `deploy/auth/clusterrolebinding.yaml` or edit the `oadm policy` command accordingly. +**Step 3: Setup authorization**. If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" edit `deploy/rbac.yaml`. Kubernetes: ```sh -$ kubectl create -f deploy/auth/serviceaccount.yaml -f deploy/auth/clusterrole.yaml -f deploy/auth/clusterrolebinding.yaml -serviceaccount "nfs-client-provisioner" created -clusterrole "nfs-client-provisioner-runner" created -clusterrolebinding "run-nfs-client-provisioner" created +# Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed +$ NAMESPACE=`oc project -q` +$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml +$ kubectl create -f deploy/rbac.yaml ``` OpenShift: @@ -30,11 +30,11 @@ OpenShift: On some installations of OpenShift the default admin user does not have cluster-admin permissions. If these commands fail refer to the OpenShift documentation for **User and Role Management** or contact your OpenShift provider to help you grant the right permissions to your admin user. ```sh -$ oc create -f deploy/auth/openshift-clusterrole.yaml -f deploy/auth/serviceaccount.yaml -serviceaccount "nfs-client-provisioner" created -clusterrole "nfs-client-provisioner-runner" created -$ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:default:nfs-client-provisioner -$ oadm policy add-cluster-role-to-user nfs-client-provisioner-runner system:serviceaccount:default:nfs-client-provisioner +# Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed +$ NAMESPACE=`oc project -q` +$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml +$ oc create -f deploy/rbac.yaml +$ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner ``` **Step 4: Configure the NFS-Client provisioner** diff --git a/deploy/auth/clusterrole.yaml b/deploy/auth/clusterrole.yaml deleted file mode 100644 index 0ecb088b..00000000 --- a/deploy/auth/clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: nfs-client-provisioner-runner -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "update", "patch"] - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get", "list", "watch", "create", "update", "patch"] \ No newline at end of file diff --git a/deploy/auth/clusterrolebinding.yaml b/deploy/auth/clusterrolebinding.yaml deleted file mode 100644 index 0e949a27..00000000 --- a/deploy/auth/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: run-nfs-client-provisioner -subjects: - - kind: ServiceAccount - name: nfs-client-provisioner - namespace: default -roleRef: - kind: ClusterRole - name: nfs-client-provisioner-runner - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/auth/openshift-clusterrole.yaml b/deploy/auth/openshift-clusterrole.yaml deleted file mode 100644 index 2f50f5b2..00000000 --- a/deploy/auth/openshift-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -kind: ClusterRole -apiVersion: v1 -metadata: - name: nfs-client-provisioner-runner -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "update", "patch"] - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get", "list", "watch", "create", "update", "patch"] diff --git a/deploy/auth/serviceaccount.yaml b/deploy/auth/serviceaccount.yaml deleted file mode 100644 index edead9ad..00000000 --- a/deploy/auth/serviceaccount.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nfs-client-provisioner diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index 9f09acca..785302bd 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -1,3 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nfs-client-provisioner +--- kind: Deployment apiVersion: extensions/v1beta1 metadata: diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 1b793676..271ca060 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -1,3 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nfs-client-provisioner +--- kind: Deployment apiVersion: extensions/v1beta1 metadata: diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml new file mode 100644 index 00000000..79bc7290 --- /dev/null +++ b/deploy/rbac.yaml @@ -0,0 +1,54 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: nfs-client-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + - apiGroups: [""] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: run-nfs-client-provisioner +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + namespace: default +roleRef: + kind: ClusterRole + name: nfs-client-provisioner-runner + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-nfs-client-provisioner +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-nfs-client-provisioner +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default +roleRef: + kind: Role + name: leader-locking-nfs-client-provisioner + apiGroup: rbac.authorization.k8s.io From 5e95ea2ffe5c8205edd2a6425ea666dd44d90311 Mon Sep 17 00:00:00 2001 From: Per Abich <409466+flyhard@users.noreply.github.com> Date: Wed, 5 Sep 2018 17:28:18 +0200 Subject: [PATCH 33/49] Fixing documentation to be correct for Kubernetes Converted from openshift command --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4967ba49..3ce3fd3e 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,8 @@ Kubernetes: ```sh # Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed -$ NAMESPACE=`oc project -q` +$ NS=$(kubectl config get-contexts|grep -e "^\*" |awk '{print $5}') +$ NAMESPACE=${NS:-default} $ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml $ kubectl create -f deploy/rbac.yaml ``` From 416af39aa65a4f0b70862224dcfd18e86025079b Mon Sep 17 00:00:00 2001 From: Per Abich <409466+flyhard@users.noreply.github.com> Date: Wed, 5 Sep 2018 23:20:23 +0200 Subject: [PATCH 34/49] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3ce3fd3e..f47cf5d0 100644 --- a/README.md +++ b/README.md @@ -8,9 +8,9 @@ To note again, you must *already* have an NFS Server. -**Step 1: Get connection information for your NFS server**. Make sure your NFS server as accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname. +**Step 1: Get connection information for your NFS server**. Make sure your NFS server is accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname. -**Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``oc`` command. +**Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``kubectl`` / ``oc`` command. Get all of the files in the [deploy](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client/deploy) directory of this repository. These instructions assume that you have cloned the [external-storage](https://github.com/kubernetes-incubator/external-storage) repository and have a bash-shell open in the ``nfs-client`` directory. From 6e7b3913c50d0cf94483af237c02f4a6a0b9b70b Mon Sep 17 00:00:00 2001 From: yiming chen Date: Thu, 6 Sep 2018 13:34:59 +0800 Subject: [PATCH 35/49] Remove redundant field in the rbac.yaml of nfs-client --- deploy/rbac.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index 79bc7290..c11f5216 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -15,7 +15,6 @@ rules: - apiGroups: [""] resources: ["events"] verbs: ["create", "update", "patch"] - - apiGroups: [""] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 From 2929b7ab591f374f90211c4d77bcd60419d2c75c Mon Sep 17 00:00:00 2001 From: Per Abich <409466+flyhard@users.noreply.github.com> Date: Thu, 6 Sep 2018 09:57:38 +0200 Subject: [PATCH 36/49] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f47cf5d0..95a34d94 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ To note again, you must *already* have an NFS Server. **Step 1: Get connection information for your NFS server**. Make sure your NFS server is accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname. -**Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``kubectl`` / ``oc`` command. +**Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``kubectl`` / ``oc`` command. Get all of the files in the [deploy](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client/deploy) directory of this repository. These instructions assume that you have cloned the [external-storage](https://github.com/kubernetes-incubator/external-storage) repository and have a bash-shell open in the ``nfs-client`` directory. From cd7d12292a6d663399e6d63d39d8d58640425651 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Wed, 19 Sep 2018 14:43:42 -0400 Subject: [PATCH 37/49] Point nfs-client users to Helm and split up yamls --- README.md | 12 ++++++++++ deploy/objects/README.md | 1 + deploy/objects/class.yaml | 7 ++++++ deploy/objects/clusterrole.yaml | 17 ++++++++++++++ deploy/objects/clusterrolebinding.yaml | 12 ++++++++++ deploy/objects/deployment-arm.yaml | 32 ++++++++++++++++++++++++++ deploy/objects/deployment.yaml | 32 ++++++++++++++++++++++++++ deploy/objects/role.yaml | 8 +++++++ deploy/objects/rolebinding.yaml | 13 +++++++++++ deploy/objects/serviceaccount.yaml | 4 ++++ 10 files changed, 138 insertions(+) create mode 100644 deploy/objects/README.md create mode 100644 deploy/objects/class.yaml create mode 100644 deploy/objects/clusterrole.yaml create mode 100644 deploy/objects/clusterrolebinding.yaml create mode 100644 deploy/objects/deployment-arm.yaml create mode 100644 deploy/objects/deployment.yaml create mode 100644 deploy/objects/role.yaml create mode 100644 deploy/objects/rolebinding.yaml create mode 100644 deploy/objects/serviceaccount.yaml diff --git a/README.md b/README.md index 95a34d94..8da4d14f 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,18 @@ To note again, you must *already* have an NFS Server. +## With Helm + +Follow the instructions for the stable helm chart maintained at https://github.com/helm/charts/tree/master/stable/nfs-client-provisioner + +The tl;dr is + +```bash +$ helm install stable/nfs-client-provisioner --set nfs.server=x.x.x.x --set nfs.path=/exported/path +``` + +## Without Helm + **Step 1: Get connection information for your NFS server**. Make sure your NFS server is accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname. **Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``kubectl`` / ``oc`` command. diff --git a/deploy/objects/README.md b/deploy/objects/README.md new file mode 100644 index 00000000..2003d611 --- /dev/null +++ b/deploy/objects/README.md @@ -0,0 +1 @@ +The objects in this directory are the same as in the parent except split up into one file per object for certain users' convenience. diff --git a/deploy/objects/class.yaml b/deploy/objects/class.yaml new file mode 100644 index 00000000..4d3b4805 --- /dev/null +++ b/deploy/objects/class.yaml @@ -0,0 +1,7 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: managed-nfs-storage +provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' +parameters: + archiveOnDelete: "false" diff --git a/deploy/objects/clusterrole.yaml b/deploy/objects/clusterrole.yaml new file mode 100644 index 00000000..d8564a7a --- /dev/null +++ b/deploy/objects/clusterrole.yaml @@ -0,0 +1,17 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: nfs-client-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] diff --git a/deploy/objects/clusterrolebinding.yaml b/deploy/objects/clusterrolebinding.yaml new file mode 100644 index 00000000..0e949a27 --- /dev/null +++ b/deploy/objects/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: run-nfs-client-provisioner +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + namespace: default +roleRef: + kind: ClusterRole + name: nfs-client-provisioner-runner + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/objects/deployment-arm.yaml b/deploy/objects/deployment-arm.yaml new file mode 100644 index 00000000..9f09acca --- /dev/null +++ b/deploy/objects/deployment-arm.yaml @@ -0,0 +1,32 @@ +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nfs-client-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + serviceAccount: nfs-client-provisioner + containers: + - name: nfs-client-provisioner + image: quay.io/external_storage/nfs-client-provisioner-arm:latest + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: 192.168.1.20 + - name: NFS_PATH + value: /mnt/kube_nfs + volumes: + - name: nfs-client-root + nfs: + server: 192.168.1.20 + path: /mnt/kube_nfs diff --git a/deploy/objects/deployment.yaml b/deploy/objects/deployment.yaml new file mode 100644 index 00000000..1b793676 --- /dev/null +++ b/deploy/objects/deployment.yaml @@ -0,0 +1,32 @@ +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nfs-client-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + serviceAccountName: nfs-client-provisioner + containers: + - name: nfs-client-provisioner + image: quay.io/external_storage/nfs-client-provisioner:latest + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: 10.10.10.60 + - name: NFS_PATH + value: /ifs/kubernetes + volumes: + - name: nfs-client-root + nfs: + server: 10.10.10.60 + path: /ifs/kubernetes diff --git a/deploy/objects/role.yaml b/deploy/objects/role.yaml new file mode 100644 index 00000000..28721e82 --- /dev/null +++ b/deploy/objects/role.yaml @@ -0,0 +1,8 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-nfs-client-provisioner +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] diff --git a/deploy/objects/rolebinding.yaml b/deploy/objects/rolebinding.yaml new file mode 100644 index 00000000..b5faf2d8 --- /dev/null +++ b/deploy/objects/rolebinding.yaml @@ -0,0 +1,13 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-nfs-client-provisioner +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default +roleRef: + kind: Role + name: leader-locking-nfs-client-provisioner + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/objects/serviceaccount.yaml b/deploy/objects/serviceaccount.yaml new file mode 100644 index 00000000..edead9ad --- /dev/null +++ b/deploy/objects/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nfs-client-provisioner From 14209716a3dcb290eb4c8afeedd018c87b20b233 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Wed, 17 Oct 2018 14:25:18 -0400 Subject: [PATCH 38/49] Use kubernetes-sigs/sig-storage-lib-external-provisioner --- cmd/nfs-client-provisioner/provisioner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index f7b3a559..f219ed33 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -28,7 +28,7 @@ import ( "k8s.io/kubernetes/pkg/apis/core/v1/helper" "github.com/golang/glog" - "github.com/kubernetes-incubator/external-storage/lib/controller" + "github.com/kubernetes-sigs/sig-storage-lib-external-provisioner/controller" "k8s.io/api/core/v1" storage "k8s.io/api/storage/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" From 1ae796f9f480917ce5a71186ae07a900a30b6334 Mon Sep 17 00:00:00 2001 From: mooncake Date: Sat, 10 Nov 2018 23:39:50 +0800 Subject: [PATCH 39/49] Fix some typos Signed-off-by: mooncake --- cmd/nfs-client-provisioner/provisioner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index f219ed33..b6f7c816 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -110,7 +110,7 @@ func (p *nfsProvisioner) Delete(volume *v1.PersistentVolume) error { return err } // Determine if the "archiveOnDelete" parameter exists. - // If it exists and has a falsey value, delete the directory. + // If it exists and has a false value, delete the directory. // Otherwise, archive it. archiveOnDelete, exists := storageClass.Parameters["archiveOnDelete"] if exists { From 3f8626cb2bb98f09d2a911008322cdbb7d96d64d Mon Sep 17 00:00:00 2001 From: t-sato Date: Thu, 15 Nov 2018 03:53:14 +0900 Subject: [PATCH 40/49] Fill in rbac.yaml with ServiceAccount manifest. --- deploy/rbac.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index c11f5216..626ee3ab 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -1,3 +1,8 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: nfs-client-provisioner +--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: From 846206d6091d0cda2b926c15271792d552a72d7f Mon Sep 17 00:00:00 2001 From: remche Date: Thu, 20 Dec 2018 14:06:58 +0100 Subject: [PATCH 41/49] Fix namespace and bump to Deployment apps/v1 --- README.md | 2 +- deploy/deployment-arm.yaml | 16 +++++++++------- deploy/deployment.yaml | 14 ++++++++------ deploy/rbac.yaml | 7 ++++++- 4 files changed, 24 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 8da4d14f..84b870d2 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ Kubernetes: # Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed $ NS=$(kubectl config get-contexts|grep -e "^\*" |awk '{print $5}') $ NAMESPACE=${NS:-default} -$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml +$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml ./deploy/deployment.yaml $ kubectl create -f deploy/rbac.yaml ``` diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index 785302bd..d736221b 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -1,22 +1,24 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nfs-client-provisioner ---- +apiVersion: apps/v1 kind: Deployment -apiVersion: extensions/v1beta1 metadata: name: nfs-client-provisioner + labels: + app: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default spec: replicas: 1 strategy: type: Recreate + selector: + matchLabels: + app: nfs-client-provisioner template: metadata: labels: app: nfs-client-provisioner spec: - serviceAccount: nfs-client-provisioner + serviceAccountName: nfs-client-provisioner containers: - name: nfs-client-provisioner image: quay.io/external_storage/nfs-client-provisioner-arm:latest diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 271ca060..0ec9c4ed 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -1,16 +1,18 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nfs-client-provisioner ---- +apiVersion: apps/v1 kind: Deployment -apiVersion: extensions/v1beta1 metadata: name: nfs-client-provisioner + labels: + app: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default spec: replicas: 1 strategy: type: Recreate + selector: + matchLabels: + app: nfs-client-provisioner template: metadata: labels: diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index 626ee3ab..9609a008 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -1,7 +1,9 @@ -kind: ServiceAccount apiVersion: v1 +kind: ServiceAccount metadata: name: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -28,6 +30,7 @@ metadata: subjects: - kind: ServiceAccount name: nfs-client-provisioner + # replace with namespace where provisioner is deployed namespace: default roleRef: kind: ClusterRole @@ -38,6 +41,8 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default rules: - apiGroups: [""] resources: ["endpoints"] From 95cdb664bd66384b5b077bc003f6ee0056c11db2 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sat, 29 Dec 2018 20:22:59 -0600 Subject: [PATCH 42/49] Make nfs-client ARM deployment consistent with regular deployment. --- deploy/deployment-arm.yaml | 10 +++++----- deploy/objects/deployment-arm.yaml | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index 785302bd..feef4efc 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -16,7 +16,7 @@ spec: labels: app: nfs-client-provisioner spec: - serviceAccount: nfs-client-provisioner + serviceAccountName: nfs-client-provisioner containers: - name: nfs-client-provisioner image: quay.io/external_storage/nfs-client-provisioner-arm:latest @@ -27,11 +27,11 @@ spec: - name: PROVISIONER_NAME value: fuseim.pri/ifs - name: NFS_SERVER - value: 192.168.1.20 + value: 10.10.10.60 - name: NFS_PATH - value: /mnt/kube_nfs + value: /ifs/kubernetes volumes: - name: nfs-client-root nfs: - server: 192.168.1.20 - path: /mnt/kube_nfs + server: 10.10.10.60 + path: /ifs/kubernetes diff --git a/deploy/objects/deployment-arm.yaml b/deploy/objects/deployment-arm.yaml index 9f09acca..9cced7e5 100644 --- a/deploy/objects/deployment-arm.yaml +++ b/deploy/objects/deployment-arm.yaml @@ -11,7 +11,7 @@ spec: labels: app: nfs-client-provisioner spec: - serviceAccount: nfs-client-provisioner + serviceAccountName: nfs-client-provisioner containers: - name: nfs-client-provisioner image: quay.io/external_storage/nfs-client-provisioner-arm:latest @@ -22,11 +22,11 @@ spec: - name: PROVISIONER_NAME value: fuseim.pri/ifs - name: NFS_SERVER - value: 192.168.1.20 + value: 10.10.10.60 - name: NFS_PATH - value: /mnt/kube_nfs + value: /ifs/kubernetes volumes: - name: nfs-client-root nfs: - server: 192.168.1.20 - path: /mnt/kube_nfs + server: 10.10.10.60 + path: /ifs/kubernetes From 8419bd8f64c9472009a488717f033a78b5d6eebe Mon Sep 17 00:00:00 2001 From: Santhosh Kumar Tekuri Date: Fri, 7 Jun 2019 13:16:14 +0530 Subject: [PATCH 43/49] Remove ServiceAccount from deployment yaml files ServiceAccount is already defined in rbac.yaml --- deploy/deployment-arm.yaml | 5 ----- deploy/deployment.yaml | 5 ----- 2 files changed, 10 deletions(-) diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index feef4efc..9cced7e5 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -1,8 +1,3 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nfs-client-provisioner ---- kind: Deployment apiVersion: extensions/v1beta1 metadata: diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 271ca060..1b793676 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -1,8 +1,3 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nfs-client-provisioner ---- kind: Deployment apiVersion: extensions/v1beta1 metadata: From c6853e0440ec5383610337703f169a09ce955ec9 Mon Sep 17 00:00:00 2001 From: TJ Zimmerman Date: Mon, 30 Sep 2019 17:18:52 -0700 Subject: [PATCH 44/49] Updated API Version, Added selector field. --- deploy/deployment-arm.yaml | 5 ++++- deploy/deployment.yaml | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index feef4efc..8fce2842 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -4,11 +4,14 @@ metadata: name: nfs-client-provisioner --- kind: Deployment -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 metadata: name: nfs-client-provisioner spec: replicas: 1 + selector: + matchLabels: + app: nfs-client-provisioner strategy: type: Recreate template: diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 271ca060..911618fb 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -4,11 +4,14 @@ metadata: name: nfs-client-provisioner --- kind: Deployment -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 metadata: name: nfs-client-provisioner spec: replicas: 1 + selector: + matchLabels: + app: nfs-client-provisioner strategy: type: Recreate template: From 39c59187641ad4aa8cd6b816f810b0f2383d02c4 Mon Sep 17 00:00:00 2001 From: TJ Zimmerman Date: Mon, 30 Sep 2019 22:15:10 -0700 Subject: [PATCH 45/49] Updated API Version & Added selector. --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8da4d14f..6f9bcbb3 100644 --- a/README.md +++ b/README.md @@ -58,11 +58,14 @@ Next you must edit the provisioner's deployment file to add connection informati ```yaml kind: Deployment -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 metadata: name: nfs-client-provisioner spec: replicas: 1 + selector: + matchLabels: + app: nfs-client-provisioner strategy: type: Recreate template: From e7add04d2d34dd5fdf7d267e1381cebd0264ead2 Mon Sep 17 00:00:00 2001 From: Arthur666 Date: Wed, 13 Nov 2019 00:21:49 +0800 Subject: [PATCH 46/49] Update rbac.yaml Modify the Role section (line 45), the namespace field is changed to indent 2 characters. --- deploy/rbac.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index 9609a008..500a0ac7 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -42,7 +42,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner # replace with namespace where provisioner is deployed - namespace: default + namespace: default rules: - apiGroups: [""] resources: ["endpoints"] From f09ffdefb53e4a439ba42d880f25dcfbe3519977 Mon Sep 17 00:00:00 2001 From: Thorsten Schifferdecker Date: Fri, 7 Feb 2020 19:21:50 +0100 Subject: [PATCH 47/49] add namespace for rolebinding see Issue #1278 --- deploy/rbac.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index 500a0ac7..85a76d02 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -41,7 +41,7 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner - # replace with namespace where provisioner is deployed + # replace with namespace where provisioner is deployed namespace: default rules: - apiGroups: [""] @@ -52,6 +52,8 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default subjects: - kind: ServiceAccount name: nfs-client-provisioner From fa12f8ae9c7fbef5bc6f29cfd4d4964634bf19cb Mon Sep 17 00:00:00 2001 From: daviyang35 Date: Sat, 15 Feb 2020 02:17:56 +0800 Subject: [PATCH 48/49] Remove duplicate selector fields Remove duplicate selector fields --- deploy/deployment.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index a6a15626..0ec9c4ed 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -8,9 +8,6 @@ metadata: namespace: default spec: replicas: 1 - selector: - matchLabels: - app: nfs-client-provisioner strategy: type: Recreate selector: From 3a0395c8be7767effa8e9b9a463d9e983c3e0127 Mon Sep 17 00:00:00 2001 From: Pando85 Date: Sat, 7 Mar 2020 11:40:40 +0100 Subject: [PATCH 49/49] Remove duplicated key in nfs-client deploy for arm architecture --- deploy/deployment-arm.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index 862efc5b..6ee30150 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -8,9 +8,6 @@ metadata: namespace: default spec: replicas: 1 - selector: - matchLabels: - app: nfs-client-provisioner strategy: type: Recreate selector: