From 3376ae7e5fbf8985448022676cd5352b8b4f2895 Mon Sep 17 00:00:00 2001 From: Jackie Li Date: Wed, 26 Apr 2017 21:12:08 +0100 Subject: [PATCH 01/51] nfs-client-provisioner initial code (cherry picked from commit 5a51799e23260d3af3517fe993de5e387752edef) --- .gitignore | 26 +++++ Dockerfile | 4 + README.md | 27 +++-- build.sh | 3 + cmd/nfs-client-provisioner/provisioner.go | 129 ++++++++++++++++++++++ deploy/class.yaml | 5 + deploy/deployment.yaml | 31 ++++++ deploy/test-claim.yaml | 12 ++ deploy/test-pod.yaml | 21 ++++ 9 files changed, 244 insertions(+), 14 deletions(-) create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100755 build.sh create mode 100644 cmd/nfs-client-provisioner/provisioner.go create mode 100644 deploy/class.yaml create mode 100644 deploy/deployment.yaml create mode 100644 deploy/test-claim.yaml create mode 100644 deploy/test-pod.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..f66bbe54 --- /dev/null +++ b/.gitignore @@ -0,0 +1,26 @@ +# Compiled Object files, Static and Dynamic libs (Shared Objects) +*.o +*.a +*.so + +# Folders +_obj +_test + +# Architecture specific extensions/prefixes +*.[568vq] +[568vq].out + +*.cgo1.go +*.cgo2.c +_cgo_defun.c +_cgo_gotypes.go +_cgo_export.* + +_testmain.go + +*.exe +*.test +*.prof + +nfs-client-provisioner diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..c11fce8d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,4 @@ +FROM alpine:3.5 +RUN apk update --no-cache && apk add ca-certificates +COPY nfs-client-provisioner /nfs-client-provisioner +ENTRYPOINT ["/nfs-client-provisioner"] \ No newline at end of file diff --git a/README.md b/README.md index 82dd7dbd..ecb1c1c1 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,15 @@ -# nfs-subdir-external-provisioner +# kubernetes nfs-client-provisioner +- pv provisioned as ${namespace}-${pvcName}-${pvName} +- pv recycled as archieved-${namespace}-${pvcName}-${pvName} -Dynamic sub-dir volume provisioner on a remote NFS server. +# deploy +- modify and deploy `deploy/deployment.yaml` +- modify and deploy `deploy/class.yaml` -## Community, discussion, contribution, and support - -Learn how to engage with the Kubernetes community on the [community page](http://kubernetes.io/community/). - -You can reach the maintainers of this project at: - -- [Slack](https://kubernetes.slack.com/messages/sig-storage) -- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-storage) - -### Code of conduct - -Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md). +# test +- `kubectl create -f deploy/test-claim.yaml` +- `kubectl create -f deploy/test-pod.yaml` +- check the folder and file "SUCCESS" created +- `kubectl delete -f deploy/test-pod.yaml` +- `kubectl delete -f deploy/test-claim.yaml` +- check the folder renamed diff --git a/build.sh b/build.sh new file mode 100755 index 00000000..3f33f69c --- /dev/null +++ b/build.sh @@ -0,0 +1,3 @@ +#!/bin/sh +CGO_ENABLED=0 go build ./cmd/nfs-client-provisioner #&& docker build -t quay.io/jackieli/nfs-client-provisioner . + diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go new file mode 100644 index 00000000..ded8fae8 --- /dev/null +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -0,0 +1,129 @@ +package main + +import ( + "errors" + "flag" + "fmt" + "os" + "path/filepath" + "strings" + + "github.com/golang/glog" + "github.com/kubernetes-incubator/external-storage/lib/controller" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/wait" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/pkg/api/v1" + "k8s.io/client-go/rest" +) + +const ( + provisionerNameKey = "PROVISIONER_NAME" +) + +type nfsProvisioner struct { + client kubernetes.Interface + server string + path string +} + +const ( + mountPath = "/persistentvolumes" +) + +var _ controller.Provisioner = &nfsProvisioner{} + +func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.PersistentVolume, error) { + if options.PVC.Spec.Selector != nil { + return nil, fmt.Errorf("claim Selector is not supported") + } + glog.V(4).Infof("nfs provisioner: VolumeOptions %v", options) + + pvcNamespace := options.PVC.Namespace + pvcName := options.PVC.Name + + pvName := strings.Join([]string{pvcNamespace, pvcName, options.PVName}, "-") + + fullPath := filepath.Join(mountPath, pvName) + glog.V(4).Infof("creating path %s", fullPath) + if err := os.MkdirAll(fullPath, 0777); err != nil { + return nil, errors.New("unable to create directory to provision new pv: " + err.Error()) + } + + path := filepath.Join(p.path, pvName) + + pv := &v1.PersistentVolume{ + ObjectMeta: metav1.ObjectMeta{ + Name: pvName, + }, + Spec: v1.PersistentVolumeSpec{ + PersistentVolumeReclaimPolicy: options.PersistentVolumeReclaimPolicy, + AccessModes: options.PVC.Spec.AccessModes, + Capacity: v1.ResourceList{ + v1.ResourceName(v1.ResourceStorage): options.PVC.Spec.Resources.Requests[v1.ResourceName(v1.ResourceStorage)], + }, + PersistentVolumeSource: v1.PersistentVolumeSource{ + NFS: &v1.NFSVolumeSource{ + Server: p.server, + Path: path, + ReadOnly: false, + }, + }, + }, + } + return pv, nil +} + +func (p *nfsProvisioner) Delete(volume *v1.PersistentVolume) error { + path := volume.Spec.PersistentVolumeSource.NFS.Path + pvName := filepath.Base(path) + oldPath := filepath.Join(mountPath, pvName) + archivePath := filepath.Join(mountPath, "archieved-"+pvName) + glog.V(4).Infof("archiving path %s to %s", oldPath, archivePath) + return os.Rename(oldPath, archivePath) +} + +func main() { + flag.Parse() + flag.Set("logtostderr", "true") + + server := os.Getenv("NFS_SERVER") + if server == "" { + glog.Fatal("NFS_SERVER not set") + } + path := os.Getenv("NFS_PATH") + if path == "" { + glog.Fatal("NFS_PATH not set") + } + provisionerName := os.Getenv(provisionerNameKey) + if provisionerName == "" { + glog.Fatalf("environment variable %s is not set! Please set it.", provisionerNameKey) + } + + // Create an InClusterConfig and use it to create a client for the controller + // to use to communicate with Kubernetes + config, err := rest.InClusterConfig() + if err != nil { + glog.Fatalf("Failed to create config: %v", err) + } + clientset, err := kubernetes.NewForConfig(config) + if err != nil { + glog.Fatalf("Failed to create client: %v", err) + } + + // The controller needs to know what the server version is because out-of-tree + // provisioners aren't officially supported until 1.5 + serverVersion, err := clientset.Discovery().ServerVersion() + if err != nil { + glog.Fatalf("Error getting server version: %v", err) + } + + clientNFSProvisioner := &nfsProvisioner{ + server: server, + path: path, + } + // Start the provision controller which will dynamically provision efs NFS + // PVs + pc := controller.NewProvisionController(clientset, provisionerName, clientNFSProvisioner, serverVersion.GitVersion) + pc.Run(wait.NeverStop) +} diff --git a/deploy/class.yaml b/deploy/class.yaml new file mode 100644 index 00000000..8e09cc1a --- /dev/null +++ b/deploy/class.yaml @@ -0,0 +1,5 @@ +apiVersion: storage.k8s.io/v1beta1 +kind: StorageClass +metadata: + name: managed-nfs-storage +provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml new file mode 100644 index 00000000..6595f33d --- /dev/null +++ b/deploy/deployment.yaml @@ -0,0 +1,31 @@ +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nfs-client-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + containers: + - name: nfs-client-provisioner + image: quay.io/jackieli/nfs-client-provisioner:v1 + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: 10.10.10.60 + - name: NFS_PATH + value: /ifs/kubernetes + volumes: + - name: nfs-client-root + nfs: + server: 10.10.10.60 + path: /ifs/kubernetes \ No newline at end of file diff --git a/deploy/test-claim.yaml b/deploy/test-claim.yaml new file mode 100644 index 00000000..4382e200 --- /dev/null +++ b/deploy/test-claim.yaml @@ -0,0 +1,12 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: test-claim + annotations: + volume.beta.kubernetes.io/storage-class: "managed-nfs-storage" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Mi \ No newline at end of file diff --git a/deploy/test-pod.yaml b/deploy/test-pod.yaml new file mode 100644 index 00000000..c58da791 --- /dev/null +++ b/deploy/test-pod.yaml @@ -0,0 +1,21 @@ +kind: Pod +apiVersion: v1 +metadata: + name: test-pod +spec: + containers: + - name: test-pod + image: gcr.io/google_containers/busybox:1.24 + command: + - "/bin/sh" + args: + - "-c" + - "touch /mnt/SUCCESS && exit 0 || exit 1" + volumeMounts: + - name: nfs-pvc + mountPath: "/mnt" + restartPolicy: "Never" + volumes: + - name: nfs-pvc + persistentVolumeClaim: + claimName: test-claim \ No newline at end of file From a48c8119e4b89db5de1b6ebc3fbe5e6f9a8130c3 Mon Sep 17 00:00:00 2001 From: Jackie Li Date: Wed, 26 Apr 2017 21:30:49 +0100 Subject: [PATCH 02/51] add boilerplate required license terms (cherry picked from commit 8bb44ce8134492cae6088133d49c3f1fab637803) --- Dockerfile | 16 +++++++++++++++- README.md | 2 +- build.sh | 15 ++++++++++++++- cmd/nfs-client-provisioner/provisioner.go | 16 ++++++++++++++++ deploy/deployment.yaml | 4 ++-- deploy/test-claim.yaml | 2 +- deploy/test-pod.yaml | 2 +- 7 files changed, 50 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index c11fce8d..47443653 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,18 @@ +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + FROM alpine:3.5 RUN apk update --no-cache && apk add ca-certificates COPY nfs-client-provisioner /nfs-client-provisioner -ENTRYPOINT ["/nfs-client-provisioner"] \ No newline at end of file +ENTRYPOINT ["/nfs-client-provisioner"] diff --git a/README.md b/README.md index ecb1c1c1..5d2638d3 100644 --- a/README.md +++ b/README.md @@ -12,4 +12,4 @@ - check the folder and file "SUCCESS" created - `kubectl delete -f deploy/test-pod.yaml` - `kubectl delete -f deploy/test-claim.yaml` -- check the folder renamed +- check the folder renamed to `archieve-???` diff --git a/build.sh b/build.sh index 3f33f69c..b90b9d36 100755 --- a/build.sh +++ b/build.sh @@ -1,3 +1,16 @@ #!/bin/sh -CGO_ENABLED=0 go build ./cmd/nfs-client-provisioner #&& docker build -t quay.io/jackieli/nfs-client-provisioner . +# Copyright 2017 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +CGO_ENABLED=0 go build ./cmd/nfs-client-provisioner #&& docker build -t quay.io/jackieli/nfs-client-provisioner . diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index ded8fae8..06ccefae 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -1,3 +1,19 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package main import ( diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 6595f33d..e7bd5bf1 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -5,7 +5,7 @@ metadata: spec: replicas: 1 strategy: - type: Recreate + type: Recreate template: metadata: labels: @@ -28,4 +28,4 @@ spec: - name: nfs-client-root nfs: server: 10.10.10.60 - path: /ifs/kubernetes \ No newline at end of file + path: /ifs/kubernetes diff --git a/deploy/test-claim.yaml b/deploy/test-claim.yaml index 4382e200..9f7038bd 100644 --- a/deploy/test-claim.yaml +++ b/deploy/test-claim.yaml @@ -9,4 +9,4 @@ spec: - ReadWriteMany resources: requests: - storage: 1Mi \ No newline at end of file + storage: 1Mi diff --git a/deploy/test-pod.yaml b/deploy/test-pod.yaml index c58da791..e5e7b7fe 100644 --- a/deploy/test-pod.yaml +++ b/deploy/test-pod.yaml @@ -18,4 +18,4 @@ spec: volumes: - name: nfs-pvc persistentVolumeClaim: - claimName: test-claim \ No newline at end of file + claimName: test-claim From c2780fa773378973c2440a6cdec84d5ef2d2cd2e Mon Sep 17 00:00:00 2001 From: Jackie Li Date: Wed, 26 Apr 2017 22:06:03 +0100 Subject: [PATCH 03/51] fix spell error & add travis build (cherry picked from commit c916b18425c3e502406f2abd18532f8c8053e811) --- README.md | 2 +- cmd/nfs-client-provisioner/provisioner.go | 2 +- deploy/deployment.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 5d2638d3..1d7c0e45 100644 --- a/README.md +++ b/README.md @@ -12,4 +12,4 @@ - check the folder and file "SUCCESS" created - `kubectl delete -f deploy/test-pod.yaml` - `kubectl delete -f deploy/test-claim.yaml` -- check the folder renamed to `archieve-???` +- check the folder renamed to `archived-???` diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 06ccefae..3ca2e918 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -94,7 +94,7 @@ func (p *nfsProvisioner) Delete(volume *v1.PersistentVolume) error { path := volume.Spec.PersistentVolumeSource.NFS.Path pvName := filepath.Base(path) oldPath := filepath.Join(mountPath, pvName) - archivePath := filepath.Join(mountPath, "archieved-"+pvName) + archivePath := filepath.Join(mountPath, "archived-"+pvName) glog.V(4).Infof("archiving path %s to %s", oldPath, archivePath) return os.Rename(oldPath, archivePath) } diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index e7bd5bf1..4105bafb 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: nfs-client-provisioner - image: quay.io/jackieli/nfs-client-provisioner:v1 + image: quay.io/external_storage/nfs-client-provisioner:v1 volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes From 701dac18296fe947426e561fca16fbd0227fc8ff Mon Sep 17 00:00:00 2001 From: Jackie Li Date: Wed, 26 Apr 2017 22:26:23 +0100 Subject: [PATCH 04/51] add owners (cherry picked from commit 48947b29d8bbb823fef73ffdb77278b5423e0311) --- OWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/OWNERS b/OWNERS index cfd67ef3..7d522bfa 100644 --- a/OWNERS +++ b/OWNERS @@ -4,4 +4,5 @@ approvers: - wongma7 - jsafrane - kmova + - jackielii - ashishranjan738 From 76cafe8a6e30bd9a1c955785de7bb1d41a576d45 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Wed, 14 Jun 2017 15:32:18 -0400 Subject: [PATCH 05/51] Release nfs-client-provisioner v2.0.0 (cherry picked from commit ca3c75897cfcd71db9ff469b7a1f536d5bd00626) --- Dockerfile | 2 +- README.md | 6 ++++++ deploy/deployment.yaml | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 47443653..0c5fd100 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.5 +FROM alpine:3.6 RUN apk update --no-cache && apk add ca-certificates COPY nfs-client-provisioner /nfs-client-provisioner ENTRYPOINT ["/nfs-client-provisioner"] diff --git a/README.md b/README.md index 1d7c0e45..d5ad6a87 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,10 @@ # kubernetes nfs-client-provisioner + +[![Docker Repository on Quay](https://quay.io/repository/external_storage/nfs-client-provisioner/status "Docker Repository on Quay")](https://quay.io/repository/external_storage/nfs-client-provisioner) +``` +quay.io/external_storage/nfs-client-provisioner:v2.0.0 +``` + - pv provisioned as ${namespace}-${pvcName}-${pvName} - pv recycled as archieved-${namespace}-${pvcName}-${pvName} diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 4105bafb..924a6712 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: nfs-client-provisioner - image: quay.io/external_storage/nfs-client-provisioner:v1 + image: quay.io/external_storage/nfs-client-provisioner:v2.0.0 volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes From 1a9be4e2786b9ec1089e26246159e693dbce853a Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Mon, 19 Jun 2017 12:26:12 -0400 Subject: [PATCH 06/51] Name PV as required by external provisioner contract (cherry picked from commit 8fb0e5cc1460a482976ed6bcd9feead20e82e06d) --- cmd/nfs-client-provisioner/provisioner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 3ca2e918..5e7cef46 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -70,7 +70,7 @@ func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.Persis pv := &v1.PersistentVolume{ ObjectMeta: metav1.ObjectMeta{ - Name: pvName, + Name: options.PVName, }, Spec: v1.PersistentVolumeSpec{ PersistentVolumeReclaimPolicy: options.PersistentVolumeReclaimPolicy, From c7eb885d3ef4891cc91353cdc6701ad4dcd64c9e Mon Sep 17 00:00:00 2001 From: Clayton O'Neill Date: Sun, 25 Jun 2017 19:08:00 -0400 Subject: [PATCH 07/51] Add RBAC examples for nfs-client Adds example configuration files for clusters that have RBAC enabled (1.6) or OpenShift users. This is mostly a cut and paste job from the EFS example. (cherry picked from commit a82645d4ecdf75066f43c677aa2bd55d0e280fd7) --- README.md | 29 ++++++++++++++++++++++++++ deploy/auth/clusterrole.yaml | 17 +++++++++++++++ deploy/auth/clusterrolebinding.yaml | 12 +++++++++++ deploy/auth/openshift-clusterrole.yaml | 17 +++++++++++++++ deploy/auth/serviceaccount.yaml | 4 ++++ 5 files changed, 79 insertions(+) create mode 100644 deploy/auth/clusterrole.yaml create mode 100644 deploy/auth/clusterrolebinding.yaml create mode 100644 deploy/auth/openshift-clusterrole.yaml create mode 100644 deploy/auth/serviceaccount.yaml diff --git a/README.md b/README.md index d5ad6a87..5a901579 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,35 @@ quay.io/external_storage/nfs-client-provisioner:v2.0.0 - modify and deploy `deploy/deployment.yaml` - modify and deploy `deploy/class.yaml` +# authorization + +If your cluster has RBAC enabled or you are running OpenShift you must +authorize the provisioner. If you are in a namespace/project other than +"default" either edit `deploy/auth/clusterrolebinding.yaml` or edit the `oadm +policy` command accordingly. + +## RBAC +```console +$ kubectl create -f deploy/auth/serviceaccount.yaml +serviceaccount "nfs-client-provisioner" created +$ kubectl create -f deploy/auth/clusterrole.yaml +clusterrole "nfs-client-provisioner-runner" created +$ kubectl create -f deploy/auth/clusterrolebinding.yaml +clusterrolebinding "run-nfs-client-provisioner" created +$ kubectl patch deployment nfs-client-provisioner -p '{"spec":{"template":{"spec":{"serviceAccount":"nfs-client-provisioner"}}}}' +``` + +## OpenShift +```console +$ oc create -f deploy/auth/serviceaccount.yaml +serviceaccount "nfs-client-provisioner" created +$ oc create -f deploy/auth/openshift-clusterrole.yaml +clusterrole "nfs-client-provisioner-runner" created +$ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:default:nfs-client-provisioner +$ oadm policy add-cluster-role-to-user nfs-client-provisioner-runner system:serviceaccount:default:nfs-client-provisioner +$ oc patch deployment nfs-client-provisioner -p '{"spec":{"template":{"spec":{"serviceAccount":"nfs-client-provisioner"}}}}' +``` + # test - `kubectl create -f deploy/test-claim.yaml` - `kubectl create -f deploy/test-pod.yaml` diff --git a/deploy/auth/clusterrole.yaml b/deploy/auth/clusterrole.yaml new file mode 100644 index 00000000..fe2a7561 --- /dev/null +++ b/deploy/auth/clusterrole.yaml @@ -0,0 +1,17 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1alpha1 +metadata: + name: nfs-client-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] diff --git a/deploy/auth/clusterrolebinding.yaml b/deploy/auth/clusterrolebinding.yaml new file mode 100644 index 00000000..54bd987c --- /dev/null +++ b/deploy/auth/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1alpha1 +metadata: + name: run-nfs-client-provisioner +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + namespace: default +roleRef: + kind: ClusterRole + name: nfs-client-provisioner-runner + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/auth/openshift-clusterrole.yaml b/deploy/auth/openshift-clusterrole.yaml new file mode 100644 index 00000000..beabc8f0 --- /dev/null +++ b/deploy/auth/openshift-clusterrole.yaml @@ -0,0 +1,17 @@ +kind: ClusterRole +apiVersion: v1 +metadata: + name: nfs-client-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] diff --git a/deploy/auth/serviceaccount.yaml b/deploy/auth/serviceaccount.yaml new file mode 100644 index 00000000..edead9ad --- /dev/null +++ b/deploy/auth/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nfs-client-provisioner From 1338d50440631fcceb29c000b6f12226a425c02f Mon Sep 17 00:00:00 2001 From: Steve Leon Date: Thu, 6 Jul 2017 14:53:47 -0700 Subject: [PATCH 08/51] Incorporate K8S API changes. - Importing API types from k8s.io/api - Update client-go and apimachinery version - Remove lib/helper and use the kubernetes one temporary (cherry picked from commit 53163dd4b2ff43fb1344abfe48bc1ff9a8a6c2d6) --- cmd/nfs-client-provisioner/provisioner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 5e7cef46..69fde2d8 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -26,10 +26,10 @@ import ( "github.com/golang/glog" "github.com/kubernetes-incubator/external-storage/lib/controller" + "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/kubernetes" - "k8s.io/client-go/pkg/api/v1" "k8s.io/client-go/rest" ) From 9554b688caf6a635a31d97cf8f3a393b0477eb3e Mon Sep 17 00:00:00 2001 From: Niklas Wik Date: Sat, 5 Aug 2017 16:28:57 +0300 Subject: [PATCH 09/51] Add support for ARM (Raspberry PI) for nfs-client - Reorganized to use Makefile for building - Added arm container for use in ARM based kubernetes clusters Signed-off-by: Niklas Wik (cherry picked from commit 166056da73459563c8ae5f9127ab54cb0aa36505) --- Makefile | 45 ++++++++++++++++++++++++++ deploy/deployment-arm.yaml | 32 ++++++++++++++++++ build.sh => docker/arm/Dockerfile | 6 ++-- Dockerfile => docker/x86_64/Dockerfile | 0 4 files changed, 81 insertions(+), 2 deletions(-) create mode 100644 Makefile create mode 100644 deploy/deployment-arm.yaml rename build.sh => docker/arm/Dockerfile (77%) mode change 100755 => 100644 rename Dockerfile => docker/x86_64/Dockerfile (100%) diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..300ac356 --- /dev/null +++ b/Makefile @@ -0,0 +1,45 @@ +# Copyright 2016 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ifeq ($(REGISTRY),) + REGISTRY = quay.io/external_storage/ +endif +ifeq ($(VERSION),) + VERSION = latest +endif +IMAGE = $(REGISTRY)nfs-client-provisioner:$(VERSION) +IMAGE_ARM = $(REGISTRY)nfs-client-provisioner-arm:$(VERSION) +MUTABLE_IMAGE = $(REGISTRY)nfs-client-provisioner:latest + +all: build image build_arm image_arm + +container: build image build_arm image_arm + +build: + CGO_ENABLED=0 go build -o docker/x86_64/nfs-client-provisioner ./cmd/nfs-client-provisioner + +build_arm: + CGO_ENABLED=0 GOARCH=arm GOARM=7 go build -o docker/arm/nfs-client-provisioner ./cmd/nfs-client-provisioner + +image: + sudo docker build -t $(IMAGE) docker/x86_64 + +image_arm: + sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset + sudo docker build -t $(IMAGE_ARM) docker/arm + +push: + docker push $(IMAGE) + docker push $(MUTABLE_IMAGE) + docker push $(IMAGE_ARM) diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml new file mode 100644 index 00000000..9f09acca --- /dev/null +++ b/deploy/deployment-arm.yaml @@ -0,0 +1,32 @@ +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nfs-client-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + serviceAccount: nfs-client-provisioner + containers: + - name: nfs-client-provisioner + image: quay.io/external_storage/nfs-client-provisioner-arm:latest + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: 192.168.1.20 + - name: NFS_PATH + value: /mnt/kube_nfs + volumes: + - name: nfs-client-root + nfs: + server: 192.168.1.20 + path: /mnt/kube_nfs diff --git a/build.sh b/docker/arm/Dockerfile old mode 100755 new mode 100644 similarity index 77% rename from build.sh rename to docker/arm/Dockerfile index b90b9d36..ba60cc59 --- a/build.sh +++ b/docker/arm/Dockerfile @@ -1,4 +1,3 @@ -#!/bin/sh # Copyright 2017 The Kubernetes Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -13,4 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -CGO_ENABLED=0 go build ./cmd/nfs-client-provisioner #&& docker build -t quay.io/jackieli/nfs-client-provisioner . +FROM hypriot/rpi-alpine:3.6 +RUN apk update --no-cache && apk add ca-certificates +COPY nfs-client-provisioner /nfs-client-provisioner +ENTRYPOINT ["/nfs-client-provisioner"] diff --git a/Dockerfile b/docker/x86_64/Dockerfile similarity index 100% rename from Dockerfile rename to docker/x86_64/Dockerfile From f54f61c8a4cebf3749130f32799af9fc2069c25a Mon Sep 17 00:00:00 2001 From: Niklas Wik Date: Sat, 5 Aug 2017 16:34:04 +0300 Subject: [PATCH 10/51] Updated README with ARM instruction. Signed-off-by: Niklas Wik (cherry picked from commit c0716daca36b276c995266ce9b8c128dedcda503) --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 5a901579..1ff23eea 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,9 @@ quay.io/external_storage/nfs-client-provisioner:v2.0.0 - modify and deploy `deploy/deployment.yaml` - modify and deploy `deploy/class.yaml` +## ARM based +To deploy on ARM based (Raspberry PI) use `deploy/deployment-arm.yaml` instead of `deploy/deployment.yaml` + # authorization If your cluster has RBAC enabled or you are running OpenShift you must From 185f3a3640048ce5dda183628818b173e11d9cea Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Tue, 8 Aug 2017 13:19:29 -0400 Subject: [PATCH 11/51] Remove provisioner versioning from efs,cephfs,nfs-client; use latest tag instead (cherry picked from commit da48ed92e17edc5b2df12b93f1d88c02970a68c0) --- README.md | 3 --- deploy/deployment.yaml | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/README.md b/README.md index 1ff23eea..1a212d58 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,6 @@ # kubernetes nfs-client-provisioner [![Docker Repository on Quay](https://quay.io/repository/external_storage/nfs-client-provisioner/status "Docker Repository on Quay")](https://quay.io/repository/external_storage/nfs-client-provisioner) -``` -quay.io/external_storage/nfs-client-provisioner:v2.0.0 -``` - pv provisioned as ${namespace}-${pvcName}-${pvName} - pv recycled as archieved-${namespace}-${pvcName}-${pvName} diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 924a6712..e4ee8942 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: nfs-client-provisioner - image: quay.io/external_storage/nfs-client-provisioner:v2.0.0 + image: quay.io/external_storage/nfs-client-provisioner:latest volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes From 4381dacf42e03f0f1130587cc06830ebe01748fc Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Tue, 8 Aug 2017 13:28:32 -0400 Subject: [PATCH 12/51] Add changelogs to provisioners missing them (cherry picked from commit eb39ebd88ab765e4cdcab99ccd1ed431ca940a9e) --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..f2725559 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,8 @@ +# v2.0.1 +- Add support for ARM (Raspberry PI). Image at `quay.io/external_storage/nfs-client-provisioner-arm`. (https://github.com/kubernetes-incubator/external-storage/pull/275) + +# v2.0.0 +- Fix issue 149 - nfs-client-provisioner create folder with 755, not 777 (https://github.com/kubernetes-incubator/external-storage/pull/150) + +# v1 +- Initial release \ No newline at end of file From 26cd145a596725d89e6dfcabbae9817e80f1e610 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Mon, 14 Aug 2017 17:57:29 -0400 Subject: [PATCH 13/51] Tag :latest in nfs-client Makefile (cherry picked from commit e1104047827d570bce06afe52f346e0989ed4ea2) --- Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Makefile b/Makefile index 300ac356..1a1a6972 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,7 @@ endif IMAGE = $(REGISTRY)nfs-client-provisioner:$(VERSION) IMAGE_ARM = $(REGISTRY)nfs-client-provisioner-arm:$(VERSION) MUTABLE_IMAGE = $(REGISTRY)nfs-client-provisioner:latest +MUTABLE_IMAGE_ARM = $(REGISTRY)nfs-client-provisioner-arm:latest all: build image build_arm image_arm @@ -34,12 +35,15 @@ build_arm: image: sudo docker build -t $(IMAGE) docker/x86_64 + sudo docker tag $(MUTABLE_IMAGE) $(IMAGE) image_arm: sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset sudo docker build -t $(IMAGE_ARM) docker/arm + sudo docker tag $(MUTABLE_IMAGE_ARM) $(IMAGE_ARM) push: docker push $(IMAGE) docker push $(MUTABLE_IMAGE) docker push $(IMAGE_ARM) + docker push $(MUTABLE_IMAGE_ARM) From 6efe161fd21e54a7be6c990ef778c6414b55386a Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Tue, 15 Aug 2017 17:41:12 -0400 Subject: [PATCH 14/51] Fix nfs-client Makefile for real (cherry picked from commit a73de4048fa13b7d7a5d2bd30133f2d15662bf2f) --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 1a1a6972..03316e24 100644 --- a/Makefile +++ b/Makefile @@ -34,12 +34,12 @@ build_arm: CGO_ENABLED=0 GOARCH=arm GOARM=7 go build -o docker/arm/nfs-client-provisioner ./cmd/nfs-client-provisioner image: - sudo docker build -t $(IMAGE) docker/x86_64 + sudo docker build -t $(MUTABLE_IMAGE) docker/x86_64 sudo docker tag $(MUTABLE_IMAGE) $(IMAGE) image_arm: sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset - sudo docker build -t $(IMAGE_ARM) docker/arm + sudo docker build -t $(MUTABLE_IMAGE_ARM) docker/arm sudo docker tag $(MUTABLE_IMAGE_ARM) $(IMAGE_ARM) push: From 630823977b5af4d22f3af014d6a5337924410c6c Mon Sep 17 00:00:00 2001 From: Lawrence Dudley Date: Mon, 12 Feb 2018 17:04:56 +0000 Subject: [PATCH 15/51] update kubernetes api versions to be current to 1.8.8 (cherry picked from commit 407fa3f43529b3f13675a1ae2dd657ca06e3855c) --- deploy/class.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/class.yaml b/deploy/class.yaml index 8e09cc1a..b53fe002 100644 --- a/deploy/class.yaml +++ b/deploy/class.yaml @@ -1,4 +1,4 @@ -apiVersion: storage.k8s.io/v1beta1 +apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: managed-nfs-storage From a1ae5b39ce07583fe2107dc8b4e0a60ae99d6079 Mon Sep 17 00:00:00 2001 From: Charlie Drage Date: Thu, 8 Mar 2018 22:25:31 -0500 Subject: [PATCH 16/51] nfs-client: rbac no longer alpha, add serviceAccount to deployment RBCA is no longer alpha and thus `v1` is only needed. Service account has been added to deployment.yaml in order to get the example to work correctly. (cherry picked from commit 95186ce5dc7e74fcb2986d7aa412d68516cc059e) --- deploy/auth/clusterrole.yaml | 2 +- deploy/auth/clusterrolebinding.yaml | 2 +- deploy/deployment.yaml | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/auth/clusterrole.yaml b/deploy/auth/clusterrole.yaml index fe2a7561..0c29a3c0 100644 --- a/deploy/auth/clusterrole.yaml +++ b/deploy/auth/clusterrole.yaml @@ -1,5 +1,5 @@ kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1alpha1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nfs-client-provisioner-runner rules: diff --git a/deploy/auth/clusterrolebinding.yaml b/deploy/auth/clusterrolebinding.yaml index 54bd987c..0e949a27 100644 --- a/deploy/auth/clusterrolebinding.yaml +++ b/deploy/auth/clusterrolebinding.yaml @@ -1,5 +1,5 @@ kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1alpha1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: run-nfs-client-provisioner subjects: diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index e4ee8942..1b793676 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -11,6 +11,7 @@ spec: labels: app: nfs-client-provisioner spec: + serviceAccountName: nfs-client-provisioner containers: - name: nfs-client-provisioner image: quay.io/external_storage/nfs-client-provisioner:latest From 0600d20ecc4c830f1598dd41573575a2e221c1c0 Mon Sep 17 00:00:00 2001 From: Ian Chakeres Date: Sat, 10 Mar 2018 19:50:16 -0800 Subject: [PATCH 17/51] Fixed nfs-client Makefile, so that it builds on osx (cherry picked from commit 96c34294e227af1820b06621285ba875ac7545a5) --- Makefile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 03316e24..453a0331 100644 --- a/Makefile +++ b/Makefile @@ -28,19 +28,19 @@ all: build image build_arm image_arm container: build image build_arm image_arm build: - CGO_ENABLED=0 go build -o docker/x86_64/nfs-client-provisioner ./cmd/nfs-client-provisioner + CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-extldflags "-static"' -o docker/x86_64/nfs-client-provisioner ./cmd/nfs-client-provisioner build_arm: - CGO_ENABLED=0 GOARCH=arm GOARM=7 go build -o docker/arm/nfs-client-provisioner ./cmd/nfs-client-provisioner - + CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build -a -ldflags '-extldflags "-static"' -o docker/arm/nfs-client-provisioner ./cmd/nfs-client-provisioner + image: - sudo docker build -t $(MUTABLE_IMAGE) docker/x86_64 - sudo docker tag $(MUTABLE_IMAGE) $(IMAGE) + docker build -t $(MUTABLE_IMAGE) docker/x86_64 + docker tag $(MUTABLE_IMAGE) $(IMAGE) image_arm: - sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset - sudo docker build -t $(MUTABLE_IMAGE_ARM) docker/arm - sudo docker tag $(MUTABLE_IMAGE_ARM) $(IMAGE_ARM) + docker run --rm --privileged multiarch/qemu-user-static:register --reset + docker build -t $(MUTABLE_IMAGE_ARM) docker/arm + docker tag $(MUTABLE_IMAGE_ARM) $(IMAGE_ARM) push: docker push $(IMAGE) From df0026975d248874ccf98466fbf38bafe7148380 Mon Sep 17 00:00:00 2001 From: Charlie Drage Date: Mon, 26 Mar 2018 16:05:11 -0400 Subject: [PATCH 18/51] Improves the README.md for nfs-client This commit elaborates on how to deploy nfs-client as well as modify and doing changes to the files before said deployment, updating the README.md to make deployment easier. (cherry picked from commit e2bee920ee80f06555061496225d807e1a89c984) --- README.md | 124 +++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 90 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index 1a212d58..cfb6db42 100644 --- a/README.md +++ b/README.md @@ -1,50 +1,106 @@ -# kubernetes nfs-client-provisioner +# Kubernetes NFS-Client Provisioner [![Docker Repository on Quay](https://quay.io/repository/external_storage/nfs-client-provisioner/status "Docker Repository on Quay")](https://quay.io/repository/external_storage/nfs-client-provisioner) -- pv provisioned as ${namespace}-${pvcName}-${pvName} -- pv recycled as archieved-${namespace}-${pvcName}-${pvName} -# deploy -- modify and deploy `deploy/deployment.yaml` -- modify and deploy `deploy/class.yaml` +`nfs-client` is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. -## ARM based -To deploy on ARM based (Raspberry PI) use `deploy/deployment-arm.yaml` instead of `deploy/deployment.yaml` +- Persistent volumes are provisioned as ${namespace}-${pvcName}-${pvName} +- Persistent volumes which are recycled as archieved-${namespace}-${pvcName}-${pvName} -# authorization +# How to deploy nfs-client to your cluster. -If your cluster has RBAC enabled or you are running OpenShift you must -authorize the provisioner. If you are in a namespace/project other than -"default" either edit `deploy/auth/clusterrolebinding.yaml` or edit the `oadm -policy` command accordingly. +To note, you must *already* have an NFS Server. -## RBAC -```console -$ kubectl create -f deploy/auth/serviceaccount.yaml -serviceaccount "nfs-client-provisioner" created -$ kubectl create -f deploy/auth/clusterrole.yaml -clusterrole "nfs-client-provisioner-runner" created -$ kubectl create -f deploy/auth/clusterrolebinding.yaml -clusterrolebinding "run-nfs-client-provisioner" created -$ kubectl patch deployment nfs-client-provisioner -p '{"spec":{"template":{"spec":{"serviceAccount":"nfs-client-provisioner"}}}}' +1. Editing: + +Note: To deploy to an ARM-based environment, use: `deploy/deployment-arm.yaml` instead, otherwise use `deploy/deployment.yaml`. +Modify `deploy/deployment.yaml` and change the values to your own NFS server: + + +```yaml + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: 10.10.10.60 + - name: NFS_PATH + value: /ifs/kubernetes + volumes: + - name: nfs-client-root + nfs: + server: 10.10.10.60 + path: /ifs/kubernetes ``` -## OpenShift -```console -$ oc create -f deploy/auth/serviceaccount.yaml +Modify `deploy/class.yaml` to match the same value indicated by `PROVISIONER_NAME`: + +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: managed-nfs-storage +provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' +``` + +2. Authorization + +If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" either edit `deploy/auth/clusterrolebinding.yaml` or edit the `oadm policy` command accordingly. + +Kubernetes: + +```sh +$ kubectl create -f deploy/auth/serviceaccount.yaml -f deploy/auth/clusterrole.yaml -f deploy/auth/clusterrolebinding.yaml +serviceaccount "nfs-client-provisioner" created +clusterrole "nfs-client-provisioner-runner" created +clusterrolebinding "run-nfs-client-provisioner" created +``` + +OpenShift: + +```sh +$ oc create -f deploy/auth/openshift-clusterrole.yaml -f deploy/auth/serviceaccount.yaml serviceaccount "nfs-client-provisioner" created -$ oc create -f deploy/auth/openshift-clusterrole.yaml clusterrole "nfs-client-provisioner-runner" created $ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:default:nfs-client-provisioner $ oadm policy add-cluster-role-to-user nfs-client-provisioner-runner system:serviceaccount:default:nfs-client-provisioner -$ oc patch deployment nfs-client-provisioner -p '{"spec":{"template":{"spec":{"serviceAccount":"nfs-client-provisioner"}}}}' ``` -# test -- `kubectl create -f deploy/test-claim.yaml` -- `kubectl create -f deploy/test-pod.yaml` -- check the folder and file "SUCCESS" created -- `kubectl delete -f deploy/test-pod.yaml` -- `kubectl delete -f deploy/test-claim.yaml` -- check the folder renamed to `archived-???` +3. Finally, test your environment! + +Now we'll test your NFS provisioner. + +Deploy: + +```sh +$ kubectl create -f deploy/test-claim.yaml -f deploy/test-pod.yaml +``` + +Now check your NFS Server for the file `SUCCESS`. + +```sh +kubectl delete -f deploy/test-pod.yaml -f deploy/test-claim.yaml +``` + +Now check the folder renamed to `archived-???`. + +4. Deploying your own PersistentVolumeClaim + +To deploy your own PVC, make sure that you have the correct `storage-class` as indicated by your `deploy/class.yaml` file. + +For example: + +```yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: test-claim + annotations: + volume.beta.kubernetes.io/storage-class: "managed-nfs-storage" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Mi +``` From 2ad4797674c87b1ebaede17d4e18ea5a5d419089 Mon Sep 17 00:00:00 2001 From: Peter Grant Date: Thu, 15 Mar 2018 16:51:25 +0100 Subject: [PATCH 19/51] Add namespace extended attributes to directory (cherry picked from commit 75f9bcccbc307e59b9cf4daf83efb255666ff05e) --- cmd/nfs-client-provisioner/provisioner.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 69fde2d8..79c051df 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -26,6 +26,7 @@ import ( "github.com/golang/glog" "github.com/kubernetes-incubator/external-storage/lib/controller" + "github.com/pkg/xattr" "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -65,6 +66,10 @@ func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.Persis if err := os.MkdirAll(fullPath, 0777); err != nil { return nil, errors.New("unable to create directory to provision new pv: " + err.Error()) } + if err := xattr.Set(fullPath, "namespace", []byte(pvcNamespace)); err != nil { + return nil, errors.New("unable to set extended attributes on directory to provision new pv: " + err.Error()) + } + os.Chmod(fullPath, 0777) path := filepath.Join(p.path, pvName) From de8b13b92e48e9a333b68304a51e4ab39cbc870e Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Mon, 18 Jun 2018 08:42:41 -0400 Subject: [PATCH 20/51] Revert "Add namespace extended attributes to directory" (cherry picked from commit 700393b2376830926f907d3af07680681cf1760b) --- cmd/nfs-client-provisioner/provisioner.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 79c051df..ccb0292b 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -26,7 +26,6 @@ import ( "github.com/golang/glog" "github.com/kubernetes-incubator/external-storage/lib/controller" - "github.com/pkg/xattr" "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -66,9 +65,6 @@ func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.Persis if err := os.MkdirAll(fullPath, 0777); err != nil { return nil, errors.New("unable to create directory to provision new pv: " + err.Error()) } - if err := xattr.Set(fullPath, "namespace", []byte(pvcNamespace)); err != nil { - return nil, errors.New("unable to set extended attributes on directory to provision new pv: " + err.Error()) - } os.Chmod(fullPath, 0777) path := filepath.Join(p.path, pvName) From a36f0fe11df0ed6d04a1d689db1da6c4a81ae116 Mon Sep 17 00:00:00 2001 From: Philippe Gagnon Date: Wed, 27 Jun 2018 18:54:33 -0400 Subject: [PATCH 21/51] Propagate StorageClass MountOptions to PVs created by nfs-client-provisioner (cherry picked from commit ec6a216177e86485d7fa1dff4635c37475ec97df) --- cmd/nfs-client-provisioner/provisioner.go | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index ccb0292b..5f029308 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -76,6 +76,7 @@ func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.Persis Spec: v1.PersistentVolumeSpec{ PersistentVolumeReclaimPolicy: options.PersistentVolumeReclaimPolicy, AccessModes: options.PVC.Spec.AccessModes, + MountOptions: options.MountOptions, Capacity: v1.ResourceList{ v1.ResourceName(v1.ResourceStorage): options.PVC.Spec.Resources.Requests[v1.ResourceName(v1.ResourceStorage)], }, From b3eb332a8fe4c40e46b7eaa78c79d714af3e5831 Mon Sep 17 00:00:00 2001 From: Di Weng Date: Mon, 16 Jul 2018 12:34:24 +0800 Subject: [PATCH 22/51] Skip deletion if the corresponding directory is not found (cherry picked from commit 9debe1e4d362d0d40d448b69d0aa0ee29c690a9c) --- cmd/nfs-client-provisioner/provisioner.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 5f029308..85ba2a77 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -96,6 +96,10 @@ func (p *nfsProvisioner) Delete(volume *v1.PersistentVolume) error { path := volume.Spec.PersistentVolumeSource.NFS.Path pvName := filepath.Base(path) oldPath := filepath.Join(mountPath, pvName) + if _, err := os.Stat(oldPath); os.IsNotExist(err) { + glog.Warningf("path %s does not exist, deletion skipped", oldPath) + return nil + } archivePath := filepath.Join(mountPath, "archived-"+pvName) glog.V(4).Infof("archiving path %s to %s", oldPath, archivePath) return os.Rename(oldPath, archivePath) From 125ed5e73ee0b7618186aca87b8807286b7db531 Mon Sep 17 00:00:00 2001 From: Gary Morse Date: Thu, 9 Aug 2018 11:32:54 -0400 Subject: [PATCH 23/51] Adds archiveOnDelete parameter to nfs-client provisioner (cherry picked from commit 2b11b498c5497158bc02dd2ac273e2f97157c95e) --- README.md | 5 +-- cmd/nfs-client-provisioner/provisioner.go | 39 +++++++++++++++++++++++ deploy/class.yaml | 2 ++ 3 files changed, 44 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index cfb6db42..0041773f 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,6 @@ `nfs-client` is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. - Persistent volumes are provisioned as ${namespace}-${pvcName}-${pvName} -- Persistent volumes which are recycled as archieved-${namespace}-${pvcName}-${pvName} # How to deploy nfs-client to your cluster. @@ -41,6 +40,8 @@ kind: StorageClass metadata: name: managed-nfs-storage provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' +parameters: + archiveOnDelete: "false" # When set to "false" your PVs will not be archived by the provisioner upon deletion of the PVC. ``` 2. Authorization @@ -82,7 +83,7 @@ Now check your NFS Server for the file `SUCCESS`. kubectl delete -f deploy/test-pod.yaml -f deploy/test-claim.yaml ``` -Now check the folder renamed to `archived-???`. +Now check the folder has been deleted. 4. Deploying your own PersistentVolumeClaim diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index 85ba2a77..eab741f0 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -22,11 +22,15 @@ import ( "fmt" "os" "path/filepath" + "strconv" "strings" + "k8s.io/kubernetes/pkg/apis/core/v1/helper" + "github.com/golang/glog" "github.com/kubernetes-incubator/external-storage/lib/controller" "k8s.io/api/core/v1" + storage "k8s.io/api/storage/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/kubernetes" @@ -100,9 +104,43 @@ func (p *nfsProvisioner) Delete(volume *v1.PersistentVolume) error { glog.Warningf("path %s does not exist, deletion skipped", oldPath) return nil } + // Get the storage class for this volume. + storageClass, err := p.getClassForVolume(volume) + if err != nil { + return err + } + // Determine if the "archiveOnDelete" parameter exists. + // If it exists and has a falsey value, delete the directory. + // Otherwise, archive it. + archiveOnDelete, exists := storageClass.Parameters["archiveOnDelete"] + archiveBool, err := strconv.ParseBool(archiveOnDelete) + if err != nil { + return err + } + if exists && !archiveBool { + return os.RemoveAll(oldPath) + } + archivePath := filepath.Join(mountPath, "archived-"+pvName) glog.V(4).Infof("archiving path %s to %s", oldPath, archivePath) return os.Rename(oldPath, archivePath) + +} + +// getClassForVolume returns StorageClass +func (p *nfsProvisioner) getClassForVolume(pv *v1.PersistentVolume) (*storage.StorageClass, error) { + if p.client == nil { + return nil, fmt.Errorf("Cannot get kube client") + } + className := helper.GetPersistentVolumeClass(pv) + if className == "" { + return nil, fmt.Errorf("Volume has no storage class") + } + class, err := p.client.StorageV1().StorageClasses().Get(className, metav1.GetOptions{}) + if err != nil { + return nil, err + } + return class, nil } func main() { @@ -141,6 +179,7 @@ func main() { } clientNFSProvisioner := &nfsProvisioner{ + client: clientset, server: server, path: path, } diff --git a/deploy/class.yaml b/deploy/class.yaml index b53fe002..4d3b4805 100644 --- a/deploy/class.yaml +++ b/deploy/class.yaml @@ -3,3 +3,5 @@ kind: StorageClass metadata: name: managed-nfs-storage provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' +parameters: + archiveOnDelete: "false" From 7c1944a9b38e1a445816c252287bc560e9b64186 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Wed, 1 Aug 2018 14:12:12 -0400 Subject: [PATCH 24/51] Change all clusterroles to have endpoints permissions and reduced events permissions, consolidate where possible (cherry picked from commit f46a12bccb3af6e2f4908332b2acad2963fc1ab0) --- deploy/auth/clusterrole.yaml | 5 ++++- deploy/auth/openshift-clusterrole.yaml | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/deploy/auth/clusterrole.yaml b/deploy/auth/clusterrole.yaml index 0c29a3c0..0ecb088b 100644 --- a/deploy/auth/clusterrole.yaml +++ b/deploy/auth/clusterrole.yaml @@ -14,4 +14,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] + verbs: ["create", "update", "patch"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] \ No newline at end of file diff --git a/deploy/auth/openshift-clusterrole.yaml b/deploy/auth/openshift-clusterrole.yaml index beabc8f0..2f50f5b2 100644 --- a/deploy/auth/openshift-clusterrole.yaml +++ b/deploy/auth/openshift-clusterrole.yaml @@ -14,4 +14,7 @@ rules: verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] + verbs: ["create", "update", "patch"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] From a54ff504ef794ef181e586dcdeca060304968b12 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Wed, 15 Aug 2018 13:26:18 -0400 Subject: [PATCH 25/51] Fix archiveOnDelete parsing (cherry picked from commit 9b94fa6ac252e8e43f5a2d77b597b7013253a121) --- cmd/nfs-client-provisioner/provisioner.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index eab741f0..f7b3a559 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -113,12 +113,14 @@ func (p *nfsProvisioner) Delete(volume *v1.PersistentVolume) error { // If it exists and has a falsey value, delete the directory. // Otherwise, archive it. archiveOnDelete, exists := storageClass.Parameters["archiveOnDelete"] - archiveBool, err := strconv.ParseBool(archiveOnDelete) - if err != nil { - return err - } - if exists && !archiveBool { - return os.RemoveAll(oldPath) + if exists { + archiveBool, err := strconv.ParseBool(archiveOnDelete) + if err != nil { + return err + } + if !archiveBool { + return os.RemoveAll(oldPath) + } } archivePath := filepath.Join(mountPath, "archived-"+pvName) From a9f0c6187a2047152a06c85a76ebb6b0ec9e5d15 Mon Sep 17 00:00:00 2001 From: Dave Johnson Date: Fri, 17 Aug 2018 14:19:42 -0400 Subject: [PATCH 26/51] Clarifications and minor formatting improvements. (cherry picked from commit af83d2c193ce7d11fb257b567b7e07cc61c5f901) --- README.md | 108 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 66 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 0041773f..1a0472c9 100644 --- a/README.md +++ b/README.md @@ -2,51 +2,19 @@ [![Docker Repository on Quay](https://quay.io/repository/external_storage/nfs-client-provisioner/status "Docker Repository on Quay")](https://quay.io/repository/external_storage/nfs-client-provisioner) - -`nfs-client` is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. - -- Persistent volumes are provisioned as ${namespace}-${pvcName}-${pvName} +**nfs-client** is an automatic provisioner that use your *existing and already configured* NFS server to support dynamic provisioning of Kubernetes Persistent Volumes via Persistent Volume Claims. Persistent volumes are provisioned as ``${namespace}-${pvcName}-${pvName}``. # How to deploy nfs-client to your cluster. -To note, you must *already* have an NFS Server. +To note again, you must *already* have an NFS Server. -1. Editing: +**Step 1: Get connection information for your NFS server**. Make sure your NFS server as accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname. -Note: To deploy to an ARM-based environment, use: `deploy/deployment-arm.yaml` instead, otherwise use `deploy/deployment.yaml`. -Modify `deploy/deployment.yaml` and change the values to your own NFS server: +**Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``oc`` command. +Get all of the files in the [deploy](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client/deploy) directory of this repository. These instructions assume that you have cloned the [external-storage](https://github.com/kubernetes-incubator/external-storage) repository and have a bash-shell open in the ``nfs-client`` directory. -```yaml - env: - - name: PROVISIONER_NAME - value: fuseim.pri/ifs - - name: NFS_SERVER - value: 10.10.10.60 - - name: NFS_PATH - value: /ifs/kubernetes - volumes: - - name: nfs-client-root - nfs: - server: 10.10.10.60 - path: /ifs/kubernetes -``` - -Modify `deploy/class.yaml` to match the same value indicated by `PROVISIONER_NAME`: - -```yaml -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: managed-nfs-storage -provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' -parameters: - archiveOnDelete: "false" # When set to "false" your PVs will not be archived by the provisioner upon deletion of the PVC. -``` - -2. Authorization - -If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" either edit `deploy/auth/clusterrolebinding.yaml` or edit the `oadm policy` command accordingly. +**Step 3: Setup authorization**. If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" either edit `deploy/auth/clusterrolebinding.yaml` or edit the `oadm policy` command accordingly. Kubernetes: @@ -59,6 +27,8 @@ clusterrolebinding "run-nfs-client-provisioner" created OpenShift: +On some installations of OpenShift the default admin user does not have cluster-admin permissions. If these commands fail refer to the Red Hat OpenShift documentation for **User and Role Management** or contact Red Hat support to help you grant the right permissions to your admin user. + ```sh $ oc create -f deploy/auth/openshift-clusterrole.yaml -f deploy/auth/serviceaccount.yaml serviceaccount "nfs-client-provisioner" created @@ -67,7 +37,63 @@ $ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:default:nfs $ oadm policy add-cluster-role-to-user nfs-client-provisioner-runner system:serviceaccount:default:nfs-client-provisioner ``` -3. Finally, test your environment! +**Step 4: Configure the NFS-Client provisioner** + +Note: To deploy to an ARM-based environment, use: `deploy/deployment-arm.yaml` instead, otherwise use `deploy/deployment.yaml`. + +Next you must edit the provisioner's deployment file to add connection information for your NFS server. Edit `deploy/deployment.yaml` and replace the two occurances of with your server's hostname. + +```yaml +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nfs-client-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + serviceAccountName: nfs-client-provisioner + containers: + - name: nfs-client-provisioner + image: quay.io/external_storage/nfs-client-provisioner:latest + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: + - name: NFS_PATH + value: /var/nfs + volumes: + - name: nfs-client-root + nfs: + server: + path: /var/nfs +``` + +You may also want to change the PROVISIONER_NAME above from ``fuseim.pri/ifs`` to something more descriptive like ``nfs-storage``, but if you do remember to also change the PROVISIONER_NAME in the storage class definition below: + +This is `deploy/class.yaml` which defines the NFS-Client's Kubernetes Storage Class: + +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: managed-nfs-storage +provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' +parameters: + archiveOnDelete: "false" # When set to "false" your PVs will not be archived + # by the provisioner upon deletion of the PVC. +``` + +**Step 5: Finally, test your environment!** Now we'll test your NFS provisioner. @@ -85,9 +111,7 @@ kubectl delete -f deploy/test-pod.yaml -f deploy/test-claim.yaml Now check the folder has been deleted. -4. Deploying your own PersistentVolumeClaim - -To deploy your own PVC, make sure that you have the correct `storage-class` as indicated by your `deploy/class.yaml` file. +**Step 6: Deploying your own PersistentVolumeClaims**. To deploy your own PVC, make sure that you have the correct `storage-class` as indicated by your `deploy/class.yaml` file. For example: From 0ee8b3827e359577f2c1f4d606486d0a60d9b91c Mon Sep 17 00:00:00 2001 From: Dave Johnson Date: Mon, 20 Aug 2018 08:14:39 -0400 Subject: [PATCH 27/51] Fix typo (cherry picked from commit 530aa450909a4d1d860022cfb60f9fe32fb58fd5) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1a0472c9..0ff2abb9 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ $ oadm policy add-cluster-role-to-user nfs-client-provisioner-runner system:serv Note: To deploy to an ARM-based environment, use: `deploy/deployment-arm.yaml` instead, otherwise use `deploy/deployment.yaml`. -Next you must edit the provisioner's deployment file to add connection information for your NFS server. Edit `deploy/deployment.yaml` and replace the two occurances of with your server's hostname. +Next you must edit the provisioner's deployment file to add connection information for your NFS server. Edit `deploy/deployment.yaml` and replace the two occurences of with your server's hostname. ```yaml kind: Deployment From 4a7e7c46a2dbbc481519e566296bfeb3fbe23751 Mon Sep 17 00:00:00 2001 From: Dave Johnson Date: Mon, 20 Aug 2018 08:18:30 -0400 Subject: [PATCH 28/51] Remove unecessary reference to Red Hat. (cherry picked from commit fa44e1fcba922bd28702960a4888c2685d2345b5) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0ff2abb9..03e55c23 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ clusterrolebinding "run-nfs-client-provisioner" created OpenShift: -On some installations of OpenShift the default admin user does not have cluster-admin permissions. If these commands fail refer to the Red Hat OpenShift documentation for **User and Role Management** or contact Red Hat support to help you grant the right permissions to your admin user. +On some installations of OpenShift the default admin user does not have cluster-admin permissions. If these commands fail refer to the OpenShift documentation for **User and Role Management** or contact your OpenShift provider to help you grant the right permissions to your admin user. ```sh $ oc create -f deploy/auth/openshift-clusterrole.yaml -f deploy/auth/serviceaccount.yaml From c4a7e765177c4cd6af373495186aae7dc59dcfeb Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Wed, 22 Aug 2018 17:07:13 -0400 Subject: [PATCH 29/51] Distribute Role+Rolebinding everywhere instead of giving cluster-scoped endpoints r/w (cherry picked from commit 7df14ef767a695d67fdc5f942203bf206a300af2) --- README.md | 20 +++++----- deploy/auth/clusterrole.yaml | 20 ---------- deploy/auth/clusterrolebinding.yaml | 12 ------ deploy/auth/openshift-clusterrole.yaml | 20 ---------- deploy/auth/serviceaccount.yaml | 4 -- deploy/deployment-arm.yaml | 5 +++ deploy/deployment.yaml | 5 +++ deploy/rbac.yaml | 54 ++++++++++++++++++++++++++ 8 files changed, 74 insertions(+), 66 deletions(-) delete mode 100644 deploy/auth/clusterrole.yaml delete mode 100644 deploy/auth/clusterrolebinding.yaml delete mode 100644 deploy/auth/openshift-clusterrole.yaml delete mode 100644 deploy/auth/serviceaccount.yaml create mode 100644 deploy/rbac.yaml diff --git a/README.md b/README.md index 03e55c23..4967ba49 100644 --- a/README.md +++ b/README.md @@ -14,15 +14,15 @@ To note again, you must *already* have an NFS Server. Get all of the files in the [deploy](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client/deploy) directory of this repository. These instructions assume that you have cloned the [external-storage](https://github.com/kubernetes-incubator/external-storage) repository and have a bash-shell open in the ``nfs-client`` directory. -**Step 3: Setup authorization**. If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" either edit `deploy/auth/clusterrolebinding.yaml` or edit the `oadm policy` command accordingly. +**Step 3: Setup authorization**. If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" edit `deploy/rbac.yaml`. Kubernetes: ```sh -$ kubectl create -f deploy/auth/serviceaccount.yaml -f deploy/auth/clusterrole.yaml -f deploy/auth/clusterrolebinding.yaml -serviceaccount "nfs-client-provisioner" created -clusterrole "nfs-client-provisioner-runner" created -clusterrolebinding "run-nfs-client-provisioner" created +# Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed +$ NAMESPACE=`oc project -q` +$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml +$ kubectl create -f deploy/rbac.yaml ``` OpenShift: @@ -30,11 +30,11 @@ OpenShift: On some installations of OpenShift the default admin user does not have cluster-admin permissions. If these commands fail refer to the OpenShift documentation for **User and Role Management** or contact your OpenShift provider to help you grant the right permissions to your admin user. ```sh -$ oc create -f deploy/auth/openshift-clusterrole.yaml -f deploy/auth/serviceaccount.yaml -serviceaccount "nfs-client-provisioner" created -clusterrole "nfs-client-provisioner-runner" created -$ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:default:nfs-client-provisioner -$ oadm policy add-cluster-role-to-user nfs-client-provisioner-runner system:serviceaccount:default:nfs-client-provisioner +# Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed +$ NAMESPACE=`oc project -q` +$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml +$ oc create -f deploy/rbac.yaml +$ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner ``` **Step 4: Configure the NFS-Client provisioner** diff --git a/deploy/auth/clusterrole.yaml b/deploy/auth/clusterrole.yaml deleted file mode 100644 index 0ecb088b..00000000 --- a/deploy/auth/clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: nfs-client-provisioner-runner -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "update", "patch"] - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get", "list", "watch", "create", "update", "patch"] \ No newline at end of file diff --git a/deploy/auth/clusterrolebinding.yaml b/deploy/auth/clusterrolebinding.yaml deleted file mode 100644 index 0e949a27..00000000 --- a/deploy/auth/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: run-nfs-client-provisioner -subjects: - - kind: ServiceAccount - name: nfs-client-provisioner - namespace: default -roleRef: - kind: ClusterRole - name: nfs-client-provisioner-runner - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/auth/openshift-clusterrole.yaml b/deploy/auth/openshift-clusterrole.yaml deleted file mode 100644 index 2f50f5b2..00000000 --- a/deploy/auth/openshift-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -kind: ClusterRole -apiVersion: v1 -metadata: - name: nfs-client-provisioner-runner -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "update", "patch"] - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get", "list", "watch", "create", "update", "patch"] diff --git a/deploy/auth/serviceaccount.yaml b/deploy/auth/serviceaccount.yaml deleted file mode 100644 index edead9ad..00000000 --- a/deploy/auth/serviceaccount.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nfs-client-provisioner diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index 9f09acca..785302bd 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -1,3 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nfs-client-provisioner +--- kind: Deployment apiVersion: extensions/v1beta1 metadata: diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 1b793676..271ca060 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -1,3 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nfs-client-provisioner +--- kind: Deployment apiVersion: extensions/v1beta1 metadata: diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml new file mode 100644 index 00000000..79bc7290 --- /dev/null +++ b/deploy/rbac.yaml @@ -0,0 +1,54 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: nfs-client-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + - apiGroups: [""] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: run-nfs-client-provisioner +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + namespace: default +roleRef: + kind: ClusterRole + name: nfs-client-provisioner-runner + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-nfs-client-provisioner +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-nfs-client-provisioner +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default +roleRef: + kind: Role + name: leader-locking-nfs-client-provisioner + apiGroup: rbac.authorization.k8s.io From 2bcb474770a455fba875939c11128a5a839d6ba8 Mon Sep 17 00:00:00 2001 From: Per Abich <409466+flyhard@users.noreply.github.com> Date: Wed, 5 Sep 2018 17:28:18 +0200 Subject: [PATCH 30/51] Fixing documentation to be correct for Kubernetes Converted from openshift command (cherry picked from commit 5e95ea2ffe5c8205edd2a6425ea666dd44d90311) --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4967ba49..3ce3fd3e 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,8 @@ Kubernetes: ```sh # Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed -$ NAMESPACE=`oc project -q` +$ NS=$(kubectl config get-contexts|grep -e "^\*" |awk '{print $5}') +$ NAMESPACE=${NS:-default} $ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml $ kubectl create -f deploy/rbac.yaml ``` From 4573a86521f9807bccfa043f499ca06806828c6e Mon Sep 17 00:00:00 2001 From: Per Abich <409466+flyhard@users.noreply.github.com> Date: Wed, 5 Sep 2018 23:20:23 +0200 Subject: [PATCH 31/51] Update README.md (cherry picked from commit 416af39aa65a4f0b70862224dcfd18e86025079b) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3ce3fd3e..f47cf5d0 100644 --- a/README.md +++ b/README.md @@ -8,9 +8,9 @@ To note again, you must *already* have an NFS Server. -**Step 1: Get connection information for your NFS server**. Make sure your NFS server as accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname. +**Step 1: Get connection information for your NFS server**. Make sure your NFS server is accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname. -**Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``oc`` command. +**Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``kubectl`` / ``oc`` command. Get all of the files in the [deploy](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client/deploy) directory of this repository. These instructions assume that you have cloned the [external-storage](https://github.com/kubernetes-incubator/external-storage) repository and have a bash-shell open in the ``nfs-client`` directory. From 6050db56b6df9b6da58434528cf6ec59ac5bc6d8 Mon Sep 17 00:00:00 2001 From: yiming chen Date: Thu, 6 Sep 2018 13:34:59 +0800 Subject: [PATCH 32/51] Remove redundant field in the rbac.yaml of nfs-client (cherry picked from commit 6e7b3913c50d0cf94483af237c02f4a6a0b9b70b) --- deploy/rbac.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index 79bc7290..c11f5216 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -15,7 +15,6 @@ rules: - apiGroups: [""] resources: ["events"] verbs: ["create", "update", "patch"] - - apiGroups: [""] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 From 8d0422f82f9dfd2bb6cf9ebcfbb7fd1558e30b86 Mon Sep 17 00:00:00 2001 From: Per Abich <409466+flyhard@users.noreply.github.com> Date: Thu, 6 Sep 2018 09:57:38 +0200 Subject: [PATCH 33/51] Update README.md (cherry picked from commit 2929b7ab591f374f90211c4d77bcd60419d2c75c) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f47cf5d0..95a34d94 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ To note again, you must *already* have an NFS Server. **Step 1: Get connection information for your NFS server**. Make sure your NFS server is accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname. -**Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``kubectl`` / ``oc`` command. +**Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``kubectl`` / ``oc`` command. Get all of the files in the [deploy](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client/deploy) directory of this repository. These instructions assume that you have cloned the [external-storage](https://github.com/kubernetes-incubator/external-storage) repository and have a bash-shell open in the ``nfs-client`` directory. From 2f6670a85b7e389fe225aea0c771e2112f111e72 Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Wed, 19 Sep 2018 14:43:42 -0400 Subject: [PATCH 34/51] Point nfs-client users to Helm and split up yamls (cherry picked from commit cd7d12292a6d663399e6d63d39d8d58640425651) --- README.md | 12 ++++++++++ deploy/objects/README.md | 1 + deploy/objects/class.yaml | 7 ++++++ deploy/objects/clusterrole.yaml | 17 ++++++++++++++ deploy/objects/clusterrolebinding.yaml | 12 ++++++++++ deploy/objects/deployment-arm.yaml | 32 ++++++++++++++++++++++++++ deploy/objects/deployment.yaml | 32 ++++++++++++++++++++++++++ deploy/objects/role.yaml | 8 +++++++ deploy/objects/rolebinding.yaml | 13 +++++++++++ deploy/objects/serviceaccount.yaml | 4 ++++ 10 files changed, 138 insertions(+) create mode 100644 deploy/objects/README.md create mode 100644 deploy/objects/class.yaml create mode 100644 deploy/objects/clusterrole.yaml create mode 100644 deploy/objects/clusterrolebinding.yaml create mode 100644 deploy/objects/deployment-arm.yaml create mode 100644 deploy/objects/deployment.yaml create mode 100644 deploy/objects/role.yaml create mode 100644 deploy/objects/rolebinding.yaml create mode 100644 deploy/objects/serviceaccount.yaml diff --git a/README.md b/README.md index 95a34d94..8da4d14f 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,18 @@ To note again, you must *already* have an NFS Server. +## With Helm + +Follow the instructions for the stable helm chart maintained at https://github.com/helm/charts/tree/master/stable/nfs-client-provisioner + +The tl;dr is + +```bash +$ helm install stable/nfs-client-provisioner --set nfs.server=x.x.x.x --set nfs.path=/exported/path +``` + +## Without Helm + **Step 1: Get connection information for your NFS server**. Make sure your NFS server is accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname. **Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``kubectl`` / ``oc`` command. diff --git a/deploy/objects/README.md b/deploy/objects/README.md new file mode 100644 index 00000000..2003d611 --- /dev/null +++ b/deploy/objects/README.md @@ -0,0 +1 @@ +The objects in this directory are the same as in the parent except split up into one file per object for certain users' convenience. diff --git a/deploy/objects/class.yaml b/deploy/objects/class.yaml new file mode 100644 index 00000000..4d3b4805 --- /dev/null +++ b/deploy/objects/class.yaml @@ -0,0 +1,7 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: managed-nfs-storage +provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' +parameters: + archiveOnDelete: "false" diff --git a/deploy/objects/clusterrole.yaml b/deploy/objects/clusterrole.yaml new file mode 100644 index 00000000..d8564a7a --- /dev/null +++ b/deploy/objects/clusterrole.yaml @@ -0,0 +1,17 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: nfs-client-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] diff --git a/deploy/objects/clusterrolebinding.yaml b/deploy/objects/clusterrolebinding.yaml new file mode 100644 index 00000000..0e949a27 --- /dev/null +++ b/deploy/objects/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: run-nfs-client-provisioner +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + namespace: default +roleRef: + kind: ClusterRole + name: nfs-client-provisioner-runner + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/objects/deployment-arm.yaml b/deploy/objects/deployment-arm.yaml new file mode 100644 index 00000000..9f09acca --- /dev/null +++ b/deploy/objects/deployment-arm.yaml @@ -0,0 +1,32 @@ +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nfs-client-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + serviceAccount: nfs-client-provisioner + containers: + - name: nfs-client-provisioner + image: quay.io/external_storage/nfs-client-provisioner-arm:latest + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: 192.168.1.20 + - name: NFS_PATH + value: /mnt/kube_nfs + volumes: + - name: nfs-client-root + nfs: + server: 192.168.1.20 + path: /mnt/kube_nfs diff --git a/deploy/objects/deployment.yaml b/deploy/objects/deployment.yaml new file mode 100644 index 00000000..1b793676 --- /dev/null +++ b/deploy/objects/deployment.yaml @@ -0,0 +1,32 @@ +kind: Deployment +apiVersion: extensions/v1beta1 +metadata: + name: nfs-client-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + serviceAccountName: nfs-client-provisioner + containers: + - name: nfs-client-provisioner + image: quay.io/external_storage/nfs-client-provisioner:latest + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: 10.10.10.60 + - name: NFS_PATH + value: /ifs/kubernetes + volumes: + - name: nfs-client-root + nfs: + server: 10.10.10.60 + path: /ifs/kubernetes diff --git a/deploy/objects/role.yaml b/deploy/objects/role.yaml new file mode 100644 index 00000000..28721e82 --- /dev/null +++ b/deploy/objects/role.yaml @@ -0,0 +1,8 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-nfs-client-provisioner +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] diff --git a/deploy/objects/rolebinding.yaml b/deploy/objects/rolebinding.yaml new file mode 100644 index 00000000..b5faf2d8 --- /dev/null +++ b/deploy/objects/rolebinding.yaml @@ -0,0 +1,13 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: leader-locking-nfs-client-provisioner +subjects: + - kind: ServiceAccount + name: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default +roleRef: + kind: Role + name: leader-locking-nfs-client-provisioner + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/objects/serviceaccount.yaml b/deploy/objects/serviceaccount.yaml new file mode 100644 index 00000000..edead9ad --- /dev/null +++ b/deploy/objects/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nfs-client-provisioner From f5924d99c97fc345c13476b97c20c0ea41d6ff1f Mon Sep 17 00:00:00 2001 From: Matthew Wong Date: Wed, 17 Oct 2018 14:25:18 -0400 Subject: [PATCH 35/51] Use kubernetes-sigs/sig-storage-lib-external-provisioner (cherry picked from commit 14209716a3dcb290eb4c8afeedd018c87b20b233) --- cmd/nfs-client-provisioner/provisioner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index f7b3a559..f219ed33 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -28,7 +28,7 @@ import ( "k8s.io/kubernetes/pkg/apis/core/v1/helper" "github.com/golang/glog" - "github.com/kubernetes-incubator/external-storage/lib/controller" + "github.com/kubernetes-sigs/sig-storage-lib-external-provisioner/controller" "k8s.io/api/core/v1" storage "k8s.io/api/storage/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" From 255839fbb810076174c869c542dfb666520511e5 Mon Sep 17 00:00:00 2001 From: mooncake Date: Sat, 10 Nov 2018 23:39:50 +0800 Subject: [PATCH 36/51] Fix some typos Signed-off-by: mooncake (cherry picked from commit 1ae796f9f480917ce5a71186ae07a900a30b6334) --- cmd/nfs-client-provisioner/provisioner.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-client-provisioner/provisioner.go index f219ed33..b6f7c816 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-client-provisioner/provisioner.go @@ -110,7 +110,7 @@ func (p *nfsProvisioner) Delete(volume *v1.PersistentVolume) error { return err } // Determine if the "archiveOnDelete" parameter exists. - // If it exists and has a falsey value, delete the directory. + // If it exists and has a false value, delete the directory. // Otherwise, archive it. archiveOnDelete, exists := storageClass.Parameters["archiveOnDelete"] if exists { From 7f85c7b5ff4305a2d7eb7541a5e7dda3d15cd1fe Mon Sep 17 00:00:00 2001 From: t-sato Date: Thu, 15 Nov 2018 03:53:14 +0900 Subject: [PATCH 37/51] Fill in rbac.yaml with ServiceAccount manifest. (cherry picked from commit 3f8626cb2bb98f09d2a911008322cdbb7d96d64d) --- deploy/rbac.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index c11f5216..626ee3ab 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -1,3 +1,8 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: nfs-client-provisioner +--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: From 8c3af961302321f13a959e20551a240315aecdf8 Mon Sep 17 00:00:00 2001 From: remche Date: Thu, 20 Dec 2018 14:06:58 +0100 Subject: [PATCH 38/51] Fix namespace and bump to Deployment apps/v1 (cherry picked from commit 846206d6091d0cda2b926c15271792d552a72d7f) --- README.md | 2 +- deploy/deployment-arm.yaml | 16 +++++++++------- deploy/deployment.yaml | 14 ++++++++------ deploy/rbac.yaml | 7 ++++++- 4 files changed, 24 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 8da4d14f..84b870d2 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ Kubernetes: # Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed $ NS=$(kubectl config get-contexts|grep -e "^\*" |awk '{print $5}') $ NAMESPACE=${NS:-default} -$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml +$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml ./deploy/deployment.yaml $ kubectl create -f deploy/rbac.yaml ``` diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index 785302bd..d736221b 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -1,22 +1,24 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nfs-client-provisioner ---- +apiVersion: apps/v1 kind: Deployment -apiVersion: extensions/v1beta1 metadata: name: nfs-client-provisioner + labels: + app: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default spec: replicas: 1 strategy: type: Recreate + selector: + matchLabels: + app: nfs-client-provisioner template: metadata: labels: app: nfs-client-provisioner spec: - serviceAccount: nfs-client-provisioner + serviceAccountName: nfs-client-provisioner containers: - name: nfs-client-provisioner image: quay.io/external_storage/nfs-client-provisioner-arm:latest diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 271ca060..0ec9c4ed 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -1,16 +1,18 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: nfs-client-provisioner ---- +apiVersion: apps/v1 kind: Deployment -apiVersion: extensions/v1beta1 metadata: name: nfs-client-provisioner + labels: + app: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default spec: replicas: 1 strategy: type: Recreate + selector: + matchLabels: + app: nfs-client-provisioner template: metadata: labels: diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index 626ee3ab..9609a008 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -1,7 +1,9 @@ -kind: ServiceAccount apiVersion: v1 +kind: ServiceAccount metadata: name: nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 @@ -28,6 +30,7 @@ metadata: subjects: - kind: ServiceAccount name: nfs-client-provisioner + # replace with namespace where provisioner is deployed namespace: default roleRef: kind: ClusterRole @@ -38,6 +41,8 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default rules: - apiGroups: [""] resources: ["endpoints"] From 3b39f8bc324dce0778eac1078bee706e17c8b33c Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sat, 29 Dec 2018 20:22:59 -0600 Subject: [PATCH 39/51] Make nfs-client ARM deployment consistent with regular deployment. (cherry picked from commit 95cdb664bd66384b5b077bc003f6ee0056c11db2) --- deploy/deployment-arm.yaml | 8 ++++---- deploy/objects/deployment-arm.yaml | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index d736221b..6ee30150 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -29,11 +29,11 @@ spec: - name: PROVISIONER_NAME value: fuseim.pri/ifs - name: NFS_SERVER - value: 192.168.1.20 + value: 10.10.10.60 - name: NFS_PATH - value: /mnt/kube_nfs + value: /ifs/kubernetes volumes: - name: nfs-client-root nfs: - server: 192.168.1.20 - path: /mnt/kube_nfs + server: 10.10.10.60 + path: /ifs/kubernetes diff --git a/deploy/objects/deployment-arm.yaml b/deploy/objects/deployment-arm.yaml index 9f09acca..9cced7e5 100644 --- a/deploy/objects/deployment-arm.yaml +++ b/deploy/objects/deployment-arm.yaml @@ -11,7 +11,7 @@ spec: labels: app: nfs-client-provisioner spec: - serviceAccount: nfs-client-provisioner + serviceAccountName: nfs-client-provisioner containers: - name: nfs-client-provisioner image: quay.io/external_storage/nfs-client-provisioner-arm:latest @@ -22,11 +22,11 @@ spec: - name: PROVISIONER_NAME value: fuseim.pri/ifs - name: NFS_SERVER - value: 192.168.1.20 + value: 10.10.10.60 - name: NFS_PATH - value: /mnt/kube_nfs + value: /ifs/kubernetes volumes: - name: nfs-client-root nfs: - server: 192.168.1.20 - path: /mnt/kube_nfs + server: 10.10.10.60 + path: /ifs/kubernetes From 6de5a564d16ea8cf22ef23d9fd34455c90515d32 Mon Sep 17 00:00:00 2001 From: TJ Zimmerman Date: Mon, 30 Sep 2019 17:18:52 -0700 Subject: [PATCH 40/51] Updated API Version, Added selector field. (cherry picked from commit c6853e0440ec5383610337703f169a09ce955ec9) --- deploy/deployment-arm.yaml | 3 +++ deploy/deployment.yaml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index 6ee30150..862efc5b 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -8,6 +8,9 @@ metadata: namespace: default spec: replicas: 1 + selector: + matchLabels: + app: nfs-client-provisioner strategy: type: Recreate selector: diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 0ec9c4ed..a6a15626 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -8,6 +8,9 @@ metadata: namespace: default spec: replicas: 1 + selector: + matchLabels: + app: nfs-client-provisioner strategy: type: Recreate selector: From 186baf29e397d025b34b8ea4d8f7a72ae4649069 Mon Sep 17 00:00:00 2001 From: TJ Zimmerman Date: Mon, 30 Sep 2019 22:15:10 -0700 Subject: [PATCH 41/51] Updated API Version & Added selector. (cherry picked from commit 39c59187641ad4aa8cd6b816f810b0f2383d02c4) --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 84b870d2..64d214ed 100644 --- a/README.md +++ b/README.md @@ -58,11 +58,14 @@ Next you must edit the provisioner's deployment file to add connection informati ```yaml kind: Deployment -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 metadata: name: nfs-client-provisioner spec: replicas: 1 + selector: + matchLabels: + app: nfs-client-provisioner strategy: type: Recreate template: From e3b2b587d45e1181f2d76bc1e37ee965c7e618e7 Mon Sep 17 00:00:00 2001 From: Kubernetes Prow Robot Date: Tue, 12 Nov 2019 00:08:07 -0800 Subject: [PATCH 42/51] Merge pull request #1179 from santhosh-tekuri/duplicate-service-account Remove ServiceAccount from deployment yaml files (cherry picked from commit 5083f251bc75f3a47f6ead7389f3dc48c07f1e3c) --- deploy/deployment-arm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index 862efc5b..68f2536b 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -1,5 +1,5 @@ -apiVersion: apps/v1 kind: Deployment +apiVersion: apps/v1 metadata: name: nfs-client-provisioner labels: From d6aaf831fdacf983cf4b90c9367761d2c9cf1d58 Mon Sep 17 00:00:00 2001 From: Arthur666 Date: Wed, 13 Nov 2019 00:21:49 +0800 Subject: [PATCH 43/51] Update rbac.yaml Modify the Role section (line 45), the namespace field is changed to indent 2 characters. (cherry picked from commit e7add04d2d34dd5fdf7d267e1381cebd0264ead2) --- deploy/rbac.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index 9609a008..500a0ac7 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -42,7 +42,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner # replace with namespace where provisioner is deployed - namespace: default + namespace: default rules: - apiGroups: [""] resources: ["endpoints"] From 94d54314c5345f09d1c4f8989f7f4e0f77c5876c Mon Sep 17 00:00:00 2001 From: Thorsten Schifferdecker Date: Fri, 7 Feb 2020 19:21:50 +0100 Subject: [PATCH 44/51] add namespace for rolebinding see Issue #1278 (cherry picked from commit f09ffdefb53e4a439ba42d880f25dcfbe3519977) --- deploy/rbac.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index 500a0ac7..85a76d02 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -41,7 +41,7 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner - # replace with namespace where provisioner is deployed + # replace with namespace where provisioner is deployed namespace: default rules: - apiGroups: [""] @@ -52,6 +52,8 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: leader-locking-nfs-client-provisioner + # replace with namespace where provisioner is deployed + namespace: default subjects: - kind: ServiceAccount name: nfs-client-provisioner From 2ddf6004060d51bf1d9a9c1aa568f558aa819e6f Mon Sep 17 00:00:00 2001 From: daviyang35 Date: Sat, 15 Feb 2020 02:17:56 +0800 Subject: [PATCH 45/51] Remove duplicate selector fields Remove duplicate selector fields (cherry picked from commit fa12f8ae9c7fbef5bc6f29cfd4d4964634bf19cb) --- deploy/deployment.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index a6a15626..0ec9c4ed 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -8,9 +8,6 @@ metadata: namespace: default spec: replicas: 1 - selector: - matchLabels: - app: nfs-client-provisioner strategy: type: Recreate selector: From aa7c637f88fed3d1391105624c04c0a069a82c96 Mon Sep 17 00:00:00 2001 From: Pando85 Date: Sat, 7 Mar 2020 11:40:40 +0100 Subject: [PATCH 46/51] Remove duplicated key in nfs-client deploy for arm architecture (cherry picked from commit 3a0395c8be7767effa8e9b9a463d9e983c3e0127) --- deploy/deployment-arm.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index 68f2536b..e5c0f4f4 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -8,9 +8,6 @@ metadata: namespace: default spec: replicas: 1 - selector: - matchLabels: - app: nfs-client-provisioner strategy: type: Recreate selector: From f07117e2ee80a2df3122ff0d29090b239ba7f315 Mon Sep 17 00:00:00 2001 From: kmova Date: Tue, 9 Jun 2020 17:13:47 +0000 Subject: [PATCH 47/51] Merge kubernetes-incubator/external-storage/nfs-client (cherry picked from commit 239fd6e613d19ecbc2edea45c9b154b798ccb87b) --- deploy/deployment-arm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/deployment-arm.yaml b/deploy/deployment-arm.yaml index e5c0f4f4..6ee30150 100644 --- a/deploy/deployment-arm.yaml +++ b/deploy/deployment-arm.yaml @@ -1,5 +1,5 @@ -kind: Deployment apiVersion: apps/v1 +kind: Deployment metadata: name: nfs-client-provisioner labels: From 96592d24acfc185376392a9a8fd38684886da964 Mon Sep 17 00:00:00 2001 From: kmova Date: Wed, 29 Jul 2020 19:26:32 +0000 Subject: [PATCH 48/51] update readme and go imports to new location This commit fixes the following: - fixes the go imports to use the new loction - setup go modules for this project - update the docker files to use the new binary name - update the README to use the new repo name Signed-off-by: kmova (cherry picked from commit 234543e14d416979d3397e40940cae99bc241365) --- Makefile | 12 +- README.md | 156 +++++- .../provisioner.go | 8 +- deploy/test-claim.yaml | 1 + docker/arm/Dockerfile | 4 +- docker/x86_64/Dockerfile | 4 +- go.mod | 43 ++ go.sum | 447 ++++++++++++++++++ 8 files changed, 660 insertions(+), 15 deletions(-) rename cmd/{nfs-client-provisioner => nfs-subdir-external-provisioner}/provisioner.go (94%) create mode 100644 go.mod create mode 100644 go.sum diff --git a/Makefile b/Makefile index 453a0331..9452755f 100644 --- a/Makefile +++ b/Makefile @@ -18,20 +18,20 @@ endif ifeq ($(VERSION),) VERSION = latest endif -IMAGE = $(REGISTRY)nfs-client-provisioner:$(VERSION) -IMAGE_ARM = $(REGISTRY)nfs-client-provisioner-arm:$(VERSION) -MUTABLE_IMAGE = $(REGISTRY)nfs-client-provisioner:latest -MUTABLE_IMAGE_ARM = $(REGISTRY)nfs-client-provisioner-arm:latest +IMAGE = $(REGISTRY)nfs-subdir-external-provisioner:$(VERSION) +IMAGE_ARM = $(REGISTRY)nfs-subdir-external-provisioner-arm:$(VERSION) +MUTABLE_IMAGE = $(REGISTRY)nfs-subdir-external-provisioner:latest +MUTABLE_IMAGE_ARM = $(REGISTRY)nfs-subdir-external-provisioner-arm:latest all: build image build_arm image_arm container: build image build_arm image_arm build: - CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-extldflags "-static"' -o docker/x86_64/nfs-client-provisioner ./cmd/nfs-client-provisioner + CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-extldflags "-static"' -o docker/x86_64/nfs-subdir-external-provisioner ./cmd/nfs-subdir-external-provisioner build_arm: - CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build -a -ldflags '-extldflags "-static"' -o docker/arm/nfs-client-provisioner ./cmd/nfs-client-provisioner + CGO_ENABLED=0 GOOS=linux GOARCH=arm GOARM=7 go build -a -ldflags '-extldflags "-static"' -o docker/arm/nfs-subdir-external-provisioner ./cmd/nfs-subdir-external-provisioner image: docker build -t $(MUTABLE_IMAGE) docker/x86_64 diff --git a/README.md b/README.md index 64d214ed..2fdfc04b 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,160 @@ # Kubernetes NFS-Client Provisioner -[![Docker Repository on Quay](https://quay.io/repository/external_storage/nfs-client-provisioner/status "Docker Repository on Quay")](https://quay.io/repository/external_storage/nfs-client-provisioner) +NFS subdir external provisioner is an automatic provisioner that use your *existing and already configured* NFS server to support dynamic provisioning of Kubernetes Persistent Volumes via Persistent Volume Claims. Persistent volumes are provisioned as ``${namespace}-${pvcName}-${pvName}``. + +Note: This repository is being migrated from https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client. Some of the following instructions will be updated once the migration is completed. To test container image built from this repository, you will have to build and push the nfs-client-provisioner image using the following instructions. + +```sh +make build +# Set a custom image registry to push the container image +# Example REGISTRY="quay.io/myorg" +make image +``` + +# How to deploy nfs-client to your cluster. + +To note again, you must *already* have an NFS Server. + +## With Helm + +Follow the instructions for the stable helm chart maintained at https://github.com/helm/charts/tree/master/stable/nfs-client-provisioner + +The tl;dr is + +```bash +$ helm install stable/nfs-client-provisioner --set nfs.server=x.x.x.x --set nfs.path=/exported/path +``` + +## Without Helm + +**Step 1: Get connection information for your NFS server**. Make sure your NFS server is accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname. + +**Step 2: Get the NFS-Client Provisioner files**. To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the ``kubectl`` / ``oc`` command. + +Get all of the files in the [deploy](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/tree/master/deploy) directory of this repository. These instructions assume that you have cloned the [kubernetes-sigs/nfs-subdir-external-provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/) repository and have a bash-shell open in the root directory. + +**Step 3: Setup authorization**. If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" edit `deploy/rbac.yaml`. + +Kubernetes: + +```sh +# Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed +$ NS=$(kubectl config get-contexts|grep -e "^\*" |awk '{print $5}') +$ NAMESPACE=${NS:-default} +$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml ./deploy/deployment.yaml +$ kubectl create -f deploy/rbac.yaml +``` + +OpenShift: + +On some installations of OpenShift the default admin user does not have cluster-admin permissions. If these commands fail refer to the OpenShift documentation for **User and Role Management** or contact your OpenShift provider to help you grant the right permissions to your admin user. + +```sh +# Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed +$ NAMESPACE=`oc project -q` +$ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml +$ oc create -f deploy/rbac.yaml +$ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner +``` + +**Step 4: Configure the NFS-Client provisioner** + +Note: To deploy to an ARM-based environment, use: `deploy/deployment-arm.yaml` instead, otherwise use `deploy/deployment.yaml`. + +You must edit the provisioner's deployment file to specify the correct location of your nfs-client-provisioner container image. + +Next you must edit the provisioner's deployment file to add connection information for your NFS server. Edit `deploy/deployment.yaml` and replace the two occurences of with your server's hostname. + +```yaml +kind: Deployment +apiVersion: apps/v1 +metadata: + name: nfs-client-provisioner +spec: + replicas: 1 + selector: + matchLabels: + app: nfs-client-provisioner + strategy: + type: Recreate + template: + metadata: + labels: + app: nfs-client-provisioner + spec: + serviceAccountName: nfs-client-provisioner + containers: + - name: nfs-client-provisioner + image: quay.io/external_storage/nfs-client-provisioner:latest + volumeMounts: + - name: nfs-client-root + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: fuseim.pri/ifs + - name: NFS_SERVER + value: + - name: NFS_PATH + value: /var/nfs + volumes: + - name: nfs-client-root + nfs: + server: + path: /var/nfs +``` + +You may also want to change the PROVISIONER_NAME above from ``fuseim.pri/ifs`` to something more descriptive like ``nfs-storage``, but if you do remember to also change the PROVISIONER_NAME in the storage class definition below: + +This is `deploy/class.yaml` which defines the NFS-Client's Kubernetes Storage Class: + +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: managed-nfs-storage +provisioner: fuseim.pri/ifs # or choose another name, must match deployment's env PROVISIONER_NAME' +parameters: + archiveOnDelete: "false" # When set to "false" your PVs will not be archived + # by the provisioner upon deletion of the PVC. +``` + +**Step 5: Finally, test your environment!** + +Now we'll test your NFS provisioner. + +Deploy: + +```sh +$ kubectl create -f deploy/test-claim.yaml -f deploy/test-pod.yaml +``` + +Now check your NFS Server for the file `SUCCESS`. + +```sh +kubectl delete -f deploy/test-pod.yaml -f deploy/test-claim.yaml +``` + +Now check the folder has been deleted. + +**Step 6: Deploying your own PersistentVolumeClaims**. To deploy your own PVC, make sure that you have the correct `storage-class` as indicated by your `deploy/class.yaml` file. + +For example: + +```yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: test-claim + annotations: + volume.beta.kubernetes.io/storage-class: "managed-nfs-storage" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Mi +``` +>>>>>>> 234543e... update readme and go imports to new location **nfs-client** is an automatic provisioner that use your *existing and already configured* NFS server to support dynamic provisioning of Kubernetes Persistent Volumes via Persistent Volume Claims. Persistent volumes are provisioned as ``${namespace}-${pvcName}-${pvName}``. diff --git a/cmd/nfs-client-provisioner/provisioner.go b/cmd/nfs-subdir-external-provisioner/provisioner.go similarity index 94% rename from cmd/nfs-client-provisioner/provisioner.go rename to cmd/nfs-subdir-external-provisioner/provisioner.go index b6f7c816..50b94070 100644 --- a/cmd/nfs-client-provisioner/provisioner.go +++ b/cmd/nfs-subdir-external-provisioner/provisioner.go @@ -28,7 +28,7 @@ import ( "k8s.io/kubernetes/pkg/apis/core/v1/helper" "github.com/golang/glog" - "github.com/kubernetes-sigs/sig-storage-lib-external-provisioner/controller" + "sigs.k8s.io/sig-storage-lib-external-provisioner/controller" "k8s.io/api/core/v1" storage "k8s.io/api/storage/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -53,7 +53,7 @@ const ( var _ controller.Provisioner = &nfsProvisioner{} -func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.PersistentVolume, error) { +func (p *nfsProvisioner) Provision(options controller.ProvisionOptions) (*v1.PersistentVolume, error) { if options.PVC.Spec.Selector != nil { return nil, fmt.Errorf("claim Selector is not supported") } @@ -78,9 +78,9 @@ func (p *nfsProvisioner) Provision(options controller.VolumeOptions) (*v1.Persis Name: options.PVName, }, Spec: v1.PersistentVolumeSpec{ - PersistentVolumeReclaimPolicy: options.PersistentVolumeReclaimPolicy, + PersistentVolumeReclaimPolicy: *options.StorageClass.ReclaimPolicy, AccessModes: options.PVC.Spec.AccessModes, - MountOptions: options.MountOptions, + //MountOptions: options.MountOptions, Capacity: v1.ResourceList{ v1.ResourceName(v1.ResourceStorage): options.PVC.Spec.Resources.Requests[v1.ResourceName(v1.ResourceStorage)], }, diff --git a/deploy/test-claim.yaml b/deploy/test-claim.yaml index 9f7038bd..9669e8f6 100644 --- a/deploy/test-claim.yaml +++ b/deploy/test-claim.yaml @@ -5,6 +5,7 @@ metadata: annotations: volume.beta.kubernetes.io/storage-class: "managed-nfs-storage" spec: + storageClassName: managed-nfs-storage accessModes: - ReadWriteMany resources: diff --git a/docker/arm/Dockerfile b/docker/arm/Dockerfile index ba60cc59..7bd01866 100644 --- a/docker/arm/Dockerfile +++ b/docker/arm/Dockerfile @@ -14,5 +14,5 @@ FROM hypriot/rpi-alpine:3.6 RUN apk update --no-cache && apk add ca-certificates -COPY nfs-client-provisioner /nfs-client-provisioner -ENTRYPOINT ["/nfs-client-provisioner"] +COPY nfs-subdir-external-provisioner /nfs-subdir-external-provisioner +ENTRYPOINT ["/nfs-subdir-external-provisioner"] diff --git a/docker/x86_64/Dockerfile b/docker/x86_64/Dockerfile index 0c5fd100..07e0405b 100644 --- a/docker/x86_64/Dockerfile +++ b/docker/x86_64/Dockerfile @@ -14,5 +14,5 @@ FROM alpine:3.6 RUN apk update --no-cache && apk add ca-certificates -COPY nfs-client-provisioner /nfs-client-provisioner -ENTRYPOINT ["/nfs-client-provisioner"] +COPY nfs-subdir-external-provisioner /nfs-subdir-external-provisioner +ENTRYPOINT ["/nfs-subdir-external-provisioner"] diff --git a/go.mod b/go.mod new file mode 100644 index 00000000..4799e227 --- /dev/null +++ b/go.mod @@ -0,0 +1,43 @@ +module github.com/kubernetes-sigs/nfs-subdir-external-provisioner + +go 1.14 + +require ( + github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b + github.com/miekg/dns v1.1.29 // indirect + github.com/onsi/ginkgo v1.12.0 // indirect + github.com/onsi/gomega v1.9.0 // indirect + github.com/prometheus/client_golang v1.5.1 // indirect + golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect + golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect + k8s.io/api v0.18.0 + k8s.io/apimachinery v0.18.0 + k8s.io/client-go v0.18.0 + k8s.io/klog v1.0.0 // indirect + k8s.io/kubernetes v1.15.0 + k8s.io/utils v0.0.0-20200327001022-6496210b90e8 // indirect + sigs.k8s.io/sig-storage-lib-external-provisioner v4.1.0+incompatible +) + +replace ( + k8s.io/api => k8s.io/api v0.0.0-20190620084959-7cf5895f2711 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.0.0-20190620085554-14e95df34f1f + k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719 + k8s.io/apiserver => k8s.io/apiserver v0.0.0-20190620085212-47dc9a115b18 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20190620085706-2090e6d8f84c + k8s.io/client-go => k8s.io/client-go v0.0.0-20190620085101-78d2af792bab + k8s.io/cloud-provider => k8s.io/cloud-provider v0.0.0-20190620090043-8301c0bda1f0 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.0.0-20190620090013-c9a0fc045dc1 + k8s.io/code-generator => k8s.io/code-generator v0.0.0-20190612205613-18da4a14b22b + k8s.io/component-base => k8s.io/component-base v0.0.0-20190620085130-185d68e6e6ea + k8s.io/cri-api => k8s.io/cri-api v0.0.0-20190531030430-6117653b35f1 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.0.0-20190620090116-299a7b270edc + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.0.0-20190620085325-f29e2b4a4f84 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.0.0-20190620085942-b7f18460b210 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.0.0-20190620085809-589f994ddf7f + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.0.0-20190620085912-4acac5405ec6 + k8s.io/kubelet => k8s.io/kubelet v0.0.0-20190620085838-f1cb295a73c9 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.0.0-20190620090156-2138f2c9de18 + k8s.io/metrics => k8s.io/metrics v0.0.0-20190620085625-3b22d835f165 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.0.0-20190620085408-1aef9010884e +) diff --git a/go.sum b/go.sum new file mode 100644 index 00000000..107ca8eb --- /dev/null +++ b/go.sum @@ -0,0 +1,447 @@ +bitbucket.org/bertimus9/systemstat v0.0.0-20180207000608-0eeff89b0690/go.mod h1:Ulb78X89vxKYgdL24HMTiXYHlyHEvruOj1ZPlqeNEZM= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/Azure/azure-sdk-for-go v21.4.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= +github.com/Azure/go-autorest v11.1.2+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= +github.com/BurntSushi/toml v0.3.0/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20181220005116-f8e995905100/go.mod h1:iroGtC8B3tQiqtds1l+mgk/BBOrxbqjH+eUfFQYRc14= +github.com/JeffAshton/win_pdh v0.0.0-20161109143554-76bb4ee9f0ab/go.mod h1:3VYc5hodBMJ5+l/7J4xAyMeuM2PNuepvHlGs8yilUCA= +github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E= +github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= +github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= +github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/Rican7/retry v0.1.0/go.mod h1:FgOROf8P5bebcC1DS0PdOQiqGUridaZvikzUmkFW6gg= +github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= +github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= +github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/auth0/go-jwt-middleware v0.0.0-20170425171159-5493cabe49f7/go.mod h1:LWMyo4iOLWXHGdBki7NIht1kHru/0wM179h+d3g8ATM= +github.com/aws/aws-sdk-go v1.16.26/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/bazelbuild/bazel-gazelle v0.0.0-20181012220611-c728ce9f663e/go.mod h1:uHBSeeATKpVazAACZBDPL/Nk/UhQDDsJWDlqYJo8/Us= +github.com/bazelbuild/buildtools v0.0.0-20180226164855-80c7f0d45d7e/go.mod h1:5JP0TXzWDHXv8qvxRC4InIazwdyDseBDbzESUMKk1yU= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0= +github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= +github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/boltdb/bolt v1.3.1/go.mod h1:clJnj/oiGkjum5o1McbSZDSLxVThjynRyGBgiAx27Ps= +github.com/cespare/prettybench v0.0.0-20150116022406-03b8cfe5406c/go.mod h1:Xe6ZsFhtM8HrDku0pxJ3/Lr51rwykrzgFwpmTzleatY= +github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw= +github.com/client9/misspell v0.0.0-20170928000206-9ce5d979ffda/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudflare/cfssl v0.0.0-20180726162950-56268a613adf/go.mod h1:yMWuSON2oQp+43nFtAV/uvKQIFpSPerB57DCt9t8sSA= +github.com/clusterhq/flocker-go v0.0.0-20160920122132-2b8b7259d313/go.mod h1:P1wt9Z3DP8O6W3rvwCt0REIlshg1InHImaLW0t3ObY0= +github.com/codedellemc/goscaleio v0.0.0-20170830184815-20e2ce2cf885/go.mod h1:JIHmDHNZO4tmA3y3RHp6+Gap6kFsNf55W9Pn/3YS9IY= +github.com/codegangsta/negroni v1.0.0/go.mod h1:v0y3T5G7Y1UlFfyxFn/QLRU4a2EuNau2iZY63YTKWo0= +github.com/container-storage-interface/spec v1.1.0/go.mod h1:6URME8mwIBbpVyZV93Ce5St17xBiQJQY67NDsuohiy4= +github.com/containerd/console v0.0.0-20170925154832-84eeaae905fa/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= +github.com/containerd/containerd v1.0.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/typeurl v0.0.0-20190228175220-2a93cfde8c20/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= +github.com/containernetworking/cni v0.6.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= +github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= +github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-oidc v0.0.0-20180117170138-065b426bd416/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= +github.com/coreos/go-semver v0.0.0-20180108230905-e214231b295a/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/coreos/rkt v1.30.0/go.mod h1:O634mlH6U7qk87poQifK6M2rsFNt+FyUTWNMnP1hF1U= +github.com/cpuguy83/go-md2man v1.0.4/go.mod h1:N6JayAiVKtlHSnuTCeuLSQVs75hb8q+dYQLjr7cDsKY= +github.com/cyphar/filepath-securejoin v0.0.0-20170720062807-ae69057f2299/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= +github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= +github.com/d2g/dhcp4client v0.0.0-20170829104524-6e570ed0a266/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE= +github.com/dgrijalva/jwt-go v0.0.0-20160705203006-01aeca54ebda/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= +github.com/docker/distribution v0.0.0-20170726174610-edc3ab29cdff/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= +github.com/docker/libnetwork v0.0.0-20180830151422-a9cd636e3789/go.mod h1:93m0aTqz6z+g32wla4l4WxTrdtvBRmVzYRkYvasA5Z8= +github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= +github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/euank/go-kmsg-parser v2.0.0+incompatible/go.mod h1:MhmAMZ8V4CYH4ybgdRwPr2TU5ThnS43puaKEMpja1uw= +github.com/evanphx/json-patch v0.0.0-20190203023257-5858425f7550 h1:mV9jbLoSW/8m4VK16ZkHTozJa8sesK5u5kTMFysTYac= +github.com/evanphx/json-patch v0.0.0-20190203023257-5858425f7550/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= +github.com/fatih/camelcase v0.0.0-20160318181535-f6a740d52f96/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= +github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/ghodss/yaml v0.0.0-20180820084758-c7ce16629ff4/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= +github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= +github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= +github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= +github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= +github.com/go-openapi/analysis v0.17.2/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= +github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= +github.com/go-openapi/errors v0.17.2/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= +github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= +github.com/go-openapi/jsonpointer v0.19.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= +github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= +github.com/go-openapi/jsonreference v0.19.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= +github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= +github.com/go-openapi/loads v0.17.2/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= +github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= +github.com/go-openapi/runtime v0.17.2/go.mod h1:QO936ZXeisByFmZEO1IS1Dqhtf4QV1sYYFtIq6Ld86Q= +github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= +github.com/go-openapi/spec v0.17.2/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= +github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= +github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= +github.com/go-openapi/swag v0.17.2/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= +github.com/go-openapi/validate v0.17.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= +github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= +github.com/go-ozzo/ozzo-validation v3.5.0+incompatible/go.mod h1:gsEKFIVnabGBt6mXmxK0MoFy+cZoTJY6mu5Ll3LVLBU= +github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= +github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415 h1:WSBJMqJbLxsn+bTCPyPYZfqHdJmc8MK4wrBjMft6BAM= +github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.1.1 h1:72R+M5VuhED/KujmZVcIquuo8mBgX4oVda//DQb3PXo= +github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/mock v0.0.0-20160127222235-bd3c8e81be01/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golangplus/bytes v0.0.0-20160111154220-45c989fe5450/go.mod h1:Bk6SMAONeMXrxql8uvOKuAZSu8aM5RUGv+1C6IJaEho= +github.com/golangplus/fmt v0.0.0-20150411045040-2a5d6d7d2995/go.mod h1:lJgMEyOkYFkPcDKwRXegd+iM6E7matEszMG5HhwytU8= +github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk= +github.com/google/btree v0.0.0-20160524151835-7d79101e329e/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/cadvisor v0.33.2-0.20190411163913-9db8c7dee20a/go.mod h1:1nql6U13uTHaLYB8rLS5x9IJc2qT6Xd/Tr1sTX6NE48= +github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf h1:+RRA9JqSOZFfKrOeqr2z77+8R2RKyh8PG66dcu1V0ck= +github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/uuid v1.0.0 h1:b4Gk+7WdP/d3HZH8EJsZpvV7EtDOgaZLtnaNGIu1adA= +github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/gophercloud/gophercloud v0.0.0-20190126172459-c818fa66e4c8/go.mod h1:3WdhXV3rUYy9p6AUW8d94kr+HS62Y4VL9mBnFxsD8q4= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= +github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= +github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/grpc-ecosystem/go-grpc-middleware v0.0.0-20190222133341-cfaf5686ec79/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= +github.com/grpc-ecosystem/go-grpc-prometheus v0.0.0-20170330212424-2500245aa611/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/grpc-ecosystem/grpc-gateway v1.3.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/hcl v0.0.0-20160711231752-d8c773c4cba1/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= +github.com/heketi/heketi v0.0.0-20181109135656-558b29266ce0/go.mod h1:bB9ly3RchcQqsQ9CpyaQwvva7RS5ytVoSoholZQON6o= +github.com/heketi/rest v0.0.0-20180404230133-aa6a65207413/go.mod h1:BeS3M108VzVlmAue3lv2WcGuPAX94/KN63MUURzbYSI= +github.com/heketi/tests v0.0.0-20151005000721-f3775cbcefd6/go.mod h1:xGMAM8JLi7UkZt1i4FQeQy0R2T8GLUwQhOP5M1gBhy4= +github.com/heketi/utils v0.0.0-20170317161834-435bc5bdfa64/go.mod h1:RYlF4ghFZPPmk2TC5REt5OFwvfb6lzxFWrTWB+qs28s= +github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jonboulle/clockwork v0.0.0-20141017032234-72f9bd7c4e0c/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be h1:AHimNtVIpiBjPUhEF5KNCkrUyqTSA5zWUl8sQ2bfGBE= +github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns= +github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jteeuwen/go-bindata v0.0.0-20151023091102-a0ff2567cfb7/go.mod h1:JVvhzYOiGBnFSYRyV00iY8q7/0PThjIYav1p9h5dmKs= +github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= +github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/kardianos/osext v0.0.0-20150410034420-8fef92e41e22/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8= +github.com/karrick/godirwalk v1.7.5/go.mod h1:2c9FRhkDxdIbgkOnCEvnSWs71Bhugbl46shStcFDJ34= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/fs v0.0.0-20131111012553-2788f0dbd169/go.mod h1:glhvuHOU9Hy7/8PwwdtnarXqLagOX0b/TbZx2zLMqEg= +github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/pretty v0.0.0-20140812000539-f31442d60e51/go.mod h1:Bvhd+E3laJ0AVkG0c9rmtZcnhV0HQ3+c3YxxqTvc/gA= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.0.0-20130911015532-6807e777504f/go.mod h1:sjUstKUATFIcff4qlB53Kml0wQPtJVc/3fWrmuUmcfA= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/libopenstorage/openstorage v0.0.0-20170906232338-093a0c388875/go.mod h1:Sp1sIObHjat1BeXhfMqLZ14wnOzEhNx2YQedreMcUyc= +github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= +github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= +github.com/lpabon/godbc v0.1.1/go.mod h1:Jo9QV0cf3U6jZABgiJ2skINAXb9j8m51r07g4KI92ZA= +github.com/magiconair/properties v0.0.0-20160816085511-61b492c03cf4/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= +github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/marstr/guid v0.0.0-20170427235115-8bdf7d1a087c/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho= +github.com/mattn/go-shellwords v0.0.0-20180605041737-f8471b0a71de/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= +github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= +github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/mesos/mesos-go v0.0.9/go.mod h1:kPYCMQ9gsOXVAle1OsoY4I1+9kPu8GHkf88aV59fDr4= +github.com/mholt/caddy v0.0.0-20180213163048-2de495001514/go.mod h1:Wb1PlT4DAYSqOEd03MsqkdkXnTxA8v9pKjdpxbqM1kY= +github.com/miekg/dns v0.0.0-20160614162101-5d001d020961 h1:vX2vkMipgQZ8gfmAsFeZdcgmhHoB7jMo6chAtajG3AI= +github.com/miekg/dns v0.0.0-20160614162101-5d001d020961/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= +github.com/miekg/dns v1.1.29 h1:xHBEhR+t5RzcFJjBLJlax2daXOrTYtr9z4WdKEfWFzg= +github.com/miekg/dns v1.1.29/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= +github.com/mindprince/gonvml v0.0.0-20171110221305-fee913ce8fb2/go.mod h1:2eu9pRWp8mo84xCg6KswZ+USQHjwgRhNp06sozOdsTY= +github.com/mistifyio/go-zfs v0.0.0-20151009155749-1b4ae6fb4e77/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= +github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/mohae/deepcopy v0.0.0-20170603005431-491d3605edfb/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= +github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= +github.com/mrunalp/fileutils v0.0.0-20160930181131-4ee1cc9a8058/go.mod h1:x8F1gnqOkIEiO4rqoeEEEqQbo7HjGMTvyoq3gej4iT0= +github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mvdan/xurls v0.0.0-20160110113200-1b768d7c393a/go.mod h1:tQlNn3BED8bE/15hnSL2HLkDeLWpNPAwtw7wkEq44oU= +github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/natefinch/lumberjack v2.0.0+incompatible/go.mod h1:Wi9p2TTF5DG5oU+6YfsmYQpsTIOm0B1VNzQg9Mw6nPk= +github.com/onsi/ginkgo v1.6.0 h1:Ix8l273rp3QzYgXSR+c8d1fTG7UPgYkOSELPhiY/YGw= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.12.0 h1:Iw5WCbBcaAAd0fpRb1c9r5YCylv4XDoCSigm1zLevwU= +github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg= +github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3 h1:EooPXg51Tn+xmWPXJUGCnJhJSpeuMlBmfJVcqIRmmv8= +github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +github.com/onsi/gomega v1.9.0 h1:R1uwffexN6Pr340GtYRIdZmAiN4J+iw6WG4wog1DUXg= +github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= +github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= +github.com/opencontainers/image-spec v0.0.0-20170604055404-372ad780f634/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/runc v0.0.0-20181113202123-f000fe11ece1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/opencontainers/runtime-spec v1.0.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/selinux v0.0.0-20170621221121-4a2974bf1ee9/go.mod h1:+BLncwf63G4dgOzykXAxcmnFlUaOlkDdmw/CqsW6pjs= +github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= +github.com/pelletier/go-toml v1.0.1/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= +github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= +github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/sftp v0.0.0-20160930220758-4d0e916071f6/go.mod h1:NxmoDg/QLVWluQDUYG7XBZTLUpKeFa8e3aMf1BfjyHk= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= +github.com/pquerna/ffjson v0.0.0-20180717144149-af8b230fcd20/go.mod h1:YARuvh7BUWHNhzDq2OM5tzR2RiCcN2D7sapiKyCel/M= +github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.2 h1:awm861/B8OKDd2I/6o1dy3ra4BamzKhYOiGItCeZ740= +github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= +github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= +github.com/prometheus/client_golang v1.5.1 h1:bdHYieyGlH+6OLEk2YQha8THib30KP0/yD0YH9m6xcA= +github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910 h1:idejC8f05m9MGOsuEi1ATq9shN03HrxNkD/luQvxCv8= +github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= +github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= +github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.0.0-20181126121408-4724e9255275 h1:PnBWHBf+6L0jOqq0gIVUe6Yk0/QMZ640k6NvkxcBf+8= +github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/common v0.9.1 h1:KOMtN28tlbam3/7ZKEYKHhKoJZYYj3gMH4uc62x7X7U= +github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= +github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a h1:9a8MnZMP0X2nLJdBg+pBmGgkJlSaKC2KaQmTCk1XDtE= +github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.8 h1:+fpWZdT24pJBiqJdAwYBjPSk+5YmQzYNPYzQsdzLkt8= +github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= +github.com/quobyte/api v0.1.2/go.mod h1:jL7lIHrmqQ7yh05OJ+eEEdHr0u/kmT1Ff9iHd+4H6VI= +github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= +github.com/robfig/cron v0.0.0-20170309132418-df38d32658d8/go.mod h1:JGuDeoQd7Z6yL4zQhZ3OPEVHB7fL6Ka6skscFHfmt2k= +github.com/rubiojr/go-vhd v0.0.0-20160810183302-0bfd3b39853c/go.mod h1:DM5xW0nvfNNm2uytzsvhI3OnX8uzaRAg8UX/CnDqbto= +github.com/russross/blackfriday v0.0.0-20151117072312-300106c228d5/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= +github.com/seccomp/libseccomp-golang v0.0.0-20150813023252-1b506fc7c24e/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= +github.com/shurcooL/sanitized_anchor_name v0.0.0-20151028001915-10ef21a441db/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= +github.com/sigma/go-inotify v0.0.0-20181102212354-c87b6cf5033d/go.mod h1:stlh9OsqBQSdwxTxX73mu41BBtRbIpZLQ7flcAoxAfo= +github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +github.com/soheilhy/cmux v0.1.3/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/spf13/afero v0.0.0-20160816080757-b28a7effac97/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= +github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/cast v0.0.0-20160730092037-e31f36ffc91a/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= +github.com/spf13/cobra v0.0.0-20180319062004-c439c4fa0937/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= +github.com/spf13/jwalterweatherman v0.0.0-20160311093646-33c24e77fb80/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v1.0.1 h1:aCvUg6QPl3ibpQUxyLkrEkCHtPqYJL4x9AuhqVqFis4= +github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/viper v0.0.0-20160820190039-7fb2782df3d8/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM= +github.com/storageos/go-api v0.0.0-20180912212459-343b3eff91fc/go.mod h1:ZrLn+e0ZuF3Y65PNF6dIwbJPZqfmtCXxFm9ckv0agOY= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/syndtr/gocapability v0.0.0-20160928074757-e7cb7fa329f4/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= +github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= +github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= +github.com/vishvananda/netlink v0.0.0-20171020171820-b2de5d10e38e/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= +github.com/vishvananda/netns v0.0.0-20171111001504-be1fbeda1936/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= +github.com/vmware/govmomi v0.20.1/go.mod h1:URlwyTFZX72RmxtxuaFL2Uj3fD1JTvZdx59bHWk6aFU= +github.com/vmware/photon-controller-go-sdk v0.0.0-20170310013346-4a435daef6cc/go.mod h1:e6humHha1ekIwTCm+A5Qed5mG8V4JL+ChHcUOJ+L/8U= +github.com/xanzy/go-cloudstack v0.0.0-20160728180336-1e2cbf647e57/go.mod h1:s3eL3z5pNXF5FVybcT+LIVdId8pYn709yv6v5mrkrQE= +github.com/xiang90/probing v0.0.0-20160813154853-07dd2e8dfe18/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= +github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1/go.mod h1:QcJo0QPSfTONNIgpN5RA8prR7fF8nkF6cTWTcNerRO8= +go.uber.org/atomic v0.0.0-20181018215023-8dc6146f7569/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/multierr v0.0.0-20180122172545-ddea229ff1df/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/zap v0.0.0-20180814183419-67bc79d13d15/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190923162816-aa69164e4478 h1:l5EDrHhldLYb3ZRHDUhXF7Om7MvYXnkV9/iQNo1lX6g= +golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a h1:tImsplftrFpALCYumobsd0K86vlAs/eXGFms2txfJfA= +golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181004145325-8469e314837c/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313 h1:pczuHS43Cp2ktBEEmLwScxgjWsBSzdaQiKzUyf3DTTc= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82 h1:ywK/j/KkyTHcdyYSZNXGjMwgmDSfjglYZ3vStQ/gSCU= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db h1:6/JqlYfC1CCaLnGceQTI+sDGhC9UBSPAsBqI0Gun6kU= +golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/time v0.0.0-20161028155119-f51c12702a4d h1:TnM+PKb3ylGmZvyPXmo9m/wktg7Jn/a/fNmr33HSj8g= +golang.org/x/time v0.0.0-20161028155119-f51c12702a4d/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20170824195420-5d2fd3ccab98/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= +gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= +gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= +google.golang.org/api v0.0.0-20181220000619-583d854617af/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/genproto v0.0.0-20170731182057-09f6ed296fc6/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/grpc v1.13.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/gcfg.v1 v1.2.0/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= +gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/natefinch/lumberjack.v2 v2.0.0-20150622162204-20b71e5b60d7/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= +gopkg.in/square/go-jose.v2 v2.0.0-20180411045311-89060dee6a84/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/warnings.v0 v0.1.1/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg= +gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.5 h1:ymVxjfMaHvXD8RqPRmzHHsB3VvucivSkIAvJFDI5O3c= +gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= +k8s.io/api v0.0.0-20190620084959-7cf5895f2711 h1:BblVYz/wE5WtBsD/Gvu54KyBUTJMflolzc5I2DTvh50= +k8s.io/api v0.0.0-20190620084959-7cf5895f2711/go.mod h1:TBhBqb1AWbBQbW3XRusr7n7E4v2+5ZY8r8sAMnyFC5A= +k8s.io/apiextensions-apiserver v0.0.0-20190620085554-14e95df34f1f/go.mod h1:++XMkbLSSAutLgulnUnXW4kNbSkyQzlPL8PaW4hjJT4= +k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719 h1:uV4S5IB5g4Nvi+TBVNf3e9L4wrirlwYJ6w88jUQxTUw= +k8s.io/apimachinery v0.0.0-20190612205821-1799e75a0719/go.mod h1:I4A+glKBHiTgiEjQiCCQfCAIcIMFGt291SmsvcrFzJA= +k8s.io/apiserver v0.0.0-20190620085212-47dc9a115b18/go.mod h1:Hc9PbFVOsMigd7B7OiY/6bIRkR8y31eIKsr1D+JtKg4= +k8s.io/cli-runtime v0.0.0-20190620085706-2090e6d8f84c/go.mod h1:fkxp0BXLu9gu3r8x8X8gLrfDgWfqusKEJUnMUIqpDcg= +k8s.io/client-go v0.0.0-20190620085101-78d2af792bab h1:E8Fecph0qbNsAbijJJQryKu4Oi9QTp5cVpjTE+nqg6g= +k8s.io/client-go v0.0.0-20190620085101-78d2af792bab/go.mod h1:E95RaSlHr79aHaX0aGSwcPNfygDiPKOVXdmivCIZT0k= +k8s.io/cloud-provider v0.0.0-20190620090043-8301c0bda1f0/go.mod h1:UXU55LeVTrjyQNw86sHjagiYhSZjYxWKXvx0Ml17KvM= +k8s.io/cluster-bootstrap v0.0.0-20190620090013-c9a0fc045dc1/go.mod h1:cCRw3eZzlJdySYRtkL/N4cAClxYCzyrBL3V8cblTlUo= +k8s.io/code-generator v0.0.0-20190612205613-18da4a14b22b/go.mod h1:G8bQwmHm2eafm5bgtX67XDZQ8CWKSGu9DekI+yN4Y5I= +k8s.io/component-base v0.0.0-20190620085130-185d68e6e6ea/go.mod h1:VLedAFwENz2swOjm0zmUXpAP2mV55c49xgaOzPBI/QQ= +k8s.io/cri-api v0.0.0-20190531030430-6117653b35f1/go.mod h1:K6Ux7uDbzKhacgqW0OJg3rjXk/SR9kprCPfSUDXGB5A= +k8s.io/csi-translation-lib v0.0.0-20190620090116-299a7b270edc/go.mod h1:L51Xd2IwQCsOBx41c4YZR9dY1h1IjMk8r3Nnv3L80KM= +k8s.io/gengo v0.0.0-20190116091435-f8a0810f38af/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/heapster v1.2.0-beta.1/go.mod h1:h1uhptVXMwC8xtZBYsPXKVi8fpdlYkTs6k949KozGrM= +k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.3.1 h1:RVgyDHY/kFKtLqh67NvEWIgkMneNoIrdkN0CxDSQc68= +k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= +k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= +k8s.io/kube-aggregator v0.0.0-20190620085325-f29e2b4a4f84/go.mod h1:S8URgD5o6oGCoLP9lx6oAdxWB9Ovtq9KLU9cYmU08QI= +k8s.io/kube-controller-manager v0.0.0-20190620085942-b7f18460b210/go.mod h1:FoQCodL0eAmdwbZuu2/fi7nVEh3xE4SpomwLaGO4V74= +k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30 h1:TRb4wNWoBVrH9plmkp2q86FIDppkbrEXdXlxU3a3BMI= +k8s.io/kube-openapi v0.0.0-20190228160746-b3a7cee44a30/go.mod h1:BXM9ceUBTj2QnfH2MK1odQs778ajze1RxcmP6S8RVVc= +k8s.io/kube-proxy v0.0.0-20190620085809-589f994ddf7f/go.mod h1:EP2frUhhC4rizGpCTYCnVS4+XZMh7Hyq40jOUvuAK5g= +k8s.io/kube-scheduler v0.0.0-20190620085912-4acac5405ec6/go.mod h1:ktfBNqjRdtYUw2eFNk32TtxiGqOy00eiWua74iNEcLg= +k8s.io/kubelet v0.0.0-20190620085838-f1cb295a73c9/go.mod h1:2gRsvblRTyHIsBazBlnqeAWkWRtnUq6cBnrfdPFr9iY= +k8s.io/kubernetes v1.15.0 h1:0P6jAdZ1cF5/wSc14HqHCjWlbnwYzmFJBYeXBezZEE0= +k8s.io/kubernetes v1.15.0/go.mod h1:3RE5ikMc73WK+dSxk4pQuQ6ZaJcPXiZX2dj98RcdCuM= +k8s.io/legacy-cloud-providers v0.0.0-20190620090156-2138f2c9de18/go.mod h1:cgNZX1LyZbr0mW8MxxlgvFU2D3k1KDTlH/EgMuiQbGc= +k8s.io/metrics v0.0.0-20190620085625-3b22d835f165/go.mod h1:98M2pmJXrzr0W4o9N5ptSvZMygAMRVvyPr2vq7aRwT4= +k8s.io/repo-infra v0.0.0-20181204233714-00fe14e3d1a3/go.mod h1:+G1xBfZDfVFsm1Tj/HNCvg4QqWx8rJ2Fxpqr1rqp/gQ= +k8s.io/sample-apiserver v0.0.0-20190620085408-1aef9010884e/go.mod h1:uGtJFD6/KTth+Ed9NNWF8lMf5m1ued/X6qUuACRrBTs= +k8s.io/utils v0.0.0-20190221042446-c2654d5206da h1:ElyM7RPonbKnQqOcw7dG2IK5uvQQn3b/WPHqD5mBvP4= +k8s.io/utils v0.0.0-20190221042446-c2654d5206da/go.mod h1:8k8uAuAQ0rXslZKaEWd0c3oVhZz7sSzSiPnVZayjIX0= +k8s.io/utils v0.0.0-20200327001022-6496210b90e8 h1:6JFbaLjRyBz8K2Jvt+pcT+N3vvwMZfg8MfVENwe9aag= +k8s.io/utils v0.0.0-20200327001022-6496210b90e8/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= +modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= +modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= +modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= +modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= +modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= +sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU= +sigs.k8s.io/sig-storage-lib-external-provisioner v4.1.0+incompatible h1:pp7GUmQZKI57EjGnjkY88V4QbVuMpkw/ijKXqL67EsI= +sigs.k8s.io/sig-storage-lib-external-provisioner v4.1.0+incompatible/go.mod h1:qhqLyNwJC49PoUalmtzYb4s9fT8HOMBTLbTY1QoVOqI= +sigs.k8s.io/structured-merge-diff v0.0.0-20190302045857-e85c7b244fd2/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= +sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= +sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI= From ef48d2194125cc37501ce54ccdcc78be68ca0b76 Mon Sep 17 00:00:00 2001 From: kmova Date: Wed, 29 Jul 2020 19:50:12 +0000 Subject: [PATCH 49/51] feat(build): update base images to newer version x86_64 to latest Alpine The arm images is switched to multiarch since the hypriot image hasn't been updated in 3 years: https://hub.docker.com/r/hypriot/rpi-alpine/tags Currently the multiarch release of Alpine 3.11 is hold back by QEMU issues, see: multiarch/alpine#28 but the update to 3.10 is a huge leap and 3.10 is still under support :) Signed-off-by: kmova (cherry picked from commit 528d2e2a03f02a9ba4f99d8df83c83fc808cd2e6) --- docker/arm/Dockerfile | 2 +- docker/x86_64/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/arm/Dockerfile b/docker/arm/Dockerfile index 7bd01866..c81808cf 100644 --- a/docker/arm/Dockerfile +++ b/docker/arm/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM hypriot/rpi-alpine:3.6 +FROM multiarch/alpine:armhf-v3.10 RUN apk update --no-cache && apk add ca-certificates COPY nfs-subdir-external-provisioner /nfs-subdir-external-provisioner ENTRYPOINT ["/nfs-subdir-external-provisioner"] diff --git a/docker/x86_64/Dockerfile b/docker/x86_64/Dockerfile index 07e0405b..945c2985 100644 --- a/docker/x86_64/Dockerfile +++ b/docker/x86_64/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.6 +FROM alpine:3.11 RUN apk update --no-cache && apk add ca-certificates COPY nfs-subdir-external-provisioner /nfs-subdir-external-provisioner ENTRYPOINT ["/nfs-subdir-external-provisioner"] From df11650b9e369bf2b85340b64bc7933ecadf571b Mon Sep 17 00:00:00 2001 From: kmova Date: Wed, 29 Jul 2020 20:02:16 +0000 Subject: [PATCH 50/51] update RBAC access setup for OpenShift From OpenShift 4.4 on the built-in SCCs will be managed and thus you cannot any longer mutate them by adding user. The proper way is either to copy an existing SCC or use RBAC to access them. This updates the documentation for the RBAC approach. Signed-off-by: kmova (cherry picked from commit 92508da2ff6f629c0467239762b7c8ccce099dc3) --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2fdfc04b..308da047 100644 --- a/README.md +++ b/README.md @@ -48,13 +48,15 @@ $ kubectl create -f deploy/rbac.yaml OpenShift: On some installations of OpenShift the default admin user does not have cluster-admin permissions. If these commands fail refer to the OpenShift documentation for **User and Role Management** or contact your OpenShift provider to help you grant the right permissions to your admin user. +On OpenShift the service account used to bind volumes does not have the necessary permissions required to use the `hostmount-anyuid` SCC. See also [Role based access to SCC](https://docs.openshift.com/container-platform/4.4/authentication/managing-security-context-constraints.html#role-based-access-to-ssc_configuring-internal-oauth) for more information. If these commands fail refer to the OpenShift documentation for **User and Role Management** or contact your OpenShift provider to help you grant the right permissions to your admin user. ```sh # Set the subject of the RBAC objects to the current namespace where the provisioner is being deployed $ NAMESPACE=`oc project -q` $ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml $ oc create -f deploy/rbac.yaml -$ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner +$ oc create role use-scc-hostmount-anyuid --verb=use --resource=scc --resource-name=hostmount-anyuid -n $NAMESPACE +$ oc adm policy add-role-to-user use-scc-hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner ``` **Step 4: Configure the NFS-Client provisioner** From c2777757e9e59daed373e2ab43c96eb548be2d74 Mon Sep 17 00:00:00 2001 From: kmova Date: Thu, 30 Jul 2020 17:30:03 +0000 Subject: [PATCH 51/51] move to alpine 3.12 for base image Signed-off-by: kmova (cherry picked from commit 01cc0805a06cdab6c31dbb10613ad4ad26f13b1e) --- docker/arm/Dockerfile | 2 +- docker/x86_64/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/arm/Dockerfile b/docker/arm/Dockerfile index c81808cf..06033ac0 100644 --- a/docker/arm/Dockerfile +++ b/docker/arm/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM multiarch/alpine:armhf-v3.10 +FROM multiarch/alpine:armhf-v3.12 RUN apk update --no-cache && apk add ca-certificates COPY nfs-subdir-external-provisioner /nfs-subdir-external-provisioner ENTRYPOINT ["/nfs-subdir-external-provisioner"] diff --git a/docker/x86_64/Dockerfile b/docker/x86_64/Dockerfile index 945c2985..11641567 100644 --- a/docker/x86_64/Dockerfile +++ b/docker/x86_64/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.11 +FROM alpine:3.12 RUN apk update --no-cache && apk add ca-certificates COPY nfs-subdir-external-provisioner /nfs-subdir-external-provisioner ENTRYPOINT ["/nfs-subdir-external-provisioner"]