public_git
/
kubernetes-sigs_nfs-subdir-external-provisioner
mirror of https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
13 Commits 2 Branches 25 Tags 34 MiB
Shell 70.2%
Makefile 11.4%
Go 9.2%
Python 4.9%
Smarty 2.4%
Other 1.9%
Go to file
Clayton O'Neill c7eb885d3e Add RBAC examples for nfs-client 
Adds example configuration files for clusters that have RBAC enabled
(1.6) or OpenShift users.

This is mostly a cut and paste job from the EFS example.

(cherry picked from commit a82645d4ec)
 		2020-09-07 05:49:08 +00:00
cmd/nfs-client-provisioner Name PV as required by external provisioner contract 2020-09-07 05:49:07 +00:00
deploy Add RBAC examples for nfs-client 2020-09-07 05:49:08 +00:00
.gitignore nfs-client-provisioner initial code 2020-09-07 05:48:52 +00:00
CONTRIBUTING.md Update template files to include repo-specific info 2020-03-26 07:32:42 +05:30
Dockerfile Release nfs-client-provisioner v2.0.0 2020-09-07 05:49:07 +00:00
LICENSE Initial commit 2020-03-26 07:23:01 +05:30
OWNERS add owners 2020-09-07 05:49:07 +00:00
README.md Add RBAC examples for nfs-client 2020-09-07 05:49:08 +00:00
RELEASE.md Initial commit 2020-03-26 07:23:01 +05:30
SECURITY_CONTACTS Update template files to include repo-specific info 2020-03-26 07:32:42 +05:30
build.sh add boilerplate required license terms 2020-09-07 05:49:07 +00:00
code-of-conduct.md Initial commit 2020-03-26 07:23:01 +05:30

README.md

kubernetes nfs-client-provisioner

Docker Repository on Quay

quay.io/external_storage/nfs-client-provisioner:v2.0.0
  • pv provisioned as ${namespace}-${pvcName}-${pvName}
  • pv recycled as archieved-${namespace}-${pvcName}-${pvName}

deploy

  • modify and deploy deploy/deployment.yaml
  • modify and deploy deploy/class.yaml

authorization

If your cluster has RBAC enabled or you are running OpenShift you must authorize the provisioner. If you are in a namespace/project other than "default" either edit deploy/auth/clusterrolebinding.yaml or edit the oadm policy command accordingly.

RBAC

$ kubectl create -f deploy/auth/serviceaccount.yaml
serviceaccount "nfs-client-provisioner" created
$ kubectl create -f deploy/auth/clusterrole.yaml
clusterrole "nfs-client-provisioner-runner" created
$ kubectl create -f deploy/auth/clusterrolebinding.yaml
clusterrolebinding "run-nfs-client-provisioner" created
$ kubectl patch deployment nfs-client-provisioner -p '{"spec":{"template":{"spec":{"serviceAccount":"nfs-client-provisioner"}}}}'

OpenShift

$ oc create -f deploy/auth/serviceaccount.yaml
serviceaccount "nfs-client-provisioner" created
$ oc create -f deploy/auth/openshift-clusterrole.yaml
clusterrole "nfs-client-provisioner-runner" created
$ oadm policy add-scc-to-user hostmount-anyuid system:serviceaccount:default:nfs-client-provisioner
$ oadm policy add-cluster-role-to-user nfs-client-provisioner-runner system:serviceaccount:default:nfs-client-provisioner
$ oc patch deployment nfs-client-provisioner -p '{"spec":{"template":{"spec":{"serviceAccount":"nfs-client-provisioner"}}}}'

test

  • kubectl create -f deploy/test-claim.yaml
  • kubectl create -f deploy/test-pod.yaml
  • check the folder and file "SUCCESS" created
  • kubectl delete -f deploy/test-pod.yaml
  • kubectl delete -f deploy/test-claim.yaml
  • check the folder renamed to archived-???