forked from topolvm/topolvm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
node.yaml
139 lines (135 loc) · 4.03 KB
/
node.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: topolvm-system
name: node
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: topolvm-system:node
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["topolvm.cybozu.com"]
resources: ["logicalvolumes", "logicalvolumes/status"]
verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csidrivers"]
verbs: ["get", "list", "watch"]
- apiGroups: ["policy"]
resources: ["podsecuritypolicies"]
verbs: ["use"]
resourceNames: ["topolvm-node"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: topolvm-system:node
subjects:
- kind: ServiceAccount
name: node
namespace: topolvm-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: topolvm-system:node
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
namespace: topolvm-system
name: node
spec:
selector:
matchLabels:
app.kubernetes.io/name: node
template:
metadata:
labels:
app.kubernetes.io/name: node
annotations:
prometheus.io/port: "8080"
spec:
serviceAccountName: node
containers:
- name: topolvm-node
image: quay.io/cybozu/topolvm:0.2.2
securityContext:
privileged: true
command:
- /topolvm-node
- --lvmd-socket=/run/lvmd/lvmd.sock
ports:
- containerPort: 9808
name: healthz
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
failureThreshold: 3
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 60
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: node-plugin-dir
mountPath: /run/topolvm
- name: lvmd-socket-dir
mountPath: /run/lvmd
- name: pod-volumes-dir
mountPath: /var/lib/kubelet/pods
mountPropagation: "Bidirectional"
- name: csi-plugin-dir
mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi
mountPropagation: "Bidirectional"
- name: csi-registrar
image: quay.io/cybozu/topolvm:0.2.2
command:
- /csi-node-driver-registrar
- "--csi-address=/run/topolvm/csi-topolvm.sock"
- "--kubelet-registration-path=/var/lib/kubelet/plugins/topolvm.cybozu.com/node/csi-topolvm.sock"
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "rm -rf /registration/topolvm.cybozu.com /registration/topolvm.cybozu.com-reg.sock"]
volumeMounts:
- name: node-plugin-dir
mountPath: /run/topolvm
- name: registration-dir
mountPath: /registration
- name: liveness-probe
image: quay.io/cybozu/topolvm:0.2.2
command:
- /livenessprobe
- "--csi-address=/run/topolvm/csi-topolvm.sock"
volumeMounts:
- name: node-plugin-dir
mountPath: /run/topolvm
volumes:
- name: registration-dir
hostPath:
path: /var/lib/kubelet/plugins_registry/
type: Directory
- name: node-plugin-dir
hostPath:
path: /var/lib/kubelet/plugins/topolvm.cybozu.com/node
type: DirectoryOrCreate
- name: csi-plugin-dir
hostPath:
path: /var/lib/kubelet/plugins/kubernetes.io/csi
type: DirectoryOrCreate
- name: pod-volumes-dir
hostPath:
path: /var/lib/kubelet/pods/
type: DirectoryOrCreate
- name: lvmd-socket-dir
hostPath:
path: /run/topolvm
type: Directory