Browse Source
Azure Disk CSI deployment (#5833)
Azure Disk CSI deployment (#5833)
* Azure Disk CSI deployment * Mention Azure CSI support * Fix: remove unnecessary file * Typo in documentation * Add newline to end of filepull/5870/head
Ali Sanhaji
5 years ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 944 additions and 1 deletions
Split View
Diff Options
-
119docs/azure-csi.md
-
20inventory/sample/group_vars/all/azure.yml
-
3inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
-
11roles/download/defaults/main.yml
-
4roles/kubernetes-apps/csi_driver/azuredisk/defaults/main.yml
-
54roles/kubernetes-apps/csi_driver/azuredisk/tasks/azure-credential-check.yml
-
48roles/kubernetes-apps/csi_driver/azuredisk/tasks/main.yml
-
212roles/kubernetes-apps/csi_driver/azuredisk/templates/azure-csi-azuredisk-controller-rbac.yml.j2
-
200roles/kubernetes-apps/csi_driver/azuredisk/templates/azure-csi-azuredisk-controller.yml.j2
-
10roles/kubernetes-apps/csi_driver/azuredisk/templates/azure-csi-azuredisk-driver.yml.j2
-
156roles/kubernetes-apps/csi_driver/azuredisk/templates/azure-csi-azuredisk-node.yml.j2
-
7roles/kubernetes-apps/csi_driver/azuredisk/templates/azure-csi-cloud-config-secret.yml.j2
-
14roles/kubernetes-apps/csi_driver/azuredisk/templates/azure-csi-cloud-config.j2
-
38roles/kubernetes-apps/csi_driver/azuredisk/templates/azure-csi-node-info-crd.yml.j2
-
8roles/kubernetes-apps/meta/main.yml
-
3roles/kubernetes-apps/persistent_volumes/azuredisk-csi/defaults/main.yml
-
19roles/kubernetes-apps/persistent_volumes/azuredisk-csi/tasks/main.yml
-
11roles/kubernetes-apps/persistent_volumes/azuredisk-csi/templates/azure-csi-storage-class.yml.j2
-
7roles/kubernetes-apps/persistent_volumes/meta/main.yml
-
1roles/kubespray-defaults/defaults/main.yaml
@ -0,0 +1,119 @@ |
|||
# Azure Disk CSI Driver |
|||
|
|||
The Azure Disk CSI driver allows you to provision volumes for pods with a Kubernetes deployment over Azure Cloud. The CSI driver replaces to volume provioning done by the in-tree azure cloud provider which is deprecated. |
|||
|
|||
This documentation is an updated version of the in-tree Azure cloud provider documentation (azure.md). |
|||
|
|||
To deploy Azure Disk CSI driver, uncomment the `azure_csi_enabled` option in `group_vars/all/azure.yml` and set it to `true`. |
|||
|
|||
## Azure Disk CSI Storage Class |
|||
|
|||
If you want to deploy the Azure Disk storage class to provision volumes dynamically, you should set `persistent_volumes_enabled` in `group_vars/k8s-cluster/k8s-cluster.yml` to `true`. |
|||
|
|||
## Parameters |
|||
|
|||
Before creating the instances you must first set the `azure_csi_` variables in the `group_vars/all.yml` file. |
|||
|
|||
All of the values can be retrieved using the azure cli tool which can be downloaded here: <https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest> |
|||
|
|||
After installation you have to run `az login` to get access to your account. |
|||
|
|||
### azure\_csi\_tenant\_id + azure\_csi\_subscription\_id |
|||
|
|||
Run `az account show` to retrieve your subscription id and tenant id: |
|||
`azure_csi_tenant_id` -> tenantId field |
|||
`azure_csi_subscription_id` -> id field |
|||
|
|||
### azure\_csi\_location |
|||
|
|||
The region your instances are located in, it can be something like `francecentral` or `norwayeast`. A full list of region names can be retrieved via `az account list-locations` |
|||
|
|||
### azure\_csi\_resource\_group |
|||
|
|||
The name of the resource group your instances are in, a list of your resource groups can be retrieved via `az group list` |
|||
|
|||
Or you can do `az vm list | grep resourceGroup` and get the resource group corresponding to the VMs of your cluster. |
|||
|
|||
The resource group name is not case sensitive. |
|||
|
|||
### azure\_csi\_vnet\_name |
|||
|
|||
The name of the virtual network your instances are in, can be retrieved via `az network vnet list` |
|||
|
|||
### azure\_csi\_vnet\_resource\_group |
|||
|
|||
The name of the resource group your vnet is in, can be retrieved via `az network vnet list | grep resourceGroup` and get the resource group corresponding to the vnet of your cluster. |
|||
|
|||
### azure\_csi\_subnet\_name |
|||
|
|||
The name of the subnet your instances are in, can be retrieved via `az network vnet subnet list --resource-group RESOURCE_GROUP --vnet-name VNET_NAME` |
|||
|
|||
### azure\_csi\_security\_group\_name |
|||
|
|||
The name of the network security group your instances are in, can be retrieved via `az network nsg list` |
|||
|
|||
### azure\_csi\_aad\_client\_id + azure\_csi\_aad\_client\_secret |
|||
|
|||
These will have to be generated first: |
|||
|
|||
- Create an Azure AD Application with: |
|||
`az ad app create --display-name kubespray --identifier-uris http://kubespray --homepage http://kubespray.com --password CLIENT_SECRET` |
|||
|
|||
Display name, identifier-uri, homepage and the password can be chosen |
|||
|
|||
Note the AppId in the output. |
|||
|
|||
- Create Service principal for the application with: |
|||
`az ad sp create --id AppId` |
|||
|
|||
This is the AppId from the last command |
|||
|
|||
- Create the role assignment with: |
|||
`az role assignment create --role "Owner" --assignee http://kubespray --subscription SUBSCRIPTION_ID` |
|||
|
|||
azure\_csi\_aad\_client\_id must be set to the AppId, azure\_csi\_aad\_client\_secret is your chosen secret. |
|||
|
|||
### azure\_csi\_use\_instance\_metadata |
|||
|
|||
Use instance metadata service where possible. Boolean value. |
|||
|
|||
## Test the Azure Disk CSI driver |
|||
|
|||
To test the dynamic provisioning using Azure CSI driver, make sure to have the storage class deployed (through persistent volumes), and apply the following manifest: |
|||
|
|||
```yml |
|||
--- |
|||
apiVersion: v1 |
|||
kind: PersistentVolumeClaim |
|||
metadata: |
|||
name: pvc-azuredisk |
|||
spec: |
|||
accessModes: |
|||
- ReadWriteOnce |
|||
resources: |
|||
requests: |
|||
storage: 1Gi |
|||
storageClassName: disk.csi.azure.com |
|||
--- |
|||
kind: Pod |
|||
apiVersion: v1 |
|||
metadata: |
|||
name: nginx-azuredisk |
|||
spec: |
|||
nodeSelector: |
|||
beta.kubernetes.io/os: linux |
|||
containers: |
|||
- image: nginx |
|||
name: nginx-azuredisk |
|||
command: |
|||
- "/bin/sh" |
|||
- "-c" |
|||
- while true; do echo $(date) >> /mnt/azuredisk/outfile; sleep 1; done |
|||
volumeMounts: |
|||
- name: azuredisk |
|||
mountPath: "/mnt/azuredisk" |
|||
volumes: |
|||
- name: azuredisk |
|||
persistentVolumeClaim: |
|||
claimName: pvc-azuredisk |
|||
``` |
|||
@ -0,0 +1,4 @@ |
|||
--- |
|||
azure_csi_use_instance_metadata: true |
|||
azure_csi_controller_replicas: 1 |
|||
azure_csi_plugin_image_tag: latest |
|||
@ -0,0 +1,54 @@ |
|||
--- |
|||
- name: Azure CSI Driver | check azure_csi_tenant_id value |
|||
fail: |
|||
msg: "azure_csi_tenant_id is missing" |
|||
when: azure_csi_tenant_id is not defined or not azure_csi_tenant_id |
|||
|
|||
- name: Azure CSI Driver | check azure_csi_subscription_id value |
|||
fail: |
|||
msg: "azure_csi_subscription_id is missing" |
|||
when: azure_csi_subscription_id is not defined or not azure_csi_subscription_id |
|||
|
|||
- name: Azure CSI Driver | check azure_csi_aad_client_id value |
|||
fail: |
|||
msg: "azure_csi_aad_client_id is missing" |
|||
when: azure_csi_aad_client_id is not defined or not azure_csi_aad_client_id |
|||
|
|||
- name: Azure CSI Driver | check azure_csi_aad_client_secret value |
|||
fail: |
|||
msg: "azure_csi_aad_client_secret is missing" |
|||
when: azure_csi_aad_client_secret is not defined or not azure_csi_aad_client_secret |
|||
|
|||
- name: Azure CSI Driver | check azure_csi_resource_group value |
|||
fail: |
|||
msg: "azure_csi_resource_group is missing" |
|||
when: azure_csi_resource_group is not defined or not azure_csi_resource_group |
|||
|
|||
- name: Azure CSI Driver | check azure_csi_location value |
|||
fail: |
|||
msg: "azure_csi_location is missing" |
|||
when: azure_csi_location is not defined or not azure_csi_location |
|||
|
|||
- name: Azure CSI Driver | check azure_csi_subnet_name value |
|||
fail: |
|||
msg: "azure_csi_subnet_name is missing" |
|||
when: azure_csi_subnet_name is not defined or not azure_csi_subnet_name |
|||
|
|||
- name: Azure CSI Driver | check azure_csi_security_group_name value |
|||
fail: |
|||
msg: "azure_csi_security_group_name is missing" |
|||
when: azure_csi_security_group_name is not defined or not azure_csi_security_group_name |
|||
|
|||
- name: Azure CSI Driver | check azure_csi_vnet_name value |
|||
fail: |
|||
msg: "azure_csi_vnet_name is missing" |
|||
when: azure_csi_vnet_name is not defined or not azure_csi_vnet_name |
|||
|
|||
- name: Azure CSI Driver | check azure_csi_vnet_resource_group value |
|||
fail: |
|||
msg: "azure_csi_vnet_resource_group is missing" |
|||
when: azure_csi_vnet_resource_group is not defined or not azure_csi_vnet_resource_group |
|||
|
|||
- name: "Azure CSI Driver | check azure_csi_use_instance_metadata is a bool" |
|||
assert: |
|||
that: azure_csi_use_instance_metadata | type_debug == 'bool' |
|||
@ -0,0 +1,48 @@ |
|||
--- |
|||
- include_tasks: azure-credential-check.yml |
|||
tags: azure-csi-driver |
|||
|
|||
- name: Azure CSI Driver | Write Azure CSI cloud-config |
|||
template: |
|||
src: "azure-csi-cloud-config.j2" |
|||
dest: "{{ kube_config_dir }}/azure_csi_cloud_config" |
|||
group: "{{ kube_cert_group }}" |
|||
mode: 0640 |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
tags: azure-csi-driver |
|||
|
|||
- name: Azure CSI Driver | Get base64 cloud-config |
|||
slurp: |
|||
src: "{{ kube_config_dir }}/azure_csi_cloud_config" |
|||
register: cloud_config_secret |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
tags: azure-csi-driver |
|||
|
|||
- name: Azure CSI Driver | Generate Manifests |
|||
template: |
|||
src: "{{ item.file }}.j2" |
|||
dest: "{{ kube_config_dir }}/{{ item.file }}" |
|||
with_items: |
|||
- {name: azure-csi-azuredisk-driver, file: azure-csi-azuredisk-driver.yml} |
|||
- {name: azure-csi-cloud-config-secret, file: azure-csi-cloud-config-secret.yml} |
|||
- {name: azure-csi-azuredisk-controller, file: azure-csi-azuredisk-controller-rbac.yml} |
|||
- {name: azure-csi-azuredisk-controller, file: azure-csi-azuredisk-controller.yml} |
|||
- {name: azure-csi-azuredisk-node, file: azure-csi-azuredisk-node.yml} |
|||
- {name: azure-csi-node-info-crd.yml.j2, file: azure-csi-node-info-crd.yml} |
|||
register: azure_csi_manifests |
|||
when: inventory_hostname == groups['kube-master'][0] |
|||
tags: azure-csi-driver |
|||
|
|||
- name: Azure CSI Driver | Apply Manifests |
|||
kube: |
|||
kubectl: "{{ bin_dir }}/kubectl" |
|||
filename: "{{ kube_config_dir }}/{{ item.item.file }}" |
|||
state: "latest" |
|||
with_items: |
|||
- "{{ azure_csi_manifests.results }}" |
|||
when: |
|||
- inventory_hostname == groups['kube-master'][0] |
|||
- not item is skipped |
|||
loop_control: |
|||
label: "{{ item.item.file }}" |
|||
tags: azure-csi-driver |
|||
@ -0,0 +1,212 @@ |
|||
--- |
|||
apiVersion: v1 |
|||
kind: ServiceAccount |
|||
metadata: |
|||
name: csi-azuredisk-controller-sa |
|||
namespace: kube-system |
|||
--- |
|||
|
|||
kind: ClusterRole |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
metadata: |
|||
name: azuredisk-external-provisioner-role |
|||
rules: |
|||
- apiGroups: [""] |
|||
resources: ["persistentvolumes"] |
|||
verbs: ["get", "list", "watch", "create", "delete"] |
|||
- apiGroups: [""] |
|||
resources: ["persistentvolumeclaims"] |
|||
verbs: ["get", "list", "watch", "update"] |
|||
- apiGroups: ["storage.k8s.io"] |
|||
resources: ["storageclasses"] |
|||
verbs: ["get", "list", "watch"] |
|||
- apiGroups: [""] |
|||
resources: ["events"] |
|||
verbs: ["get", "list", "watch", "create", "update", "patch"] |
|||
- apiGroups: ["storage.k8s.io"] |
|||
resources: ["csinodes"] |
|||
verbs: ["get", "list", "watch"] |
|||
- apiGroups: [""] |
|||
resources: ["nodes"] |
|||
verbs: ["get", "list", "watch"] |
|||
- apiGroups: ["coordination.k8s.io"] |
|||
resources: ["leases"] |
|||
verbs: ["get", "list", "watch", "create", "update", "patch"] |
|||
- apiGroups: ["snapshot.storage.k8s.io"] |
|||
resources: ["volumesnapshots"] |
|||
verbs: ["get", "list"] |
|||
- apiGroups: ["snapshot.storage.k8s.io"] |
|||
resources: ["volumesnapshotcontents"] |
|||
verbs: ["get", "list"] |
|||
--- |
|||
|
|||
kind: ClusterRoleBinding |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
metadata: |
|||
name: azuredisk-csi-provisioner-binding |
|||
subjects: |
|||
- kind: ServiceAccount |
|||
name: csi-azuredisk-controller-sa |
|||
namespace: kube-system |
|||
roleRef: |
|||
kind: ClusterRole |
|||
name: azuredisk-external-provisioner-role |
|||
apiGroup: rbac.authorization.k8s.io |
|||
|
|||
--- |
|||
|
|||
kind: ClusterRole |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
metadata: |
|||
name: azuredisk-external-attacher-role |
|||
rules: |
|||
- apiGroups: [""] |
|||
resources: ["persistentvolumes"] |
|||
verbs: ["get", "list", "watch", "update"] |
|||
- apiGroups: [""] |
|||
resources: ["nodes"] |
|||
verbs: ["get", "list", "watch"] |
|||
- apiGroups: ["csi.storage.k8s.io"] |
|||
resources: ["csinodeinfos"] |
|||
verbs: ["get", "list", "watch"] |
|||
- apiGroups: ["storage.k8s.io"] |
|||
resources: ["volumeattachments"] |
|||
verbs: ["get", "list", "watch", "update"] |
|||
- apiGroups: ["coordination.k8s.io"] |
|||
resources: ["leases"] |
|||
verbs: ["get", "list", "watch", "create", "update", "patch"] |
|||
--- |
|||
|
|||
kind: ClusterRoleBinding |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
metadata: |
|||
name: azuredisk-csi-attacher-binding |
|||
subjects: |
|||
- kind: ServiceAccount |
|||
name: csi-azuredisk-controller-sa |
|||
namespace: kube-system |
|||
roleRef: |
|||
kind: ClusterRole |
|||
name: azuredisk-external-attacher-role |
|||
apiGroup: rbac.authorization.k8s.io |
|||
|
|||
--- |
|||
|
|||
kind: ClusterRole |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
metadata: |
|||
name: azuredisk-cluster-driver-registrar-role |
|||
rules: |
|||
- apiGroups: ["apiextensions.k8s.io"] |
|||
resources: ["customresourcedefinitions"] |
|||
verbs: ["create", "list", "watch", "delete"] |
|||
- apiGroups: ["csi.storage.k8s.io"] |
|||
resources: ["csidrivers"] |
|||
verbs: ["create", "delete"] |
|||
- apiGroups: ["coordination.k8s.io"] |
|||
resources: ["leases"] |
|||
verbs: ["get", "list", "watch", "create", "update", "patch"] |
|||
--- |
|||
|
|||
kind: ClusterRoleBinding |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
metadata: |
|||
name: azuredisk-csi-driver-registrar-binding |
|||
subjects: |
|||
- kind: ServiceAccount |
|||
name: csi-azuredisk-controller-sa |
|||
namespace: kube-system |
|||
roleRef: |
|||
kind: ClusterRole |
|||
name: azuredisk-cluster-driver-registrar-role |
|||
apiGroup: rbac.authorization.k8s.io |
|||
|
|||
--- |
|||
|
|||
kind: ClusterRole |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
metadata: |
|||
name: azuredisk-external-snapshotter-role |
|||
rules: |
|||
- apiGroups: [""] |
|||
resources: ["persistentvolumes"] |
|||
verbs: ["get", "list", "watch"] |
|||
- apiGroups: [""] |
|||
resources: ["persistentvolumeclaims"] |
|||
verbs: ["get", "list", "watch"] |
|||
- apiGroups: ["storage.k8s.io"] |
|||
resources: ["storageclasses"] |
|||
verbs: ["get", "list", "watch"] |
|||
- apiGroups: [""] |
|||
resources: ["events"] |
|||
verbs: ["list", "watch", "create", "update", "patch"] |
|||
- apiGroups: [""] |
|||
resources: ["secrets"] |
|||
verbs: ["get", "list"] |
|||
- apiGroups: ["snapshot.storage.k8s.io"] |
|||
resources: ["volumesnapshotclasses"] |
|||
verbs: ["get", "list", "watch"] |
|||
- apiGroups: ["snapshot.storage.k8s.io"] |
|||
resources: ["volumesnapshotcontents"] |
|||
verbs: ["create", "get", "list", "watch", "update", "delete"] |
|||
- apiGroups: ["snapshot.storage.k8s.io"] |
|||
resources: ["volumesnapshots"] |
|||
verbs: ["get", "list", "watch", "update"] |
|||
- apiGroups: ["apiextensions.k8s.io"] |
|||
resources: ["customresourcedefinitions"] |
|||
verbs: ["create", "list", "watch", "delete"] |
|||
- apiGroups: ["snapshot.storage.k8s.io"] |
|||
resources: ["volumesnapshotcontents/status"] |
|||
verbs: ["update"] |
|||
- apiGroups: ["coordination.k8s.io"] |
|||
resources: ["leases"] |
|||
verbs: ["get", "watch", "list", "delete", "update", "create"] |
|||
--- |
|||
|
|||
kind: ClusterRoleBinding |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
metadata: |
|||
name: azuredisk-csi-snapshotter-binding |
|||
subjects: |
|||
- kind: ServiceAccount |
|||
name: csi-azuredisk-controller-sa |
|||
namespace: kube-system |
|||
roleRef: |
|||
kind: ClusterRole |
|||
name: azuredisk-external-snapshotter-role |
|||
apiGroup: rbac.authorization.k8s.io |
|||
--- |
|||
|
|||
kind: ClusterRole |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
metadata: |
|||
name: azuredisk-external-resizer-role |
|||
rules: |
|||
- apiGroups: [""] |
|||
resources: ["persistentvolumes"] |
|||
verbs: ["get", "list", "watch", "update", "patch"] |
|||
- apiGroups: [""] |
|||
resources: ["persistentvolumeclaims"] |
|||
verbs: ["get", "list", "watch"] |
|||
- apiGroups: [""] |
|||
resources: ["persistentvolumeclaims/status"] |
|||
verbs: ["update", "patch"] |
|||
- apiGroups: [""] |
|||
resources: ["events"] |
|||
verbs: ["list", "watch", "create", "update", "patch"] |
|||
- apiGroups: ["coordination.k8s.io"] |
|||
resources: ["leases"] |
|||
verbs: ["get", "list", "watch", "create", "update", "patch"] |
|||
--- |
|||
kind: ClusterRoleBinding |
|||
apiVersion: rbac.authorization.k8s.io/v1 |
|||
metadata: |
|||
name: azuredisk-csi-resizer-role |
|||
subjects: |
|||
- kind: ServiceAccount |
|||
name: csi-azuredisk-controller-sa |
|||
namespace: kube-system |
|||
roleRef: |
|||
kind: ClusterRole |
|||
name: azuredisk-external-resizer-role |
|||
apiGroup: rbac.authorization.k8s.io |
|||
@ -0,0 +1,200 @@ |
|||
--- |
|||
kind: Deployment |
|||
apiVersion: apps/v1 |
|||
metadata: |
|||
name: csi-azuredisk-controller |
|||
namespace: kube-system |
|||
spec: |
|||
replicas: {{ azure_csi_controller_replicas }} |
|||
selector: |
|||
matchLabels: |
|||
app: csi-azuredisk-controller |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: csi-azuredisk-controller |
|||
spec: |
|||
hostNetwork: true |
|||
serviceAccountName: csi-azuredisk-controller-sa |
|||
nodeSelector: |
|||
beta.kubernetes.io/os: linux |
|||
priorityClassName: system-cluster-critical |
|||
tolerations: |
|||
- key: "node-role.kubernetes.io/master" |
|||
operator: "Equal" |
|||
value: "true" |
|||
effect: "NoSchedule" |
|||
containers: |
|||
- name: csi-provisioner |
|||
image: {{ azure_csi_image_repo }}/csi-provisioner:{{ azure_csi_provisioner_image_tag }} |
|||
args: |
|||
- "--provisioner=disk.csi.azure.com" |
|||
- "--feature-gates=Topology=true" |
|||
- "--csi-address=$(ADDRESS)" |
|||
- "--connection-timeout=15s" |
|||
- "--v=5" |
|||
- "--timeout=120s" |
|||
- "--enable-leader-election" |
|||
- "--leader-election-type=leases" |
|||
env: |
|||
- name: ADDRESS |
|||
value: /csi/csi.sock |
|||
imagePullPolicy: IfNotPresent |
|||
volumeMounts: |
|||
- mountPath: /csi |
|||
name: socket-dir |
|||
resources: |
|||
limits: |
|||
cpu: 200m |
|||
memory: 200Mi |
|||
requests: |
|||
cpu: 10m |
|||
memory: 20Mi |
|||
- name: csi-attacher |
|||
image: {{ azure_csi_image_repo }}/csi-attacher:{{ azure_csi_attacher_image_tag }} |
|||
args: |
|||
- "-v=5" |
|||
- "-csi-address=$(ADDRESS)" |
|||
- "-timeout=120s" |
|||
- "-leader-election" |
|||
- "-leader-election-type=leases" |
|||
env: |
|||
- name: ADDRESS |
|||
value: /csi/csi.sock |
|||
imagePullPolicy: IfNotPresent |
|||
volumeMounts: |
|||
- mountPath: /csi |
|||
name: socket-dir |
|||
resources: |
|||
limits: |
|||
cpu: 200m |
|||
memory: 200Mi |
|||
requests: |
|||
cpu: 10m |
|||
memory: 20Mi |
|||
- name: cluster-driver-registrar |
|||
image: {{ azure_csi_image_repo }}/csi-cluster-driver-registrar:{{ azure_csi_cluster_registrar_image_tag }} |
|||
args: |
|||
- --csi-address=$(ADDRESS) |
|||
- --driver-requires-attachment=true |
|||
- --v=5 |
|||
env: |
|||
- name: ADDRESS |
|||
value: /csi/csi.sock |
|||
volumeMounts: |
|||
- name: socket-dir |
|||
mountPath: /csi |
|||
resources: |
|||
limits: |
|||
cpu: 200m |
|||
memory: 200Mi |
|||
requests: |
|||
cpu: 10m |
|||
memory: 20Mi |
|||
- name: csi-snapshotter |
|||
image: {{ azure_csi_image_repo }}/csi-snapshotter:{{ azure_csi_snapshotter_image_tag }} |
|||
args: |
|||
- "-csi-address=$(ADDRESS)" |
|||
- "-leader-election" |
|||
- "--v=5" |
|||
env: |
|||
- name: ADDRESS |
|||
value: /csi/csi.sock |
|||
volumeMounts: |
|||
- name: socket-dir |
|||
mountPath: /csi |
|||
resources: |
|||
limits: |
|||
cpu: 200m |
|||
memory: 200Mi |
|||
requests: |
|||
cpu: 10m |
|||
memory: 20Mi |
|||
- name: csi-resizer |
|||
image: {{ azure_csi_image_repo }}/csi-resizer:{{ azure_csi_resizer_image_tag }} |
|||
args: |
|||
- "-csi-address=$(ADDRESS)" |
|||
- "-v=5" |
|||
- "-leader-election" |
|||
env: |
|||
- name: ADDRESS |
|||
value: /csi/csi.sock |
|||
volumeMounts: |
|||
- name: socket-dir |
|||
mountPath: /csi |
|||
resources: |
|||
limits: |
|||
cpu: 200m |
|||
memory: 200Mi |
|||
requests: |
|||
cpu: 10m |
|||
memory: 20Mi |
|||
- name: liveness-probe |
|||
image: {{ azure_csi_image_repo }}/livenessprobe:{{ azure_csi_livenessprobe_image_tag }} |
|||
args: |
|||
- --csi-address=/csi/csi.sock |
|||
- --connection-timeout=3s |
|||
- --health-port=29602 |
|||
- --v=5 |
|||
volumeMounts: |
|||
- name: socket-dir |
|||
mountPath: /csi |
|||
resources: |
|||
limits: |
|||
cpu: 200m |
|||
memory: 200Mi |
|||
requests: |
|||
cpu: 10m |
|||
memory: 20Mi |
|||
- name: azuredisk |
|||
image: {{ azure_csi_plugin_image_repo }}/azuredisk-csi:{{ azure_csi_plugin_image_tag }} |
|||
args: |
|||
- "--v=5" |
|||
- "--endpoint=$(CSI_ENDPOINT)" |
|||
- "--nodeid=$(KUBE_NODE_NAME)" |
|||
ports: |
|||
- containerPort: 29602 |
|||
name: healthz |
|||
protocol: TCP |
|||
- containerPort: 29604 |
|||
name: metrics |
|||
protocol: TCP |
|||
livenessProbe: |
|||
failureThreshold: 5 |
|||
httpGet: |
|||
path: /healthz |
|||
port: healthz |
|||
initialDelaySeconds: 30 |
|||
timeoutSeconds: 10 |
|||
periodSeconds: 30 |
|||
env: |
|||
- name: AZURE_CREDENTIAL_FILE |
|||
value: "/etc/kubernetes/azure.json" |
|||
- name: CSI_ENDPOINT |
|||
value: unix:///csi/csi.sock |
|||
imagePullPolicy: IfNotPresent |
|||
volumeMounts: |
|||
- mountPath: /csi |
|||
name: socket-dir |
|||
- mountPath: /etc/kubernetes/ |
|||
name: azure-cred |
|||
readOnly: true |
|||
- mountPath: /var/lib/waagent/ManagedIdentity-Settings |
|||
readOnly: true |
|||
name: msi |
|||
resources: |
|||
limits: |
|||
cpu: 200m |
|||
memory: 200Mi |
|||
requests: |
|||
cpu: 10m |
|||
memory: 20Mi |
|||
volumes: |
|||
- name: socket-dir |
|||
emptyDir: {} |
|||
- name: azure-cred |
|||
secret: |
|||
secretName: cloud-config |
|||
- name: msi |
|||
hostPath: |
|||
path: /var/lib/waagent/ManagedIdentity-Settings |
|||
@ -0,0 +1,10 @@ |
|||
--- |
|||
apiVersion: storage.k8s.io/v1beta1 |
|||
kind: CSIDriver |
|||
metadata: |
|||
name: disk.csi.azure.com |
|||
spec: |
|||
attachRequired: true |
|||
podInfoOnMount: true |
|||
volumeLifecycleModes: # added in Kubernetes 1.16 |
|||
- Persistent |
|||
@ -0,0 +1,156 @@ |
|||
--- |
|||
kind: DaemonSet |
|||
apiVersion: apps/v1 |
|||
metadata: |
|||
name: csi-azuredisk-node |
|||
namespace: kube-system |
|||
spec: |
|||
selector: |
|||
matchLabels: |
|||
app: csi-azuredisk-node |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: csi-azuredisk-node |
|||
spec: |
|||
hostNetwork: true |
|||
nodeSelector: |
|||
beta.kubernetes.io/os: linux |
|||
priorityClassName: system-node-critical |
|||
containers: |
|||
- name: liveness-probe |
|||
imagePullPolicy: IfNotPresent |
|||
volumeMounts: |
|||
- mountPath: /csi |
|||
name: socket-dir |
|||
image: {{ azure_csi_image_repo }}/livenessprobe:{{ azure_csi_livenessprobe_image_tag }} |
|||
args: |
|||
- --csi-address=/csi/csi.sock |
|||
- --connection-timeout=3s |
|||
- --health-port=29603 |
|||
- --v=5 |
|||
resources: |
|||
limits: |
|||
cpu: 200m |
|||
memory: 200Mi |
|||
requests: |
|||
cpu: 10m |
|||
memory: 20Mi |
|||
- name: node-driver-registrar |
|||
image: {{ azure_csi_image_repo }}/csi-node-driver-registrar:{{ azure_csi_node_registrar_image_tag }} |
|||
args: |
|||
- --csi-address=$(ADDRESS) |
|||
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) |
|||
- --v=5 |
|||
lifecycle: |
|||
preStop: |
|||
exec: |
|||
command: ["/bin/sh", "-c", "rm -rf /registration/disk.csi.azure.com-reg.sock /csi/csi.sock"] |
|||
env: |
|||
- name: ADDRESS |
|||
value: /csi/csi.sock |
|||
- name: DRIVER_REG_SOCK_PATH |
|||
value: /var/lib/kubelet/plugins/disk.csi.azure.com/csi.sock |
|||
volumeMounts: |
|||
- name: socket-dir |
|||
mountPath: /csi |
|||
- name: registration-dir |
|||
mountPath: /registration |
|||
resources: |
|||
limits: |
|||
cpu: 200m |
|||
memory: 200Mi |
|||
requests: |
|||
cpu: 10m |
|||
memory: 20Mi |
|||
- name: azuredisk |
|||
image: {{ azure_csi_plugin_image_repo }}/azuredisk-csi:{{ azure_csi_plugin_image_tag }} |
|||
args: |
|||
- "--v=5" |
|||
- "--endpoint=$(CSI_ENDPOINT)" |
|||
- "--nodeid=$(KUBE_NODE_NAME)" |
|||
- "--metrics-address=0.0.0.0:29605" |
|||
ports: |
|||
- containerPort: 29603 |
|||
name: healthz |
|||
protocol: TCP |
|||
- containerPort: 29605 |
|||
name: metrics |
|||
protocol: TCP |
|||
livenessProbe: |
|||
failureThreshold: 5 |
|||
httpGet: |
|||
path: /healthz |
|||
port: healthz |
|||
initialDelaySeconds: 30 |
|||
timeoutSeconds: 10 |
|||
periodSeconds: 30 |
|||
env: |
|||
- name: AZURE_CREDENTIAL_FILE |
|||
value: "/etc/kubernetes/azure.json" |
|||
- name: CSI_ENDPOINT |
|||
value: unix:///csi/csi.sock |
|||
- name: KUBE_NODE_NAME |
|||
valueFrom: |
|||
fieldRef: |
|||
apiVersion: v1 |
|||
fieldPath: spec.nodeName |
|||
imagePullPolicy: IfNotPresent |
|||
securityContext: |
|||
privileged: true |
|||
volumeMounts: |
|||
- mountPath: /csi |
|||
name: socket-dir |
|||
- mountPath: /var/lib/kubelet/ |
|||
mountPropagation: Bidirectional |
|||
name: mountpoint-dir |
|||
- mountPath: /etc/kubernetes/ |
|||
name: azure-cred |
|||
readOnly: true |
|||
- mountPath: /var/lib/waagent/ManagedIdentity-Settings |
|||
readOnly: true |
|||
name: msi |
|||
- mountPath: /dev |
|||
name: device-dir |
|||
- mountPath: /sys/bus/scsi/devices |
|||
name: sys-devices-dir |
|||
- mountPath: /sys/class/scsi_host/ |
|||
name: scsi-host-dir |
|||
resources: |
|||
limits: |
|||
cpu: 200m |
|||
memory: 200Mi |
|||
requests: |
|||
cpu: 10m |
|||
memory: 20Mi |
|||
volumes: |
|||
- hostPath: |
|||
path: /var/lib/kubelet/plugins/disk.csi.azure.com |
|||
type: DirectoryOrCreate |
|||
name: socket-dir |
|||
- hostPath: |
|||
path: /var/lib/kubelet/ |
|||
type: DirectoryOrCreate |
|||
name: mountpoint-dir |
|||
- hostPath: |
|||
path: /var/lib/kubelet/plugins_registry/ |
|||
type: DirectoryOrCreate |
|||
name: registration-dir |
|||
- name: azure-cred |
|||
secret: |
|||
secretName: cloud-config |
|||
- hostPath: |
|||
path: /var/lib/waagent/ManagedIdentity-Settings |
|||
name: msi |
|||
- hostPath: |
|||
path: /dev |
|||
type: Directory |
|||
name: device-dir |
|||
- hostPath: |
|||
path: /sys/bus/scsi/devices |
|||
type: Directory |
|||
name: sys-devices-dir |
|||
- hostPath: |
|||
path: /sys/class/scsi_host/ |
|||
type: Directory |
|||
name: scsi-host-dir |
|||
@ -0,0 +1,7 @@ |
|||
kind: Secret |
|||
apiVersion: v1 |
|||
metadata: |
|||
name: cloud-config |
|||
namespace: kube-system |
|||
data: |
|||
azure.json: {{ cloud_config_secret.content }} |
|||
@ -0,0 +1,14 @@ |
|||
{ |
|||
"cloud":"AzurePublicCloud", |
|||
"tenantId": "{{ azure_csi_tenant_id }}", |
|||
"subscriptionId": "{{ azure_csi_subscription_id }}", |
|||
"aadClientId": "{{ azure_csi_aad_client_id }}", |
|||
"aadClientSecret": "{{ azure_csi_aad_client_secret }}", |
|||
"location": "{{ azure_csi_location }}", |
|||
"resourceGroup": "{{ azure_csi_resource_group }}", |
|||
"vnetName": "{{ azure_csi_vnet_name }}", |
|||
"vnetResourceGroup": "{{ azure_csi_vnet_resource_group }}", |
|||
"subnetName": "{{ azure_csi_subnet_name }}", |
|||
"securityGroupName": "{{ azure_csi_security_group_name }}", |
|||
"useInstanceMetadata": {{ azure_csi_use_instance_metadata }}, |
|||
} |
|||
@ -0,0 +1,38 @@ |
|||
--- |
|||
apiVersion: apiextensions.k8s.io/v1beta1 |
|||
kind: CustomResourceDefinition |
|||
metadata: |
|||
creationTimestamp: null |
|||
name: csinodeinfos.csi.storage.k8s.io |
|||
spec: |
|||
group: csi.storage.k8s.io |
|||
names: |
|||
kind: CSINodeInfo |
|||
plural: csinodeinfos |
|||
scope: Cluster |
|||
validation: |
|||
openAPIV3Schema: |
|||
properties: |
|||
csiDrivers: |
|||
description: List of CSI drivers running on the node and their properties. |
|||
items: |
|||
properties: |
|||
driver: |
|||
description: The CSI driver that this object refers to. |
|||
type: string |
|||
nodeID: |
|||
description: The node from the driver point of view. |
|||
type: string |
|||
topologyKeys: |
|||
description: List of keys supported by the driver. |
|||
items: |
|||
type: string |
|||
type: array |
|||
type: array |
|||
version: v1alpha1 |
|||
status: |
|||
acceptedNames: |
|||
kind: "" |
|||
plural: "" |
|||
conditions: [] |
|||
storedVersions: [] |
|||
@ -0,0 +1,3 @@ |
|||
--- |
|||
## Available values: Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS |
|||
storage_account_type: StandardSSD_LRS |
|||
@ -0,0 +1,19 @@ |
|||
--- |
|||
- name: Kubernetes Persistent Volumes | Copy Azure CSI Storage Class template |
|||
template: |
|||
src: "azure-csi-storage-class.yml.j2" |
|||
dest: "{{ kube_config_dir }}/azure-csi-storage-class.yml" |
|||
register: manifests |
|||
when: |
|||
- inventory_hostname == groups['kube-master'][0] |
|||
|
|||
- name: Kubernetes Persistent Volumes | Add Azure CSI Storage Class |
|||
kube: |
|||
name: cinder-csi |
|||
kubectl: "{{ bin_dir }}/kubectl" |
|||
resource: StorageClass |
|||
filename: "{{ kube_config_dir }}/azure-csi-storage-class.yml" |
|||
state: "latest" |
|||
when: |
|||
- inventory_hostname == groups['kube-master'][0] |
|||
- manifests.changed |
|||
@ -0,0 +1,11 @@ |
|||
--- |
|||
apiVersion: storage.k8s.io/v1 |
|||
kind: StorageClass |
|||
metadata: |
|||
name: disk.csi.azure.com |
|||
provisioner: disk.csi.azure.com |
|||
parameters: |
|||
skuname: {{ storage_account_type }} |
|||
reclaimPolicy: Delete |
|||
volumeBindingMode: Immediate |
|||
allowVolumeExpansion: true |
|||
Write
Preview
Loading…
Cancel
Save