apiVersion: v1 kind: ServiceAccount metadata: name: csi-dysk-provisioner namespace: dysk --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dysk:external-provisioner-runner rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-dysk-provisioner-role subjects: - kind: ServiceAccount name: csi-dysk-provisioner namespace: dysk roleRef: kind: ClusterRole name: dysk:external-provisioner-runner apiGroup: rbac.authorization.k8s.io --- kind: Service apiVersion: v1 metadata: name: csi-dysk-provisioner namespace: dysk labels: app: csi-dysk-provisioner spec: selector: app: csi-dysk-provisioner ports: - name: dummy port: 12345 --- kind: StatefulSet apiVersion: apps/v1beta1 metadata: name: csi-dysk-provisioner namespace: dysk spec: serviceName: "csi-dysk-provisioner" replicas: 1 template: metadata: labels: app: csi-dysk-provisioner spec: serviceAccount: csi-dysk-provisioner containers: - name: csi-dysk-provisioner image: andyzhangx/csi-provisioner:0.2.0 args: - "--provisioner=csi-dysk" - "--csi-address=$(ADDRESS)" - "--v=5" env: - name: ADDRESS value: /var/lib/kubelet/plugins/csi-dysk/csi.sock imagePullPolicy: "IfNotPresent" volumeMounts: - name: socket-dir mountPath: /var/lib/kubelet/plugins/csi-dysk volumes: - name: socket-dir hostPath: path: /var/lib/kubelet/plugins/csi-dysk --- apiVersion: v1 kind: ServiceAccount metadata: name: csi-dysk-attacher namespace: dysk --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dysk:external-attacher-runner rules: - apiGroups: [""] resources: ["events"] verbs: ["get", "list", "watch", "update"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-dysk-attacher-role subjects: - kind: ServiceAccount name: csi-dysk-attacher namespace: dysk roleRef: kind: ClusterRole name: dysk:external-attacher-runner apiGroup: rbac.authorization.k8s.io --- kind: Service apiVersion: v1 metadata: name: csi-dysk-attacher namespace: dysk labels: app: csi-dysk-attacher spec: selector: app: csi-dysk-attacher ports: - name: dummy port: 12345 --- kind: StatefulSet apiVersion: apps/v1beta1 metadata: name: csi-dysk-attacher namespace: dysk spec: serviceName: "csi-dysk-attacher" replicas: 1 template: metadata: labels: app: csi-dysk-attacher spec: serviceAccount: csi-dysk-attacher containers: - name: csi-dysk-attacher image: quay.io/k8scsi/csi-attacher:v0.2.0 args: - "--v=5" - "--csi-address=$(ADDRESS)" env: - name: ADDRESS value: /var/lib/kubelet/plugins/csi-dysk/csi.sock imagePullPolicy: "IfNotPresent" volumeMounts: - name: socket-dir mountPath: /var/lib/kubelet/plugins/csi-dysk volumes: - name: socket-dir hostPath: path: /var/lib/kubelet/plugins/csi-dysk --- apiVersion: v1 kind: ServiceAccount metadata: name: csi-dysk namespace: dysk --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-dysk rules: - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "update"] - apiGroups: [""] resources: ["namespaces"] verbs: ["get", "list"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-dysk subjects: - kind: ServiceAccount name: csi-dysk namespace: dysk roleRef: kind: ClusterRole name: csi-dysk apiGroup: rbac.authorization.k8s.io --- # This YAML file contains driver-registrar & csi driver nodeplugin API objects, # which are necessary to run csi nodeplugin for dysk. kind: DaemonSet apiVersion: apps/v1beta2 metadata: name: csi-dysk namespace: dysk spec: selector: matchLabels: app: csi-dysk template: metadata: labels: app: csi-dysk spec: serviceAccount: csi-dysk hostNetwork: true containers: - name: driver-registrar image: quay.io/k8scsi/driver-registrar:v0.2.0 args: - "--v=5" - "--csi-address=$(ADDRESS)" env: - name: ADDRESS value: /var/lib/kubelet/plugins/csi-dysk/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: socket-dir mountPath: /var/lib/kubelet/plugins/csi-dysk - name: dysk-driver securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true imagePullPolicy: Always image: andyzhangx/csi-dysk:1.0.0 args: - "--nodeid=$(NODE_ID)" - "--endpoint=$(CSI_ENDPOINT)" - "--v=5" env: - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: CSI_ENDPOINT value: unix://var/lib/kubelet/plugins/csi-dysk/csi.sock volumeMounts: - name: socket-dir mountPath: /var/lib/kubelet/plugins/csi-dysk - name: mountpoint-dir mountPath: /var/lib/kubelet/pods mountPropagation: "Bidirectional" - name: host-dev mountPath: /dev volumes: - name: mountpoint-dir hostPath: path: /var/lib/kubelet/pods - name: socket-dir hostPath: path: /var/lib/kubelet/plugins/csi-dysk - name: host-dev hostPath: path: /dev