devindata-public
/
csi-driver-nfs
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: devindata-public:master
Branches Tags
devindata-public:master
devindata-public:release-4.0
devindata-public:release-3.0
devindata-public:release-3.1
devindata-public:release_tools2
devindata-public:prow-update-master
devindata-public:v4.0.0
devindata-public:v3.1.0
devindata-public:v3.0.0
devindata-public:v2.0.0
..
compare: devindata-public:v4.0.0
Branches Tags
devindata-public:master
devindata-public:release-4.0
devindata-public:release-3.0
devindata-public:release-3.1
devindata-public:release_tools2
devindata-public:prow-update-master
devindata-public:v4.0.0
devindata-public:v3.1.0
devindata-public:v3.0.0
devindata-public:v2.0.0

No commits in common. "master" and "v4.0.0" have entirely different histories.
master ... v4.0.0

37 changed files with 80 additions and 695 deletions
Show Stats Expand all files Collapse all files

2
Makefile
View File

@ -27,7 +27,7 @@ include release-tools/build.make
GIT_COMMIT = $(shell git rev-parse HEAD)
BUILD_DATE = $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
IMAGE_VERSION ?= v4.1.0
IMAGE_VERSION ?= v4.0.0
LDFLAGS = -X ${PKG}/pkg/nfs.driverVersion=${IMAGE_VERSION} -X ${PKG}/pkg/nfs.gitCommit=${GIT_COMMIT} -X ${PKG}/pkg/nfs.buildDate=${BUILD_DATE}
EXT_LDFLAGS = -s -w -extldflags "-static"
# Use a custom version for E2E tests if we are testing in CI

1
README.md
View File

@ -25,6 +25,7 @@ This is a repository for [NFS](https://en.wikipedia.org/wiki/Network_File_System
Please refer to [`nfs.csi.k8s.io` driver parameters](./docs/driver-parameters.md)
### Examples
- [Set up a NFS Server on a Kubernetes cluster](./deploy/example/nfs-provisioner/README.md)
- [Basic usage](./deploy/example/README.md)
- [fsGroupPolicy](./deploy/example/fsgroup)

46
charts/index.yaml
View File

@ -2,12 +2,48 @@ apiVersion: v1
entries:
csi-driver-nfs:
- apiVersion: v1
appVersion: v4.2.0
created: "2022-05-06T12:35:56.6991353Z"
appVersion: v4.0.0
created: "2022-05-03T11:18:21.533449624Z"
description: CSI NFS Driver for Kubernetes
digest: 70f403442f59edb6c01fed573ce40c625775be15b1e32c21edf5704adcc94be9
name: csi-driver-nfs
urls:
- https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/latest/csi-driver-nfs-v4.0.0.tgz
version: v4.0.0
- apiVersion: v1
appVersion: v4.0.0
created: "2022-05-03T11:18:21.536514545Z"
description: CSI NFS Driver for Kubernetes
digest: cb537287512ce9f99adaead8cd4904ed7284780bdc44c9b8d6705e66f28bfa5c
name: csi-driver-nfs
urls:
- https://gitea.devindata.com/devindata-public/csi-driver-nfs/raw/branch/master/charts/v4.2.0/csi-driver-nfs-v4.2.0.tgz
version: v4.2.0
generated: "2022-05-06T12:35:56.693722959Z"
- https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/v4.0.0/csi-driver-nfs-v4.0.0.tgz
version: v4.0.0
- apiVersion: v1
appVersion: v3.1.0
created: "2022-05-03T11:18:21.535854341Z"
description: CSI NFS Driver for Kubernetes
digest: 7e51bb9188b013195cafc265102fa365de9ec5513780e1dfc5363289f811a4d9
name: csi-driver-nfs
urls:
- https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/v3.1.0/csi-driver-nfs-v3.1.0.tgz
version: v3.1.0
- apiVersion: v1
appVersion: v3.0.0
created: "2022-05-03T11:18:21.535058035Z"
description: CSI NFS Driver for Kubernetes
digest: 44406231cd5cdada1c62a0541b93b4f5d5a70ccc8c50b33553a8692fe6cfae96
name: csi-driver-nfs
urls:
- https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/v3.0.0/csi-driver-nfs-v3.0.0.tgz
version: v3.0.0
- apiVersion: v1
appVersion: v2.0.0
created: "2022-05-03T11:18:21.533976127Z"
description: CSI NFS Driver for Kubernetes
digest: 1a32c6fc016526fe19a0c9e0dfbe83d0ddde67ced533bb5f5d24d713f706c613
name: csi-driver-nfs
urls:
- https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/v2.0.0/csi-driver-nfs-v2.0.0.tgz
version: v2.0.0
generated: "2022-05-03T11:18:21.530613004Z"

BIN
charts/latest/csi-driver-nfs-v4.0.0.tgz Normal file
View File

Binary file not shown.

BIN
charts/latest/csi-driver-nfs-v4.1.0.tgz
View File

Binary file not shown.

4
charts/latest/csi-driver-nfs/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
appVersion: latest
appVersion: v4.0.0
description: CSI NFS Driver for Kubernetes
name: csi-driver-nfs
version: v4.1.0
version: v4.0.0

1
charts/latest/csi-driver-nfs/templates/csi-nfs-node.yaml
View File

@ -24,7 +24,6 @@ spec:
{{- end }}
hostNetwork: true # original nfs connection would be broken without hostNetwork setting
dnsPolicy: {{ .Values.controller.dnsPolicy }}
serviceAccountName: csi-nfs-node-sa
nodeSelector:
kubernetes.io/os: linux
{{- with .Values.node.tolerations }}

7
charts/latest/csi-driver-nfs/templates/rbac-csi-nfs.yaml → charts/latest/csi-driver-nfs/templates/rbac-csi-nfs-controller.yaml
View File

@ -7,13 +7,6 @@ metadata:
namespace: {{ .Release.Namespace }}
{{ include "nfs.labels" . | indent 2 }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-{{ .Values.rbac.name }}-node-sa
namespace: {{ .Release.Namespace }}
{{ include "nfs.labels" . | indent 2 }}
---
{{- end -}}
{{- if .Values.rbac.create -}}

8
charts/latest/csi-driver-nfs/values.yaml
View File

@ -1,8 +1,8 @@
customLabels: {}
image:
nfs:
repository: gcr.io/k8s-staging-sig-storage/nfsplugin
tag: canary
repository: registry.k8s.io/sig-storage/nfsplugin
tag: v4.0.0
pullPolicy: IfNotPresent
csiProvisioner:
repository: registry.k8s.io/sig-storage/csi-provisioner
@ -10,11 +10,11 @@ image:
pullPolicy: IfNotPresent
livenessProbe:
repository: registry.k8s.io/sig-storage/livenessprobe
tag: v2.7.0
tag: v2.6.0
pullPolicy: IfNotPresent
nodeDriverRegistrar:
repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
tag: v2.5.1
tag: v2.5.0
pullPolicy: IfNotPresent
serviceAccount:

8
charts/v4.0.0/csi-driver-nfs/values.yaml
View File

@ -2,19 +2,19 @@ customLabels: {}
image:
nfs:
repository: registry.k8s.io/sig-storage/nfsplugin
tag: v4.2.0
tag: v4.0.0
pullPolicy: IfNotPresent
csiProvisioner:
repository: registry.k8s.io/sig-storage/csi-provisioner
tag: v3.3.0
tag: v3.1.0
pullPolicy: IfNotPresent
livenessProbe:
repository: registry.k8s.io/sig-storage/livenessprobe
tag: v2.8.0
tag: v2.6.0
pullPolicy: IfNotPresent
nodeDriverRegistrar:
repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
tag: v2.6.2
tag: v2.5.0
pullPolicy: IfNotPresent
serviceAccount:

BIN
charts/v4.2.0/csi-driver-nfs-v4.2.0.tgz
View File

Binary file not shown.

22
charts/v4.2.0/csi-driver-nfs/.helmignore
View File

@ -1,22 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

5
charts/v4.2.0/csi-driver-nfs/Chart.yaml
View File

@ -1,5 +0,0 @@
apiVersion: v1
appVersion: v4.2.0
description: CSI NFS Driver for Kubernetes
name: csi-driver-nfs
version: v4.2.0

5
charts/v4.2.0/csi-driver-nfs/templates/NOTES.txt
View File

@ -1,5 +0,0 @@
The CSI NFS Driver is getting deployed to your cluster.
To check CSI NFS Driver pods status, please run:
kubectl --namespace={{ .Release.Namespace }} get pods --selector="app.kubernetes.io/instance={{ .Release.Name }}" --watch

19
charts/v4.2.0/csi-driver-nfs/templates/_helpers.tpl
View File

@ -1,19 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/* Expand the name of the chart.*/}}
{{- define "nfs.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* labels for helm resources */}}
{{- define "nfs.labels" -}}
labels:
app.kubernetes.io/instance: "{{ .Release.Name }}"
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
app.kubernetes.io/name: "{{ template "nfs.name" . }}"
app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
{{- if .Values.customLabels }}
{{ toYaml .Values.customLabels | indent 2 -}}
{{- end }}
{{- end -}}

123
charts/v4.2.0/csi-driver-nfs/templates/csi-nfs-controller.yaml
View File

@ -1,123 +0,0 @@
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ .Values.controller.name }}
namespace: {{ .Release.Namespace }}
{{ include "nfs.labels" . | indent 2 }}
spec:
replicas: {{ .Values.controller.replicas }}
selector:
matchLabels:
app: {{ .Values.controller.name }}
strategy:
type: {{ .Values.controller.strategyType }}
template:
metadata:
{{ include "nfs.labels" . | indent 6 }}
app: {{ .Values.controller.name }}
spec:
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
hostNetwork: true # controller also needs to mount nfs to create dir
dnsPolicy: {{ .Values.controller.dnsPolicy }}
serviceAccountName: {{ .Values.serviceAccount.controller }}
{{- with .Values.controller.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.controller.runOnMaster}}
node-role.kubernetes.io/master: ""
{{- end}}
{{- if .Values.controller.runOnControlPlane}}
node-role.kubernetes.io/control-plane: ""
{{- end}}
{{- with .Values.controller.nodeSelector }}
{{ toYaml . | indent 8 }}
{{- end }}
priorityClassName: system-cluster-critical
{{- with .Values.controller.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
containers:
- name: csi-provisioner
image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
args:
- "-v=2"
- "--csi-address=$(ADDRESS)"
- "--leader-election"
- "--leader-election-namespace={{ .Release.Namespace }}"
- "--extra-create-metadata=true"
env:
- name: ADDRESS
value: /csi/csi.sock
imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }}
volumeMounts:
- mountPath: /csi
name: socket-dir
resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
- name: liveness-probe
image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
args:
- --csi-address=/csi/csi.sock
- --probe-timeout=3s
- --health-port={{ .Values.controller.livenessProbe.healthPort }}
- --v=2
imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
volumeMounts:
- name: socket-dir
mountPath: /csi
resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
- name: nfs
image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}"
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
imagePullPolicy: {{ .Values.image.nfs.pullPolicy }}
args:
- "--v={{ .Values.controller.logLevel }}"
- "--nodeid=$(NODE_ID)"
- "--endpoint=$(CSI_ENDPOINT)"
- "--drivername={{ .Values.driver.name }}"
- "--mount-permissions={{ .Values.driver.mountPermissions }}"
- "--working-mount-dir={{ .Values.controller.workingMountDir }}"
env:
- name: NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
ports:
- containerPort: {{ .Values.controller.livenessProbe.healthPort }}
name: healthz
protocol: TCP
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 30
timeoutSeconds: 10
periodSeconds: 30
volumeMounts:
- name: pods-mount-dir
mountPath: {{ .Values.kubeletDir }}/pods
mountPropagation: "Bidirectional"
- mountPath: /csi
name: socket-dir
resources: {{- toYaml .Values.controller.resources.nfs | nindent 12 }}
volumes:
- name: pods-mount-dir
hostPath:
path: {{ .Values.kubeletDir }}/pods
type: Directory
- name: socket-dir
emptyDir: {}

15
charts/v4.2.0/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml
View File

@ -1,15 +0,0 @@
---
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: {{ .Values.driver.name }}
spec:
attachRequired: false
volumeLifecycleModes:
- Persistent
{{- if .Values.feature.enableInlineVolume}}
- Ephemeral
{{- end}}
{{- if .Values.feature.enableFSGroupPolicy}}
fsGroupPolicy: File
{{- end}}

134
charts/v4.2.0/csi-driver-nfs/templates/csi-nfs-node.yaml
View File

@ -1,134 +0,0 @@
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ .Values.node.name }}
namespace: {{ .Release.Namespace }}
{{ include "nfs.labels" . | indent 2 }}
spec:
updateStrategy:
rollingUpdate:
maxUnavailable: {{ .Values.node.maxUnavailable }}
type: RollingUpdate
selector:
matchLabels:
app: {{ .Values.node.name }}
template:
metadata:
{{ include "nfs.labels" . | indent 6 }}
app: {{ .Values.node.name }}
spec:
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
hostNetwork: true # original nfs connection would be broken without hostNetwork setting
dnsPolicy: {{ .Values.controller.dnsPolicy }}
serviceAccountName: csi-nfs-node-sa
{{- with .Values.node.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
nodeSelector:
kubernetes.io/os: linux
{{- with .Values.node.nodeSelector }}
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.node.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
containers:
- name: liveness-probe
image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
args:
- --csi-address=/csi/csi.sock
- --probe-timeout=3s
- --health-port={{ .Values.node.livenessProbe.healthPort }}
- --v=2
imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
volumeMounts:
- name: socket-dir
mountPath: /csi
resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }}
- name: node-driver-registrar
image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
livenessProbe:
exec:
command:
- /csi-node-driver-registrar
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --mode=kubelet-registration-probe
initialDelaySeconds: 30
timeoutSeconds: 15
args:
- --v=2
- --csi-address=/csi/csi.sock
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
env:
- name: DRIVER_REG_SOCK_PATH
value: {{ .Values.kubeletDir }}/plugins/csi-nfsplugin/csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
volumeMounts:
- name: socket-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
resources: {{- toYaml .Values.node.resources.nodeDriverRegistrar | nindent 12 }}
- name: nfs
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}"
args :
- "--v={{ .Values.node.logLevel }}"
- "--nodeid=$(NODE_ID)"
- "--endpoint=$(CSI_ENDPOINT)"
- "--drivername={{ .Values.driver.name }}"
- "--mount-permissions={{ .Values.driver.mountPermissions }}"
env:
- name: NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
ports:
- containerPort: {{ .Values.node.livenessProbe.healthPort }}
name: healthz
protocol: TCP
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 30
timeoutSeconds: 10
periodSeconds: 30
imagePullPolicy: {{ .Values.image.nfs.pullPolicy }}
volumeMounts:
- name: socket-dir
mountPath: /csi
- name: pods-mount-dir
mountPath: {{ .Values.kubeletDir }}/pods
mountPropagation: "Bidirectional"
resources: {{- toYaml .Values.node.resources.nfs | nindent 12 }}
volumes:
- name: socket-dir
hostPath:
path: {{ .Values.kubeletDir }}/plugins/csi-nfsplugin
type: DirectoryOrCreate
- name: pods-mount-dir
hostPath:
path: {{ .Values.kubeletDir }}/pods
type: Directory
- hostPath:
path: {{ .Values.kubeletDir }}/plugins_registry
type: Directory
name: registration-dir

64
charts/v4.2.0/csi-driver-nfs/templates/rbac-csi-nfs.yaml
View File

@ -1,64 +0,0 @@
{{- if .Values.serviceAccount.create -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-{{ .Values.rbac.name }}-controller-sa
namespace: {{ .Release.Namespace }}
{{ include "nfs.labels" . | indent 2 }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-{{ .Values.rbac.name }}-node-sa
namespace: {{ .Release.Namespace }}
{{ include "nfs.labels" . | indent 2 }}
---
{{- end }}
{{ if .Values.rbac.create -}}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Values.rbac.name }}-external-provisioner-role
{{ include "nfs.labels" . | indent 2 }}
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Values.rbac.name }}-csi-provisioner-binding
{{ include "nfs.labels" . | indent 2 }}
subjects:
- kind: ServiceAccount
name: csi-{{ .Values.rbac.name }}-controller-sa
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Values.rbac.name }}-external-provisioner-role
apiGroup: rbac.authorization.k8s.io
{{- end -}}

116
charts/v4.2.0/csi-driver-nfs/values.yaml
View File

@ -1,116 +0,0 @@
customLabels: {}
image:
nfs:
repository: registry.k8s.io/sig-storage/nfsplugin
tag: v4.2.0
pullPolicy: IfNotPresent
csiProvisioner:
repository: registry.k8s.io/sig-storage/csi-provisioner
tag: v3.3.0
pullPolicy: IfNotPresent
livenessProbe:
repository: registry.k8s.io/sig-storage/livenessprobe
tag: v2.8.0
pullPolicy: IfNotPresent
nodeDriverRegistrar:
repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
tag: v2.6.2
pullPolicy: IfNotPresent
serviceAccount:
create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
controller: csi-nfs-controller-sa # Name of Service Account to be created or used
rbac:
create: true
name: nfs
driver:
name: nfs.csi.k8s.io
mountPermissions: 0
feature:
enableFSGroupPolicy: true
enableInlineVolume: false
kubeletDir: /var/lib/kubelet
controller:
name: csi-nfs-controller
replicas: 1
strategyType: Recreate
runOnMaster: false
runOnControlPlane: false
livenessProbe:
healthPort: 29652
logLevel: 5
workingMountDir: "/tmp"
dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst
affinity: {}
nodeSelector: {}
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/controlplane"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
resources:
csiProvisioner:
limits:
memory: 400Mi
requests:
cpu: 10m
memory: 20Mi
livenessProbe:
limits:
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
nfs:
limits:
memory: 200Mi
requests:
cpu: 10m
memory: 20Mi
node:
name: csi-nfs-node
dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst
maxUnavailable: 1
logLevel: 5
livenessProbe:
healthPort: 29653
affinity: {}
nodeSelector: {}
tolerations:
- operator: "Exists"
resources:
livenessProbe:
limits:
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
nodeDriverRegistrar:
limits:
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
nfs:
limits:
memory: 300Mi
requests:
cpu: 10m
memory: 20Mi
## Reference to one or more secrets to be used when pulling images
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
imagePullSecrets: []
# - name: "image-pull-secret"

4
deploy/csi-nfs-controller.yaml
View File

@ -51,7 +51,7 @@ spec:
cpu: 10m
memory: 20Mi
- name: liveness-probe
image: registry.k8s.io/sig-storage/livenessprobe:v2.7.0
image: registry.k8s.io/sig-storage/livenessprobe:v2.6.0
args:
- --csi-address=/csi/csi.sock
- --probe-timeout=3s
@ -67,7 +67,7 @@ spec:
cpu: 10m
memory: 20Mi
- name: nfs
image: gcr.io/k8s-staging-sig-storage/nfsplugin:canary
image: registry.k8s.io/sig-storage/nfsplugin:v4.0.0
securityContext:
privileged: true
capabilities:

7
deploy/csi-nfs-node.yaml
View File

@ -19,14 +19,13 @@ spec:
spec:
hostNetwork: true # original nfs connection would be broken without hostNetwork setting
dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst
serviceAccountName: csi-nfs-node-sa
nodeSelector:
kubernetes.io/os: linux
tolerations:
- operator: "Exists"
containers:
- name: liveness-probe
image: registry.k8s.io/sig-storage/livenessprobe:v2.7.0
image: registry.k8s.io/sig-storage/livenessprobe:v2.6.0
args:
- --csi-address=/csi/csi.sock
- --probe-timeout=3s
@ -42,7 +41,7 @@ spec:
cpu: 10m
memory: 20Mi
- name: node-driver-registrar
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1
image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.0
args:
- --v=2
- --csi-address=/csi/csi.sock
@ -79,7 +78,7 @@ spec:
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
image: gcr.io/k8s-staging-sig-storage/nfsplugin:canary
image: registry.k8s.io/sig-storage/nfsplugin:v4.0.0
args:
- "-v=5"
- "--nodeid=$(NODE_ID)"

32
deploy/example/README.md
View File

@ -6,34 +6,18 @@ Please refer to [driver parameters](../../docs/driver-parameters.md) for more de
## Prerequisite
- [Set up a NFS Server on a Kubernetes cluster](./nfs-provisioner/README.md) as an example
- [Set up a NFS Server on a Kubernetes cluster](./nfs-provisioner/README.md)
- [Install NFS CSI Driver](../../docs/install-nfs-csi-driver.md)
## Storage Class Usage (Dynamic Provisioning)
- Create a storage class
> change `server`, `share` with your existing NFS server address and share name
```yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-csi
provisioner: nfs.csi.k8s.io
parameters:
server: nfs-server.default.svc.cluster.local
share: /
# csi.storage.k8s.io/provisioner-secret is only needed for providing mountOptions in DeleteVolume
# csi.storage.k8s.io/provisioner-secret-name: "mount-options"
# csi.storage.k8s.io/provisioner-secret-namespace: "default"
reclaimPolicy: Delete
volumeBindingMode: Immediate
mountOptions:
- nconnect=8 # only supported on linux kernel version >= 5.3
- nfsvers=4.1
```
- Follow the following command to create a `StorageClass`, and then `PersistentVolume` and `PersistentVolumeClaim` dynamically.
- create PVC
```console
```bash
# create StorageClass
kubectl create -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/deploy/example/storageclass-nfs.yaml
# create PVC
kubectl create -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/deploy/example/pvc-nfs-csi-dynamic.yaml
```
@ -52,4 +36,4 @@ kubectl create -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nf
## Create a deployment
```console
kubectl create -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/deploy/example/deployment.yaml
```
```

1
deploy/example/nfs-provisioner/nginx-pod.yaml
View File

@ -10,6 +10,7 @@ spec:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Delete
mountOptions:
- hard
- nfsvers=4.1
csi:
driver: nfs.csi.k8s.io

1
deploy/example/pv-nfs-csi.yaml
View File

@ -12,6 +12,7 @@ spec:
storageClassName: nfs-csi
mountOptions:
- nconnect=8 # only supported on linux kernel version >= 5.3
- hard
- nfsvers=4.1
csi:
driver: nfs.csi.k8s.io

1
deploy/example/storageclass-nfs.yaml
View File

@ -14,4 +14,5 @@ reclaimPolicy: Delete
volumeBindingMode: Immediate
mountOptions:
- nconnect=8 # only supported on linux kernel version >= 5.3
- hard
- nfsvers=4.1

2
deploy/install-driver.sh
View File

@ -34,7 +34,7 @@ if [ $ver != "master" ]; then
fi
echo "Installing NFS CSI driver, version: $ver ..."
kubectl apply -f $repo/rbac-csi-nfs.yaml
kubectl apply -f $repo/rbac-csi-nfs-controller.yaml
kubectl apply -f $repo/csi-nfs-driverinfo.yaml
kubectl apply -f $repo/csi-nfs-controller.yaml
kubectl apply -f $repo/csi-nfs-node.yaml

7
deploy/rbac-csi-nfs.yaml → deploy/rbac-csi-nfs-controller.yaml
View File

@ -4,12 +4,7 @@ kind: ServiceAccount
metadata:
name: csi-nfs-controller-sa
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-nfs-node-sa
namespace: kube-system
---
kind: ClusterRole

2
deploy/uninstall-driver.sh
View File

@ -37,5 +37,5 @@ echo "Uninstalling NFS driver, version: $ver ..."
kubectl delete -f $repo/csi-nfs-controller.yaml --ignore-not-found
kubectl delete -f $repo/csi-nfs-node.yaml --ignore-not-found
kubectl delete -f $repo/csi-nfs-driverinfo.yaml --ignore-not-found
kubectl delete -f $repo/rbac-csi-nfs.yaml --ignore-not-found
kubectl delete -f $repo/rbac-csi-nfs-controller.yaml --ignore-not-found
echo 'Uninstalled NFS driver successfully.'

4
docs/csi-debug.md
View File

@ -1,6 +1,6 @@
## CSI driver debug tips
### case#1: volume create/delete failed
### Case#1: volume create/delete failed
- locate csi driver pod
```console
$ kubectl get pod -o wide -n kube-system | grep csi-nfs-controller
@ -14,7 +14,7 @@ $ kubectl logs csi-nfs-controller-56bfddd689-dh5tk -c nfs -n kube-system > csi-n
```
> note: there could be multiple controller pods, if there are no helpful logs, try to get logs from other controller pods
### case#2: volume mount/unmount failed
### Case#2: volume mount/unmount failed
- locate csi driver pod that does the actual volume mount/unmount
```console

3
docs/driver-parameters.md
View File

@ -42,5 +42,6 @@ parameters:
reclaimPolicy: Delete
volumeBindingMode: Immediate
mountOptions:
- nfsvers=4.1
- hard
- nfsvers=3
```

1
go.mod
View File

@ -20,7 +20,6 @@ require (
k8s.io/klog/v2 v2.30.0
k8s.io/kubernetes v1.23.3
k8s.io/mount-utils v0.23.3
k8s.io/utils v0.0.0-20211116205334-6203023598ed
sigs.k8s.io/yaml v1.2.0
)

4
pkg/nfs/nodeserver.go
View File

@ -91,7 +91,6 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
if baseDir == "" {
return nil, status.Error(codes.InvalidArgument, fmt.Sprintf("%v is a required parameter", paramShare))
}
server = getServerFromSource(server)
source := fmt.Sprintf("%s:%s", server, baseDir)
notMnt, err := ns.mounter.IsLikelyNotMountPoint(targetPath)
@ -122,7 +121,8 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis
}
if performChmodOp {
if err := chmodIfPermissionMismatch(targetPath, os.FileMode(mountPermissions)); err != nil {
klog.V(2).Infof("volumeID(%v): chmod targetPath(%s) with permissions(0%o)", volumeID, targetPath, mountPermissions)
if err := os.Chmod(targetPath, os.FileMode(mountPermissions)); err != nil {
return nil, status.Error(codes.Internal, err.Error())
}
} else {

28
pkg/nfs/utils.go
View File

@ -18,7 +18,6 @@ package nfs
import (
"fmt"
"os"
"strings"
"sync"
@ -29,7 +28,6 @@ import (
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/klog/v2"
netutil "k8s.io/utils/net"
)
func NewDefaultIdentityServer(d *Driver) *IdentityServer {
@ -134,29 +132,3 @@ func getMountOptions(context map[string]string) string {
}
return ""
}
// chmodIfPermissionMismatch only perform chmod when permission mismatches
func chmodIfPermissionMismatch(targetPath string, mode os.FileMode) error {
info, err := os.Lstat(targetPath)
if err != nil {
return err
}
perm := info.Mode() & os.ModePerm
if perm != mode {
klog.V(2).Infof("chmod targetPath(%s, mode:0%o) with permissions(0%o)", targetPath, info.Mode(), mode)
if err := os.Chmod(targetPath, mode); err != nil {
return err
}
} else {
klog.V(2).Infof("skip chmod on targetPath(%s) since mode is already 0%o)", targetPath, info.Mode())
}
return nil
}
// getServerFromSource if server is IPv6, return [IPv6]
func getServerFromSource(server string) string {
if netutil.IsIPv6String(server) {
return fmt.Sprintf("[%s]", server)
}
return server
}

93
pkg/nfs/utils_test.go
View File

@ -18,9 +18,6 @@ package nfs
import (
"fmt"
"os"
"reflect"
"strings"
"testing"
)
@ -157,93 +154,3 @@ func TestGetMountOptions(t *testing.T) {
}
}
}
func TestChmodIfPermissionMismatch(t *testing.T) {
permissionMatchingPath, _ := getWorkDirPath("permissionMatchingPath")
_ = makeDir(permissionMatchingPath)
defer os.RemoveAll(permissionMatchingPath)
permissionMismatchPath, _ := getWorkDirPath("permissionMismatchPath")
_ = os.MkdirAll(permissionMismatchPath, os.FileMode(0721))
defer os.RemoveAll(permissionMismatchPath)
tests := []struct {
desc string
path string
mode os.FileMode
expectedError error
}{
{
desc: "Invalid path",
path: "invalid-path",
mode: 0755,
expectedError: fmt.Errorf("CreateFile invalid-path: The system cannot find the file specified"),
},
{
desc: "permission matching path",
path: permissionMatchingPath,
mode: 0755,
expectedError: nil,
},
{
desc: "permission mismatch path",
path: permissionMismatchPath,
mode: 0755,
expectedError: nil,
},
}
for _, test := range tests {
err := chmodIfPermissionMismatch(test.path, test.mode)
if !reflect.DeepEqual(err, test.expectedError) {
if err == nil || test.expectedError == nil && !strings.Contains(err.Error(), test.expectedError.Error()) {
t.Errorf("test[%s]: unexpected error: %v, expected error: %v", test.desc, err, test.expectedError)
}
}
}
}
// getWorkDirPath returns the path to the current working directory
func getWorkDirPath(dir string) (string, error) {
path, err := os.Getwd()
if err != nil {
return "", err
}
return fmt.Sprintf("%s%c%s", path, os.PathSeparator, dir), nil
}
func TestGetServerFromSource(t *testing.T) {
tests := []struct {
desc string
server string
result string
}{
{
desc: "ipv4",
server: "10.127.0.1",
result: "10.127.0.1",
},
{
desc: "ipv6",
server: "0:0:0:0:0:0:0:1",
result: "[0:0:0:0:0:0:0:1]",
},
{
desc: "ipv6 with brackets",
server: "[0:0:0:0:0:0:0:2]",
result: "[0:0:0:0:0:0:0:2]",
},
{
desc: "other fqdn",
server: "bing.com",
result: "bing.com",
},
}
for _, test := range tests {
result := getServerFromSource(test.server)
if result != test.result {
t.Errorf("Unexpected result: %s, expected: %s", result, test.result)
}
}
}

4
test/external-e2e/run.sh
View File

@ -26,7 +26,7 @@ install_ginkgo () {
setup_e2e_binaries() {
# download k8s external e2e binary
curl -sL https://storage.googleapis.com/kubernetes-release/release/v1.24.0/kubernetes-test-linux-amd64.tar.gz --output e2e-tests.tar.gz
curl -sL https://storage.googleapis.com/kubernetes-release/release/v1.23.5/kubernetes-test-linux-amd64.tar.gz --output e2e-tests.tar.gz
tar -xvf e2e-tests.tar.gz && rm e2e-tests.tar.gz
export EXTRA_HELM_OPTIONS="--set driver.name=$DRIVER.csi.k8s.io --set controller.name=csi-$DRIVER-controller --set node.name=csi-$DRIVER-node --set feature.enableInlineVolume=true"
@ -50,6 +50,6 @@ setup_e2e_binaries
trap print_logs EXIT
ginkgo -p --progress --v -focus="External.Storage.*$DRIVER.csi.k8s.io" \
-skip='\[Disruptive\]|new pod with same fsgroup skips ownership changes to the volume contents|should provision storage with any volume data source' kubernetes/test/bin/e2e.test -- \
-skip='\[Disruptive\]|new pod with same fsgroup skips ownership changes to the volume contents' kubernetes/test/bin/e2e.test -- \
-storage.testdriver=$PROJECT_ROOT/test/external-e2e/testdriver.yaml \
--kubeconfig=$KUBECONFIG

1
vendor/modules.txt vendored
View File

@ -879,7 +879,6 @@ k8s.io/kubernetes/test/utils/image
## explicit
k8s.io/mount-utils
# k8s.io/utils v0.0.0-20211116205334-6203023598ed
## explicit
k8s.io/utils/buffer
k8s.io/utils/clock
k8s.io/utils/clock/testing