Created
December 12, 2019 19:38
-
-
Save JohnStrunk/3681ddfca4667be82ceab711a52cab18 to your computer and use it in GitHub Desktop.
EBS CSI yamls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Taken from kubectl create -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/?ref=master" --dry-run -oyaml | |
| # Changes: | |
| # Change secret info | |
| # Set hostNetwork for controller | |
| # Remove liveness probe container | |
| # Remove healthz ports from controller | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: ebs-csi-controller-sa | |
| namespace: kube-system | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: ebs-external-attacher-role | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - persistentvolumes | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - update | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - nodes | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - csi.storage.k8s.io | |
| resources: | |
| - csinodeinfos | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - storage.k8s.io | |
| resources: | |
| - volumeattachments | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - update | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: ebs-external-provisioner-role | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - persistentvolumes | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - create | |
| - delete | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - persistentvolumeclaims | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - update | |
| - apiGroups: | |
| - storage.k8s.io | |
| resources: | |
| - storageclasses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - events | |
| verbs: | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - apiGroups: | |
| - storage.k8s.io | |
| resources: | |
| - csinodes | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - nodes | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - coordination.k8s.io | |
| resources: | |
| - leases | |
| verbs: | |
| - get | |
| - watch | |
| - list | |
| - delete | |
| - update | |
| - create | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: ebs-external-resizer-role | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - persistentvolumes | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - update | |
| - patch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - persistentvolumeclaims | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - persistentvolumeclaims/status | |
| verbs: | |
| - update | |
| - patch | |
| - apiGroups: | |
| - storage.k8s.io | |
| resources: | |
| - storageclasses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - events | |
| verbs: | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| name: ebs-external-snapshotter-role | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - persistentvolumes | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - persistentvolumeclaims | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - storage.k8s.io | |
| resources: | |
| - storageclasses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - events | |
| verbs: | |
| - list | |
| - watch | |
| - create | |
| - update | |
| - patch | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - secrets | |
| verbs: | |
| - get | |
| - list | |
| - apiGroups: | |
| - snapshot.storage.k8s.io | |
| resources: | |
| - volumesnapshotclasses | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - apiGroups: | |
| - snapshot.storage.k8s.io | |
| resources: | |
| - volumesnapshotcontents | |
| verbs: | |
| - create | |
| - get | |
| - list | |
| - watch | |
| - update | |
| - delete | |
| - apiGroups: | |
| - snapshot.storage.k8s.io | |
| resources: | |
| - volumesnapshots | |
| verbs: | |
| - get | |
| - list | |
| - watch | |
| - update | |
| - apiGroups: | |
| - apiextensions.k8s.io | |
| resources: | |
| - customresourcedefinitions | |
| verbs: | |
| - create | |
| - list | |
| - watch | |
| - delete | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: ebs-csi-attacher-binding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: ebs-external-attacher-role | |
| subjects: | |
| - kind: ServiceAccount | |
| name: ebs-csi-controller-sa | |
| namespace: kube-system | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: ebs-csi-provisioner-binding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: ebs-external-provisioner-role | |
| subjects: | |
| - kind: ServiceAccount | |
| name: ebs-csi-controller-sa | |
| namespace: kube-system | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: ebs-csi-resizer-binding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: ebs-external-resizer-role | |
| subjects: | |
| - kind: ServiceAccount | |
| name: ebs-csi-controller-sa | |
| namespace: kube-system | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRoleBinding | |
| metadata: | |
| name: ebs-csi-snapshotter-binding | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: ebs-external-snapshotter-role | |
| subjects: | |
| - kind: ServiceAccount | |
| name: ebs-csi-controller-sa | |
| namespace: kube-system | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: ebs-csi-controller | |
| namespace: kube-system | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app: ebs-csi-controller | |
| template: | |
| metadata: | |
| labels: | |
| app: ebs-csi-controller | |
| spec: | |
| hostNetwork: true | |
| containers: | |
| - args: | |
| - --csi-address=$(ADDRESS) | |
| - --v=5 | |
| env: | |
| - name: ADDRESS | |
| value: /var/lib/csi/sockets/pluginproxy/csi.sock | |
| image: quay.io/k8scsi/csi-resizer:v0.2.0 | |
| name: csi-resizer | |
| volumeMounts: | |
| - mountPath: /var/lib/csi/sockets/pluginproxy/ | |
| name: socket-dir | |
| - args: | |
| - --csi-address=$(ADDRESS) | |
| - --connection-timeout=15s | |
| env: | |
| - name: ADDRESS | |
| value: /var/lib/csi/sockets/pluginproxy/csi.sock | |
| image: quay.io/k8scsi/csi-snapshotter:v1.1.0 | |
| name: csi-snapshotter | |
| volumeMounts: | |
| - mountPath: /var/lib/csi/sockets/pluginproxy/ | |
| name: socket-dir | |
| - args: | |
| - --endpoint=$(CSI_ENDPOINT) | |
| - --logtostderr | |
| - --v=5 | |
| env: | |
| - name: CSI_ENDPOINT | |
| value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock | |
| - name: AWS_ACCESS_KEY_ID | |
| valueFrom: | |
| secretKeyRef: | |
| key: aws_access_key_id | |
| name: aws-creds | |
| optional: true | |
| - name: AWS_SECRET_ACCESS_KEY | |
| valueFrom: | |
| secretKeyRef: | |
| key: aws_secret_access_key | |
| name: aws-creds | |
| optional: true | |
| image: amazon/aws-ebs-csi-driver:latest | |
| name: ebs-plugin | |
| volumeMounts: | |
| - mountPath: /var/lib/csi/sockets/pluginproxy/ | |
| name: socket-dir | |
| - args: | |
| - --csi-address=$(ADDRESS) | |
| - --v=5 | |
| - --feature-gates=Topology=true | |
| - --enable-leader-election | |
| - --leader-election-type=leases | |
| env: | |
| - name: ADDRESS | |
| value: /var/lib/csi/sockets/pluginproxy/csi.sock | |
| image: quay.io/k8scsi/csi-provisioner:v1.3.0 | |
| name: csi-provisioner | |
| volumeMounts: | |
| - mountPath: /var/lib/csi/sockets/pluginproxy/ | |
| name: socket-dir | |
| - args: | |
| - --csi-address=$(ADDRESS) | |
| - --v=5 | |
| env: | |
| - name: ADDRESS | |
| value: /var/lib/csi/sockets/pluginproxy/csi.sock | |
| image: quay.io/k8scsi/csi-attacher:v1.2.0 | |
| name: csi-attacher | |
| volumeMounts: | |
| - mountPath: /var/lib/csi/sockets/pluginproxy/ | |
| name: socket-dir | |
| nodeSelector: | |
| beta.kubernetes.io/os: linux | |
| priorityClassName: system-cluster-critical | |
| serviceAccount: ebs-csi-controller-sa | |
| tolerations: | |
| - key: CriticalAddonsOnly | |
| operator: Exists | |
| volumes: | |
| - emptyDir: {} | |
| name: socket-dir | |
| --- | |
| apiVersion: apps/v1 | |
| kind: DaemonSet | |
| metadata: | |
| name: ebs-csi-node | |
| namespace: kube-system | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: ebs-csi-node | |
| template: | |
| metadata: | |
| labels: | |
| app: ebs-csi-node | |
| spec: | |
| containers: | |
| - args: | |
| - --endpoint=$(CSI_ENDPOINT) | |
| - --logtostderr | |
| - --v=5 | |
| env: | |
| - name: CSI_ENDPOINT | |
| value: unix:/csi/csi.sock | |
| image: amazon/aws-ebs-csi-driver:latest | |
| livenessProbe: | |
| failureThreshold: 5 | |
| httpGet: | |
| path: /healthz | |
| port: healthz | |
| initialDelaySeconds: 10 | |
| periodSeconds: 10 | |
| timeoutSeconds: 3 | |
| name: ebs-plugin | |
| ports: | |
| - containerPort: 9808 | |
| name: healthz | |
| protocol: TCP | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - mountPath: /var/lib/kubelet | |
| mountPropagation: Bidirectional | |
| name: kubelet-dir | |
| - mountPath: /csi | |
| name: plugin-dir | |
| - mountPath: /dev | |
| name: device-dir | |
| - args: | |
| - --csi-address=$(ADDRESS) | |
| - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) | |
| - --v=5 | |
| env: | |
| - name: ADDRESS | |
| value: /csi/csi.sock | |
| - name: DRIVER_REG_SOCK_PATH | |
| value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock | |
| image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 | |
| lifecycle: | |
| preStop: | |
| exec: | |
| command: | |
| - /bin/sh | |
| - -c | |
| - rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock | |
| name: node-driver-registrar | |
| volumeMounts: | |
| - mountPath: /csi | |
| name: plugin-dir | |
| - mountPath: /registration | |
| name: registration-dir | |
| - args: | |
| - --csi-address=/csi/csi.sock | |
| image: quay.io/k8scsi/livenessprobe:v1.1.0 | |
| name: liveness-probe | |
| volumeMounts: | |
| - mountPath: /csi | |
| name: plugin-dir | |
| hostNetwork: true | |
| nodeSelector: | |
| beta.kubernetes.io/os: linux | |
| priorityClassName: system-node-critical | |
| tolerations: | |
| - key: CriticalAddonsOnly | |
| operator: Exists | |
| volumes: | |
| - hostPath: | |
| path: /var/lib/kubelet | |
| type: Directory | |
| name: kubelet-dir | |
| - hostPath: | |
| path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ | |
| type: DirectoryOrCreate | |
| name: plugin-dir | |
| - hostPath: | |
| path: /var/lib/kubelet/plugins_registry/ | |
| type: Directory | |
| name: registration-dir | |
| - hostPath: | |
| path: /dev | |
| type: Directory | |
| name: device-dir | |
| --- | |
| apiVersion: storage.k8s.io/v1beta1 | |
| kind: CSIDriver | |
| metadata: | |
| name: ebs.csi.aws.com | |
| spec: | |
| attachRequired: true | |
| podInfoOnMount: false | |
| --- | |
| kind: StorageClass | |
| apiVersion: storage.k8s.io/v1 | |
| metadata: | |
| name: csi-ebs | |
| provisioner: ebs.csi.aws.com | |
| volumeBindingMode: WaitForFirstConsumer | |
| parameters: | |
| fsType: xfs | |
| type: gp2 | |
| encrypted: "true" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: snapshot.storage.k8s.io/v1alpha1 | |
| kind: VolumeSnapshotClass | |
| metadata: | |
| name: csi-ebs | |
| snapshotter: ebs.csi.aws.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment