Created
January 22, 2020 01:44
-
-
Save nithu0115/b29e1b895ce2217df00da20e5ce3f8d2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: csi-node-sa | |
namespace: kube-system | |
--- | |
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: csi-node | |
namespace: default | |
rules: | |
- apiGroups: [""] | |
resources: ["secrets"] | |
verbs: ["get", "list"] | |
- apiGroups: [""] | |
resources: ["nodes"] | |
verbs: ["get", "list", "update"] | |
- apiGroups: [""] | |
resources: ["namespaces"] | |
verbs: ["get", "list"] | |
- apiGroups: [""] | |
resources: ["persistentvolumes"] | |
verbs: ["get", "list", "watch", "update"] | |
- apiGroups: ["storage.k8s.io"] | |
resources: ["volumeattachments"] | |
verbs: ["get", "list", "watch", "update"] | |
- apiGroups: ["csi.storage.k8s.io"] | |
resources: ["csinodeinfos"] | |
verbs: ["get", "list", "watch", "update"] | |
--- | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: csi-node | |
namespace: default | |
subjects: | |
- kind: ServiceAccount | |
name: csi-node-sa | |
namespace: default | |
roleRef: | |
kind: ClusterRole | |
name: csi-node | |
apiGroup: rbac.authorization.k8s.io | |
--- | |
kind: DaemonSet | |
apiVersion: apps/v1beta2 | |
metadata: | |
name: fsx-csi-node | |
namespace: kube-system | |
spec: | |
selector: | |
matchLabels: | |
app: fsx-csi-node | |
template: | |
metadata: | |
labels: | |
app: fsx-csi-node | |
spec: | |
serviceAccount: csi-node-sa | |
hostNetwork: true | |
containers: | |
- name: fsx-plugin | |
securityContext: | |
privileged: true | |
image: amazon/aws-fsx-csi-driver:latest | |
args: | |
- --endpoint=$(CSI_ENDPOINT) | |
- --logtostderr | |
- --v=5 | |
env: | |
- name: CSI_ENDPOINT | |
value: unix:/csi/csi.sock | |
volumeMounts: | |
- name: kubelet-dir | |
mountPath: /var/lib/kubelet | |
mountPropagation: "Bidirectional" | |
- name: plugin-dir | |
mountPath: /csi | |
- name: device-dir | |
mountPath: /dev | |
- name: csi-driver-registrar | |
image: quay.io/k8scsi/driver-registrar:v0.4.2 | |
args: | |
- --csi-address=$(ADDRESS) | |
- --mode=node-register | |
- --driver-requires-attachment=true | |
- --pod-info-mount-version="v1" | |
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) | |
- --v=5 | |
env: | |
- name: ADDRESS | |
value: /csi/csi.sock | |
- name: DRIVER_REG_SOCK_PATH | |
value: /var/lib/kubelet/plugins/fsx.csi.aws.com/csi.sock | |
- name: KUBE_NODE_NAME | |
valueFrom: | |
fieldRef: | |
fieldPath: spec.nodeName | |
volumeMounts: | |
- name: plugin-dir | |
mountPath: /csi | |
- name: registration-dir | |
mountPath: /registration | |
volumes: | |
- name: kubelet-dir | |
hostPath: | |
path: /var/lib/kubelet | |
type: Directory | |
- name: plugin-dir | |
hostPath: | |
path: /var/lib/kubelet/plugins/fsx.csi.aws.com/ | |
type: DirectoryOrCreate | |
- name: registration-dir | |
hostPath: | |
path: /var/lib/kubelet/plugins/ | |
type: Directory | |
- name: device-dir | |
hostPath: | |
path: /dev | |
type: Directory | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: csi-controller-sa | |
namespace: kube-system | |
--- | |
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: external-provisioner-role | |
rules: | |
- apiGroups: [""] | |
resources: ["persistentvolumes"] | |
verbs: ["get", "list", "watch", "create", "delete"] | |
- apiGroups: [""] | |
resources: ["persistentvolumeclaims"] | |
verbs: ["get", "list", "watch", "update"] | |
- apiGroups: ["storage.k8s.io"] | |
resources: ["storageclasses"] | |
verbs: ["get", "list", "watch"] | |
- apiGroups: [""] | |
resources: ["events"] | |
verbs: ["get", "list", "watch", "create", "update", "patch"] | |
--- | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: csi-provisioner-binding | |
subjects: | |
- kind: ServiceAccount | |
name: csi-controller-sa | |
namespace: kube-system | |
roleRef: | |
kind: ClusterRole | |
name: external-provisioner-role | |
apiGroup: rbac.authorization.k8s.io | |
--- | |
kind: ClusterRole | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: external-attacher-role | |
rules: | |
- apiGroups: [""] | |
resources: ["persistentvolumes"] | |
verbs: ["get", "list", "watch", "update"] | |
- apiGroups: [""] | |
resources: ["nodes"] | |
verbs: ["get", "list", "watch"] | |
- apiGroups: ["storage.k8s.io"] | |
resources: ["volumeattachments"] | |
verbs: ["get", "list", "watch", "update"] | |
--- | |
kind: ClusterRoleBinding | |
apiVersion: rbac.authorization.k8s.io/v1 | |
metadata: | |
name: csi-attacher-binding | |
subjects: | |
- kind: ServiceAccount | |
name: csi-controller-sa | |
namespace: kube-system | |
roleRef: | |
kind: ClusterRole | |
name: external-attacher-role | |
apiGroup: rbac.authorization.k8s.io | |
--- | |
kind: StatefulSet | |
apiVersion: apps/v1beta1 | |
metadata: | |
name: fsx-csi-controller | |
namespace: kube-system | |
spec: | |
serviceName: fsx-csi-controller | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
app: fsx-csi-controller | |
spec: | |
serviceAccount: csi-controller-sa | |
priorityClassName: system-cluster-critical | |
tolerations: | |
- key: CriticalAddonsOnly | |
operator: Exists | |
containers: | |
- name: fsx-plugin | |
image: amazon/aws-fsx-csi-driver:latest | |
args : | |
- --endpoint=$(CSI_ENDPOINT) | |
- --logtostderr | |
- --v=5 | |
env: | |
- name: CSI_ENDPOINT | |
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock | |
- name: AWS_ACCESS_KEY_ID | |
valueFrom: | |
secretKeyRef: | |
name: aws-secret | |
key: key_id | |
optional: true | |
- name: AWS_SECRET_ACCESS_KEY | |
valueFrom: | |
secretKeyRef: | |
name: aws-secret | |
key: access_key | |
optional: true | |
volumeMounts: | |
- name: socket-dir | |
mountPath: /var/lib/csi/sockets/pluginproxy/ | |
- name: csi-provisioner | |
image: quay.io/k8scsi/csi-provisioner:v0.4.2 | |
args: | |
- --provisioner=fsx.csi.aws.com | |
- --csi-address=$(ADDRESS) | |
- --connection-timeout=5m | |
- --v=5 | |
env: | |
- name: ADDRESS | |
value: /var/lib/csi/sockets/pluginproxy/csi.sock | |
volumeMounts: | |
- name: socket-dir | |
mountPath: /var/lib/csi/sockets/pluginproxy/ | |
- name: csi-attacher | |
image: quay.io/k8scsi/csi-attacher:v0.4.2 | |
args: | |
- --csi-address=$(ADDRESS) | |
- --v=5 | |
env: | |
- name: ADDRESS | |
value: /var/lib/csi/sockets/pluginproxy/csi.sock | |
volumeMounts: | |
- name: socket-dir | |
mountPath: /var/lib/csi/sockets/pluginproxy/ | |
volumes: | |
- name: socket-dir | |
emptyDir: {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment