Skip to content

Instantly share code, notes, and snippets.

@owainlewis owainlewis/auth.txt
Last active Nov 7, 2018

Embed
What would you like to do?
Flexvolume notes
➜ oci-kubeadm git:(master) ✗ cat manifests/flexvolume-config.yaml
---
auth:
region: us-phoenix-1
tenancy: ocid1.tenancy.oc1..
compartment: ocid1.compartment.oc1..
user: ocid1.user.oc1..
key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
fingerprint: XXX
27757 2018/11/07 16:31:38 Attaching volume ocid1.volume.oc1.phx.abyhqljrbm3gpfr7jfzduesedvhfcrapjyyubi224yhw72maq234rytgef4q -> instance ocid1.instance.oc1.phx.abyhqljrzdc2ynxqna5ur6gsccihmwr46mq2hqbv2jo7an3pzrnu6rkjkdia
27887 2018/11/07 16:31:39 OCI FlexVolume Driver version: a9f17065 (a9f17065)
27887 2018/11/07 16:31:39 '/usr/libexec/kubernetes/kubelet-plugins/volume/exec/oracle~oci/oci init' called with []
27887 2018/11/07 16:31:39 Command result: {"status":"Success"}
27892 2018/11/07 16:31:39 OCI FlexVolume Driver version: a9f17065 (a9f17065)
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: oci-flexvolume-driver
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: oci-flexvolume-driver
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: oci-flexvolume-driver
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: oci-flexvolume-driver
subjects:
- kind: ServiceAccount
name: oci-flexvolume-driver
namespace: kube-system
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: oci-flexvolume-driver-master
namespace: kube-system
spec:
selector:
matchLabels:
component: oci-flexvolume-driver
tier: control-plane
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
component: oci-flexvolume-driver
tier: control-plane
spec:
serviceAccountName: oci-flexvolume-driver
nodeSelector:
node-role.kubernetes.io/master: ""
tolerations:
- key: node.cloudprovider.kubernetes.io/uninitialized
value: "true"
effect: NoSchedule
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
volumes:
- name: flexvolume-mount
hostPath:
path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/
type: DirectoryOrCreate
- name: config
secret:
secretName: oci-flexvolume-driver
- name: kubeconfig
secret:
secretName: oci-flexvolume-driver-kubeconfig
containers:
- name: oci-flexvolume-driver
image: iad.ocir.io/oracle/cloud-provider-oci:a9f17065
command: ["/bin/bash", "/usr/local/bin/install.sh"]
securityContext:
privileged: true
volumeMounts:
- mountPath: /flexmnt
name: flexvolume-mount
- mountPath: /tmp
name: config
readOnly: true
- mountPath: /tmp2
name: kubeconfig
readOnly: true
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: oci-flexvolume-driver-worker
namespace: kube-system
spec:
selector:
matchLabels:
component: oci-flexvolume-driver
tier: node
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
component: oci-flexvolume-driver
tier: node
spec:
volumes:
- name: flexvolume-mount
hostPath:
path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
type: DirectoryOrCreate
containers:
- name: oci-flexvolume-driver
image: iad.ocir.io/oracle/cloud-provider-oci:a9f17065
command: ["/bin/bash", "/usr/local/bin/install.sh"]
securityContext:
privileged: true
volumeMounts:
- mountPath: /flexmnt
name: flexvolume-mount
➜ oci-kubeadm git:(master) ✗ k apply -f oci-flexvolume-driver-rbac.yaml
serviceaccount "oci-flexvolume-driver" unchanged
clusterrole.rbac.authorization.k8s.io "oci-flexvolume-driver" configured
clusterrolebinding.rbac.authorization.k8s.io "oci-flexvolume-driver" configured
➜ oci-kubeadm git:(master) ✗ k apply -f oci-flexvolume-driver.yaml
daemonset.apps "oci-flexvolume-driver-master" created
daemonset.apps "oci-flexvolume-driver-worker" created
➜ oci-kubeadm git:(master) ✗ ks get po
NAME READY STATUS RESTARTS AGE
coredns-576cbf47c7-5gg6l 1/1 Running 0 1d
coredns-576cbf47c7-6gz9x 1/1 Running 0 1d
etcd-k8s-master-ad-1-0 1/1 Running 0 1d
kube-apiserver-k8s-master-ad-1-0 1/1 Running 0 1d
kube-controller-manager-k8s-master-ad-1-0 1/1 Running 0 1d
kube-flannel-ds-amd64-6xswb 1/1 Running 0 1d
kube-flannel-ds-amd64-cmn79 1/1 Running 0 1d
kube-flannel-ds-amd64-lv6lz 1/1 Running 0 1d
kube-flannel-ds-amd64-mdrkb 1/1 Running 0 1d
kube-proxy-7zpwp 1/1 Running 0 1d
kube-proxy-98ffv 1/1 Running 0 1d
kube-proxy-jjbjk 1/1 Running 0 1d
kube-proxy-zbvtp 1/1 Running 0 1d
kube-scheduler-k8s-master-ad-1-0 1/1 Running 0 1d
oci-block-volume-provisioner-79967d8b55-fj5w7 1/1 Running 0 1d
oci-cloud-controller-manager-cv69g 1/1 Running 0 23h
oci-file-system-volume-provisioner-5c85b9c9d7-6q8wj 1/1 Running 0 1d
oci-flexvolume-driver-master-5mqnp 1/1 Running 0 5s
oci-flexvolume-driver-worker-mnt46 1/1 Running 0 5s
oci-flexvolume-driver-worker-nnpck 1/1 Running 0 5s
➜ oci-kubeadm git:(master) ✗ k create -f ../config-files/claim.yaml
persistentvolumeclaim "oci-block-volume" created
➜ oci-kubeadm git:(master) ✗ k create -f ../config-files/pod.yaml
pod "nginx" created
---
kind: Pod
apiVersion: v1
metadata:
name: nginx
spec:
volumes:
- name: nginx
persistentVolumeClaim:
claimName: oci-block-volume
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: nginx
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: oci-block-volume
spec:
storageClassName: oci
selector:
matchLabels:
failure-domain.beta.kubernetes.io/zone: AD-1
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.