I use OpenLogic 7.1
yum install -y git golang cifs-utils etcd docker-io
systemctl enable docker
systemctl start docker
apiVersion: v1 | |
kind: ReplicationController | |
metadata: | |
labels: | |
name: web | |
name: web | |
spec: | |
replicas: 1 | |
selector: | |
name: web-rc |
#!/bin/bash | |
# 'recycler' performs an 'rm -rf' on a volume to scrub it clean before it's | |
# reused as a cluster resource. This script is intended to be used in a pod that | |
# performs the scrub. The container in the pod should succeed or fail based on | |
# the exit status of this script. | |
set -e -o pipefail | |
shopt -s dotglob nullglob |
Cloud provider is the abstraction of Cloud operations including:
// Interface is an abstract, pluggable interface for cloud providers.
type Interface interface {
// LoadBalancer returns a balancer interface. Also returns true if the interface is supported, false otherwise.
LoadBalancer() (LoadBalancer, bool)
// Instances returns an instances interface. Also returns true if the interface is supported, false otherwise.
Instances() (Instances, bool)
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: gluster-1 | |
labels: | |
name: gluster-1 | |
spec: | |
hostNetwork: true | |
nodeSelector: | |
name: worker-1 |
Test cases | AWS EBS | GCE PD | OpenStack Cinder | Azure File | NFS | iSCSI | Glusterfs | Ceph RBD | Ceph FS | Fibre Channel | Notes |
---|---|---|---|---|---|---|---|---|---|---|---|
SELinux and FSGroup | N | N | Y | N | Y | Y | Y | Y | Y | N | |
Attach/Detach | Y | Only GCE PD has tests | |||||||||
PV/PVC | Y | Only NFS has tests | |||||||||
Dynamic Provisioning | Y | Y | Y | Only AWS/GCE/Cinder have tests |
#RFC: Adding test cases to e2e/volumes.go
As we are developing features and new volume plugins, the e2e test cases are not catching up at the same pace. This proposal aims to cover the security context and more volume plugins.
A storage server Pod that runs one of Glusterfs, NFS, Ceph RBD, Ceph FS, iSCSI, and OpenStack Cinder exports a file share. The file share containers a sample file. The test passes if a client Pod can mount the file share and test passes and read the sample file.
Since the client Pod has SELinux label and fsGroup in securityContext, securityContext must be enabled. The server container runs in privileged mode, so kubelet must allow privileged mode.
--- | |
dummy: | |
fsid: 4a158d27-f750-41d5-9e7f-26ce4c9d2d45 | |
fetch_directory: fetch/ | |
rbd_client_admin_socket_path: /var/lib/ceph | |
dir_owner: root | |
dir_group: root | |
dir_mode: 777 |
RFC: Adding test cases to e2e/persistent_volumes.go
e2e/persistent_volumes.go creates an NFS PV with recycle policy and an PVC to claim the PV. After the PVC is bound, it is deleted and PV is recycled.