viovanov/bluemixpv.yaml

## bluemixpv.yaml
# needs the "containerization-nfs" namespace
# kubectl create -n containerization-nfs -f <URL>

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: nfs-provisioner-runner
rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
  - apiGroups: [""]
    resources: ["services", "endpoints"]
    verbs: ["get", "list", "watch", "create", "delete", "update"]
  - apiGroups: ["extensions"]
    resources: ["podsecuritypolicies"]
    resourceNames: ["containerization-tests-nfs-provisioner"]
    verbs: ["use"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: run-nfs-provisioner
subjects:
  - kind: ServiceAccount
    name: containerization-tests-nfs-provisioner
     # replace with namespace where provisioner is deployed
    namespace: containerization-nfs
roleRef:
  kind: ClusterRole
  name: nfs-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-provisioner
rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: leader-locking-nfs-provisioner
subjects:
  - kind: ServiceAccount
    name: containerization-tests-nfs-provisioner
    # replace with namespace where provisioner is deployed
    namespace: default
roleRef:
  kind: Role
  name: leader-locking-nfs-provisioner
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: containerization-tests-nfs-provisioner
---
kind: Service
apiVersion: v1
metadata:
  name: containerization-tests-nfs-provisioner
  labels:
    app: containerization-tests-nfs-provisioner
spec:
  ports:
    - name: nfs
      port: 2049
    - name: mountd
      port: 20048
    - name: rpcbind
      port: 111
    - name: rpcbind-udp
      port: 111
      protocol: UDP
    - name: statd
      port: 662
    - name: statd-udp
      port: 662
      protocol: UDP
    - name: rquotad
      port: 875
    - name: rquotad-udp
      port: 875
      protocol: UDP
    - name: nfs-udp
      port: 2049
      protocol: UDP
    - name: mountd-udp
      port: 20048
      protocol: UDP
    - name: nlockmgr
      port: 32803
    - name: nlockmgr-udp
      port: 32803
      protocol: UDP
  selector:
    app: containerization-tests-nfs-provisioner
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: containerization-tests-nfs-provisioner
spec:
  selector:
    matchLabels:
      app: containerization-tests-nfs-provisioner
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: containerization-tests-nfs-provisioner
    spec:
      serviceAccount: containerization-tests-nfs-provisioner
      containers:
        - name: containerization-tests-nfs-provisioner
          image: quay.io/kubernetes_incubator/nfs-provisioner:latest
          ports:
            - name: nfs
              containerPort: 2049
            - name: mountd
              containerPort: 20048
            - name: rpcbind
              containerPort: 111
            - name: rpcbind-udp
              containerPort: 111
              protocol: UDP
            - name: statd
              containerPort: 662
            - name: statd-udp
              containerPort: 662
              protocol: UDP
            - name: rquotad
              containerPort: 875
            - name: rquotad-udp
              containerPort: 875
              protocol: UDP
            - name: nfs-udp
              containerPort: 2049
              protocol: UDP
            - name: mountd-udp
              containerPort: 20048
              protocol: UDP
            - name: nlockmgr
              containerPort: 32803
            - name: nlockmgr-udp
              containerPort: 32803
              protocol: UDP
          securityContext:
            capabilities:
              add:
                - DAC_READ_SEARCH
                - SYS_RESOURCE
          args:
            - "-provisioner=example.com/nfs"
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: SERVICE_NAME
              value: containerization-tests-nfs-provisioner
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: export-volume
              mountPath: /export
      volumes:
        - name: export-volume
          hostPath:
            path: /srv
---

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: hostpath-containerization
provisioner: example.com/nfs
mountOptions:
  - vers=4.1
	# needs the "containerization-nfs" namespace
	# kubectl create -n containerization-nfs -f <URL>

	---
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: nfs-provisioner-runner
	rules:
	- apiGroups: [""]
	resources: ["persistentvolumes"]
	verbs: ["get", "list", "watch", "create", "delete"]
	- apiGroups: [""]
	resources: ["persistentvolumeclaims"]
	verbs: ["get", "list", "watch", "update"]
	- apiGroups: ["storage.k8s.io"]
	resources: ["storageclasses"]
	verbs: ["get", "list", "watch"]
	- apiGroups: [""]
	resources: ["events"]
	verbs: ["create", "update", "patch"]
	- apiGroups: [""]
	resources: ["services", "endpoints"]
	verbs: ["get", "list", "watch", "create", "delete", "update"]
	- apiGroups: ["extensions"]
	resources: ["podsecuritypolicies"]
	resourceNames: ["containerization-tests-nfs-provisioner"]
	verbs: ["use"]
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: run-nfs-provisioner
	subjects:
	- kind: ServiceAccount
	name: containerization-tests-nfs-provisioner
	# replace with namespace where provisioner is deployed
	namespace: containerization-nfs
	roleRef:
	kind: ClusterRole
	name: nfs-provisioner-runner
	apiGroup: rbac.authorization.k8s.io
	---
	kind: Role
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: leader-locking-nfs-provisioner
	rules:
	- apiGroups: [""]
	resources: ["endpoints"]
	verbs: ["get", "list", "watch", "create", "update", "patch"]
	---
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: leader-locking-nfs-provisioner
	subjects:
	- kind: ServiceAccount
	name: containerization-tests-nfs-provisioner
	# replace with namespace where provisioner is deployed
	namespace: default
	roleRef:
	kind: Role
	name: leader-locking-nfs-provisioner
	apiGroup: rbac.authorization.k8s.io
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: containerization-tests-nfs-provisioner
	---
	kind: Service
	apiVersion: v1
	metadata:
	name: containerization-tests-nfs-provisioner
	labels:
	app: containerization-tests-nfs-provisioner
	spec:
	ports:
	- name: nfs
	port: 2049
	- name: mountd
	port: 20048
	- name: rpcbind
	port: 111
	- name: rpcbind-udp
	port: 111
	protocol: UDP
	- name: statd
	port: 662
	- name: statd-udp
	port: 662
	protocol: UDP
	- name: rquotad
	port: 875
	- name: rquotad-udp
	port: 875
	protocol: UDP
	- name: nfs-udp
	port: 2049
	protocol: UDP
	- name: mountd-udp
	port: 20048
	protocol: UDP
	- name: nlockmgr
	port: 32803
	- name: nlockmgr-udp
	port: 32803
	protocol: UDP
	selector:
	app: containerization-tests-nfs-provisioner
	---
	kind: Deployment
	apiVersion: apps/v1
	metadata:
	name: containerization-tests-nfs-provisioner
	spec:
	selector:
	matchLabels:
	app: containerization-tests-nfs-provisioner
	replicas: 1
	strategy:
	type: Recreate
	template:
	metadata:
	labels:
	app: containerization-tests-nfs-provisioner
	spec:
	serviceAccount: containerization-tests-nfs-provisioner
	containers:
	- name: containerization-tests-nfs-provisioner
	image: quay.io/kubernetes_incubator/nfs-provisioner:latest
	ports:
	- name: nfs
	containerPort: 2049
	- name: mountd
	containerPort: 20048
	- name: rpcbind
	containerPort: 111
	- name: rpcbind-udp
	containerPort: 111
	protocol: UDP
	- name: statd
	containerPort: 662
	- name: statd-udp
	containerPort: 662
	protocol: UDP
	- name: rquotad
	containerPort: 875
	- name: rquotad-udp
	containerPort: 875
	protocol: UDP
	- name: nfs-udp
	containerPort: 2049
	protocol: UDP
	- name: mountd-udp
	containerPort: 20048
	protocol: UDP
	- name: nlockmgr
	containerPort: 32803
	- name: nlockmgr-udp
	containerPort: 32803
	protocol: UDP
	securityContext:
	capabilities:
	add:
	- DAC_READ_SEARCH
	- SYS_RESOURCE
	args:
	- "-provisioner=example.com/nfs"
	env:
	- name: POD_IP
	valueFrom:
	fieldRef:
	fieldPath: status.podIP
	- name: SERVICE_NAME
	value: containerization-tests-nfs-provisioner
	- name: POD_NAMESPACE
	valueFrom:
	fieldRef:
	fieldPath: metadata.namespace
	imagePullPolicy: "IfNotPresent"
	volumeMounts:
	- name: export-volume
	mountPath: /export
	volumes:
	- name: export-volume
	hostPath:
	path: /srv
	---

	kind: StorageClass
	apiVersion: storage.k8s.io/v1
	metadata:
	name: hostpath-containerization
	provisioner: example.com/nfs
	mountOptions:
	- vers=4.1