diff --git a/kustomization.yaml b/kustomization.yaml new file mode 100644 index 0000000..a584b25 --- /dev/null +++ b/kustomization.yaml @@ -0,0 +1,80 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +images: +# Controller +- name: objectstorage-controller + newName: quay.io/containerobjectstorage/objectstorage-controller + newTag: latest +# Sidecar +- name: sample-driver + newName: quay.io/containerobjectstorage/sample-driver + newTag: latest +- name: object-storage-sidecar + newName: quay.io/containerobjectstorage/object-storage-sidecar + newTag: latest + +resources: +# CRDs +- https://raw.githubusercontent.com/kubernetes-sigs/container-object-storage-interface-api/master/crds/objectstorage.k8s.io_bucketaccessclasses.yaml +- https://raw.githubusercontent.com/kubernetes-sigs/container-object-storage-interface-api/master/crds/objectstorage.k8s.io_bucketaccesses.yaml +- https://raw.githubusercontent.com/kubernetes-sigs/container-object-storage-interface-api/master/crds/objectstorage.k8s.io_bucketaccessrequests.yaml +- https://raw.githubusercontent.com/kubernetes-sigs/container-object-storage-interface-api/master/crds/objectstorage.k8s.io_bucketclasses.yaml +- https://raw.githubusercontent.com/kubernetes-sigs/container-object-storage-interface-api/master/crds/objectstorage.k8s.io_bucketrequests.yaml +- https://raw.githubusercontent.com/kubernetes-sigs/container-object-storage-interface-api/master/crds/objectstorage.k8s.io_buckets.yaml +# Controller +- manifests/ns.yaml +- manifests/sa.yaml +- manifests/rbac.yaml +- manifests/deployment.yaml +# Sidecar +- https://raw.githubusercontent.com/container-object-storage-interface/cosi-provisioner-sidecar/master/examples/object-storage-sidecar.yaml + +patches: +# CRDs +- target: + kind: CustomResourceDefinition + patch: |- + - op: add + path: /metadata/annotations + value: + controller-gen.kubebuilder.io/version: (devel) + api-approved.kubernetes.io: https://github.com/kubernetes-sigs/container-object-storage-interface-api/pull/2 +# Controller +- target: + kind: Deployment + name: objectstorage-controller + patch: |- + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: IfNotPresent +# Sidecar +- target: + kind: Deployment + name: object-storage-provisioner + patch: |- + - op: replace + path: /spec/template/spec/containers/0/imagePullPolicy + value: IfNotPresent + - op: replace + path: /spec/template/spec/containers/1/imagePullPolicy + value: IfNotPresent + - op: replace + path: /metadata + value: + name: object-storage-provisioner + labels: + app: object-storage-provisioner + namespace: objectstorage-provisioner-ns +- target: + kind: Secret + name: object-storage-provisioner + patch: |- + - op: replace + path: /metadata + value: + name: object-storage-provisioner + labels: + app: object-storage-provisioner + namespace: objectstorage-provisioner-ns diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml new file mode 100644 index 0000000..c33295b --- /dev/null +++ b/manifests/deployment.yaml @@ -0,0 +1,24 @@ +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: objectstorage-controller + namespace: objectstorage-system +spec: + replicas: 1 + strategy: + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + selector: + matchLabels: + app: objectstorage-controller + template: + metadata: + labels: + app: objectstorage-controller + spec: + serviceAccountName: objectstorage-controller-sa + containers: + - name: objectstorage-controller + image: quay.io/containerobjectstorage/objectstorage-controller:latest diff --git a/manifests/ns.yaml b/manifests/ns.yaml new file mode 100644 index 0000000..c31ae9c --- /dev/null +++ b/manifests/ns.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: objectstorage-system diff --git a/manifests/rbac.yaml b/manifests/rbac.yaml new file mode 100644 index 0000000..79d874f --- /dev/null +++ b/manifests/rbac.yaml @@ -0,0 +1,55 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: objectstorage-controller-role +rules: +- apiGroups: ["objectstorage.k8s.io"] + resources: ["bucketrequests", "bucketaccessrequests"] + verbs: ["get", "list", "watch"] +- apiGroups: ["objectstorage.k8s.io"] + resources: ["buckets", "bucketaccess"] + verbs: ["get", "list", "watch", "update", "create", "delete"] +- apiGroups: ["objectstorage.k8s.io"] + resources: ["bucketclass","bucketaccessclass"] + verbs: ["get", "list"] +- apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: objectstorage-controller:system +subjects: + - kind: ServiceAccount + name: objectstorage-controller-sa + namespace: objectstorage-system +roleRef: + kind: ClusterRole + name: objectstorage-controller-role + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: objectstorage-controller + namespace: objectstorage-system +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: objectstorage-controller + namespace: objectstorage-system +subjects: + - kind: ServiceAccount + name: objectstorage-controller-sa + namespace: objectstorage-system +roleRef: + kind: Role + name: objectstorage-controller + apiGroup: rbac.authorization.k8s.io diff --git a/manifests/sa.yaml b/manifests/sa.yaml new file mode 100644 index 0000000..802dbb8 --- /dev/null +++ b/manifests/sa.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: objectstorage-controller-sa + namespace: objectstorage-system