From 3001d3ea0fa36af83cc53caf16c4e0a79e3217a9 Mon Sep 17 00:00:00 2001 From: Tejas Parikh Date: Mon, 11 Jan 2021 15:20:51 -0500 Subject: [PATCH] added kustomize template & k8s resources for provisioner --- kustomization.yaml | 22 ++++++++++++++ resources/deployment.yaml | 62 +++++++++++++++++++++++++++++++++++++++ resources/ns.yaml | 10 +++++++ resources/rbac.yaml | 37 +++++++++++++++++++++++ resources/sa.yaml | 11 +++++++ resources/secret.yaml | 19 ++++++++++++ 6 files changed, 161 insertions(+) create mode 100644 kustomization.yaml create mode 100644 resources/deployment.yaml create mode 100644 resources/ns.yaml create mode 100644 resources/rbac.yaml create mode 100644 resources/sa.yaml create mode 100644 resources/secret.yaml diff --git a/kustomization.yaml b/kustomization.yaml new file mode 100644 index 0000000..cbf96c3 --- /dev/null +++ b/kustomization.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: objectstorage-provisioner-ns + +commonAnnotations: + cosi.storage.k8s.io/authors: "Kubernetes Authors" + cosi.storage.k8s.io/license: "Apache V2" + cosi.storage.k8s.io/support: "https://github.com/kubernetes-sigs/container-object-storage-api" + +commonLabels: + app.kubernetes.io/part-of: container-object-storage-interface + app.kubernetes.io/component: provisioner + app.kubernetes.io/version: main + app.kubernetes.io/name: container-object-storage-interface-provisioner + +resources: +- resources/ns.yaml +- resources/sa.yaml +- resources/rbac.yaml +- resources/secret.yaml +- resources/deployment.yaml diff --git a/resources/deployment.yaml b/resources/deployment.yaml new file mode 100644 index 0000000..b5eae6e --- /dev/null +++ b/resources/deployment.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: objectstorage-provisioner + labels: + app.kubernetes.io/part-of: container-object-storage-interface + app.kubernetes.io/component: provisioner + app.kubernetes.io/version: main + app.kubernetes.io/name: container-object-storage-interface-provisioner +spec: + replicas: 1 + minReadySeconds: 30 + progressDeadlineSeconds: 600 + revisionHistoryLimit: 3 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + selector: + matchLabels: + app.kubernetes.io/part-of: container-object-storage-interface + app.kubernetes.io/component: provisioner + app.kubernetes.io/name: container-object-storage-interface-provisioner + template: + metadata: + labels: + app.kubernetes.io/part-of: container-object-storage-interface + app.kubernetes.io/component: provisioner + app.kubernetes.io/name: container-object-storage-interface-provisioner + app.kubernetes.io/version: main + spec: + serviceAccountName: objectstorage-provisioner-sa + containers: + - name: objectstorage-sample-driver + image: quay.io/containerobjectstorage/objectstorage-sample-driver:latest + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 100m + memory: 100Mi + envFrom: + - secretRef: + name: objectstorage-provisioner + - name: objectstorage-provisioner-sidecar + image: quay.io/containerobjectstorage/objectstorage-provisioner-sidecar:latest + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 100m + memory: 100Mi + env: + - name: CONNECT_ADDRESS + valueFrom: + secretKeyRef: + name: objectstorage-provisioner + key: LISTEN_ADDRESS diff --git a/resources/ns.yaml b/resources/ns.yaml new file mode 100644 index 0000000..0b56bf7 --- /dev/null +++ b/resources/ns.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: objectstorage-provisioner-ns + labels: + app.kubernetes.io/part-of: container-object-storage-interface + app.kubernetes.io/component: provisioner + app.kubernetes.io/version: main + app.kubernetes.io/name: container-object-storage-interface-provisioner diff --git a/resources/rbac.yaml b/resources/rbac.yaml new file mode 100644 index 0000000..f933510 --- /dev/null +++ b/resources/rbac.yaml @@ -0,0 +1,37 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: objectstorage-provisioner-role + namespace: objectstorage-provisioner-ns + labels: + app.kubernetes.io/part-of: container-object-storage-interface + app.kubernetes.io/component: provisioner + app.kubernetes.io/version: main + app.kubernetes.io/name: container-object-storage-interface-provisioner +rules: +- apiGroups: ["objectstorage.k8s.io"] + resources: ["buckets", "bucketaccess"] + verbs: ["get", "list", "watch", "update", "create", "delete"] +- apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: objectstorage-provisioner-role-binding + namespace: objectstorage-provisioner-ns + labels: + app.kubernetes.io/part-of: container-object-storage-interface + app.kubernetes.io/component: provisioner + app.kubernetes.io/version: main + app.kubernetes.io/name: container-object-storage-interface-provisioner +subjects: + - kind: ServiceAccount + name: objectstorage-provisioner-sa + namespace: objectstorage-provisioner-ns +roleRef: + kind: ClusterRole + name: objectstorage-provisioner-role + apiGroup: rbac.authorization.k8s.io diff --git a/resources/sa.yaml b/resources/sa.yaml new file mode 100644 index 0000000..d3798f5 --- /dev/null +++ b/resources/sa.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: objectstorage-provisioner-sa + namespace: objectstorage-provisioner-ns + labels: + app.kubernetes.io/part-of: container-object-storage-interface + app.kubernetes.io/component: provisioner + app.kubernetes.io/version: main + app.kubernetes.io/name: container-object-storage-interface-provisioner diff --git a/resources/secret.yaml b/resources/secret.yaml new file mode 100644 index 0000000..92479f5 --- /dev/null +++ b/resources/secret.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: objectstorage-provisioner + namespace: objectstorage-provisioner-ns + labels: + app.kubernetes.io/part-of: container-object-storage-interface + app.kubernetes.io/component: provisioner + app.kubernetes.io/version: main + app.kubernetes.io/name: container-object-storage-interface-provisioner +type: Opaque +stringData: + LISTEN_ADDRESS: 0.0.0.0:9000 +data: + # set to space + S3_ENDPOINT: IA== + ACCESS_KEY: IA== + SECRET_KEY: IA==