github.com/jingruilea/kubeedge@v1.2.0-beta.0.0.20200410162146-4bb8902b3879/build/csisamples/hostpath/deploy/csicontroller.yaml (about)

     1  apiVersion: v1
     2  kind: ServiceAccount
     3  metadata:
     4    name: csi-controller
     5    namespace: kubeedge
     6  
     7  ---
     8  kind: ClusterRole
     9  apiVersion: rbac.authorization.k8s.io/v1
    10  metadata:
    11    name: external-controller-runner
    12  rules:
    13    - apiGroups: [""]
    14      resources: ["secrets"]
    15      verbs: ["get", "list"]
    16    - apiGroups: [""]
    17      resources: ["persistentvolumes"]
    18      verbs: ["get", "list", "watch", "create", "delete", "update"]
    19    - apiGroups: [""]
    20      resources: ["persistentvolumeclaims"]
    21      verbs: ["get", "list", "watch", "update"]
    22    - apiGroups: ["storage.k8s.io"]
    23      resources: ["storageclasses"]
    24      verbs: ["get", "list", "watch"]
    25    - apiGroups: [""]
    26      resources: ["events"]
    27      verbs: ["list", "watch", "create", "update", "patch"]
    28    - apiGroups: ["snapshot.storage.k8s.io"]
    29      resources: ["volumesnapshots"]
    30      verbs: ["get", "list"]
    31    - apiGroups: ["snapshot.storage.k8s.io"]
    32      resources: ["volumesnapshotcontents"]
    33      verbs: ["get", "list"]
    34    - apiGroups: ["storage.k8s.io"]
    35      resources: ["csinodes"]
    36      verbs: ["get", "list", "watch"]
    37    - apiGroups: ["storage.k8s.io"]
    38      resources: ["volumeattachments"]
    39      verbs: ["get", "list", "watch", "update"]
    40    - apiGroups: [""]
    41      resources: ["nodes"]
    42      verbs: ["get", "list", "watch"]
    43  
    44  ---
    45  kind: ClusterRoleBinding
    46  apiVersion: rbac.authorization.k8s.io/v1
    47  metadata:
    48    name: csi-controller-role
    49  subjects:
    50    - kind: ServiceAccount
    51      name: csi-controller
    52      namespace: kubeedge
    53  roleRef:
    54    kind: ClusterRole
    55    name: external-controller-runner
    56    apiGroup: rbac.authorization.k8s.io
    57  
    58  ---
    59  kind: Role
    60  apiVersion: rbac.authorization.k8s.io/v1
    61  metadata:
    62    namespace: kubeedge
    63    name: external-controller-cfg
    64  rules:
    65  - apiGroups: [""]
    66    resources: ["endpoints"]
    67    verbs: ["get", "watch", "list", "delete", "update", "create"]
    68  - apiGroups: [""]
    69    resources: ["configmaps"]
    70    verbs: ["get", "watch", "list", "delete", "update", "create"]
    71  - apiGroups: ["coordination.k8s.io"]
    72    resources: ["leases"]
    73    verbs: ["get", "watch", "list", "delete", "update", "create"]
    74  
    75  ---
    76  kind: RoleBinding
    77  apiVersion: rbac.authorization.k8s.io/v1
    78  metadata:
    79    name: csi-controller-role-cfg
    80    namespace: kubeedge
    81  subjects:
    82    - kind: ServiceAccount
    83      name: csi-controller
    84      namespace: kubeedge
    85  roleRef:
    86    kind: Role
    87    name: external-controller-cfg
    88    apiGroup: rbac.authorization.k8s.io
    89  
    90  ---
    91  kind: StatefulSet
    92  apiVersion: apps/v1
    93  metadata:
    94    name: csi-hostpath-controller
    95    namespace: kubeedge
    96  spec:
    97    serviceName: "csi-hostpath-controller"
    98    replicas: 1
    99    selector:
   100      matchLabels:
   101        app: csi-hostpath-controller
   102    template:
   103      metadata:
   104        labels:
   105          app: csi-hostpath-controller
   106      spec:
   107        serviceAccountName: csi-controller
   108        containers:
   109          - name: csi-provisioner
   110            image: quay.io/k8scsi/csi-provisioner:v1.2.1
   111            imagePullPolicy: IfNotPresent
   112            args:
   113              - -v=5
   114              - --csi-address=/csi/csi.sock
   115              - --connection-timeout=15s
   116            volumeMounts:
   117              - mountPath: /csi
   118                name: csi-socket-dir
   119          - name: csi-attacher
   120            image: quay.io/k8scsi/csi-attacher:v1.1.1
   121            imagePullPolicy: IfNotPresent
   122            args:
   123              - --v=5
   124              - --csi-address=/csi/csi.sock
   125            volumeMounts:
   126            - mountPath: /csi
   127              name: csi-socket-dir
   128          - name: csi-driver
   129            image: kubeedge/csidriver:v1.1.0
   130            imagePullPolicy: IfNotPresent
   131            args:
   132              - "--v=5"
   133              - "--drivername=$(CSI_DRIVERNAME)"
   134              - "--endpoint=$(CSI_ENDPOINT)"
   135              - "--kubeedge-endpoint=$(KUBEEDGE_ENDPOINT)"
   136              - "--nodeid=$(KUBE_NODE_NAME)"
   137            env:
   138              - name: CSI_DRIVERNAME
   139                value: csi-hostpath
   140              - name: CSI_ENDPOINT
   141                value: unix:///csi/csi.sock
   142              - name: KUBEEDGE_ENDPOINT
   143                value: unix:///kubeedge/kubeedge.sock
   144              - name: KUBE_NODE_NAME
   145                # replace this value with the name of edge node
   146                # which is in charge of Create Volume and Delete Volume,
   147                # Controller Publish Volume and Controller Unpublish Volume.
   148                value: edge-node
   149            securityContext:
   150              privileged: true
   151            volumeMounts:
   152              - mountPath: /csi
   153                name: csi-socket-dir
   154              - mountPath: /kubeedge
   155                name: kubeedge-socket-dir
   156        volumes:
   157          - hostPath:
   158              path: /var/lib/kubelet/plugins/csi-hostpath
   159              type: DirectoryOrCreate
   160            name: csi-socket-dir
   161          - hostPath:
   162              path: /var/lib/kubeedge
   163              type: DirectoryOrCreate
   164            name: kubeedge-socket-dir