diff --git a/ansible/group_vars/common.yml b/ansible/group_vars/common.yml index 89d99895d..7fd485106 100644 --- a/ansible/group_vars/common.yml +++ b/ansible/group_vars/common.yml @@ -57,8 +57,8 @@ nbp_remote_url: https://github.com/opensds/nbp.git ########### # If user specifies intalling from release,then he can choose the specific version -opensds_release: v0.3.1 # The version should be at least v0.2.1 -nbp_release: v0.3.1 # The version should be at least v0.2.1 +opensds_release: v0.3.2 # The version should be at least v0.2.1 +nbp_release: v0.3.2 # The version should be at least v0.2.1 # These fields are NOT suggested to be modified opensds_download_url: https://github.com/opensds/opensds/releases/download/{{ opensds_release }}/opensds-hotpot-{{ opensds_release }}-linux-amd64.tar.gz diff --git a/charts/csiplugin/templates/csi-attacher-opensdsplugin.yaml b/charts/csiplugin/templates/csi-attacher-opensdsplugin.yaml index e91b89279..4e1d97152 100644 --- a/charts/csiplugin/templates/csi-attacher-opensdsplugin.yaml +++ b/charts/csiplugin/templates/csi-attacher-opensdsplugin.yaml @@ -21,7 +21,7 @@ metadata: name: csi-attacher-opensdsplugin spec: serviceName: "csi-attacher-opensdsplugin" - replicas: 1 + replicas: {{ .Values.replicaCount }} template: metadata: labels: @@ -30,7 +30,7 @@ spec: serviceAccount: csi-attacher containers: - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:v0.2.0 + image: quay.io/k8scsi/csi-attacher:v0.4.0 args: - "--v=5" - "--csi-address=$(ADDRESS)" @@ -48,6 +48,8 @@ spec: args : - "--csiEndpoint=$(CSI_ENDPOINT)" - "--opensdsEndpoint=$(OPENSDS_ENDPOINT)" + - "--opensdsAuthStrategy=$(OPENSDS_AUTH_STRATEGY)" + - "-v8" env: - name: CSI_ENDPOINT value: unix://csi/csi.sock @@ -56,6 +58,41 @@ spec: configMapKeyRef: name: csi-configmap-opensdsplugin key: opensdsendpoint + - name: OPENSDS_AUTH_STRATEGY + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: opensdsauthstrategy + - name: OS_AUTH_URL + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osauthurl + - name: OS_USERNAME + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osusername + - name: OS_PASSWORD + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: ospassword + - name: OS_TENANT_NAME + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: ostenantname + - name: OS_PROJECT_NAME + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osprojectname + - name: OS_USER_DOMAIN_ID + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osuserdomainid imagePullPolicy: {{ .Values.imagePullPolicy }} volumeMounts: - name: socket-dir @@ -74,4 +111,4 @@ spec: - name: ceph-dir hostPath: path: /etc/ceph/ - type: Directory + type: DirectoryOrCreate diff --git a/charts/csiplugin/templates/csi-configmap-opensdsplugin.yaml b/charts/csiplugin/templates/csi-configmap-opensdsplugin.yaml index 84e6e72cf..592102963 100644 --- a/charts/csiplugin/templates/csi-configmap-opensdsplugin.yaml +++ b/charts/csiplugin/templates/csi-configmap-opensdsplugin.yaml @@ -6,4 +6,11 @@ apiVersion: v1 metadata: name: csi-configmap-opensdsplugin data: - opensdsendpoint: {{ .Values.opensdsEndpoint }} + opensdsendpoint: {{ .Values.data.opensdsEndpoint }} + opensdsauthstrategy: {{ .Values.data.opensdsAuthStrategy }} + osauthurl: {{ .Values.data.osAuthURL }} + osusername: {{ .Values.data.osUsername }} + ospassword: {{ .Values.data.osPassword }} + ostenantname: {{ .Values.data.osTenantName }} + osprojectname: {{ .Values.data.osProjectName }} + osuserdomainid: {{ .Values.data.osUserDomainId }} diff --git a/charts/csiplugin/templates/csi-nodeplugin-opensdsplugin.yaml b/charts/csiplugin/templates/csi-nodeplugin-opensdsplugin.yaml index 3de5d4b92..b3c758720 100644 --- a/charts/csiplugin/templates/csi-nodeplugin-opensdsplugin.yaml +++ b/charts/csiplugin/templates/csi-nodeplugin-opensdsplugin.yaml @@ -18,10 +18,11 @@ spec: hostNetwork: true containers: - name: driver-registrar - image: quay.io/k8scsi/driver-registrar:v0.2.0 + image: quay.io/k8scsi/driver-registrar:v0.4.0 args: - "--v=5" - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(ADDRESS)" env: - name: ADDRESS value: /var/lib/kubelet/plugins/csi-opensdsplugin/csi.sock @@ -29,9 +30,12 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName + imagePullPolicy: "IfNotPresent" volumeMounts: - name: socket-dir mountPath: /var/lib/kubelet/plugins/csi-opensdsplugin + - name: registration-dir + mountPath: /registration - name: opensds securityContext: privileged: true @@ -42,6 +46,8 @@ spec: args : - "--csiEndpoint=$(CSI_ENDPOINT)" - "--opensdsEndpoint=$(OPENSDS_ENDPOINT)" + - "--opensdsAuthStrategy=$(OPENSDS_AUTH_STRATEGY)" + - "-v8" env: - name: CSI_ENDPOINT value: unix://var/lib/kubelet/plugins/csi-opensdsplugin/csi.sock @@ -50,6 +56,41 @@ spec: configMapKeyRef: name: csi-configmap-opensdsplugin key: opensdsendpoint + - name: OPENSDS_AUTH_STRATEGY + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: opensdsauthstrategy + - name: OS_AUTH_URL + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osauthurl + - name: OS_USERNAME + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osusername + - name: OS_PASSWORD + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: ospassword + - name: OS_TENANT_NAME + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: ostenantname + - name: OS_PROJECT_NAME + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osprojectname + - name: OS_USER_DOMAIN_ID + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osuserdomainid imagePullPolicy: {{ .Values.imagePullPolicy }} volumeMounts: - name: socket-dir @@ -59,7 +100,7 @@ spec: mountPropagation: "Bidirectional" - name: pods-probe-dir mountPath: /dev - mountPropagation: "Bidirectional" + mountPropagation: "HostToContainer" - name: iscsi-dir mountPath: /etc/iscsi/ - name: ceph-dir @@ -84,4 +125,8 @@ spec: - name: ceph-dir hostPath: path: /etc/ceph/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins type: Directory diff --git a/charts/csiplugin/templates/csi-provisioner-opensdsplugin.yaml b/charts/csiplugin/templates/csi-provisioner-opensdsplugin.yaml index df6e93066..b043f62af 100644 --- a/charts/csiplugin/templates/csi-provisioner-opensdsplugin.yaml +++ b/charts/csiplugin/templates/csi-provisioner-opensdsplugin.yaml @@ -21,7 +21,7 @@ metadata: name: csi-provisioner-opensdsplugin spec: serviceName: "csi-provisioner-opensdsplugin" - replicas: 1 + replicas: {{ .Values.replicaCount }} template: metadata: labels: @@ -30,10 +30,12 @@ spec: serviceAccount: csi-provisioner containers: - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:v0.2.0 + # This should be replaced by an official k8s-csi provisioner image when it is released. + image: quay.io/k8scsi/csi-provisioner:v0.4.0 args: - "--provisioner=csi-opensdsplugin" - "--csi-address=$(ADDRESS)" + - "--connection-timeout=15s" env: - name: ADDRESS value: /csi/csi.sock @@ -46,6 +48,8 @@ spec: args : - "--csiEndpoint=$(CSI_ENDPOINT)" - "--opensdsEndpoint=$(OPENSDS_ENDPOINT)" + - "--opensdsAuthStrategy=$(OPENSDS_AUTH_STRATEGY)" + - "-v8" env: - name: CSI_ENDPOINT value: unix://csi/csi.sock @@ -54,6 +58,41 @@ spec: configMapKeyRef: name: csi-configmap-opensdsplugin key: opensdsendpoint + - name: OPENSDS_AUTH_STRATEGY + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: opensdsauthstrategy + - name: OS_AUTH_URL + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osauthurl + - name: OS_USERNAME + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osusername + - name: OS_PASSWORD + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: ospassword + - name: OS_TENANT_NAME + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: ostenantname + - name: OS_PROJECT_NAME + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osprojectname + - name: OS_USER_DOMAIN_ID + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osuserdomainid imagePullPolicy: {{ .Values.imagePullPolicy }} volumeMounts: - name: socket-dir diff --git a/charts/csiplugin/templates/csi-provisioner-rbac.yaml b/charts/csiplugin/templates/csi-provisioner-rbac.yaml index 6a04182de..c6b11ad19 100644 --- a/charts/csiplugin/templates/csi-provisioner-rbac.yaml +++ b/charts/csiplugin/templates/csi-provisioner-rbac.yaml @@ -27,8 +27,18 @@ rules: - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - - + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "create", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create","get", "list", "watch","update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create","get", "list", "watch","update", "delete"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/charts/csiplugin/templates/csi-snapshotter-opensdsplugin.yaml b/charts/csiplugin/templates/csi-snapshotter-opensdsplugin.yaml new file mode 100644 index 000000000..c3268fad1 --- /dev/null +++ b/charts/csiplugin/templates/csi-snapshotter-opensdsplugin.yaml @@ -0,0 +1,102 @@ +# This YAML file contains snapshotter & csi driver API objects, +# which are necessary to run external csi snapshotter for opensds. + +kind: Service +apiVersion: v1 +metadata: + name: csi-snapshotter-opensdsplugin + labels: + app: csi-snapshotter-opensdsplugin +spec: + selector: + app: csi-snapshotter-opensdsplugin + ports: + - name: dummy + port: 12345 + +--- +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: csi-snapshotter-opensdsplugin +spec: + serviceName: "csi-snapshotter-opensdsplugin" + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: csi-snapshotter-opensdsplugin + spec: + serviceAccount: csi-snapshotter + containers: + - name: csi-snapshotter + # This should be replaced by an official k8s-csi snapshotter image when it is released. + image: quay.io/k8scsi/csi-snapshotter:v0.4.0 + args: + - "--snapshotter=csi-opensdsplugin" + - "--csi-address=$(ADDRESS)" + - "--connection-timeout=15s" + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: opensds + image: {{ .Values.image }} + args : + - "--csiEndpoint=$(CSI_ENDPOINT)" + - "--opensdsEndpoint=$(OPENSDS_ENDPOINT)" + - "--opensdsAuthStrategy=$(OPENSDS_AUTH_STRATEGY)" + - "-v8" + env: + - name: CSI_ENDPOINT + value: unix://csi/csi.sock + - name: OPENSDS_ENDPOINT + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: opensdsendpoint + - name: OPENSDS_AUTH_STRATEGY + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: opensdsauthstrategy + - name: OS_AUTH_URL + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osauthurl + - name: OS_USERNAME + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osusername + - name: OS_PASSWORD + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: ospassword + - name: OS_TENANT_NAME + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: ostenantname + - name: OS_PROJECT_NAME + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osprojectname + - name: OS_USER_DOMAIN_ID + valueFrom: + configMapKeyRef: + name: csi-configmap-opensdsplugin + key: osuserdomainid + imagePullPolicy: {{ .Values.imagePullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /csi + volumes: + - name: socket-dir + emptyDir: diff --git a/charts/csiplugin/templates/csi-snapshotter-rbac.yaml b/charts/csiplugin/templates/csi-snapshotter-rbac.yaml new file mode 100644 index 000000000..2d4793928 --- /dev/null +++ b/charts/csiplugin/templates/csi-snapshotter-rbac.yaml @@ -0,0 +1,58 @@ +# This YAML file contains RBAC API objects, +# which are necessary to run external csi snapshotter for opensds. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-snapshotter + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-snapshotter-runner +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create","get", "list", "watch","update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create","get", "list", "watch","update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create","get", "list", "watch","delete"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-snapshotter-role +subjects: + - kind: ServiceAccount + name: csi-snapshotter + namespace: default +roleRef: + kind: ClusterRole + name: external-snapshotter-runner + apiGroup: rbac.authorization.k8s.io diff --git a/charts/csiplugin/values.yaml b/charts/csiplugin/values.yaml index e415d7fcc..a9bac61b8 100644 --- a/charts/csiplugin/values.yaml +++ b/charts/csiplugin/values.yaml @@ -7,5 +7,13 @@ image: opensdsio/csiplugin:latest imagePullPolicy: IfNotPresent # ImageRestartPolicy: valid values are "Never", and "Always" imageRestartPolicy: Never -# Please modify opensdsEndpoint field in real environment -opensdsEndpoint: http://127.0.0.1:50040 +# Please modify data fields in real environment +data: + opensdsEndpoint: http://127.0.0.1:50040 + opensdsAuthStrategy: keystone + osAuthURL: http://127.0.0.1/identity + osUsername: admin + osPassword: opensds@123 + osTenantName: admin + osProjectName: admin + osUserDomainId: default diff --git a/charts/opensds/templates/deployment.yaml b/charts/opensds/templates/deployment.yaml index 8afee4427..1a9e8163b 100644 --- a/charts/opensds/templates/deployment.yaml +++ b/charts/opensds/templates/deployment.yaml @@ -30,6 +30,8 @@ spec: - name: osdslet image: {{ .Values.image.osdslet }} imagePullPolicy: {{ .Values.imagePullPolicy }} + command: ["bin/sh"] + args: ["-c", "/usr/bin/osdslet -logtostderr"] volumeMounts: - name: opensds-conf-dir mountPath: /etc/opensds @@ -41,17 +43,30 @@ spec: allowPrivilegeEscalation: true image: {{ .Values.image.osdsdock }} imagePullPolicy: {{ .Values.imagePullPolicy }} + command: ["bin/sh"] + args: ["-c", "/usr/sbin/tgtd; /usr/bin/osdsdock -logtostderr"] + ports: + - containerPort: 3260 volumeMounts: - name: opensds-conf-dir mountPath: /etc/opensds - mountPropagation: "Bidirectional" - - name: lvm-socket-dir - mountPath: /run/lvm - - name: tgt-socket-dir - mountPath: /var/run/tgtd + - name: ceph-conf-dir + mountPath: /etc/ceph - name: tgt-conf-dir mountPath: /etc/tgt mountPropagation: "Bidirectional" + - name: run-dir + mountPath: /run + mountPropagation: "Bidirectional" + - name: dev-dir + mountPath: /dev + mountPropagation: "HostToContainer" + - name: local-time-file + mountPath: /etc/localtime + readOnly: true + - name: lib-modules-dir + mountPath: /lib/modules + readOnly: true volumes: - name: etcd-cert-dir hostPath: @@ -61,15 +76,27 @@ spec: hostPath: path: /etc/opensds type: Directory - - name: lvm-socket-dir + - name: ceph-conf-dir + hostPath: + path: /etc/ceph + type: DirectoryOrCreate + - name: tgt-conf-dir hostPath: - path: /run/lvm + path: /etc/tgt type: Directory - - name: tgt-socket-dir + - name: run-dir hostPath: - path: /var/run/tgtd + path: /run type: Directory - - name: tgt-conf-dir + - name: dev-dir hostPath: - path: /etc/tgt - type: Directory + path: /dev + type: Directory + - name: local-time-file + hostPath: + path: /etc/localtime + type: File + - name: lib-modules-dir + hostPath: + path: /lib/modules + type: Directory