Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

azure-local-csi: Enable guest encryption #231

Open
wants to merge 2 commits into
base: cc-azurelocal-csi-driver/master
Choose a base branch
from
Open

azure-local-csi: Enable guest encryption #231

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3f95b6f
nodeserver: enable guest encryption
sprt Sep 12, 2024
2e6e875
cc-deploy: Fix local deployment
sprt Oct 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
202 changes: 202 additions & 0 deletions cc-deploy/csi-azuredisk-controller.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,202 @@
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: csi-cc-local-controller
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: csi-cc-local-controller
template:
metadata:
labels:
app: csi-cc-local-controller
spec:
hostNetwork: true
serviceAccountName: csi-cc-local-controller-sa
nodeSelector:
kubernetes.io/os: linux # add "kubernetes.io/role: master" to run controller on master node
priorityClassName: system-cluster-critical
securityContext:
seccompProfile:
type: RuntimeDefault
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/controlplane"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
containers:
- name: csi-provisioner
image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v4.0.0
args:
- "--feature-gates=Topology=true,HonorPVReclaimPolicy=true"
- "--csi-address=$(ADDRESS)"
- "--v=2"
- "--timeout=30s"
- "--leader-election"
- "--leader-election-namespace=kube-system"
- "--worker-threads=100"
- "--extra-create-metadata=true"
- "--strict-topology=true"
- "--kube-api-qps=50"
- "--kube-api-burst=100"
env:
- name: ADDRESS
value: /csi/csi.sock
volumeMounts:
- mountPath: /csi
name: socket-dir
resources:
limits:
memory: 500Mi
requests:
cpu: 10m
memory: 20Mi
- name: csi-attacher
image: mcr.microsoft.com/oss/kubernetes-csi/csi-attacher:v4.5.0
args:
- "-v=2"
- "-csi-address=$(ADDRESS)"
- "-timeout=1200s"
- "-leader-election"
- "--leader-election-namespace=kube-system"
- "-worker-threads=1000"
- "-kube-api-qps=200"
- "-kube-api-burst=400"
env:
- name: ADDRESS
value: /csi/csi.sock
volumeMounts:
- mountPath: /csi
name: socket-dir
resources:
limits:
memory: 500Mi
requests:
cpu: 10m
memory: 20Mi
- name: csi-snapshotter
image: mcr.microsoft.com/oss/kubernetes-csi/csi-snapshotter:v6.3.3
args:
- "-csi-address=$(ADDRESS)"
- "-leader-election"
- "--leader-election-namespace=kube-system"
- "--v=2"
- "--timeout=1200s"
env:
- name: ADDRESS
value: /csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /csi
resources:
limits:
memory: 200Mi
requests:
cpu: 10m
memory: 20Mi
- name: csi-resizer
image: mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v1.9.3
args:
- "-csi-address=$(ADDRESS)"
- "-v=2"
- "-leader-election"
- "--leader-election-namespace=kube-system"
- '-handle-volume-inuse-error=false'
- '-feature-gates=RecoverVolumeExpansionFailure=true'
- "-timeout=240s"
env:
- name: ADDRESS
value: /csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /csi
resources:
limits:
memory: 500Mi
requests:
cpu: 10m
memory: 20Mi
- name: liveness-probe
image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.12.0
args:
- --csi-address=/csi/csi.sock
- --probe-timeout=3s
- --health-port=29802
- --v=2
volumeMounts:
- name: socket-dir
mountPath: /csi
resources:
limits:
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
- name: cc-local
image: marinerconfpodsdev.azurecr.io/oss/kubernetes-sig/cc-local-csi:latest
imagePullPolicy: Always
args:
- "--v=5"
- "--endpoint=$(CSI_ENDPOINT)"
- "--metrics-address=0.0.0.0:29804"
- "--user-agent-suffix=OSS-kubectl"
- "--disable-avset-nodes=false"
- "--allow-empty-cloud-config=false"
ports:
- containerPort: 29802
name: healthz
protocol: TCP
- containerPort: 29804
name: metrics
protocol: TCP
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 30
timeoutSeconds: 10
periodSeconds: 30
env:
- name: AZURE_CREDENTIAL_FILE
valueFrom:
configMapKeyRef:
name: azure-cred-file
key: path
optional: true
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
- name: DISK_IMAGE_DIR
value: /images
volumeMounts:
- mountPath: /csi
name: socket-dir
- mountPath: /etc/kubernetes/
name: azure-cred
- mountPath: /images
name: image-dir
resources:
limits:
memory: 500Mi
requests:
cpu: 10m
memory: 20Mi
volumes:
- name: socket-dir
emptyDir: {}
- name: azure-cred
hostPath:
path: /etc/kubernetes/
type: DirectoryOrCreate
- name: image-dir
hostPath:
path: /var/lib/kubelet/plugins/cc.local.csi.azure.com/images
type: DirectoryOrCreate
12 changes: 12 additions & 0 deletions cc-deploy/csi-azuredisk-driver.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: cc.local.csi.azure.com
annotations:
csiDriver: v1.30.0
snapshot: v6.2.1
spec:
attachRequired: true
podInfoOnMount: false
fsGroupPolicy: File
Loading
Loading