1390 lines
42 KiB
YAML
1390 lines
42 KiB
YAML
|
---
|
||
|
# Source: datashim-charts/charts/csi-nfs-chart/templates/csi-attacher-rbac.yaml
|
||
|
# This YAML file contains RBAC API objects that are necessary to run external
|
||
|
# CSI attacher for nfs flex adapter
|
||
|
|
||
|
apiVersion: v1
|
||
|
kind: ServiceAccount
|
||
|
metadata:
|
||
|
name: csi-attacher-nfs
|
||
|
labels:
|
||
|
helm.sh/chart: csi-nfs-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-nfs-chart/templates/csi-nodeplugin-rbac.yaml
|
||
|
# This YAML defines all API objects to create RBAC roles for CSI node plugin
|
||
|
apiVersion: v1
|
||
|
kind: ServiceAccount
|
||
|
metadata:
|
||
|
name: csi-nodeplugin
|
||
|
labels:
|
||
|
helm.sh/chart: csi-nfs-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-s3-chart/templates/csi-s3.yaml
|
||
|
apiVersion: v1
|
||
|
kind: ServiceAccount
|
||
|
metadata:
|
||
|
name: csi-s3
|
||
|
labels:
|
||
|
helm.sh/chart: csi-s3-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml
|
||
|
# This YAML file contains all RBAC objects that are necessary to run external
|
||
|
# CSI attacher.
|
||
|
#
|
||
|
# In production, each CSI driver deployment has to be customized:
|
||
|
# - to avoid conflicts, use non-default namespace and different names
|
||
|
# for non-namespaced entities like the ClusterRole
|
||
|
# - decide whether the deployment replicates the external CSI
|
||
|
# attacher, in which case leadership election must be enabled;
|
||
|
# this influences the RBAC setup, see below
|
||
|
|
||
|
apiVersion: v1
|
||
|
kind: ServiceAccount
|
||
|
metadata:
|
||
|
name: csi-attacher
|
||
|
# replace with non-default namespace name
|
||
|
namespace: dlf
|
||
|
labels:
|
||
|
helm.sh/chart: csi-sidecars-rbac-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml
|
||
|
# This YAML file contains all RBAC objects that are necessary to run external
|
||
|
# CSI provisioner.
|
||
|
#
|
||
|
# In production, each CSI driver deployment has to be customized:
|
||
|
# - to avoid conflicts, use non-default namespace and different names
|
||
|
# for non-namespaced entities like the ClusterRole
|
||
|
# - decide whether the deployment replicates the external CSI
|
||
|
# provisioner, in which case leadership election must be enabled;
|
||
|
# this influences the RBAC setup, see below
|
||
|
|
||
|
apiVersion: v1
|
||
|
kind: ServiceAccount
|
||
|
metadata:
|
||
|
name: csi-provisioner
|
||
|
# replace with non-default namespace name
|
||
|
namespace: dlf
|
||
|
labels:
|
||
|
helm.sh/chart: csi-sidecars-rbac-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
---
|
||
|
# Source: datashim-charts/charts/dataset-operator-chart/templates/rbac/service_account.yaml
|
||
|
apiVersion: v1
|
||
|
kind: ServiceAccount
|
||
|
metadata:
|
||
|
name: dataset-operator
|
||
|
labels:
|
||
|
helm.sh/chart: dataset-operator-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
---
|
||
|
# Source: datashim-charts/charts/dataset-operator-chart/templates/secrets/server-tls.yaml
|
||
|
apiVersion: v1
|
||
|
kind: Secret
|
||
|
metadata:
|
||
|
labels:
|
||
|
app.kubernetes.io/name: dlf
|
||
|
name: webhook-server-tls
|
||
|
namespace: dlf
|
||
|
type: kubernetes.io/tls
|
||
|
data:
|
||
|
tls.crt: YmFyCg==
|
||
|
tls.key: YmFyCg==
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-s3-chart/templates/storageclass.yaml
|
||
|
kind: StorageClass
|
||
|
apiVersion: storage.k8s.io/v1
|
||
|
metadata:
|
||
|
name: csi-s3
|
||
|
labels:
|
||
|
helm.sh/chart: csi-s3-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
provisioner: ch.ctrox.csi.s3-driver
|
||
|
parameters:
|
||
|
# specify which mounter to use
|
||
|
# can be set to s3fs, goofys
|
||
|
# OTHER OPTIONS NOT WORKING!
|
||
|
mounter: goofys
|
||
|
|
||
|
csi.storage.k8s.io/provisioner-secret-name: ${pvc.name}
|
||
|
csi.storage.k8s.io/provisioner-secret-namespace: ${pvc.namespace}
|
||
|
|
||
|
csi.storage.k8s.io/controller-publish-secret-name: ${pvc.name}
|
||
|
csi.storage.k8s.io/controller-publish-secret-namespace: ${pvc.namespace}
|
||
|
|
||
|
csi.storage.k8s.io/node-stage-secret-name: ${pvc.name}
|
||
|
csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace}
|
||
|
|
||
|
csi.storage.k8s.io/node-publish-secret-name: ${pvc.name}
|
||
|
csi.storage.k8s.io/node-publish-secret-namespace: ${pvc.namespace}
|
||
|
---
|
||
|
# Source: datashim-charts/charts/dataset-operator-chart/templates/crds/com.ie.ibm.hpsys_datasetinternals_crd.yaml
|
||
|
apiVersion: apiextensions.k8s.io/v1
|
||
|
kind: CustomResourceDefinition
|
||
|
metadata:
|
||
|
annotations:
|
||
|
controller-gen.kubebuilder.io/version: v0.8.0
|
||
|
creationTimestamp: null
|
||
|
name: datasetsinternal.datashim.io
|
||
|
spec:
|
||
|
group: datashim.io
|
||
|
names:
|
||
|
kind: DatasetInternal
|
||
|
listKind: DatasetInternalList
|
||
|
plural: datasetsinternal
|
||
|
singular: datasetinternal
|
||
|
scope: Namespaced
|
||
|
versions:
|
||
|
- name: v1alpha1
|
||
|
schema:
|
||
|
openAPIV3Schema:
|
||
|
description: DatasetInternal is the Schema for the datasetsinternal API
|
||
|
properties:
|
||
|
apiVersion:
|
||
|
description: 'APIVersion defines the versioned schema of this representation
|
||
|
of an object. Servers should convert recognized schemas to the latest
|
||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
|
type: string
|
||
|
kind:
|
||
|
description: 'Kind is a string value representing the REST resource this
|
||
|
object represents. Servers may infer this from the endpoint the client
|
||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
|
type: string
|
||
|
metadata:
|
||
|
type: object
|
||
|
spec:
|
||
|
description: DatasetSpec defines the desired state of Dataset
|
||
|
properties:
|
||
|
extract:
|
||
|
type: string
|
||
|
format:
|
||
|
type: string
|
||
|
local:
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
description: Foo is an example field of Dataset. Edit dataset_types.go
|
||
|
to remove/update
|
||
|
type: object
|
||
|
remote:
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
type: object
|
||
|
type:
|
||
|
description: TODO temp definition for archive
|
||
|
type: string
|
||
|
url:
|
||
|
type: string
|
||
|
type: object
|
||
|
status:
|
||
|
description: DatasetInternalStatus defines the observed state of DatasetInternal
|
||
|
properties:
|
||
|
caching:
|
||
|
properties:
|
||
|
placements:
|
||
|
properties:
|
||
|
datalocations:
|
||
|
items:
|
||
|
properties:
|
||
|
key:
|
||
|
type: string
|
||
|
value:
|
||
|
type: string
|
||
|
type: object
|
||
|
type: array
|
||
|
gateways:
|
||
|
items:
|
||
|
properties:
|
||
|
key:
|
||
|
type: string
|
||
|
value:
|
||
|
type: string
|
||
|
type: object
|
||
|
type: array
|
||
|
type: object
|
||
|
type: object
|
||
|
type: object
|
||
|
type: object
|
||
|
served: true
|
||
|
storage: true
|
||
|
subresources:
|
||
|
status: {}
|
||
|
status:
|
||
|
acceptedNames:
|
||
|
kind: ""
|
||
|
plural: ""
|
||
|
conditions: []
|
||
|
storedVersions: []
|
||
|
---
|
||
|
# Source: datashim-charts/charts/dataset-operator-chart/templates/crds/com.ie.ibm.hpsys_datasets_crd.yaml
|
||
|
apiVersion: apiextensions.k8s.io/v1
|
||
|
kind: CustomResourceDefinition
|
||
|
metadata:
|
||
|
annotations:
|
||
|
controller-gen.kubebuilder.io/version: v0.8.0
|
||
|
creationTimestamp: null
|
||
|
name: datasets.datashim.io
|
||
|
spec:
|
||
|
group: datashim.io
|
||
|
names:
|
||
|
kind: Dataset
|
||
|
listKind: DatasetList
|
||
|
plural: datasets
|
||
|
singular: dataset
|
||
|
scope: Namespaced
|
||
|
versions:
|
||
|
- name: v1alpha1
|
||
|
schema:
|
||
|
openAPIV3Schema:
|
||
|
description: Dataset is the Schema for the datasets API
|
||
|
properties:
|
||
|
apiVersion:
|
||
|
description: 'APIVersion defines the versioned schema of this representation
|
||
|
of an object. Servers should convert recognized schemas to the latest
|
||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
|
type: string
|
||
|
kind:
|
||
|
description: 'Kind is a string value representing the REST resource this
|
||
|
object represents. Servers may infer this from the endpoint the client
|
||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
|
type: string
|
||
|
metadata:
|
||
|
type: object
|
||
|
spec:
|
||
|
description: DatasetSpec defines the desired state of Dataset
|
||
|
properties:
|
||
|
extract:
|
||
|
type: string
|
||
|
format:
|
||
|
type: string
|
||
|
local:
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
description: Foo is an example field of Dataset. Edit dataset_types.go
|
||
|
to remove/update
|
||
|
type: object
|
||
|
remote:
|
||
|
additionalProperties:
|
||
|
type: string
|
||
|
type: object
|
||
|
type:
|
||
|
description: TODO temp definition for archive
|
||
|
type: string
|
||
|
url:
|
||
|
type: string
|
||
|
type: object
|
||
|
status:
|
||
|
description: DatasetStatus defines the observed state of Dataset
|
||
|
properties:
|
||
|
caching:
|
||
|
properties:
|
||
|
info:
|
||
|
type: string
|
||
|
status:
|
||
|
type: string
|
||
|
type: object
|
||
|
provision:
|
||
|
properties:
|
||
|
info:
|
||
|
type: string
|
||
|
status:
|
||
|
type: string
|
||
|
type: object
|
||
|
type: object
|
||
|
type: object
|
||
|
served: true
|
||
|
storage: true
|
||
|
subresources:
|
||
|
status: {}
|
||
|
status:
|
||
|
acceptedNames:
|
||
|
kind: ""
|
||
|
plural: ""
|
||
|
conditions: []
|
||
|
storedVersions: []
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-nfs-chart/templates/csi-attacher-rbac.yaml
|
||
|
kind: ClusterRole
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: external-attacher-runner-nfs
|
||
|
labels:
|
||
|
helm.sh/chart: csi-nfs-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
rules:
|
||
|
- apiGroups: [""]
|
||
|
resources: ["persistentvolumes"]
|
||
|
verbs: ["get", "list", "watch", "update"]
|
||
|
- apiGroups: [""]
|
||
|
resources: ["nodes"]
|
||
|
verbs: ["get", "list", "watch"]
|
||
|
- apiGroups: ["storage.k8s.io"]
|
||
|
resources: ["volumeattachments"]
|
||
|
verbs: ["get", "list", "watch", "update", "patch"]
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-nfs-chart/templates/csi-nodeplugin-rbac.yaml
|
||
|
kind: ClusterRole
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: csi-nodeplugin
|
||
|
labels:
|
||
|
helm.sh/chart: csi-nfs-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
rules:
|
||
|
- apiGroups: [""]
|
||
|
resources: ["persistentvolumes"]
|
||
|
verbs: ["get", "list", "watch", "update"]
|
||
|
- apiGroups: [""]
|
||
|
resources: ["nodes"]
|
||
|
verbs: ["get", "list", "watch", "update"]
|
||
|
- apiGroups: ["storage.k8s.io"]
|
||
|
resources: ["volumeattachments"]
|
||
|
verbs: ["get", "list", "watch", "update"]
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-s3-chart/templates/csi-s3.yaml
|
||
|
kind: ClusterRole
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: csi-s3
|
||
|
labels:
|
||
|
helm.sh/chart: csi-s3-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
rules:
|
||
|
- apiGroups: [""]
|
||
|
resources: ["secrets"]
|
||
|
verbs: ["get", "list"]
|
||
|
- apiGroups: [""]
|
||
|
resources: ["nodes"]
|
||
|
verbs: ["get", "list", "update"]
|
||
|
- apiGroups: [""]
|
||
|
resources: ["namespaces"]
|
||
|
verbs: ["get", "list"]
|
||
|
- apiGroups: [""]
|
||
|
resources: ["persistentvolumes"]
|
||
|
verbs: ["get", "list", "watch", "update"]
|
||
|
- apiGroups: ["storage.k8s.io"]
|
||
|
resources: ["volumeattachments"]
|
||
|
verbs: ["get", "list", "watch", "update","create"]
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml
|
||
|
# Attacher must be able to work with PVs, CSINodes and VolumeAttachments
|
||
|
kind: ClusterRole
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: external-attacher-runner
|
||
|
labels:
|
||
|
helm.sh/chart: csi-sidecars-rbac-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
rules:
|
||
|
- apiGroups: [""]
|
||
|
resources: ["persistentvolumes"]
|
||
|
verbs: ["get", "list", "watch", "update", "patch"] #Adding "update"
|
||
|
- apiGroups: ["storage.k8s.io"]
|
||
|
resources: ["csinodes"]
|
||
|
verbs: ["get", "list", "watch"]
|
||
|
- apiGroups: ["storage.k8s.io"]
|
||
|
resources: ["volumeattachments"]
|
||
|
verbs: ["get", "list", "watch", "update", "patch", "create"] #Adding "update"
|
||
|
- apiGroups: ["storage.k8s.io"]
|
||
|
resources: ["volumeattachments/status"]
|
||
|
verbs: ["patch"]
|
||
|
#Secret permission is optional.
|
||
|
#Enable it if you need value from secret.
|
||
|
#For example, you have key `csi.storage.k8s.io/controller-publish-secret-name` in StorageClass.parameters
|
||
|
#see https://kubernetes-csi.github.io/docs/secrets-and-credentials.html
|
||
|
# - apiGroups: [""]
|
||
|
# resources: ["secrets"]
|
||
|
# verbs: ["get", "list"]
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml
|
||
|
kind: ClusterRole
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: external-provisioner-runner
|
||
|
labels:
|
||
|
helm.sh/chart: csi-sidecars-rbac-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
rules:
|
||
|
# The following rule should be uncommented for plugins that require secrets
|
||
|
# for provisioning. #Enabling secrets
|
||
|
- apiGroups: [""]
|
||
|
resources: ["secrets"]
|
||
|
verbs: ["get", "list"]
|
||
|
- apiGroups: [""]
|
||
|
resources: ["persistentvolumes"]
|
||
|
verbs: ["get", "list", "watch", "create", "delete"]
|
||
|
- apiGroups: [""]
|
||
|
resources: ["persistentvolumeclaims"]
|
||
|
verbs: ["get", "list", "watch", "update"]
|
||
|
- apiGroups: ["storage.k8s.io"]
|
||
|
resources: ["storageclasses"]
|
||
|
verbs: ["get", "list", "watch"]
|
||
|
- apiGroups: [""]
|
||
|
resources: ["events"]
|
||
|
verbs: ["list", "watch", "create", "update", "patch"]
|
||
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
||
|
resources: ["volumesnapshots"]
|
||
|
verbs: ["get", "list"]
|
||
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
||
|
resources: ["volumesnapshotcontents"]
|
||
|
verbs: ["get", "list"]
|
||
|
- apiGroups: ["storage.k8s.io"]
|
||
|
resources: ["csinodes"]
|
||
|
verbs: ["get", "list", "watch"]
|
||
|
- apiGroups: [""]
|
||
|
resources: ["nodes"]
|
||
|
verbs: ["get", "list", "watch"]
|
||
|
# Access to volumeattachments is only needed when the CSI driver
|
||
|
# has the PUBLISH_UNPUBLISH_VOLUME controller capability.
|
||
|
# In that case, external-provisioner will watch volumeattachments
|
||
|
# to determine when it is safe to delete a volume.
|
||
|
- apiGroups: ["storage.k8s.io"]
|
||
|
resources: ["volumeattachments"]
|
||
|
verbs: ["get", "list", "watch","create"]
|
||
|
---
|
||
|
# Source: datashim-charts/charts/dataset-operator-chart/templates/rbac/role.yaml
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
kind: ClusterRole
|
||
|
metadata:
|
||
|
creationTimestamp: null
|
||
|
name: dataset-operator
|
||
|
labels:
|
||
|
helm.sh/chart: dataset-operator-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
rules:
|
||
|
- apiGroups:
|
||
|
- ""
|
||
|
resources:
|
||
|
- pods
|
||
|
- services
|
||
|
- endpoints
|
||
|
- persistentvolumeclaims
|
||
|
- persistentvolumes
|
||
|
- events
|
||
|
- configmaps
|
||
|
- secrets
|
||
|
verbs:
|
||
|
- '*'
|
||
|
- apiGroups:
|
||
|
- apps
|
||
|
resources:
|
||
|
- deployments
|
||
|
- daemonsets
|
||
|
- replicasets
|
||
|
- statefulsets
|
||
|
verbs:
|
||
|
- '*'
|
||
|
- apiGroups:
|
||
|
- monitoring.coreos.com
|
||
|
resources:
|
||
|
- servicemonitors
|
||
|
verbs:
|
||
|
- get
|
||
|
- create
|
||
|
- apiGroups:
|
||
|
- apps
|
||
|
resourceNames:
|
||
|
- dataset-operator
|
||
|
resources:
|
||
|
- deployments/finalizers
|
||
|
verbs:
|
||
|
- update
|
||
|
- apiGroups:
|
||
|
- ""
|
||
|
resources:
|
||
|
- pods
|
||
|
verbs:
|
||
|
- get
|
||
|
- apiGroups:
|
||
|
- apps
|
||
|
resources:
|
||
|
- replicasets
|
||
|
verbs:
|
||
|
- get
|
||
|
- apiGroups:
|
||
|
- datashim.io
|
||
|
resources:
|
||
|
- '*'
|
||
|
- datasetsinternal
|
||
|
- datasets
|
||
|
verbs:
|
||
|
- '*'
|
||
|
- apiGroups:
|
||
|
- storage.k8s.io
|
||
|
resources:
|
||
|
- '*'
|
||
|
verbs:
|
||
|
- '*'
|
||
|
- apiGroups:
|
||
|
- objectbucket.io
|
||
|
resources:
|
||
|
- '*'
|
||
|
verbs:
|
||
|
- '*'
|
||
|
- apiGroups:
|
||
|
- admissionregistration.k8s.io
|
||
|
resources:
|
||
|
- mutatingwebhookconfigurations
|
||
|
verbs:
|
||
|
- '*'
|
||
|
- apiGroups: ["batch", "extensions"]
|
||
|
resources: ["jobs"]
|
||
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-nfs-chart/templates/csi-attacher-rbac.yaml
|
||
|
kind: ClusterRoleBinding
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: csi-attacher-role-nfs
|
||
|
labels:
|
||
|
helm.sh/chart: csi-nfs-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
subjects:
|
||
|
- kind: ServiceAccount
|
||
|
name: csi-attacher-nfs
|
||
|
namespace: dlf
|
||
|
roleRef:
|
||
|
kind: ClusterRole
|
||
|
name: external-attacher-runner-nfs
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-nfs-chart/templates/csi-nodeplugin-rbac.yaml
|
||
|
kind: ClusterRoleBinding
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: csi-nodeplugin
|
||
|
labels:
|
||
|
helm.sh/chart: csi-nfs-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
subjects:
|
||
|
- kind: ServiceAccount
|
||
|
name: csi-nodeplugin
|
||
|
namespace: dlf
|
||
|
roleRef:
|
||
|
kind: ClusterRole
|
||
|
name: csi-nodeplugin
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-s3-chart/templates/csi-s3.yaml
|
||
|
kind: ClusterRoleBinding
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: csi-s3
|
||
|
labels:
|
||
|
helm.sh/chart: csi-s3-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
subjects:
|
||
|
- kind: ServiceAccount
|
||
|
name: csi-s3
|
||
|
namespace: dlf
|
||
|
roleRef:
|
||
|
kind: ClusterRole
|
||
|
name: csi-s3
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml
|
||
|
kind: ClusterRoleBinding
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: csi-attacher-role
|
||
|
labels:
|
||
|
helm.sh/chart: csi-sidecars-rbac-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
subjects:
|
||
|
- kind: ServiceAccount
|
||
|
name: csi-attacher
|
||
|
# replace with non-default namespace name
|
||
|
namespace: dlf
|
||
|
roleRef:
|
||
|
kind: ClusterRole
|
||
|
name: external-attacher-runner
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml
|
||
|
kind: ClusterRoleBinding
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: csi-provisioner-role
|
||
|
labels:
|
||
|
helm.sh/chart: csi-sidecars-rbac-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
subjects:
|
||
|
- kind: ServiceAccount
|
||
|
name: csi-provisioner
|
||
|
# replace with non-default namespace name
|
||
|
namespace: dlf
|
||
|
roleRef:
|
||
|
kind: ClusterRole
|
||
|
name: external-provisioner-runner
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
---
|
||
|
# Source: datashim-charts/charts/dataset-operator-chart/templates/rbac/role_binding.yaml
|
||
|
kind: ClusterRoleBinding
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: dataset-operator
|
||
|
labels:
|
||
|
helm.sh/chart: dataset-operator-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
subjects:
|
||
|
- kind: ServiceAccount
|
||
|
name: dataset-operator
|
||
|
namespace: dlf
|
||
|
roleRef:
|
||
|
kind: ClusterRole
|
||
|
name: dataset-operator
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml
|
||
|
# Attacher must be able to work with configmaps or leases in the current namespace
|
||
|
# if (and only if) leadership election is enabled
|
||
|
kind: Role
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
# replace with non-default namespace name
|
||
|
namespace: dlf
|
||
|
name: external-attacher-cfg
|
||
|
labels:
|
||
|
helm.sh/chart: csi-sidecars-rbac-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
rules:
|
||
|
- apiGroups: ["coordination.k8s.io"]
|
||
|
resources: ["leases"]
|
||
|
verbs: ["get", "watch", "list", "delete", "update", "create"]
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml
|
||
|
# Provisioner must be able to work with endpoints in current namespace
|
||
|
# if (and only if) leadership election is enabled
|
||
|
kind: Role
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
# replace with non-default namespace name
|
||
|
namespace: dlf
|
||
|
name: external-provisioner-cfg
|
||
|
labels:
|
||
|
helm.sh/chart: csi-sidecars-rbac-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
rules:
|
||
|
# Only one of the following rules for endpoints or leases is required based on
|
||
|
# what is set for `--leader-election-type`. Endpoints are deprecated in favor of Leases.
|
||
|
- apiGroups: [""]
|
||
|
resources: ["endpoints"]
|
||
|
verbs: ["get", "watch", "list", "delete", "update", "create"]
|
||
|
- apiGroups: ["coordination.k8s.io"]
|
||
|
resources: ["leases"]
|
||
|
verbs: ["get", "watch", "list", "delete", "update", "create"]
|
||
|
# Permissions for CSIStorageCapacity are only needed enabling the publishing
|
||
|
# of storage capacity information.
|
||
|
- apiGroups: ["storage.k8s.io"]
|
||
|
resources: ["csistoragecapacities"]
|
||
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||
|
# The GET permissions below are needed for walking up the ownership chain
|
||
|
# for CSIStorageCapacity. They are sufficient for deployment via
|
||
|
# StatefulSet (only needs to get Pod) and Deployment (needs to get
|
||
|
# Pod and then ReplicaSet to find the Deployment).
|
||
|
- apiGroups: [""]
|
||
|
resources: ["pods"]
|
||
|
verbs: ["get"]
|
||
|
- apiGroups: ["apps"]
|
||
|
resources: ["replicasets"]
|
||
|
verbs: ["get"]
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml
|
||
|
kind: RoleBinding
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: csi-attacher-role-cfg
|
||
|
# replace with non-default namespace name
|
||
|
namespace: dlf
|
||
|
labels:
|
||
|
helm.sh/chart: csi-sidecars-rbac-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
subjects:
|
||
|
- kind: ServiceAccount
|
||
|
name: csi-attacher
|
||
|
# replace with non-default namespace name
|
||
|
namespace: dlf
|
||
|
roleRef:
|
||
|
kind: Role
|
||
|
name: external-attacher-cfg
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml
|
||
|
kind: RoleBinding
|
||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
metadata:
|
||
|
name: csi-provisioner-role-cfg
|
||
|
# replace with non-default namespace name
|
||
|
namespace: dlf
|
||
|
labels:
|
||
|
helm.sh/chart: csi-sidecars-rbac-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
subjects:
|
||
|
- kind: ServiceAccount
|
||
|
name: csi-provisioner
|
||
|
# replace with non-default namespace name
|
||
|
namespace: dlf
|
||
|
roleRef:
|
||
|
kind: Role
|
||
|
name: external-provisioner-cfg
|
||
|
apiGroup: rbac.authorization.k8s.io
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-nfs-chart/templates/csi-attacher-nfsplugin.yaml
|
||
|
# This YAML file contains attacher & csi driver API objects that are necessary
|
||
|
# to run external CSI attacher for nfs
|
||
|
kind: Service
|
||
|
apiVersion: v1
|
||
|
metadata:
|
||
|
name: csi-attacher-nfsplugin
|
||
|
namespace: dlf
|
||
|
labels:
|
||
|
app: csi-attacher-nfsplugin
|
||
|
helm.sh/chart: csi-nfs-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
spec:
|
||
|
selector:
|
||
|
app: csi-attacher-nfsplugin
|
||
|
ports:
|
||
|
- name: dummy
|
||
|
port: 12345
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-s3-chart/templates/attacher.yaml
|
||
|
# needed for StatefulSet
|
||
|
kind: Service
|
||
|
apiVersion: v1
|
||
|
metadata:
|
||
|
name: csi-attacher-s3
|
||
|
namespace: dlf
|
||
|
labels:
|
||
|
app: csi-attacher-s3
|
||
|
helm.sh/chart: csi-s3-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
spec:
|
||
|
selector:
|
||
|
app: csi-attacher-s3
|
||
|
ports:
|
||
|
- name: dummy
|
||
|
port: 12345
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-s3-chart/templates/provisioner.yaml
|
||
|
kind: Service
|
||
|
apiVersion: v1
|
||
|
metadata:
|
||
|
name: csi-provisioner-s3
|
||
|
namespace: dlf
|
||
|
labels:
|
||
|
app: csi-provisioner-s3
|
||
|
helm.sh/chart: csi-s3-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
spec:
|
||
|
selector:
|
||
|
app: csi-provisioner-s3
|
||
|
ports:
|
||
|
- name: dummy
|
||
|
port: 12345
|
||
|
---
|
||
|
# Source: datashim-charts/charts/dataset-operator-chart/templates/apps/operator.yaml
|
||
|
apiVersion: v1
|
||
|
kind: Service
|
||
|
metadata:
|
||
|
name: webhook-server
|
||
|
labels:
|
||
|
helm.sh/chart: dataset-operator-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
spec:
|
||
|
ports:
|
||
|
- port: 443
|
||
|
protocol: TCP
|
||
|
targetPort: webhook-api
|
||
|
selector:
|
||
|
name: dataset-operator
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-nfs-chart/templates/csi-nodeplugin-nfsplugin.yaml
|
||
|
# This YAML file contains driver-registrar & csi driver nodeplugin API objects
|
||
|
# that are necessary to run CSI nodeplugin for nfs
|
||
|
kind: DaemonSet
|
||
|
apiVersion: apps/v1
|
||
|
metadata:
|
||
|
name: csi-nodeplugin-nfsplugin
|
||
|
labels:
|
||
|
helm.sh/chart: csi-nfs-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
spec:
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
app: csi-nodeplugin-nfsplugin
|
||
|
template:
|
||
|
metadata:
|
||
|
labels:
|
||
|
helm.sh/chart: csi-nfs-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
app: csi-nodeplugin-nfsplugin
|
||
|
spec:
|
||
|
serviceAccountName: csi-nodeplugin
|
||
|
hostNetwork: true
|
||
|
containers:
|
||
|
- name: node-driver-registrar
|
||
|
image: "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.3.0"
|
||
|
lifecycle:
|
||
|
preStop:
|
||
|
exec:
|
||
|
command: ["/bin/sh", "-c", "rm -rf /registration/csi-nfsplugin /registration/csi-nfsplugin-reg.sock"]
|
||
|
args:
|
||
|
- --v=10
|
||
|
- --csi-address=/plugin/csi.sock
|
||
|
- --kubelet-registration-path=/var/lib/kubelet/plugins/csi-nfsplugin/csi.sock
|
||
|
env:
|
||
|
- name: KUBE_NODE_NAME
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: spec.nodeName
|
||
|
volumeMounts:
|
||
|
- name: plugin-dir
|
||
|
mountPath: /plugin
|
||
|
- name: registration-dir
|
||
|
mountPath: /registration
|
||
|
- name: nfs
|
||
|
securityContext:
|
||
|
privileged: true
|
||
|
capabilities:
|
||
|
add: ["SYS_ADMIN"]
|
||
|
allowPrivilegeEscalation: true
|
||
|
image: "quay.io/datashim-io/csi-nfs:latest"
|
||
|
args :
|
||
|
- "--nodeid=$(NODE_ID)"
|
||
|
- "--endpoint=$(CSI_ENDPOINT)"
|
||
|
env:
|
||
|
- name: NODE_ID
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: spec.nodeName
|
||
|
- name: CSI_ENDPOINT
|
||
|
value: unix://plugin/csi.sock
|
||
|
imagePullPolicy: "Always"
|
||
|
volumeMounts:
|
||
|
- name: plugin-dir
|
||
|
mountPath: /plugin
|
||
|
- name: pods-mount-dir
|
||
|
mountPath: /var/lib/kubelet/pods
|
||
|
mountPropagation: "Bidirectional"
|
||
|
volumes:
|
||
|
- name: plugin-dir
|
||
|
hostPath:
|
||
|
path: /var/lib/kubelet/plugins/csi-nfsplugin
|
||
|
type: DirectoryOrCreate
|
||
|
- name: pods-mount-dir
|
||
|
hostPath:
|
||
|
path: /var/lib/kubelet/pods
|
||
|
type: Directory
|
||
|
- hostPath:
|
||
|
path: /var/lib/kubelet/plugins_registry
|
||
|
type: Directory
|
||
|
name: registration-dir
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-s3-chart/templates/csi-s3.yaml
|
||
|
kind: DaemonSet
|
||
|
apiVersion: apps/v1
|
||
|
metadata:
|
||
|
name: csi-s3
|
||
|
labels:
|
||
|
helm.sh/chart: csi-s3-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
spec:
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
app: csi-s3
|
||
|
template:
|
||
|
metadata:
|
||
|
labels:
|
||
|
helm.sh/chart: csi-s3-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
app: csi-s3
|
||
|
spec:
|
||
|
serviceAccountName: csi-s3
|
||
|
containers:
|
||
|
- name: driver-registrar
|
||
|
image: "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.3.0"
|
||
|
imagePullPolicy: Always
|
||
|
args:
|
||
|
- --v=5
|
||
|
- --csi-address=/csi/csi.sock
|
||
|
- --kubelet-registration-path=/var/lib/kubelet/plugins/csi-s3/csi.sock
|
||
|
securityContext:
|
||
|
# This is necessary only for systems with SELinux, where
|
||
|
# non-privileged sidecar containers cannot access unix domain socket
|
||
|
# created by privileged CSI driver container.
|
||
|
privileged: false
|
||
|
env:
|
||
|
- name: KUBE_NODE_NAME
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
apiVersion: v1
|
||
|
fieldPath: spec.nodeName
|
||
|
volumeMounts:
|
||
|
- mountPath: /csi
|
||
|
name: socket-dir
|
||
|
- mountPath: /registration
|
||
|
name: registration-dir
|
||
|
- name: csi-s3
|
||
|
image: "quay.io/datashim-io/csi-s3:latest"
|
||
|
imagePullPolicy: Always
|
||
|
args:
|
||
|
- "--v=5"
|
||
|
- "--endpoint=$(CSI_ENDPOINT)"
|
||
|
- "--nodeid=$(KUBE_NODE_NAME)"
|
||
|
env:
|
||
|
- name: CSI_ENDPOINT
|
||
|
value: unix:///csi/csi.sock
|
||
|
- name: KUBE_NODE_NAME
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
apiVersion: v1
|
||
|
fieldPath: spec.nodeName
|
||
|
- name: cheap
|
||
|
value: "off"
|
||
|
securityContext:
|
||
|
privileged: true
|
||
|
# ports:
|
||
|
# - containerPort: 9898
|
||
|
# name: healthz
|
||
|
# protocol: TCP
|
||
|
# TODO make it configurable and build it for ppc64le
|
||
|
# livenessProbe:
|
||
|
# failureThreshold: 5
|
||
|
# httpGet:
|
||
|
# path: /healthz
|
||
|
# port: healthz
|
||
|
# initialDelaySeconds: 10
|
||
|
# timeoutSeconds: 3
|
||
|
# periodSeconds: 2
|
||
|
volumeMounts:
|
||
|
- mountPath: /csi
|
||
|
name: socket-dir
|
||
|
- mountPath: /var/lib/kubelet/pods
|
||
|
mountPropagation: Bidirectional
|
||
|
name: mountpoint-dir
|
||
|
- mountPath: /dev
|
||
|
name: dev-dir
|
||
|
##TODO make it configurable and build it for ppc64le
|
||
|
# - name: liveness-probe
|
||
|
# volumeMounts:
|
||
|
# - mountPath: /csi
|
||
|
# name: socket-dir
|
||
|
# image: quay.io/k8scsi/livenessprobe:v1.1.0
|
||
|
# args:
|
||
|
# - --csi-address=/csi/csi.sock
|
||
|
# - --health-port=9898
|
||
|
volumes:
|
||
|
- hostPath:
|
||
|
path: /var/lib/kubelet/plugins/csi-s3
|
||
|
type: DirectoryOrCreate
|
||
|
name: socket-dir
|
||
|
- hostPath:
|
||
|
path: /var/lib/kubelet/pods
|
||
|
type: DirectoryOrCreate
|
||
|
name: mountpoint-dir
|
||
|
- hostPath:
|
||
|
path: /var/lib/kubelet/plugins_registry
|
||
|
type: Directory
|
||
|
name: registration-dir
|
||
|
- hostPath:
|
||
|
path: /dev
|
||
|
type: Directory
|
||
|
name: dev-dir
|
||
|
---
|
||
|
# Source: datashim-charts/charts/dataset-operator-chart/templates/apps/operator.yaml
|
||
|
apiVersion: apps/v1
|
||
|
kind: Deployment
|
||
|
metadata:
|
||
|
name: dataset-operator
|
||
|
labels:
|
||
|
helm.sh/chart: dataset-operator-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
spec:
|
||
|
replicas: 1
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
name: dataset-operator
|
||
|
template:
|
||
|
metadata:
|
||
|
annotations:
|
||
|
sidecar.istio.io/inject: "false"
|
||
|
labels:
|
||
|
name: dataset-operator
|
||
|
helm.sh/chart: dataset-operator-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
spec:
|
||
|
serviceAccountName: dataset-operator
|
||
|
initContainers:
|
||
|
- name: generate-keys
|
||
|
image: "quay.io/datashim-io/generate-keys:latest"
|
||
|
imagePullPolicy: Always
|
||
|
env:
|
||
|
- name: DATASET_OPERATOR_NAMESPACE
|
||
|
value: dlf
|
||
|
containers:
|
||
|
- name: dataset-operator
|
||
|
# Replace this with the built image name
|
||
|
image: "quay.io/datashim-io/dataset-operator:latest"
|
||
|
command:
|
||
|
- /manager
|
||
|
imagePullPolicy: Always
|
||
|
ports:
|
||
|
- containerPort: 9443
|
||
|
name: webhook-api
|
||
|
env:
|
||
|
- name: WATCH_NAMESPACE
|
||
|
value: ""
|
||
|
- name: POD_NAME
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: metadata.name
|
||
|
- name: OPERATOR_NAME
|
||
|
value: "dataset-operator"
|
||
|
- name: OPERATOR_NAMESPACE
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: metadata.namespace
|
||
|
volumeMounts:
|
||
|
- name: webhook-tls-certs
|
||
|
mountPath: /tmp/k8s-webhook-server/serving-certs
|
||
|
readOnly: true
|
||
|
volumes:
|
||
|
- name: webhook-tls-certs
|
||
|
secret:
|
||
|
secretName: webhook-server-tls
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-nfs-chart/templates/csi-attacher-nfsplugin.yaml
|
||
|
kind: StatefulSet
|
||
|
apiVersion: apps/v1
|
||
|
metadata:
|
||
|
name: csi-attacher-nfsplugin
|
||
|
namespace: dlf
|
||
|
labels:
|
||
|
helm.sh/chart: csi-nfs-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
spec:
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
app: csi-attacher-nfsplugin
|
||
|
serviceName: "csi-attacher-nfsplugin"
|
||
|
replicas: 1
|
||
|
template:
|
||
|
metadata:
|
||
|
labels:
|
||
|
helm.sh/chart: csi-nfs-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
app: csi-attacher-nfsplugin
|
||
|
spec:
|
||
|
serviceAccountName: csi-attacher-nfs
|
||
|
containers:
|
||
|
- name: csi-attacher
|
||
|
image: "k8s.gcr.io/sig-storage/csi-attacher:v3.3.0"
|
||
|
args:
|
||
|
- "--v=10"
|
||
|
- "--csi-address=$(ADDRESS)"
|
||
|
env:
|
||
|
- name: ADDRESS
|
||
|
value: /csi/csi.sock
|
||
|
imagePullPolicy: Always
|
||
|
volumeMounts:
|
||
|
- name: socket-dir
|
||
|
mountPath: /csi
|
||
|
- name: nfs
|
||
|
image: "quay.io/datashim-io/csi-nfs:latest"
|
||
|
args :
|
||
|
- "--nodeid=$(NODE_ID)"
|
||
|
- "--endpoint=$(CSI_ENDPOINT)"
|
||
|
env:
|
||
|
- name: NODE_ID
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: spec.nodeName
|
||
|
- name: CSI_ENDPOINT
|
||
|
value: unix://plugin/csi.sock
|
||
|
imagePullPolicy: Always
|
||
|
volumeMounts:
|
||
|
- name: socket-dir
|
||
|
mountPath: /plugin
|
||
|
volumes:
|
||
|
- name: socket-dir
|
||
|
emptyDir: {}
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-s3-chart/templates/attacher.yaml
|
||
|
kind: StatefulSet
|
||
|
apiVersion: apps/v1
|
||
|
metadata:
|
||
|
name: csi-attacher-s3
|
||
|
namespace: dlf
|
||
|
labels:
|
||
|
helm.sh/chart: csi-s3-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
spec:
|
||
|
serviceName: "csi-attacher-s3"
|
||
|
replicas: 1
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
app: csi-attacher-s3
|
||
|
template:
|
||
|
metadata:
|
||
|
labels:
|
||
|
helm.sh/chart: csi-s3-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
app: csi-attacher-s3
|
||
|
spec:
|
||
|
serviceAccountName: csi-attacher
|
||
|
containers:
|
||
|
- name: csi-attacher
|
||
|
image: "k8s.gcr.io/sig-storage/csi-attacher:v3.3.0"
|
||
|
imagePullPolicy: Always
|
||
|
args:
|
||
|
- --v=5
|
||
|
- --csi-address=/csi/csi.sock
|
||
|
securityContext:
|
||
|
# This is necessary only for systems with SELinux, where
|
||
|
# non-privileged sidecar containers cannot access unix domain socket
|
||
|
# created by privileged CSI driver container.
|
||
|
privileged: true
|
||
|
volumeMounts:
|
||
|
- mountPath: /csi
|
||
|
name: socket-dir
|
||
|
|
||
|
volumes:
|
||
|
- hostPath:
|
||
|
path: /var/lib/kubelet/plugins/csi-s3
|
||
|
type: DirectoryOrCreate
|
||
|
name: socket-dir
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-s3-chart/templates/provisioner.yaml
|
||
|
kind: StatefulSet
|
||
|
apiVersion: apps/v1
|
||
|
metadata:
|
||
|
name: csi-provisioner-s3
|
||
|
labels:
|
||
|
helm.sh/chart: csi-s3-chart-0.1.0
|
||
|
app.kubernetes.io/name: datashim
|
||
|
app.kubernetes.io/instance: default
|
||
|
app.kubernetes.io/managed-by: Helm
|
||
|
meta.helm.sh/release-name: default
|
||
|
meta.helm.sh/release-namespace: dlf
|
||
|
namespace: dlf
|
||
|
spec:
|
||
|
serviceName: "csi-provisioner-s3"
|
||
|
replicas: 1
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
app: csi-provisioner-s3
|
||
|
template:
|
||
|
metadata:
|
||
|
labels:
|
||
|
app: csi-provisioner-s3
|
||
|
spec:
|
||
|
serviceAccountName: csi-provisioner
|
||
|
containers:
|
||
|
- name: csi-provisioner
|
||
|
image: "k8s.gcr.io/sig-storage/csi-provisioner:v2.2.2"
|
||
|
imagePullPolicy: Always
|
||
|
args:
|
||
|
- -v=5
|
||
|
- --csi-address=/csi/csi.sock
|
||
|
- --feature-gates=Topology=true
|
||
|
securityContext:
|
||
|
# This is necessary only for systems with SELinux, where
|
||
|
# non-privileged sidecar containers cannot access unix domain socket
|
||
|
# created by privileged CSI driver container.
|
||
|
privileged: true
|
||
|
volumeMounts:
|
||
|
- mountPath: /csi
|
||
|
name: socket-dir
|
||
|
volumes:
|
||
|
- hostPath:
|
||
|
path: /var/lib/kubelet/plugins/csi-s3
|
||
|
type: DirectoryOrCreate
|
||
|
name: socket-dir
|
||
|
---
|
||
|
# Source: datashim-charts/charts/csi-s3-chart/templates/driver.yaml
|
||
|
apiVersion: storage.k8s.io/v1
|
||
|
kind: CSIDriver
|
||
|
metadata:
|
||
|
name: ch.ctrox.csi.s3-driver
|
||
|
spec:
|
||
|
attachRequired: false
|
||
|
podInfoOnMount: false
|
||
|
volumeLifecycleModes:
|
||
|
- Persistent
|
||
|
# - Ephemeral
|
||
|
---
|
||
|
# Source: datashim-charts/charts/dataset-operator-chart/templates/apps/webhook-definition.yaml
|
||
|
apiVersion: admissionregistration.k8s.io/v1
|
||
|
kind: MutatingWebhookConfiguration
|
||
|
metadata:
|
||
|
name: dlf-mutating-webhook-cfg
|