diff --git a/inventory/group_vars/k8s-cluster.yml b/inventory/group_vars/k8s-cluster.yml index b0874bd07..d8bf14fa9 100644 --- a/inventory/group_vars/k8s-cluster.yml +++ b/inventory/group_vars/k8s-cluster.yml @@ -159,7 +159,7 @@ helm_enabled: false istio_enabled: false # Local volume provisioner deployment -local_volumes_enabled: false +local_volume_provisioner_enabled: false # Add Persistent Volumes Storage Class for corresponding cloud provider ( OpenStack is only supported now ) persistent_volumes_enabled: false diff --git a/roles/kubernetes-apps/local_volume_provisioner/defaults/main.yml b/roles/kubernetes-apps/local_volume_provisioner/defaults/main.yml index b29c15849..d1e1d1d69 100644 --- a/roles/kubernetes-apps/local_volume_provisioner/defaults/main.yml +++ b/roles/kubernetes-apps/local_volume_provisioner/defaults/main.yml @@ -1,6 +1,6 @@ --- local_volume_provisioner_bootstrap_image_repo: quay.io/external_storage/local-volume-provisioner-bootstrap -local_volume_provisioner_bootstrap_image_tag: v1.0.0 +local_volume_provisioner_bootstrap_image_tag: v1.0.1 local_volume_provisioner_image_repo: quay.io/external_storage/local-volume-provisioner -local_volume_provisioner_image_tag: v1.0.0 +local_volume_provisioner_image_tag: v1.0.1 diff --git a/roles/kubernetes-apps/local_volume_provisioner/tasks/main.yml b/roles/kubernetes-apps/local_volume_provisioner/tasks/main.yml index 4e590d964..9766ea27c 100644 --- a/roles/kubernetes-apps/local_volume_provisioner/tasks/main.yml +++ b/roles/kubernetes-apps/local_volume_provisioner/tasks/main.yml @@ -20,23 +20,24 @@ - name: Local Volume Provisioner | Create manifests template: - src: "{{item.file}}.j2" - dest: "{{kube_config_dir}}/addons/local_volume_provisioner/{{item.file}}" + src: "{{ item.file }}.j2" + dest: "{{ kube_config_dir }}/addons/local_volume_provisioner/{{ item.file }}" with_items: - - {name: local-storage-provisioner-pv-binding, file: provisioner-admin-account.yml, type: clusterrolebinding} - - {name: local-volume-config, file: volume-config.yml, type: configmap} - - {name: local-volume-provisioner, file: provisioner-ds.yml, type: daemonset} + - { name: local-volume-serviceaccount, file: serviceaccount.yml, type, serviceaccount } + - { name: local-volume-clusterrolebinding, file: clusterrolebinding.yml, type, clusterrolebinding } + - { name: local-volume-configmap, file: configmap.yml, type, configmap } + - { name: local-volume-daemonset, file: daemonset.yml, type, daemonset } register: local_volume_manifests when: inventory_hostname == groups['kube-master'][0] - name: Local Volume Provisioner | Apply manifests kube: - name: "{{item.item.name}}" + name: "{{ item.item.name }}" namespace: "{{ system_namespace }}" - kubectl: "{{bin_dir}}/kubectl" - resource: "{{item.item.type}}" - filename: "{{kube_config_dir}}/addons/local_volume_provisioner/{{item.item.file}}" + kubectl: "{{ bin_dir }}/kubectl" + resource: "{{ item.item.type }}" + filename: "{{ kube_config_dir }}/addons/local_volume_provisioner/{{ item.item.file }}" state: "latest" with_items: "{{ local_volume_manifests.results }}" when: inventory_hostname == groups['kube-master'][0] diff --git a/roles/kubernetes-apps/local_volume_provisioner/templates/provisioner-admin-account.yml.j2 b/roles/kubernetes-apps/local_volume_provisioner/templates/clusterrolebinding.yml.j2 similarity index 68% rename from roles/kubernetes-apps/local_volume_provisioner/templates/provisioner-admin-account.yml.j2 rename to roles/kubernetes-apps/local_volume_provisioner/templates/clusterrolebinding.yml.j2 index ecdf83079..8488b0261 100644 --- a/roles/kubernetes-apps/local_volume_provisioner/templates/provisioner-admin-account.yml.j2 +++ b/roles/kubernetes-apps/local_volume_provisioner/templates/clusterrolebinding.yml.j2 @@ -1,34 +1,28 @@ --- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: local-storage-admin ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: local-storage-provisioner-pv-binding namespace: {{ system_namespace }} subjects: -- kind: ServiceAccount - name: local-storage-admin - namespace: {{ system_namespace }} + - kind: ServiceAccount + name: local-storage-admin + namespace: {{ system_namespace }} roleRef: kind: ClusterRole name: system:persistent-volume-provisioner apiGroup: rbac.authorization.k8s.io --- -apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: local-storage-provisioner-node-binding namespace: {{ system_namespace }} subjects: -- kind: ServiceAccount - name: local-storage-admin - namespace: {{ system_namespace }} + - kind: ServiceAccount + name: local-storage-admin + namespace: {{ system_namespace }} roleRef: kind: ClusterRole name: system:node apiGroup: rbac.authorization.k8s.io - diff --git a/roles/kubernetes-apps/local_volume_provisioner/templates/volume-config.yml.j2 b/roles/kubernetes-apps/local_volume_provisioner/templates/configmap.yml.j2 similarity index 98% rename from roles/kubernetes-apps/local_volume_provisioner/templates/volume-config.yml.j2 rename to roles/kubernetes-apps/local_volume_provisioner/templates/configmap.yml.j2 index 97a61fe5c..e6d7595c8 100644 --- a/roles/kubernetes-apps/local_volume_provisioner/templates/volume-config.yml.j2 +++ b/roles/kubernetes-apps/local_volume_provisioner/templates/configmap.yml.j2 @@ -1,7 +1,8 @@ +--- # The config map is used to configure local volume discovery for Local SSDs on GCE and GKE. # It is a map from storage class to its mount configuration. -apiVersion: v1 kind: ConfigMap +apiVersion: v1 metadata: name: local-volume-config namespace: {{ system_namespace }} diff --git a/roles/kubernetes-apps/local_volume_provisioner/templates/daemonset.yml.j2 b/roles/kubernetes-apps/local_volume_provisioner/templates/daemonset.yml.j2 new file mode 100644 index 000000000..2eb56a890 --- /dev/null +++ b/roles/kubernetes-apps/local_volume_provisioner/templates/daemonset.yml.j2 @@ -0,0 +1,43 @@ +--- +kind: DaemonSet +apiVersion: extensions/v1beta1 +metadata: + name: local-volume-provisioner + namespace: "{{ system_namespace }}" +spec: + template: + metadata: + labels: + app: local-volume-provisioner + spec: + containers: + - name: provisioner + image: {{ local_volume_provisioner_image_repo }}:{{ local_volume_provisioner_image_tag }} + imagePullPolicy: {{ k8s_image_pull_policy }} + securityContext: + privileged: true + volumeMounts: + - name: discovery-vol + mountPath: "/local-disks" + - name: local-volume-config + mountPath: /etc/provisioner/config/ + env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: MY_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + volumes: + - name: discovery-vol + hostPath: + path: "{{ local_volume_base_dir }}" + - configMap: + defaultMode: 420 + name: local-volume-config + name: local-volume-config + serviceAccount: local-storage-admin diff --git a/roles/kubernetes-apps/local_volume_provisioner/templates/provisioner-ds.yml.j2 b/roles/kubernetes-apps/local_volume_provisioner/templates/provisioner-ds.yml.j2 deleted file mode 100644 index 302b17a62..000000000 --- a/roles/kubernetes-apps/local_volume_provisioner/templates/provisioner-ds.yml.j2 +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: local-volume-provisioner - namespace: "{{ system_namespace }}" -spec: - template: - metadata: - labels: - app: local-volume-provisioner - spec: - containers: - - name: provisioner - image: {{ local_volume_provisioner_image_repo }}:{{ local_volume_provisioner_image_tag }} - imagePullPolicy: {{ k8s_image_pull_policy }} - securityContext: - privileged: true - volumeMounts: - - name: discovery-vol - mountPath: "/local-disks" - - name: local-volume-config - mountPath: /etc/provisioner/config/ - env: - - name: MY_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: MY_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - volumes: - - name: discovery-vol - hostPath: - path: "{{ local_volume_base_dir }}" - - configMap: - defaultMode: 420 - name: local-volume-config - name: local-volume-config - serviceAccount: local-storage-admin diff --git a/roles/kubernetes-apps/local_volume_provisioner/templates/serviceaccount.yml.j2 b/roles/kubernetes-apps/local_volume_provisioner/templates/serviceaccount.yml.j2 new file mode 100644 index 000000000..182248a6a --- /dev/null +++ b/roles/kubernetes-apps/local_volume_provisioner/templates/serviceaccount.yml.j2 @@ -0,0 +1,5 @@ +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: local-storage-admin diff --git a/roles/kubernetes-apps/meta/main.yml b/roles/kubernetes-apps/meta/main.yml index bfcec80b4..71e2925b2 100644 --- a/roles/kubernetes-apps/meta/main.yml +++ b/roles/kubernetes-apps/meta/main.yml @@ -20,12 +20,14 @@ dependencies: tags: - apps - helm + - role: kubernetes-apps/local_volume_provisioner - when: local_volumes_enabled + when: local_volume_provisioner_enabled tags: - apps - local_volume_provisioner - storage + # istio role should be last because it takes a long time to initialize and # will cause timeouts trying to start other addons. - role: kubernetes-apps/istio @@ -33,6 +35,7 @@ dependencies: tags: - apps - istio + - role: kubernetes-apps/persistent_volumes when: persistent_volumes_enabled tags: