-
Notifications
You must be signed in to change notification settings - Fork 24
/
Copy pathcri-containerd.yaml
138 lines (138 loc) · 3.81 KB
/
cri-containerd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: csi-image.warm-metal.tech
spec:
attachRequired: false
podInfoOnMount: true
volumeLifecycleModes:
- Persistent
- Ephemeral
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-image-warm-metal
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: csi-image-warm-metal
rules:
- apiGroups:
- ""
resources:
- secrets
- pods
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: csi-image-warm-metal
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: csi-image-warm-metal
subjects:
- kind: ServiceAccount
name: csi-image-warm-metal
namespace: kube-system
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: csi-image-warm-metal
namespace: kube-system
spec:
selector:
matchLabels:
app: csi-image-warm-metal
template:
metadata:
labels:
app: csi-image-warm-metal
spec:
hostNetwork: true
serviceAccountName: csi-image-warm-metal
containers:
- name: node-driver-registrar
image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "rm -rf /registration/csi-image.warm-metal.tech /registration/csi-image.warm-metal.tech-reg.sock"]
args:
- --csi-address=/csi/csi.sock
- --kubelet-registration-path=/var/lib/kubelet/plugins/csi-image.warm-metal.tech/csi.sock
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /csi
name: socket-dir
- mountPath: /registration
name: registration-dir
- name: plugin
image: docker.io/warmmetal/csi-image:v0.4.2
imagePullPolicy: IfNotPresent
args:
- "--endpoint=$(CSI_ENDPOINT)"
- "--node=$(KUBE_NODE_NAME)"
- "--containerd-addr=$(CRI_ADDR)"
env:
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
- name: HOST_ROOTFS
value: /host
- name: CRI_ADDR
value: unix:///run/containerd/containerd.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
securityContext:
privileged: true
volumeMounts:
- mountPath: /csi
name: socket-dir
- mountPath: /var/lib/kubelet/pods
mountPropagation: Bidirectional
name: mountpoint-dir
- mountPath: /run/containerd/containerd.sock
name: runtime-socket
- mountPath: /host
mountPropagation: Bidirectional
name: host-rootfs
volumes:
- hostPath:
path: /var/lib/kubelet/plugins/csi-image.warm-metal.tech
type: DirectoryOrCreate
name: socket-dir
- hostPath:
path: /var/lib/kubelet/pods
type: DirectoryOrCreate
name: mountpoint-dir
- hostPath:
path: /var/lib/kubelet/plugins_registry
type: Directory
name: registration-dir
- hostPath:
path: /
type: Directory
name: host-rootfs
- hostPath:
path: /run/containerd/containerd.sock
type: Socket
name: runtime-socket