Fix kubernetes manifests

config/default/kustomization.yaml

@@ -12,25 +12,30 @@ namePrefix: zfs-operator-
 #commonLabels:
 #  someName: someValue
 
+images:
+- name: controller
+  newName: yuanying/zfs-operator
+  newTag: latest
+
 bases:
 - ../crd
 - ../rbac
-- ../manager
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in 
+- ../node
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
 #- ../certmanager
-# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. 
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
 
 patchesStrategicMerge:
   # Protect the /metrics endpoint by putting it behind auth.
-  # If you want your controller-manager to expose the /metrics
+  # If you want your zfs-node to expose the /metrics
   # endpoint w/o any authn/z, please comment the following line.
 - manager_auth_proxy_patch.yaml
 
-# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in 
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- manager_webhook_patch.yaml
 

config/default/manager_auth_proxy_patch.yaml

@@ -1,9 +1,9 @@
-# This patch inject a sidecar container which is a HTTP proxy for the 
+# This patch inject a sidecar container which is a HTTP proxy for the
 # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
 apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
 metadata:
-  name: controller-manager
+  name: zfs-node
   namespace: system
 spec:
   template:
@@ -19,7 +19,8 @@ spec:
         ports:
         - containerPort: 8443
           name: https
-      - name: manager
+      - name: agent
         args:
         - "--metrics-addr=127.0.0.1:8080"
         - "--enable-leader-election"
+        - "--node-name=$(NODE_NAME)"

config/default/manager_webhook_patch.yaml

@@ -1,13 +1,13 @@
 apiVersion: apps/v1
-kind: Deployment
+kind: DaemonSet
 metadata:
-  name: controller-manager
+  name: zfs-node
   namespace: system
 spec:
   template:
     spec:
       containers:
-      - name: manager
+      - name: agent
         ports:
         - containerPort: 9443
           name: webhook-server

config/node/kustomization.yaml

@@ -0,0 +1,4 @@
+resources:
+- manager.yaml
+- role.yaml
+- role_binding.yaml

config/node/manager.yaml

@@ -0,0 +1,59 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    control-plane: zfs-node
+  name: system
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: zfs-node
+  namespace: system
+  labels:
+    control-plane: zfs-node
+spec:
+  selector:
+    matchLabels:
+      control-plane: zfs-node
+  template:
+    metadata:
+      labels:
+        control-plane: zfs-node
+    spec:
+      nodeSelector:
+        zfs.unstable.cloud/storage: ""
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      serviceAccountName: zfs-node
+      containers:
+      - command:
+        - /zfs-operator
+        args:
+        - --enable-leader-election
+        - --node-name=$(NODE_NAME)
+        image: controller:latest
+        name: agent
+        securityContext:
+          privileged: true
+        env:
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+        resources:
+          # limits:
+          #   cpu: 100m
+          #   memory: 30Mi
+          requests:
+            cpu: 100m
+            memory: 30Mi
+        volumeMounts:
+        - name: dev
+          mountPath: /dev
+      terminationGracePeriodSeconds: 300
+      volumes:
+      - name: dev
+        hostPath:
+          path: /dev

config/rbac/role.yaml → config/node/role.yaml

@@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   creationTimestamp: null
-  name: manager-role
+  name: node-role
 rules:
 - apiGroups:
   - zfs.unstable.cloud

config/rbac/role_binding.yaml → config/node/role_binding.yaml

@@ -1,12 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: manager-rolebinding
+  name: node-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: manager-role
+  name: node-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: zfs-node
   namespace: system

config/prometheus/monitor.yaml

@@ -4,13 +4,13 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   labels:
-    control-plane: controller-manager
-  name: controller-manager-metrics-monitor
+    control-plane: zfs-node
+  name: zfs-node-metrics-monitor
   namespace: system
 spec:
   endpoints:
     - path: /metrics
       port: https
   selector:
     matchLabels:
-      control-plane: controller-manager
+      control-plane: zfs-node

config/rbac/auth_proxy_service.yaml

@@ -2,13 +2,13 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    control-plane: controller-manager
-  name: controller-manager-metrics-service
+    control-plane: zfs-node
+  name: zfs-node-metrics-service
   namespace: system
 spec:
   ports:
   - name: https
     port: 8443
     targetPort: https
   selector:
-    control-plane: controller-manager
+    control-plane: zfs-node

config/rbac/kustomization.yaml

@@ -1,6 +1,4 @@
 resources:
-- role.yaml
-- role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
 # Comment the following 4 lines if you want to disable
@@ -10,3 +8,4 @@ resources:
 - auth_proxy_role.yaml
 - auth_proxy_role_binding.yaml
 - auth_proxy_client_clusterrole.yaml
+- service_account.yaml

config/rbac/leader_election_role_binding.yaml

@@ -8,5 +8,5 @@ roleRef:
   name: leader-election-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: zfs-node
   namespace: system

config/rbac/service_account.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: zfs-node
+  namespace: system

config/samples/zfs_v1alpha1_volume.yaml

@@ -3,5 +3,7 @@ kind: Volume
 metadata:
   name: volume-sample
 spec:
-  # Add fields here
-  foo: bar
+  nodeName: 172.18.13.124
+  volumeName: "tank/sample"
+  capacity:
+    storage: 5Gi

config/webhook/service.yaml

@@ -9,4 +9,4 @@ spec:
     - port: 443
       targetPort: 9443
   selector:
-    control-plane: controller-manager
+    control-plane: zfs-node

controllers/volume_controller.go

@@ -46,9 +46,6 @@ type VolumeReconciler struct {
 	NodeName string
 }
 
-// +kubebuilder:rbac:groups=zfs.unstable.cloud,resources=volumes,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=zfs.unstable.cloud,resources=volumes/status,verbs=get;update;patch
-
 func (r *VolumeReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 	ctx := context.Background()
 	log := r.Log.WithValues("volume", req.NamespacedName)