diff --git a/cluster-scope/overlays/nerc-ocp-test/secretstores/csi-wekafsplugin/kustomization.yaml b/cluster-scope/overlays/nerc-ocp-test/secretstores/csi-wekafsplugin/kustomization.yaml new file mode 100644 index 00000000..3f9da541 --- /dev/null +++ b/cluster-scope/overlays/nerc-ocp-test/secretstores/csi-wekafsplugin/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: csi-wekafsplugin +components: + - ../../../../components/nerc-secret-store diff --git a/cluster-scope/overlays/nerc-ocp-test/secretstores/kustomization.yaml b/cluster-scope/overlays/nerc-ocp-test/secretstores/kustomization.yaml index 75422be1..c4c4759a 100644 --- a/cluster-scope/overlays/nerc-ocp-test/secretstores/kustomization.yaml +++ b/cluster-scope/overlays/nerc-ocp-test/secretstores/kustomization.yaml @@ -6,3 +6,4 @@ resources: - openshift-logging - group-sync-operator - curator-system +- csi-wekafsplugin diff --git a/csi-wekafsplugin/base/apps/daemonsets/csi-wekafsplugin-node/daemonset.yaml b/csi-wekafsplugin/base/apps/daemonsets/csi-wekafsplugin-node/daemonset.yaml new file mode 100644 index 00000000..b9261a69 --- /dev/null +++ b/csi-wekafsplugin/base/apps/daemonsets/csi-wekafsplugin-node/daemonset.yaml @@ -0,0 +1,205 @@ +# Source: csi-wekafsplugin/templates/nodeserver-daemonset.yaml +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-wekafsplugin-node + namespace: csi-wekafsplugin +spec: + selector: + matchLabels: + app: csi-wekafsplugin-node + template: + metadata: + labels: + app: csi-wekafsplugin-node + component: csi-wekafsplugin-node + release: csi-wekafsplugin + annotations: + prometheus.io/scrape: 'true' + prometheus.io/path: '/metrics' + prometheus.io/port: '9094' + spec: + serviceAccountName: csi-wekafsplugin-node + hostNetwork: true + initContainers: + - name: init + volumeMounts: + - mountPath: /etc/nodeinfo + name: nodeinfo + image: "quay.io/weka.io/csi-wekafs:v2.5.1" + imagePullPolicy: IfNotPresent + securityContext: + # This doesn't need to run as root. + runAsUser: 9376 + runAsGroup: 9376 + env: + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + command: + - bash + args: + - -c + - kubectl label node $NODENAME "topology.csi.weka.io/transport-" ; kubectl get node $NODENAME -o json | jq '.metadata' > /etc/nodeinfo/metadata + containers: + - name: wekafs + securityContext: + privileged: true + image: quay.io/weka.io/csi-wekafs:v2.5.1 + imagePullPolicy: Always + args: + - "--v=5" + - "--drivername=$(CSI_DRIVER_NAME)" + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(KUBE_NODE_NAME)" + - "--dynamic-path=$(CSI_DYNAMIC_PATH)" + - "--csimode=$(X_CSI_MODE)" + - "--newvolumeprefix=csivol-" + - "--newsnapshotprefix=csisnp-" + - "--seedsnapshotprefix=csisnp-seed-" + - "--selinux-support" + - "--enablemetrics" + - "--metricsport=9094" + - "--allowinsecurehttps" + - "--mutuallyexclusivemountoptions=readcache,writecache,coherent,forcedirect" + - "--mutuallyexclusivemountoptions=sync,async" + - "--mutuallyexclusivemountoptions=ro,rw" + - "--grpcrequesttimeoutseconds=30" + - "--concurrency.nodePublishVolume=5" + - "--concurrency.nodeUnpublishVolume=5" + - "--allownfsfailback" + - "--nfsprotocolversion=4.1" + ports: + - containerPort: 9899 + name: healthz + protocol: TCP + - containerPort: 9094 + name: metrics + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 2 + env: + - name: CSI_DRIVER_NAME + value: csi.weka.io + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_DYNAMIC_PATH + value: csi-volumes + - name: X_CSI_MODE + value: node + - name: KUBE_NODE_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/plugins + mountPropagation: Bidirectional + name: plugins-dir + - mountPath: /var/lib/csi-wekafs-data + name: csi-data-dir + - mountPath: /dev + name: dev-dir + - mountPath: /etc/nodeinfo + name: nodeinfo + readOnly: true + - mountPath: /etc/selinux/config + name: selinux-config + - name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + image: registry.k8s.io/sig-storage/livenessprobe:v2.14.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--health-port=$(HEALTH_PORT)" + env: + - name: ADDRESS + value: unix:///csi/csi.sock + - name: HEALTH_PORT + value: "9899" + - name: csi-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(KUBELET_REGISTRATION_PATH)" + - "--timeout=60s" + - "--health-port=9809" + ports: + - containerPort: 9809 + name: healthz + livenessProbe: + httpGet: + port: healthz + path: /healthz + initialDelaySeconds: 5 + timeoutSeconds: 5 + securityContext: + privileged: true + env: + - name: ADDRESS + value: unix:///csi/csi.sock + - name: KUBELET_REGISTRATION_PATH + value: "/var/lib/kubelet/plugins/csi-wekafs-node/csi.sock" + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - mountPath: /var/lib/csi-wekafs-data + name: csi-data-dir + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins + type: Directory + name: plugins-dir + - hostPath: + path: /var/lib/kubelet/plugins/csi-wekafs-node + type: DirectoryOrCreate + name: socket-dir + - hostPath: + # 'path' is where PV data is persisted on host. + # using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot + path: /var/lib/csi-wekafs-data/ + type: DirectoryOrCreate + name: csi-data-dir + - hostPath: + path: /dev + type: Directory + name: dev-dir + # if enforced selinux or automatically detected OpenShift Container Platform, pass selinux-config + - hostPath: + path: /etc/selinux/config + type: File + name: selinux-config + - name: nodeinfo + emptyDir: {} diff --git a/csi-wekafsplugin/base/apps/daemonsets/csi-wekafsplugin-node/kustomization.yaml b/csi-wekafsplugin/base/apps/daemonsets/csi-wekafsplugin-node/kustomization.yaml new file mode 100644 index 00000000..db9e0485 --- /dev/null +++ b/csi-wekafsplugin/base/apps/daemonsets/csi-wekafsplugin-node/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - daemonset.yaml diff --git a/csi-wekafsplugin/base/apps/deployments/csi-wekafsplugin-controller/deployment.yaml b/csi-wekafsplugin/base/apps/deployments/csi-wekafsplugin-controller/deployment.yaml new file mode 100644 index 00000000..31e9b580 --- /dev/null +++ b/csi-wekafsplugin/base/apps/deployments/csi-wekafsplugin-controller/deployment.yaml @@ -0,0 +1,258 @@ +# Source: csi-wekafsplugin/templates/controllerserver-deployment.yaml +kind: Deployment +apiVersion: apps/v1 +metadata: + name: csi-wekafsplugin-controller + namespace: csi-wekafsplugin + labels: + app: csi-wekafsplugin-controller + component: csi-wekafsplugin-controller + release: csi-wekafsplugin +spec: + selector: + matchLabels: + app: csi-wekafsplugin-controller + replicas: 2 + template: + metadata: + labels: + app: csi-wekafsplugin-controller + component: csi-wekafsplugin-controller + release: csi-wekafsplugin + annotations: + prometheus.io/scrape: 'true' + prometheus.io/path: '/metrics' + prometheus.io/port: '9090,9091,9092,9093,9095' + spec: + serviceAccountName: csi-wekafsplugin-controller + hostNetwork: true + containers: + - name: wekafs + securityContext: + privileged: true + image: quay.io/weka.io/csi-wekafs:v2.5.1 + imagePullPolicy: Always + args: + - "--drivername=$(CSI_DRIVER_NAME)" + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(KUBE_NODE_NAME)" + - "--dynamic-path=$(CSI_DYNAMIC_PATH)" + - "--csimode=$(X_CSI_MODE)" + - "--newvolumeprefix=csivol-" + - "--newsnapshotprefix=csisnp-" + - "--seedsnapshotprefix=csisnp-seed-" + - "--allowautofscreation" + - "--allowautofsexpansion" + - "--enablemetrics" + - "--metricsport=9090" + - "--allowinsecurehttps" + - "--mutuallyexclusivemountoptions=readcache,writecache,coherent,forcedirect" + - "--mutuallyexclusivemountoptions=sync,async" + - "--mutuallyexclusivemountoptions=ro,rw" + - "--grpcrequesttimeoutseconds=30" + - "--concurrency.createVolume=5" + - "--concurrency.deleteVolume=5" + - "--concurrency.expandVolume=5" + - "--concurrency.createSnapshot=5" + - "--concurrency.deleteSnapshot=5" + - "--allownfsfailback" + - "--nfsprotocolversion=4.1" + ports: + - containerPort: 9898 + name: healthz + protocol: TCP + - containerPort: 9090 + name: metrics + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 2 + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: CSI_DRIVER_NAME + value: csi.weka.io + - name: CSI_DRIVER_VERSION + value: 2.5.1 + - name: X_CSI_MODE + value: controller + - name: CSI_DYNAMIC_PATH + value: csi-volumes + - name: X_CSI_DEBUG + value: "false" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: KUBE_NODE_IP_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /var/lib/kubelet/plugins + mountPropagation: Bidirectional + name: plugins-dir + - mountPath: /var/lib/csi-wekafs-data + name: csi-data-dir + - mountPath: /dev + name: dev-dir + - name: csi-attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 + securityContext: + privileged: true + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--timeout=60s" + - "--leader-election" + - "--leader-election-namespace=csi-wekafsplugin" + - "--worker-threads=5" + - "--http-endpoint=:9095" + env: + - name: ADDRESS + value: unix:///csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + livenessProbe: + httpGet: + port: 9095 + path: /healthz/leader-election + ports: + - containerPort: 9095 + name: pr-metrics + protocol: TCP + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--feature-gates=Topology=true" + - "--timeout=60s" + - "--prevent-volume-mode-conversion" + - "--leader-election" + - "--leader-election-namespace=csi-wekafsplugin" + - "--worker-threads=5" + - "--retry-interval-start=10s" + - "--http-endpoint=:9091" + livenessProbe: + httpGet: + port: 9091 + path: /healthz/leader-election + env: + - name: ADDRESS + value: unix:///csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: "/csi" + ports: + - containerPort: 9091 + name: pr-metrics + protocol: TCP + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--timeout=60s" + - "--http-endpoint=:9092" + - "--leader-election" + - "--leader-election-namespace=csi-wekafsplugin" + - "--workers=5" + - "--retry-interval-start=10s" + livenessProbe: + httpGet: + port: 9092 + path: /healthz/leader-election + env: + - name: ADDRESS + value: unix:///csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + ports: + - containerPort: 9092 + name: rs-metrics + protocol: TCP + - name: csi-snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--timeout=60s" + - "--leader-election" + - "--leader-election-namespace=csi-wekafsplugin" + - "--worker-threads=5" + - "--retry-interval-start=10s" + - "--http-endpoint=:9093" + livenessProbe: + httpGet: + port: 9093 + path: /healthz/leader-election + ports: + - containerPort: 9093 + name: sn-metrics + protocol: TCP + env: + - name: ADDRESS + value: unix:///csi/csi.sock + imagePullPolicy: IfNotPresent + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + image: registry.k8s.io/sig-storage/livenessprobe:v2.14.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--health-port=$(HEALTH_PORT)" + env: + - name: ADDRESS + value: unix:///csi/csi.sock + - name: HEALTH_PORT + value: "9898" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/csi-wekafs-controller + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + name: registration-dir + - hostPath: + path: /var/lib/kubelet/plugins + type: Directory + name: plugins-dir + - hostPath: + # 'path' is where PV data is persisted on host. + # using /tmp is also possible while the PVs will not available after plugin container recreation or host reboot + path: /var/lib/csi-wekafs-data/ + type: DirectoryOrCreate + name: csi-data-dir + - hostPath: + path: /dev + type: Directory + name: dev-dir diff --git a/csi-wekafsplugin/base/apps/deployments/csi-wekafsplugin-controller/kustomization.yaml b/csi-wekafsplugin/base/apps/deployments/csi-wekafsplugin-controller/kustomization.yaml new file mode 100644 index 00000000..b97cf2c7 --- /dev/null +++ b/csi-wekafsplugin/base/apps/deployments/csi-wekafsplugin-controller/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - deployment.yaml diff --git a/csi-wekafsplugin/base/core/namespaces/csi-wekafsplugin/kustomization.yaml b/csi-wekafsplugin/base/core/namespaces/csi-wekafsplugin/kustomization.yaml new file mode 100644 index 00000000..809cbe53 --- /dev/null +++ b/csi-wekafsplugin/base/core/namespaces/csi-wekafsplugin/kustomization.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml diff --git a/csi-wekafsplugin/base/core/namespaces/csi-wekafsplugin/namespace.yaml b/csi-wekafsplugin/base/core/namespaces/csi-wekafsplugin/namespace.yaml new file mode 100644 index 00000000..98504df3 --- /dev/null +++ b/csi-wekafsplugin/base/core/namespaces/csi-wekafsplugin/namespace.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: csi-wekafsplugin +spec: {} diff --git a/csi-wekafsplugin/base/core/serviceaccounts/csi-wekafsplugin-controller/kustomization.yaml b/csi-wekafsplugin/base/core/serviceaccounts/csi-wekafsplugin-controller/kustomization.yaml new file mode 100644 index 00000000..175d44ff --- /dev/null +++ b/csi-wekafsplugin/base/core/serviceaccounts/csi-wekafsplugin-controller/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - serviceaccount.yaml diff --git a/csi-wekafsplugin/base/core/serviceaccounts/csi-wekafsplugin-controller/serviceaccount.yaml b/csi-wekafsplugin/base/core/serviceaccounts/csi-wekafsplugin-controller/serviceaccount.yaml new file mode 100644 index 00000000..15a6bee4 --- /dev/null +++ b/csi-wekafsplugin/base/core/serviceaccounts/csi-wekafsplugin-controller/serviceaccount.yaml @@ -0,0 +1,10 @@ +# Source: csi-wekafsplugin/templates/controllerserver-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-wekafsplugin-controller + namespace: csi-wekafsplugin + labels: + app: csi-wekafsplugin-controller + component: csi-wekafsplugin-controller + release: csi-wekafsplugin diff --git a/csi-wekafsplugin/base/core/serviceaccounts/csi-wekafsplugin-node/kustomization.yaml b/csi-wekafsplugin/base/core/serviceaccounts/csi-wekafsplugin-node/kustomization.yaml new file mode 100644 index 00000000..175d44ff --- /dev/null +++ b/csi-wekafsplugin/base/core/serviceaccounts/csi-wekafsplugin-node/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - serviceaccount.yaml diff --git a/csi-wekafsplugin/base/core/serviceaccounts/csi-wekafsplugin-node/serviceaccount.yaml b/csi-wekafsplugin/base/core/serviceaccounts/csi-wekafsplugin-node/serviceaccount.yaml new file mode 100644 index 00000000..5ebf516c --- /dev/null +++ b/csi-wekafsplugin/base/core/serviceaccounts/csi-wekafsplugin-node/serviceaccount.yaml @@ -0,0 +1,10 @@ +# Source: csi-wekafsplugin/templates/nodeserver-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-wekafsplugin-node + namespace: csi-wekafsplugin + labels: + app: csi-wekafsplugin-node + component: csi-wekafsplugin-node + release: csi-wekafsplugin diff --git a/csi-wekafsplugin/base/kustomization.yaml b/csi-wekafsplugin/base/kustomization.yaml new file mode 100644 index 00000000..36593fd3 --- /dev/null +++ b/csi-wekafsplugin/base/kustomization.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: csi-wekafsplugin +resources: + - core/namespaces/csi-wekafsplugin + - core/serviceaccounts/csi-wekafsplugin-node + - core/serviceaccounts/csi-wekafsplugin-controller + - storage.k8s.io/csidrivers/csi.weka.io + - storage.k8s.io/storageclasses/storageclass-wekafs-dir-api + - security.openshift.io/securitycontextconstraints/csi-wekafsplugin-node-scc + - security.openshift.io/securitycontextconstraints/csi-wekafsplugin-controller-scc + - rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-node + - rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-controller + - rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-node + - rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-controller + - rbac.authorization.k8s.io/rolebindings/csi-wekafsplugin-controller + - rbac.authorization.k8s.io/roles/csi-wekafsplugin-controller + - machineconfiguration.openshift.io/machineconfigs/50-csi-wekafs-selinux-policy-worker + - apps/daemonsets/csi-wekafsplugin-node + - apps/deployments/csi-wekafsplugin-controller diff --git a/csi-wekafsplugin/base/machineconfiguration.openshift.io/machineconfigs/50-csi-wekafs-selinux-policy-worker/kustomization.yaml b/csi-wekafsplugin/base/machineconfiguration.openshift.io/machineconfigs/50-csi-wekafs-selinux-policy-worker/kustomization.yaml new file mode 100644 index 00000000..35b94cf4 --- /dev/null +++ b/csi-wekafsplugin/base/machineconfiguration.openshift.io/machineconfigs/50-csi-wekafs-selinux-policy-worker/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - machineconfig.yaml diff --git a/csi-wekafsplugin/base/machineconfiguration.openshift.io/machineconfigs/50-csi-wekafs-selinux-policy-worker/machineconfig.yaml b/csi-wekafsplugin/base/machineconfiguration.openshift.io/machineconfigs/50-csi-wekafs-selinux-policy-worker/machineconfig.yaml new file mode 100644 index 00000000..857b48cd --- /dev/null +++ b/csi-wekafsplugin/base/machineconfiguration.openshift.io/machineconfigs/50-csi-wekafs-selinux-policy-worker/machineconfig.yaml @@ -0,0 +1,35 @@ +# Source: csi-wekafsplugin/templates/selinux-policy-machineconfig.yaml +kind: MachineConfig +apiVersion: machineconfiguration.openshift.io/v1 +metadata: + name: 50-csi-wekafs-selinux-policy-worker + labels: + machineconfiguration.openshift.io/role: worker +spec: + osImageURL: '' + config: + ignition: + version: 3.2.0 + storage: + files: + - filesystem: root + path: "/etc/selinux/csi-wekafs-selinux.cil" + contents: + source: data:text/plain;charset=utf-8;base64,KHR5cGVhbGlhcyB3ZWthZnNfY3NpX3ZvbHVtZV90KQoodHlwZWFsaWFzYWN0dWFsIHdla2Fmc19jc2lfdm9sdW1lX3Qgd2VrYWZzX3QpCih0eXBlYWxpYXMgd2VrYWZzX2ZpbGVzeXN0ZW1fdCkKKHR5cGVhbGlhc2FjdHVhbCB3ZWthZnNfZmlsZXN5c3RlbV90IHdla2Fmc190KQoodHlwZSB3ZWthZnNfdCkKKHJvbGV0eXBlIG9iamVjdF9yIHdla2Fmc190KQoodHlwZWF0dHJpYnV0ZXNldCBjaWxfZ2VuX3JlcXVpcmUgdW5sYWJlbGVkX3QpCih0eXBlYXR0cmlidXRlc2V0IGNpbF9nZW5fcmVxdWlyZSBjb250YWluZXJfdmFyX2xpYl90KQoodHlwZWF0dHJpYnV0ZXNldCBjaWxfZ2VuX3JlcXVpcmUgY29udGFpbmVyX3QpCih0eXBlYXR0cmlidXRlc2V0IGNpbF9nZW5fcmVxdWlyZSBzcG9vbGZpbGUpCih0eXBlYXR0cmlidXRlc2V0IHNwb29sZmlsZSAod2VrYWZzX3QgKSkKKHR5cGVhdHRyaWJ1dGVzZXQgY2lsX2dlbl9yZXF1aXJlIGZpbGVfdHlwZSkKKHR5cGVhdHRyaWJ1dGVzZXQgZmlsZV90eXBlICh3ZWthZnNfdCApKQoodHlwZWF0dHJpYnV0ZXNldCBjaWxfZ2VuX3JlcXVpcmUgbm9uX3NlY3VyaXR5X2ZpbGVfdHlwZSkKKHR5cGVhdHRyaWJ1dGVzZXQgbm9uX3NlY3VyaXR5X2ZpbGVfdHlwZSAod2VrYWZzX3QgKSkKKHR5cGVhdHRyaWJ1dGVzZXQgY2lsX2dlbl9yZXF1aXJlIG5vbl9hdXRoX2ZpbGVfdHlwZSkKKHR5cGVhdHRyaWJ1dGVzZXQgbm9uX2F1dGhfZmlsZV90eXBlICh3ZWthZnNfdCApKQooYWxsb3cgY29udGFpbmVyX3Qgd2VrYWZzX3QgKGRpciAoYWRkX25hbWUgY3JlYXRlIGdldGF0dHIgaW9jdGwgbGluayBsb2NrIG9wZW4gcmVhZCByZW1vdmVfbmFtZSByZW5hbWUgcmVwYXJlbnQgcm1kaXIgc2VhcmNoIHNldGF0dHIgdW5saW5rIHdyaXRlKSkpCihhbGxvdyBjb250YWluZXJfdCB3ZWthZnNfdCAoZmlsZSAoY3JlYXRlIG9wZW4gZ2V0YXR0ciBzZXRhdHRyIHJlYWQgd3JpdGUgYXBwZW5kIHJlbmFtZSBsaW5rIHVubGluayBpb2N0bCBsb2NrKSkpCg== + verification: {} + mode: 0755 + systemd: + units: + - contents: | + [Unit] + Requires=systemd-udevd.target + After=NetworkManager.service + Before=sshd.service + DefaultDependencies=no + [Service] + Type=oneshot + ExecStart=/usr/sbin/semodule -i /etc/selinux/csi-wekafs-selinux.cil + [Install] + WantedBy=multi-user.target + name: csi-wekafs-selinux-policy.service + enabled: true diff --git a/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-controller/clusterrolebinding.yaml b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-controller/clusterrolebinding.yaml new file mode 100644 index 00000000..fbb08fae --- /dev/null +++ b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-controller/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +# Source: csi-wekafsplugin/templates/controllerserver-clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-wekafsplugin-controller + labels: + app: csi-wekafsplugin-controller + component: csi-wekafsplugin-controller + release: csi-wekafsplugin +subjects: + - kind: ServiceAccount + name: csi-wekafsplugin-controller + namespace: csi-wekafsplugin +roleRef: + kind: ClusterRole + name: csi-wekafsplugin-controller + apiGroup: rbac.authorization.k8s.io diff --git a/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-controller/kustomization.yaml b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-controller/kustomization.yaml new file mode 100644 index 00000000..464a5f99 --- /dev/null +++ b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-controller/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - clusterrolebinding.yaml diff --git a/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-node/clusterrolebinding.yaml b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-node/clusterrolebinding.yaml new file mode 100644 index 00000000..ca9c7125 --- /dev/null +++ b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-node/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +# Source: csi-wekafsplugin/templates/nodeserver-clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-wekafsplugin-node + labels: + app: csi-wekafsplugin-node + component: csi-wekafsplugin-node + release: csi-wekafsplugin +subjects: + - kind: ServiceAccount + name: csi-wekafsplugin-node + namespace: csi-wekafsplugin +roleRef: + kind: ClusterRole + name: csi-wekafsplugin-node + apiGroup: rbac.authorization.k8s.io diff --git a/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-node/kustomization.yaml b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-node/kustomization.yaml new file mode 100644 index 00000000..464a5f99 --- /dev/null +++ b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterrolebindings/csi-wekafsplugin-node/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - clusterrolebinding.yaml diff --git a/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-controller/clusterrole.yaml b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-controller/clusterrole.yaml new file mode 100644 index 00000000..796d2b61 --- /dev/null +++ b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-controller/clusterrole.yaml @@ -0,0 +1,64 @@ +# Source: csi-wekafsplugin/templates/controllerserver-clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-wekafsplugin-controller + labels: + app: csi-wekafsplugin-controller + component: csi-wekafsplugin-controller + release: csi-wekafsplugin +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "create", "get", "list", "watch", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] diff --git a/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-controller/kustomization.yaml b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-controller/kustomization.yaml new file mode 100644 index 00000000..69b27f0b --- /dev/null +++ b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-controller/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - clusterrole.yaml diff --git a/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-node/clusterrole.yaml b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-node/clusterrole.yaml new file mode 100644 index 00000000..b8b8ac51 --- /dev/null +++ b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-node/clusterrole.yaml @@ -0,0 +1,34 @@ +# Source: csi-wekafsplugin/templates/nodeserver-clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-wekafsplugin-node + labels: + app: csi-wekafsplugin-node + component: csi-wekafsplugin-node + release: csi-wekafsplugin +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumesclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] diff --git a/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-node/kustomization.yaml b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-node/kustomization.yaml new file mode 100644 index 00000000..69b27f0b --- /dev/null +++ b/csi-wekafsplugin/base/rbac.authorization.k8s.io/clusterroles/csi-wekafsplugin-node/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - clusterrole.yaml diff --git a/csi-wekafsplugin/base/rbac.authorization.k8s.io/rolebindings/csi-wekafsplugin-controller/kustomization.yaml b/csi-wekafsplugin/base/rbac.authorization.k8s.io/rolebindings/csi-wekafsplugin-controller/kustomization.yaml new file mode 100644 index 00000000..d5848bf5 --- /dev/null +++ b/csi-wekafsplugin/base/rbac.authorization.k8s.io/rolebindings/csi-wekafsplugin-controller/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - rolebinding.yaml diff --git a/csi-wekafsplugin/base/rbac.authorization.k8s.io/rolebindings/csi-wekafsplugin-controller/rolebinding.yaml b/csi-wekafsplugin/base/rbac.authorization.k8s.io/rolebindings/csi-wekafsplugin-controller/rolebinding.yaml new file mode 100644 index 00000000..5d78ac12 --- /dev/null +++ b/csi-wekafsplugin/base/rbac.authorization.k8s.io/rolebindings/csi-wekafsplugin-controller/rolebinding.yaml @@ -0,0 +1,18 @@ +# Source: csi-wekafsplugin/templates/controllerserver-rolebinding.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-wekafsplugin-controller + labels: + app: csi-wekafsplugin-controller + component: csi-wekafsplugin-controller + release: csi-wekafsplugin + namespace: csi-wekafsplugin +subjects: + - kind: ServiceAccount + name: csi-wekafsplugin-controller + namespace: csi-wekafsplugin +roleRef: + kind: Role + name: csi-wekafsplugin-controller + apiGroup: rbac.authorization.k8s.io diff --git a/csi-wekafsplugin/base/rbac.authorization.k8s.io/roles/csi-wekafsplugin-controller/kustomization.yaml b/csi-wekafsplugin/base/rbac.authorization.k8s.io/roles/csi-wekafsplugin-controller/kustomization.yaml new file mode 100644 index 00000000..0cf133ab --- /dev/null +++ b/csi-wekafsplugin/base/rbac.authorization.k8s.io/roles/csi-wekafsplugin-controller/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - role.yaml diff --git a/csi-wekafsplugin/base/rbac.authorization.k8s.io/roles/csi-wekafsplugin-controller/role.yaml b/csi-wekafsplugin/base/rbac.authorization.k8s.io/roles/csi-wekafsplugin-controller/role.yaml new file mode 100644 index 00000000..ae39c740 --- /dev/null +++ b/csi-wekafsplugin/base/rbac.authorization.k8s.io/roles/csi-wekafsplugin-controller/role.yaml @@ -0,0 +1,13 @@ +# Source: csi-wekafsplugin/templates/controllerserver-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-wekafsplugin-controller + labels: + app: csi-wekafsplugin-controller + component: csi-wekafsplugin-controller + release: csi-wekafsplugin +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] diff --git a/csi-wekafsplugin/base/security.openshift.io/securitycontextconstraints/csi-wekafsplugin-controller-scc/kustomization.yaml b/csi-wekafsplugin/base/security.openshift.io/securitycontextconstraints/csi-wekafsplugin-controller-scc/kustomization.yaml new file mode 100644 index 00000000..156cf9e8 --- /dev/null +++ b/csi-wekafsplugin/base/security.openshift.io/securitycontextconstraints/csi-wekafsplugin-controller-scc/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - securitycontextconstraints.yaml diff --git a/csi-wekafsplugin/base/security.openshift.io/securitycontextconstraints/csi-wekafsplugin-controller-scc/securitycontextconstraints.yaml b/csi-wekafsplugin/base/security.openshift.io/securitycontextconstraints/csi-wekafsplugin-controller-scc/securitycontextconstraints.yaml new file mode 100644 index 00000000..e542acac --- /dev/null +++ b/csi-wekafsplugin/base/security.openshift.io/securitycontextconstraints/csi-wekafsplugin-controller-scc/securitycontextconstraints.yaml @@ -0,0 +1,24 @@ +# Source: csi-wekafsplugin/templates/controllerserver-security-context-constraint.yaml +kind: SecurityContextConstraints +apiVersion: security.openshift.io/v1 +metadata: + name: csi-wekafsplugin-controller-scc +allowHostIPC: false +allowHostPID: false +allowPrivilegedContainer: true +allowHostDirVolumePlugin: true +allowHostNetwork: true +readOnlyRootFilesystem: false +allowHostPorts: true +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +fsGroup: + type: RunAsAny +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:csi-wekafsplugin:csi-wekafsplugin-controller +volumes: + - '*' diff --git a/csi-wekafsplugin/base/security.openshift.io/securitycontextconstraints/csi-wekafsplugin-node-scc/kustomization.yaml b/csi-wekafsplugin/base/security.openshift.io/securitycontextconstraints/csi-wekafsplugin-node-scc/kustomization.yaml new file mode 100644 index 00000000..156cf9e8 --- /dev/null +++ b/csi-wekafsplugin/base/security.openshift.io/securitycontextconstraints/csi-wekafsplugin-node-scc/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - securitycontextconstraints.yaml diff --git a/csi-wekafsplugin/base/security.openshift.io/securitycontextconstraints/csi-wekafsplugin-node-scc/securitycontextconstraints.yaml b/csi-wekafsplugin/base/security.openshift.io/securitycontextconstraints/csi-wekafsplugin-node-scc/securitycontextconstraints.yaml new file mode 100644 index 00000000..786d683d --- /dev/null +++ b/csi-wekafsplugin/base/security.openshift.io/securitycontextconstraints/csi-wekafsplugin-node-scc/securitycontextconstraints.yaml @@ -0,0 +1,24 @@ +# Source: csi-wekafsplugin/templates/nodeserver-security-context-constraint.yaml +kind: SecurityContextConstraints +apiVersion: security.openshift.io/v1 +metadata: + name: csi-wekafsplugin-node-scc +allowHostIPC: false +allowHostPID: false +allowPrivilegedContainer: true +allowHostDirVolumePlugin: true +allowHostNetwork: true +readOnlyRootFilesystem: false +allowHostPorts: true +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +fsGroup: + type: RunAsAny +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:csi-wekafsplugin:csi-wekafsplugin-node +volumes: + - '*' diff --git a/csi-wekafsplugin/base/storage.k8s.io/csidrivers/csi.weka.io/csidriver.yaml b/csi-wekafsplugin/base/storage.k8s.io/csidrivers/csi.weka.io/csidriver.yaml new file mode 100644 index 00000000..845d151d --- /dev/null +++ b/csi-wekafsplugin/base/storage.k8s.io/csidrivers/csi.weka.io/csidriver.yaml @@ -0,0 +1,11 @@ +# Source: csi-wekafsplugin/templates/driver.yaml +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.weka.io +spec: + attachRequired: true + podInfoOnMount: true + volumeLifecycleModes: + - Persistent + fsGroupPolicy: File diff --git a/csi-wekafsplugin/base/storage.k8s.io/csidrivers/csi.weka.io/kustomization.yaml b/csi-wekafsplugin/base/storage.k8s.io/csidrivers/csi.weka.io/kustomization.yaml new file mode 100644 index 00000000..f978c37f --- /dev/null +++ b/csi-wekafsplugin/base/storage.k8s.io/csidrivers/csi.weka.io/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - csidriver.yaml diff --git a/csi-wekafsplugin/base/storage.k8s.io/storageclasses/storageclass-wekafs-dir-api/kustomization.yaml b/csi-wekafsplugin/base/storage.k8s.io/storageclasses/storageclass-wekafs-dir-api/kustomization.yaml new file mode 100644 index 00000000..23c2e0c6 --- /dev/null +++ b/csi-wekafsplugin/base/storage.k8s.io/storageclasses/storageclass-wekafs-dir-api/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - storageclass.yaml diff --git a/csi-wekafsplugin/base/storage.k8s.io/storageclasses/storageclass-wekafs-dir-api/storageclass.yaml b/csi-wekafsplugin/base/storage.k8s.io/storageclasses/storageclass-wekafs-dir-api/storageclass.yaml new file mode 100644 index 00000000..a097eaa2 --- /dev/null +++ b/csi-wekafsplugin/base/storage.k8s.io/storageclasses/storageclass-wekafs-dir-api/storageclass.yaml @@ -0,0 +1,39 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: storageclass-wekafs-dir-api +provisioner: csi.weka.io +reclaimPolicy: Delete +volumeBindingMode: Immediate +allowVolumeExpansion: true +parameters: + volumeType: dir/v1 + filesystemName: default + # optional parameters setting UID, GID and permissions on volume + # UID of the volume owner, default 0 (root) + # ownerUid: "1000" + + # GID of the volume owner, default 0 (root) + # ownerGid: "1000" + + # permissions in Unix octal format, default "0750" + # permissions: "0775" + + # capacity enforcement mode (either SOFT or HARD) + # - HARD or unspecified: pod will not be able to write above quota + # - SOFT: warning will be issued on Weka cluster, but writing will not be blocked + capacityEnforcement: HARD + # name of the secret that stores API credentials for a cluster + # change the name of secret to match secret of a particular cluster (if you have several Weka clusters) + csi.storage.k8s.io/provisioner-secret-name: &secretName csi-wekafs-api-secret + # change the name of the namespace in which the cluster API credentials + csi.storage.k8s.io/provisioner-secret-namespace: &secretNamespace csi-wekafsplugin + # do not change anything below this line, or set to same parameters as above + csi.storage.k8s.io/controller-publish-secret-name: *secretName + csi.storage.k8s.io/controller-publish-secret-namespace: *secretNamespace + csi.storage.k8s.io/controller-expand-secret-name: *secretName + csi.storage.k8s.io/controller-expand-secret-namespace: *secretNamespace + csi.storage.k8s.io/node-stage-secret-name: *secretName + csi.storage.k8s.io/node-stage-secret-namespace: *secretNamespace + csi.storage.k8s.io/node-publish-secret-name: *secretName + csi.storage.k8s.io/node-publish-secret-namespace: *secretNamespace diff --git a/csi-wekafsplugin/overlays/nerc-ocp-test/csi-wekafs-api-secret.yaml b/csi-wekafsplugin/overlays/nerc-ocp-test/csi-wekafs-api-secret.yaml new file mode 100644 index 00000000..c553f128 --- /dev/null +++ b/csi-wekafsplugin/overlays/nerc-ocp-test/csi-wekafs-api-secret.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + labels: + nerc.mghpcc.org/kustomized: "true" + name: csi-wekafs-api-secret + namespace: csi-wekafsplugin +spec: + dataFrom: + - extract: + key: nerc/nerc-ocp-test/weka/csi-wekafs-api-secret + secretStoreRef: + kind: SecretStore + name: nerc-secret-store + target: + name: csi-wekafs-api-secret + template: + metadata: + labels: {} diff --git a/csi-wekafsplugin/overlays/nerc-ocp-test/kustomization.yaml b/csi-wekafsplugin/overlays/nerc-ocp-test/kustomization.yaml new file mode 100644 index 00000000..04eb3950 --- /dev/null +++ b/csi-wekafsplugin/overlays/nerc-ocp-test/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + nerc.mghpcc.org/kustomized: "true" + +resources: + - ../../base + - csi-wekafs-api-secret.yaml