diff --git a/deploy/kubernetes/v1.22/controller.yml b/deploy/kubernetes/v1.22/controller.yml new file mode 100644 index 0000000..9b2fe43 --- /dev/null +++ b/deploy/kubernetes/v1.22/controller.yml @@ -0,0 +1,165 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-controller-sa + namespace: synology-csi + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: synology-csi-controller-role +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: synology-csi-controller-role + namespace: synology-csi +subjects: + - kind: ServiceAccount + name: csi-controller-sa + namespace: synology-csi +roleRef: + kind: ClusterRole + name: synology-csi-controller-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: synology-csi-controller + namespace: synology-csi +spec: + serviceName: "synology-csi-controller" + replicas: 1 + selector: + matchLabels: + app: synology-csi-controller + template: + metadata: + labels: + app: synology-csi-controller + spec: + serviceAccountName: csi-controller-sa + hostNetwork: true + containers: + - name: csi-provisioner + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: quay.io/k8scsi/csi-provisioner:v1.6.0 + args: + - --timeout=60s + - --csi-address=$(ADDRESS) + - --v=5 + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: Always + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: quay.io/k8scsi/csi-attacher:v3.1.0 + args: + - --v=5 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: Always + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: quay.io/k8scsi/csi-resizer:v0.5.0 + args: + - --v=5 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: Always + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-plugin + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: synology/synology-csi:v1.0.0 + args: + - --nodeid=NotUsed + - --endpoint=$(CSI_ENDPOINT) + - --client-info + - /etc/synology/client-info.yml + - --log-level=info + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: IfNotPresent + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: client-info + mountPath: /etc/synology + readOnly: true + volumes: + - name: socket-dir + emptyDir: {} + - name: client-info + secret: + secretName: client-info-secret diff --git a/deploy/kubernetes/v1.22/csi-driver.yml b/deploy/kubernetes/v1.22/csi-driver.yml new file mode 100644 index 0000000..ac8f464 --- /dev/null +++ b/deploy/kubernetes/v1.22/csi-driver.yml @@ -0,0 +1,9 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.san.synology.com +spec: + attachRequired: true # Indicates the driver requires an attach operation (TODO: ControllerPublishVolume should be implemented) + podInfoOnMount: true + volumeLifecycleModes: + - Persistent diff --git a/deploy/kubernetes/v1.22/namespace.yml b/deploy/kubernetes/v1.22/namespace.yml new file mode 100644 index 0000000..57dda22 --- /dev/null +++ b/deploy/kubernetes/v1.22/namespace.yml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: synology-csi \ No newline at end of file diff --git a/deploy/kubernetes/v1.22/node.yml b/deploy/kubernetes/v1.22/node.yml new file mode 100644 index 0000000..04b6eba --- /dev/null +++ b/deploy/kubernetes/v1.22/node.yml @@ -0,0 +1,139 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-node-sa + namespace: synology-csi + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: synology-csi-node-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "update"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: synology-csi-node-role + namespace: synology-csi +subjects: + - kind: ServiceAccount + name: csi-node-sa + namespace: synology-csi +roleRef: + kind: ClusterRole + name: synology-csi-node-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: synology-csi-node + namespace: synology-csi +spec: + selector: + matchLabels: + app: synology-csi-node + template: + metadata: + labels: + app: synology-csi-node + spec: + serviceAccount: csi-node-sa + hostNetwork: true + containers: + - name: csi-driver-registrar + securityContext: + privileged: true + imagePullPolicy: Always + image: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0 + args: + - --v=5 + - --csi-address=$(ADDRESS) # the csi socket path inside the pod + - --kubelet-registration-path=$(REGISTRATION_PATH) # the csi socket path on the host node + env: + - name: ADDRESS + value: /csi/csi.sock + - name: REGISTRATION_PATH + value: /var/lib/kubelet/plugins/csi.san.synology.com/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: csi-plugin + securityContext: + privileged: true + imagePullPolicy: IfNotPresent + image: synology/synology-csi:v1.0.0 + args: + - --nodeid=$(KUBE_NODE_NAME) + - --endpoint=$(CSI_ENDPOINT) + - --client-info + - /etc/synology/client-info.yml + - --log-level=info + env: + - name: CSI_ENDPOINT + value: unix://csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /csi + - name: client-info + mountPath: /etc/synology + readOnly: true + - name: host-root + mountPath: /host + - name: device-dir + mountPath: /dev + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.san.synology.com/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + - name: client-info + secret: + secretName: client-info-secret + - name: host-root + hostPath: + path: / + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory diff --git a/deploy/kubernetes/v1.22/snapshotter/snapshotter.yaml b/deploy/kubernetes/v1.22/snapshotter/snapshotter.yaml new file mode 100644 index 0000000..94b6e2f --- /dev/null +++ b/deploy/kubernetes/v1.22/snapshotter/snapshotter.yaml @@ -0,0 +1,106 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-snapshotter-sa + namespace: synology-csi + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: synology-csi-snapshotter-role +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: synology-csi-snapshotter-role + namespace: synology-csi +subjects: + - kind: ServiceAccount + name: csi-snapshotter-sa + namespace: synology-csi +roleRef: + kind: ClusterRole + name: synology-csi-snapshotter-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: synology-csi-snapshotter + namespace: synology-csi +spec: + serviceName: "synology-csi-snapshotter" + replicas: 1 + selector: + matchLabels: + app: synology-csi-snapshotter + template: + metadata: + labels: + app: synology-csi-snapshotter + spec: + serviceAccountName: csi-snapshotter-sa + hostNetwork: true + containers: + - name: csi-snapshotter + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: quay.io/k8scsi/csi-snapshotter:v3.0.3 + args: + - --v=5 + - --csi-address=$(ADDRESS) + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: Always + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-plugin + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: synology/synology-csi:v1.0.0 + args: + - --nodeid=NotUsed + - --endpoint=$(CSI_ENDPOINT) + - --client-info + - /etc/synology/client-info.yml + - --log-level=info + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: IfNotPresent + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: client-info + mountPath: /etc/synology + readOnly: true + volumes: + - name: socket-dir + emptyDir: {} + - name: client-info + secret: + secretName: client-info-secret \ No newline at end of file diff --git a/deploy/kubernetes/v1.22/snapshotter/volume-snapshot-class.yml b/deploy/kubernetes/v1.22/snapshotter/volume-snapshot-class.yml new file mode 100644 index 0000000..cd590ea --- /dev/null +++ b/deploy/kubernetes/v1.22/snapshotter/volume-snapshot-class.yml @@ -0,0 +1,11 @@ +apiVersion: snapshot.storage.k8s.io/v1beta1 +kind: VolumeSnapshotClass +metadata: + name: synology-snapshotclass + annotations: + storageclass.kubernetes.io/is-default-class: "false" +driver: csi.san.synology.com +deletionPolicy: Delete +# parameters: +# description: 'Kubernetes CSI' +# is_locked: 'false' \ No newline at end of file diff --git a/deploy/kubernetes/v1.22/storage-class.yml b/deploy/kubernetes/v1.22/storage-class.yml new file mode 100644 index 0000000..ff59c87 --- /dev/null +++ b/deploy/kubernetes/v1.22/storage-class.yml @@ -0,0 +1,14 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: synology-iscsi-storage + # annotations: + # storageclass.kubernetes.io/is-default-class: "true" +provisioner: csi.san.synology.com +# if all params are empty, synology CSI will choose an available location to create volume +# parameters: +# dsm: '1.1.1.1' +# location: '/volume1' +# fsType: 'ext4' +reclaimPolicy: Retain +allowVolumeExpansion: true