Skip to content

Commit

Permalink
Support the deployment of KubeVirt CSI driver (#3499)
Browse files Browse the repository at this point in the history 
* support the deployment of KubeVirt CSI driver

Signed-off-by: moadqassem <moad.qassem@gmail.com>

* addressing PR review

Signed-off-by: moadqassem <moad.qassem@gmail.com>

* templating and customizing kubevirt csi driver

Signed-off-by: moadqassem <moad.qassem@gmail.com>

* validating infraKubeconfig

Signed-off-by: moadqassem <moad.qassem@gmail.com>

* refactor kubervirt csi template

Signed-off-by: moadqassem <moad.qassem@gmail.com>

* fix tests
Signed-off-by: moadqassem <moad.qassem@gmail.com>

Signed-off-by: moadqassem <moad.qassem@gmail.com>

* renaming KubeVirt CSI fields

Signed-off-by: moadqassem <moad.qassem@gmail.com>

* generate need code

Signed-off-by: moadqassem <moad.qassem@gmail.com>

* enable KubeVirt CSI Driver

Signed-off-by: moadqassem <moad.qassem@gmail.com>

---------

Signed-off-by: moadqassem <moad.qassem@gmail.com>
  • Loading branch information
@moadqassem
moadqassem authored Dec 20, 2024
1 parent 7d8489b commit e924cd1
Show file tree
Hide file tree
Showing 15 changed files with 465 additions and 5 deletions.
193 changes: 193 additions & 0 deletions addons/csi-kubevirt/1-kubevirt-csi-driver.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,193 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubevirt-csi-node-sa
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt-csi-node-cr
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["security.openshift.io"]
resources: ["securitycontextconstraints"]
verbs: ["use"]
resourceNames: ["privileged"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubevirt-csi-node-binding
subjects:
- kind: ServiceAccount
name: kubevirt-csi-node-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: kubevirt-csi-node-cr
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ConfigMap
metadata:
name: driver-config
namespace: kubevirt-csi-driver
data:
{{ with .Config.CloudProvider.Kubevirt -}}
{{ with .InfraNamespace }}
infraClusterNamespace: "{{ . }}"
{{ end }}
{{ end }}
infraClusterLabels: csi-driver/cluster=tenant
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: kubevirt-csi-node
namespace: kube-system
spec:
selector:
matchLabels:
app: kubevirt-csi-driver
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: kubevirt-csi-driver
spec:
serviceAccount: kubevirt-csi-node-sa
priorityClassName: system-node-critical
tolerations:
- operator: Exists
containers:
- name: csi-driver
securityContext:
privileged: true
allowPrivilegeEscalation: true
imagePullPolicy: Always
image: '{{ .InternalImages.Get "KubeVirtCSIDriver" }}'
args:
- "--endpoint=unix:/csi/csi.sock"
- "--node-name=$(KUBE_NODE_NAME)"
- "--run-node-service=true"
- "--run-controller-service=false"
- "--v=5"
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: kubelet-dir
mountPath: /var/lib/kubelet
mountPropagation: "Bidirectional"
- name: plugin-dir
mountPath: /csi
- name: device-dir
mountPath: /dev
- name: udev
mountPath: /run/udev
ports:
- name: healthz
containerPort: 10300
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 10
failureThreshold: 5
resources:
requests:
memory: 50Mi
cpu: 10m
- name: csi-node-driver-registrar
image: '{{ .InternalImages.Get "KubeVirtCSINodeDriverRegistrar" }}'
args:
- "--csi-address=$(ADDRESS)"
- "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
- "--v=5"
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "rm -rf /registration/csi.kubevirt.io-reg.sock /csi/csi.sock"]
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: /var/lib/kubelet/plugins/csi.kubevirt.io/csi.sock
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
resources:
requests:
memory: 20Mi
cpu: 5m
- name: csi-liveness-probe
image: '{{ .InternalImages.Get "KubeVirtCSILivenessprobe" }}'
args:
- "--csi-address=/csi/csi.sock"
- "--probe-timeout=3s"
- "--health-port=10300"
volumeMounts:
- name: plugin-dir
mountPath: /csi
resources:
requests:
memory: 20Mi
cpu: 5m
volumes:
- name: kubelet-dir
hostPath:
path: /var/lib/kubelet
type: Directory
- name: plugin-dir
hostPath:
path: /var/lib/kubelet/plugins/csi.kubevirt.io/
type: DirectoryOrCreate
- name: registration-dir
hostPath:
path: /var/lib/kubelet/plugins_registry/
type: Directory
- name: device-dir
hostPath:
path: /dev
type: Directory
- name: udev
hostPath:
path: /run/udev
Loading

0 comments on commit e924cd1

Please sign in to comment.