Configurazione Block Storage for VPC per i cluster non gestiti
La seguente documentazione descrive la procedura per distribuire il driver Block Storage for VPC su cluster OpenShift Container Platform non gestiti in IBM Cloud. Questo processo non ĆØ supportato e qualsiasi problema con i passi o il driver deve essere ricreato in un cluster Kubernetes per ricevere il supporto.
VPC (Virtual Private Cloud)
Vuoi utilizzare Block Storage for VPC in un cluster IBM Cloud Kubernetes Service o Red Hat OpenShift on IBM Cloud ? Per ulteriori informazioni, vedi Configurazione di Block Storage for VPC.
Prerequisiti
Per utilizzare il driver Block Storage for VPC, completa la seguente attivitĆ :
- Crea un cluster IBM Cloud Kubernetes Service sull'infrastruttura VPC.
- Etichetta i tuoi nodi di lavoro.
- Crea il tuo segreto di archiviazione.
- Crea un segreto di pull dell'immagine che utilizza le credenziali IAM.
Etichettatura dei tuoi nodi di lavoro
Prima di poter distribuire il driver Block Storage for VPC, devi preparare i tuoi nodi di lavoro aggiungendo le etichette richieste.
Prima di iniziare, accedi al tuo account. Se applicabile, specifica il gruppo di risorse appropriato. Imposta il contesto per il tuo cluster.
-
Richiama i seguenti dettagli della tua istanza VPC. Questi parametri vengono utilizzati per applicare etichette ai nodi di lavoro.
<instanceID>
- L'ID istanza VPC. Per richiamare questo valore, eseguireibmcloud is ins
.<node-name>
- I nomi dei nodi di lavoro. Per richiamare questo valore, eseguirekubectl get nodes
.<region-of-instanceID>
e<zone-of-instanceID>
- La zona e la regione in cui si trova la tua istanza VPC. Per richiamare questi valori, eseguireibmcloud is in <instanceID>
. Valore regione di esempio:eu-de
. Valore zona di esempio:eu-de-1
.
-
Copiare il seguente script di shell e salvarlo in un file sulla macchina locale denominato
setup.sh
#!/bin/bash function help() { echo "Run the script in the following format..." echo "./setup.sh <node-name> <instanceID> <region-of-instanceID> <zone-of-instanceID>" exit 1 } function apply_labels() { kubectl label nodes $1 "ibm-cloud.kubernetes.io/worker-id"=$2 kubectl label nodes $1 "failure-domain.beta.kubernetes.io/region"=$3 kubectl label nodes $1 "failure-domain.beta.kubernetes.io/zone"=$4 kubectl label nodes $1 "topology.kubernetes.io/region"=$3 kubectl label nodes $1 "topology.kubernetes.io/zone"=$4 } function verify_node() { kubectl get nodes | grep $1 if (( $? == 0 )) then return 0 else return 1 fi } if (( $# < 4 )) then help fi node=$1 instanceID=$2 region=$3 zone=$4 verify_node $node if (( $? == 0 )) then apply_labels $node $instanceID $region $zone else echo "Node " \'$node\' " not found in the cluster, please check the node or passing correct parameters while executing script" help fi
-
Etichetta i tuoi nodi di lavoro eseguendo lo script della shell e specificando i parametri che hai richiamato in precedenza. Ripeti questo passo per ogni nodo di lavoro nel cluster.
sh setup.sh <node-name> <instanceID> <region-of-instanceID> <zone-of-instanceID>
Richiamo dei dettagli di IAM e VPC
Per creare il segreto Kubernetes utilizzato in Block Storage for VPC ConfigMap, devi recuperare i tuoi dettagli IAM e VPC.
-
Richiamare i valori dei seguenti parametri di configurazione. Questi valori vengono utilizzati per creare il segreto Kubernetes richiesto per Block Storage for VPC.
<g2_api_key>
- La chiave API IAM. Puoi utilizzare la tua chiave API esistente oppure puoi creare una chiave API eseguendo il comandoibmcloud iam api-key-create NAME
.<g2_riaas_endpoint>
- L'endpoint regionale VPC del tuo cluster VPC nel formatohttps://<region>.iaas.cloud.ibm.com
. Esempio:https://eu-de.iaas.cloud.ibm.com
. Per ulteriori informazioni, vedi Endpoint VPC.<g2_resource_group_id>
- Per richiamare questo valore, eseguire il comandoibmcloud is vpc <vpc-ID>
e prendere nota del campoResource group
.
-
Salvare il seguente file di configurazione TOML sulla macchina locale denominata
config.toml
. Verificare che non vi siano righe vuote tra i valori e che non vi siano righe vuote alla fine del file.[server] debug_trace = false [vpc] iam_client_id = "bx" iam_client_secret = "bx" g2_token_exchange_endpoint_url = "https://iam.bluemix.net" g2_riaas_endpoint_url = "<g2_riaas_endpoint>" g2_resource_group_id = "<resource_group_id>" g2_api_key = "<IAM_API_key>" provider_type = "g2"
-
Immettere i valori richiamati in precedenza e codificare il file TOML su base64. Salva l'output base64 da utilizzare nel driver Block Storage ConfigMap.
cat ./config.toml | base64
Creazione del segreto di pull dell'immagine nel cluster
Crea un segreto di pull dell'immagine nel tuo cluster. Il segreto che crei viene utilizzato per estrarre le immagini del driver Block Storage for VPC.
-
Esamina e richiama i seguenti valori per il tuo segreto di pull dell'immagine.
<docker-username>
- Immettere la stringa:iamapikey
.<docker-password>
- Immetti la chiave API IAM. Per ulteriori informazioni sulle chiavi API IAM, vedi Descrizione delle chiavi API.<docker-email>
- Immettere la stringa:iamapikey
.
-
Esegui il seguente comando per creare il segreto di pull dell'immagine nel tuo cluster. Nota che il tuo segreto deve essere denominato
icr-io-secret
.kubectl create secret docker-registry icr-io-secret --docker-server=icr.io --docker-username=iamapikey --docker-password=-<iam-api-key> --docker-email=iamapikey -n kube-system
Creazione della distribuzione del driver Block Storage for VPC
Seleziona il driver Block Storage for VPC ConfigMap che corrisponde al sistema operativo dei tuoi nodi di lavoro. Quando crei la distribuzione nel tuo cluster, vengono installate le classi di archiviazione e il driver Block Storage for VPC.
-
Salvare una delle seguenti configurazioni YAML in un file sulla macchina locale denominato
configmap.yaml
. Selezionare la ConfigMap in base al sistema operativo del cluster. -
Aggiungere i dettagli di configurazione TOML codificati creati in precedenza a ConfigMap nella sezione di configurazione segreta
slclient.toml
. -
Creare la ConfigMap nel cluster.
oc create -f configmap.yaml
-
Verificare che i pod del driver siano distribuiti e che lo stato sia
Running
.oc get pods -n kube-system | grep vpc
-
Verificare che
csidrivers
sia stato creato.oc get csidrivers | grep vpc
Output di esempio:
NAME ATTACHREQUIRED PODINFOONMOUNT MODES AGE vpc.block.csi.ibm.io true true Persistent 8m26s
-
Verificare che le classi di archiviazione siano state create.
oc get sc
Output di esempio
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE local-path (default) rancher.io/local-path Delete WaitForFirstConsumer false 8d ibmc-vpc-block-10iops-tier (default) vpc.block.csi.ibm.io Delete Immediate false 9m ibmc-vpc-block-5iops-tier vpc.block.csi.ibm.io Delete Immediate false 9m ibmc-vpc-block-custom vpc.block.csi.ibm.io Delete Immediate false 9m ibmc-vpc-block-general-purpose vpc.block.csi.ibm.io Delete Immediate false 9m ibmc-vpc-block-retain-10iops-tier vpc.block.csi.ibm.io Retain Immediate false 9m ibmc-vpc-block-retain-5iops-tier vpc.block.csi.ibm.io Retain Immediate false 8m59s ibmc-vpc-block-retain-custom vpc.block.csi.ibm.io Retain Immediate false 8m59s ibmc-vpc-block-retain-general-purpose vpc.block.csi.ibm.io Retain Immediate false 8m59s
-
Distribuisci una serie con stato che utilizza Block Storage for VPC.
Distribuzione di una serie con stato che utilizzi Block Storage for VPC
Dopo aver distribuito il driver Block Storage for VPC, puoi creare distribuzioni che sfruttano Block Storage for VPC. La seguente serie con stato esegue in modo dinamico il provisioning di volumi Block Storage for VPC creando PVC che utilizzano
la classe di archiviazione ibmc-vpc-block-5iops-tier
.
- Salva la seguente configurazione YAML come file sulla tua macchina locale denominata
statefulset.yaml
.apiVersion: v1 kind: Service metadata: name: nginx labels: app: nginx spec: ports: - port: 80 name: web clusterIP: None selector: app: nginx --- apiVersion: apps/v1 kind: StatefulSet metadata: name: web spec: serviceName: "nginx" replicas: 2 podManagementPolicy: "Parallel" selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx securityContext: privileged: false image: k8s.gcr.io/nginx-slim:0.8 ports: - containerPort: 80 name: web volumeMounts: - name: www mountPath: /usr/share/nginx/html tolerations: - operator: Exists volumeClaimTemplates: - metadata: annotations: volume.beta.kubernetes.io/storage-class: ibmc-vpc-block-5iops-tier name: www spec: accessModes: - ReadWriteOnce # access mode resources: requests: storage: 25Gi #
- Crea la serie con stato nel tuo cluster.
kubectl create -f statefulset.yaml
- Verifica che i pod della serie con stato siano in esecuzione.
Output di esempiokubectl get pods
NAME READY STATUS RESTARTS AGE web-0 1/1 Running 0 2m52s web-1 1/1 Running 0 2m52s
Rimozione del driver Block Storage for VPC
Se non vuoi più utilizzare il driver Block Storage for VPC nel tuo cluster, puoi rimuovere ConfigMap per rimuovere i pod del driver.
La rimozione del driver Block Storage for VPC dal tuo cluster non rimuove i dati nei tuoi volumi di archiviazione. Se vuoi rimuovere completamente i tuoi PV e PVC, vedi Ripulitura dell'archiviazione persistente.
- Eliminare la
ibm-vpc-block-csi-configmap
ConfigMap dal cluster.oc rm cm ibm-vpc-block-csi-configmap -n kube-system
- Verificare che ConfigMap sia stato rimosso.
oc get cm -n kube-system | grep ibm-vpc-block-csi-configmap
Riferimento mappa di configurazione
Selezionare una delle seguenti mappe di configurazione in base al sistema operativo del nodo di lavoro.
RHEL o CentOS ConfigMap
Salvare la seguente ConfigMap YAML come file sulla macchina locale.
apiVersion: v1
items:
- apiVersion: v1
data:
CSI_ENDPOINT: unix:/csi/csi.sock
IKS_BLOCK_PROVIDER_NAME: iks-vpc
IKS_ENABLED: "False"
SECRET_CONFIG_PATH: /etc/storage_ibmc
VPC_API_GENERATION: "1"
VPC_API_TIMEOUT: 180s
VPC_API_VERSION: "2019-07-02"
VPC_BLOCK_PROVIDER_NAME: vpc
VPC_ENABLED: "True"
VPC_RETRY_ATTEMPT: "10"
VPC_RETRY_INTERVAL: "120"
kind: ConfigMap
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: ibm-vpc-block-csi-configmap
namespace: kube-system
- apiVersion: v1
imagePullSecrets:
- name: bluemix-default-secret
- name: bluemix-default-secret-regional
- name: bluemix-default-secret-international
- name: icr-io-secret
kind: ServiceAccount
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: ibm-vpc-block-node-sa
namespace: kube-system
- apiVersion: v1
data:
cluster-config.json: |
{}
kind: ConfigMap
metadata:
annotations:
name: cluster-info
namespace: kube-system
- apiVersion: v1
data:
slclient.toml: # Enter the base64 encoded TOML file that you created earlier
kind: Secret
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
kubernetes.io/cluster-service: "true"
name: storage-secret-store
namespace: kube-system
type: Opaque
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: vpc-block-driver-registrar-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- update
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: vpc-block-driver-registrar-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpc-block-driver-registrar-role
subjects:
- kind: ServiceAccount
name: ibm-vpc-block-node-sa
namespace: kube-system
- apiVersion: v1
imagePullSecrets:
- name: bluemix-default-secret
- name: bluemix-default-secret-regional
- name: bluemix-default-secret-international
- name: icr-io-secret
kind: ServiceAccount
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: ibm-vpc-block-controller-sa
namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: vpc-block-provisioner-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- update
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents
verbs:
- get
- list
- apiGroups:
- storage.k8s.io
resources:
- csinodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: vpc-block-provisioner-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpc-block-provisioner-role
subjects:
- kind: ServiceAccount
name: ibm-vpc-block-controller-sa
namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: vpc-block-external-attacher-role
rules:
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- csi.storage.k8s.io
resources:
- csinodeinfos
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- get
- list
- watch
- update
- patch
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: vpc-block-external-attacher-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpc-block-external-attacher-role
subjects:
- kind: ServiceAccount
name: ibm-vpc-block-controller-sa
namespace: kube-system
- apiVersion: storage.k8s.io/v1beta1
kind: CSIDriver
metadata:
name: vpc.block.csi.ibm.io
spec:
attachRequired: true
podInfoOnMount: true
volumeLifecycleModes:
- Persistent
- apiVersion: apps/v1
kind: DaemonSet
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: ibm-vpc-block-csi-node
namespace: kube-system
spec:
selector:
matchLabels:
app: ibm-vpc-block-csi-driver
template:
metadata:
labels:
app: ibm-vpc-block-csi-driver
spec:
containers:
- args:
- --v=5
- --csi-address=$(ADDRESS)
- --kubelet-registration-path=$(DRIVER_REGISTRATION_SOCK)
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REGISTRATION_SOCK
value: /var/lib/kubelet/plugins/vpc.block.csi.ibm.io/csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
image: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0
imagePullPolicy: Always
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- rm -rf /registration/vpc.block.csi.ibm.io /registration/vpc.block.csi.ibm.io-reg.sock
name: csi-driver-registrar
securityContext:
runAsNonRoot: false
runAsUser: 0
privileged: false
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
volumeMounts:
- mountPath: /csi
name: plugin-dir
- mountPath: /registration
name: registration-dir
- args:
- --v=5
- --endpoint=unix:/csi/csi.sock
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
envFrom:
- configMapRef:
name: ibm-vpc-block-csi-configmap
image: icr.io/ibm/ibm-vpc-block-csi-driver:v3.0.0
imagePullPolicy: Always
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
name: iks-vpc-block-node-driver
ports:
- containerPort: 9808
name: healthz
protocol: TCP
resources:
limits:
cpu: 200m
memory: 250Mi
requests:
cpu: 20m
memory: 50Mi
securityContext:
runAsNonRoot: false
runAsUser: 0
privileged: true
volumeMounts:
- mountPath: /var/lib/kubelet
mountPropagation: Bidirectional
name: kubelet-data-dir
- mountPath: /csi
name: plugin-dir
- mountPath: /dev
name: device-dir
- mountPath: /etc/udev
name: etcudevpath
- mountPath: /run/udev
name: runudevpath
- mountPath: /lib/udev
name: libudevpath
- mountPath: /sys
name: syspath
- mountPath: /etc/storage_ibmc
name: customer-auth
readOnly: true
- mountPath: /etc/storage_ibmc/cluster_info
name: cluster-info
readOnly: true
- args:
- --csi-address=/csi/csi.sock
image: quay.io/k8scsi/livenessprobe:v2.0.0
name: liveness-probe
securityContext:
runAsNonRoot: false
runAsUser: 0
privileged: false
resources:
limits:
cpu: 50m
memory: 50Mi
requests:
cpu: 5m
memory: 10Mi
volumeMounts:
- mountPath: /csi
name: plugin-dir
serviceAccountName: ibm-vpc-block-node-sa
tolerations:
- operator: Exists
volumes:
- hostPath:
path: /var/lib/kubelet/plugins_registry/
type: Directory
name: registration-dir
- hostPath:
path: /var/lib/kubelet
type: Directory
name: kubelet-data-dir
- hostPath:
path: /var/lib/kubelet/plugins/vpc.block.csi.ibm.io/
type: DirectoryOrCreate
name: plugin-dir
- hostPath:
path: /dev
type: Directory
name: device-dir
- hostPath:
path: /etc/udev
type: Directory
name: etcudevpath
- hostPath:
path: /run/udev
type: Directory
name: runudevpath
- hostPath:
path: /lib/udev
type: Directory
name: libudevpath
- hostPath:
path: /sys
type: Directory
name: syspath
- name: customer-auth
secret:
secretName: storage-secret-store
- configMap:
name: cluster-info
name: cluster-info
- apiVersion: apps/v1
kind: StatefulSet
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: ibm-vpc-block-csi-controller
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: ibm-vpc-block-csi-driver
serviceName: ibm-vpc-block-service
template:
metadata:
labels:
app: ibm-vpc-block-csi-driver
spec:
securityContext:
runAsNonRoot: true
runAsUser: 2121
containers:
- args:
- --v=5
- --csi-address=$(ADDRESS)
- --timeout=600s
- --feature-gates=Topology=true
env:
- name: ADDRESS
value: /csi/csi.sock
image: quay.io/k8scsi/csi-provisioner:v1.6.0
securityContext:
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
name: csi-provisioner
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
volumeMounts:
- mountPath: /csi
name: socket-dir
- args:
- --v=5
- --csi-address=/csi/csi.sock
- --timeout=900s
image: quay.io/k8scsi/csi-attacher:v2.2.0
securityContext:
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: Always
name: csi-attacher
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 10m
memory: 20Mi
volumeMounts:
- mountPath: /csi
name: socket-dir
- args:
- --csi-address=/csi/csi.sock
image: quay.io/k8scsi/livenessprobe:v2.0.0
name: liveness-probe
securityContext:
privileged: false
allowPrivilegeEscalation: false
resources:
limits:
cpu: 50m
memory: 50Mi
requests:
cpu: 5m
memory: 10Mi
volumeMounts:
- mountPath: /csi
name: socket-dir
- args:
- --v=5
- --endpoint=$(CSI_ENDPOINT)
- --lock_enabled=false
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- configMapRef:
name: ibm-vpc-block-csi-configmap
image: icr.io/ibm/ibm-vpc-block-csi-driver:v3.0.0
imagePullPolicy: Always
securityContext:
privileged: false
allowPrivilegeEscalation: false
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
name: iks-vpc-block-driver
ports:
- containerPort: 9808
name: healthz
protocol: TCP
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 50m
memory: 100Mi
volumeMounts:
- mountPath: /csi
name: socket-dir
- mountPath: /etc/storage_ibmc
name: customer-auth
readOnly: true
- mountPath: /etc/storage_ibmc/cluster_info
name: cluster-info
readOnly: true
serviceAccountName: ibm-vpc-block-controller-sa
volumes:
- emptyDir: {}
name: socket-dir
- name: customer-auth
secret:
secretName: storage-secret-store
- configMap:
name: cluster-info
name: cluster-info
volumeClaimTemplates: []
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
storageclass.beta.kubernetes.io/is-default-class: "true"
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-10iops-tier
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
profile: 10iops-tier
region: ""
resourceGroup: ""
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-5iops-tier
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
profile: 5iops-tier
region: ""
resourceGroup: ""
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-custom
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
iops: "400"
profile: custom
region: ""
resourceGroup: ""
sizeIOPSRange: |-
[10-39]GiB:[100-1000]
[40-79]GiB:[100-2000]
[80-99]GiB:[100-4000]
[100-499]GiB:[100-6000]
[500-999]GiB:[100-10000]
[1000-1999]GiB:[100-20000]
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-general-purpose
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
profile: general-purpose
region: ""
resourceGroup: ""
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-retain-10iops-tier
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
profile: 10iops-tier
region: ""
resourceGroup: ""
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Retain
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-retain-5iops-tier
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
profile: 5iops-tier
region: ""
resourceGroup: ""
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Retain
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-retain-custom
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
iops: "400"
profile: custom
region: ""
resourceGroup: ""
sizeIOPSRange: |-
[10-39]GiB:[100-1000]
[40-79]GiB:[100-2000]
[80-99]GiB:[100-4000]
[100-499]GiB:[100-6000]
[500-999]GiB:[100-10000]
[1000-1999]GiB:[100-20000]
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Retain
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.3_354
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-retain-general-purpose
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
profile: general-purpose
region: ""
resourceGroup: ""
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Retain
kind: List
metadata:
annotations:
version: 2.0.3_354
name: ibm-vpc-block-csi-driver
namespace: kube-system
Ubuntu ConfigMap
Salva la seguente configurazione YAML come file sulla tua macchina locale.
apiVersion: v1
items:
- apiVersion: v1
data:
CSI_ENDPOINT: unix:/csi/csi.sock
IKS_BLOCK_PROVIDER_NAME: iks-vpc
IKS_ENABLED: "False"
SECRET_CONFIG_PATH: /etc/storage_ibmc
VPC_API_GENERATION: "1"
VPC_API_TIMEOUT: 180s
VPC_API_VERSION: "2019-07-02"
VPC_BLOCK_PROVIDER_NAME: vpc
VPC_ENABLED: "True"
VPC_RETRY_ATTEMPT: "10"
VPC_RETRY_INTERVAL: "120"
kind: ConfigMap
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: ibm-vpc-block-csi-configmap
namespace: kube-system
- apiVersion: v1
data:
cluster-config.json: |
{}
kind: ConfigMap
metadata:
annotations:
name: cluster-info
namespace: kube-system
- apiVersion: v1
data:
slclient.toml: # Enter the base64 encoded TOML file that you created earlier.
kind: Secret
metadata:
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
kubernetes.io/cluster-service: "true"
name: storage-secret-store
namespace: kube-system
type: Opaque
- apiVersion: v1
imagePullSecrets:
- name: bluemix-default-secret
- name: bluemix-default-secret-regional
- name: bluemix-default-secret-international
- name: icr-io-secret
kind: ServiceAccount
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: ibm-vpc-block-node-sa
namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: vpc-block-driver-registrar-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- update
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: vpc-block-driver-registrar-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpc-block-driver-registrar-role
subjects:
- kind: ServiceAccount
name: ibm-vpc-block-node-sa
namespace: kube-system
- apiVersion: v1
imagePullSecrets:
- name: bluemix-default-secret
- name: bluemix-default-secret-regional
- name: bluemix-default-secret-international
- name: icr-io-secret
kind: ServiceAccount
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: ibm-vpc-block-controller-sa
namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: vpc-block-provisioner-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- update
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents
verbs:
- get
- list
- apiGroups:
- storage.k8s.io
resources:
- csinodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: vpc-block-provisioner-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpc-block-provisioner-role
subjects:
- kind: ServiceAccount
name: ibm-vpc-block-controller-sa
namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: vpc-block-external-attacher-role
rules:
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- csi.storage.k8s.io
resources:
- csinodeinfos
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- get
- list
- watch
- update
- patch
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: vpc-block-external-attacher-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vpc-block-external-attacher-role
subjects:
- kind: ServiceAccount
name: ibm-vpc-block-controller-sa
namespace: kube-system
- apiVersion: apps/v1
kind: DaemonSet
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: ibm-vpc-block-csi-node
namespace: kube-system
spec:
selector:
matchLabels:
app: ibm-vpc-block-csi-driver
template:
metadata:
labels:
app: ibm-vpc-block-csi-driver
spec:
containers:
- args:
- --v=5
- --csi-address=$(ADDRESS)
- --kubelet-registration-path=$(DRIVER_REGISTRATION_SOCK)
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REGISTRATION_SOCK
value: /var/lib/kubelet/csi-plugins/vpc.block.csi.ibm.io/csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
image: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- rm -rf /registration/vpc.block.csi.ibm.io /registration/vpc.block.csi.ibm.io-reg.sock
name: csi-driver-registrar
securityContext:
runAsNonRoot: false
runAsUser: 0
privileged: false
volumeMounts:
- mountPath: /csi
name: plugin-dir
- mountPath: /registration
name: registration-dir
- args:
- --v=5
- --endpoint=unix:/csi/csi.sock
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
envFrom:
- configMapRef:
name: ibm-vpc-block-csi-configmap
image: icr.io/ibm/ibm-vpc-block-csi-driver:v3.0.0
imagePullPolicy: IfNotPresent
name: iks-vpc-block-node-driver
securityContext:
runAsNonRoot: false
runAsUser: 0
privileged: true
volumeMounts:
- mountPath: /var/lib/kubelet
mountPropagation: Bidirectional
name: kubelet-data-dir
- mountPath: /csi
name: plugin-dir
- mountPath: /dev
name: device-dir
- mountPath: /etc/udev
name: etcudevpath
- mountPath: /run/udev
name: runudevpath
- mountPath: /lib/udev
name: libudevpath
- mountPath: /sys
name: syspath
- mountPath: /etc/storage_ibmc
name: customer-auth
readOnly: true
- mountPath: /etc/storage_ibmc/cluster_info
name: cluster-info
readOnly: true
serviceAccountName: ibm-vpc-block-node-sa
volumes:
- hostPath:
path: /var/lib/kubelet/plugins_registry/
type: Directory
name: registration-dir
- hostPath:
path: /var/lib/kubelet
type: Directory
name: kubelet-data-dir
- hostPath:
path: /var/lib/kubelet/csi-plugins/vpc.block.csi.ibm.io/
type: DirectoryOrCreate
name: plugin-dir
- hostPath:
path: /dev
type: Directory
name: device-dir
- hostPath:
path: /etc/udev
type: Directory
name: etcudevpath
- hostPath:
path: /run/udev
type: Directory
name: runudevpath
- hostPath:
path: /lib/udev
type: Directory
name: libudevpath
- hostPath:
path: /sys
type: Directory
name: syspath
- name: customer-auth
secret:
secretName: storage-secret-store
- configMap:
name: cluster-info
name: cluster-info
- apiVersion: apps/v1
kind: StatefulSet
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
name: ibm-vpc-block-csi-controller
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: ibm-vpc-block-csi-driver
serviceName: ibm-vpc-block-service
template:
metadata:
labels:
app: ibm-vpc-block-csi-driver
spec:
securityContext:
runAsNonRoot: true
runAsUser: 2121
containers:
- args:
- --v=5
- --csi-address=$(ADDRESS)
- --timeout=600s
- --feature-gates=Topology=true
env:
- name: ADDRESS
value: /csi/csi.sock
image: quay.io/k8scsi/csi-provisioner:v1.3.1
securityContext:
privileged: false
allowPrivilegeEscalation: false
name: csi-provisioner
volumeMounts:
- mountPath: /csi
name: socket-dir
- args:
- --v=5
- --csi-address=/csi/csi.sock
- --timeout=900s
image: quay.io/k8scsi/csi-attacher:v2.0.0
name: csi-attacher
securityContext:
privileged: false
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /csi
name: socket-dir
- args:
- --v=5
- --endpoint=$(CSI_ENDPOINT)
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- configMapRef:
name: ibm-vpc-block-csi-configmap
image: icr.io/ibm/ibm-vpc-block-csi-driver:v3.0.0
securityContext:
privileged: false
allowPrivilegeEscalation: false
imagePullPolicy: IfNotPresent
name: iks-vpc-block-driver
volumeMounts:
- mountPath: /csi
name: socket-dir
- mountPath: /etc/storage_ibmc
name: customer-auth
readOnly: true
- mountPath: /etc/storage_ibmc/cluster_info
name: cluster-info
readOnly: true
serviceAccountName: ibm-vpc-block-controller-sa
volumes:
- emptyDir: {}
name: socket-dir
- name: customer-auth
secret:
secretName: storage-secret-store
- configMap:
name: cluster-info
name: cluster-info
volumeClaimTemplates: []
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
storageclass.beta.kubernetes.io/is-default-class: "true"
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-10iops-tier
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
profile: 10iops-tier
region: ""
resourceGroup: ""
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-5iops-tier
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
profile: 5iops-tier
region: ""
resourceGroup: ""
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-custom
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
iops: "400"
profile: custom
region: ""
resourceGroup: ""
sizeIOPSRange: |-
[10-39]GiB:[100-1000]
[40-79]GiB:[100-2000]
[80-99]GiB:[100-4000]
[100-499]GiB:[100-6000]
[500-999]GiB:[100-10000]
[1000-1999]GiB:[100-20000]
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-general-purpose
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
profile: general-purpose
region: ""
resourceGroup: ""
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-retain-10iops-tier
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
profile: 10iops-tier
region: ""
resourceGroup: ""
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Retain
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-retain-5iops-tier
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
profile: 5iops-tier
region: ""
resourceGroup: ""
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Retain
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-retain-custom
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
iops: "400"
profile: custom
region: ""
resourceGroup: ""
sizeIOPSRange: |-
[10-39]GiB:[100-1000]
[40-79]GiB:[100-2000]
[80-99]GiB:[100-4000]
[100-499]GiB:[100-6000]
[500-999]GiB:[100-10000]
[1000-1999]GiB:[100-20000]
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Retain
- apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
annotations:
version: 2.0.2_285
labels:
addonmanager.kubernetes.io/mode: Reconcile
app: ibm-vpc-block-csi-driver
razee/force-apply: "true"
name: ibmc-vpc-block-retain-general-purpose
parameters:
billingType: hourly
classVersion: "1"
csi.storage.k8s.io/fstype: ext4
encrypted: "false"
encryptionKey: ""
profile: general-purpose
region: ""
resourceGroup: ""
sizeRange: '[10-2000]GiB'
tags: ""
zone: ""
provisioner: vpc.block.csi.ibm.io
reclaimPolicy: Retain
kind: List
metadata:
annotations:
version: 2.0.2_285
name: ibm-vpc-block-csi-driver
namespace: kube-system