IBM Cloud Docs
为非受管集群设置 Block Storage for VPC

为非受管集群设置 Block Storage for VPC

以下文档涵盖在 IBM Cloud中的非受管 OpenShift Container Platform 集群上部署 Block Storage for VPC 驱动程序的步骤。 此过程不受支持,必须在 Red Hat OpenShift 集群中重新创建步骤或驱动程序的任何问题以获得支持。

虚拟私有云

要在 IBM Cloud Kubernetes Service 或 Red Hat OpenShift on IBM Cloud 集群中使用 Block Storage for VPC 吗? 请参阅 设置 Block Storage for VPC 以获取更多信息。

先决条件

要使用 Block Storage for VPC 驱动程序,请完成以下任务:

标记工作程序节点

必须先通过添加所需标签来准备工作程序节点,然后才能部署 Block Storage for VPC 驱动程序。

开始之前,"登录您的账户。 如果适用,请将相应的资源组设定为目标。 设置集群的上下文。

  1. 检索 VPC 实例的以下详细信息。 这些参数用于将标签应用于工作程序节点。

    • <instanceID>-VPC 实例标识。 要检索此值,请运行 ibmcloud is ins
    • <node-name>- 工作节点的名称。 要检索此值,请运行 kubectl get nodes
    • <region-of-instanceID><zone-of-instanceID>-VPC 实例所在的区域和区域。 要检索这些值,请运行 ibmcloud is in <instanceID>。 示例区域值:'eu-de. 区值示例:'eu-de-1.
  2. 复制以下 shell 脚本并将其保存到本地机器上名为 setup.sh 的文件中

    #!/bin/bash
    
    function help()
    {
        echo "Run the script in the following format..."
        echo "./setup.sh <node-name> <instanceID> <region-of-instanceID> <zone-of-instanceID>"
        exit 1
    }
    
    function apply_labels()
    {
        kubectl label nodes $1 "ibm-cloud.kubernetes.io/worker-id"=$2
        kubectl label nodes $1 "failure-domain.beta.kubernetes.io/region"=$3
        kubectl label nodes $1 "failure-domain.beta.kubernetes.io/zone"=$4
        kubectl label nodes $1 "topology.kubernetes.io/region"=$3
        kubectl label nodes $1 "topology.kubernetes.io/zone"=$4
    }
    
    function verify_node()
    {
        kubectl get nodes | grep $1
        if (( $? == 0 ))
        then
            return 0
        else
            return 1
        fi
    }
    
    if (( $# < 4 ))
    then
        help
    fi
    
    node=$1
    instanceID=$2
    region=$3
    zone=$4
    
    verify_node $node
    if (( $? == 0 ))
    then
        apply_labels $node $instanceID $region $zone
    else
        echo "Node " \'$node\' " not found in the cluster, please check the node or passing correct parameters while executing script"
        help
    fi
    
  3. 通过运行 shell 脚本并指定先前检索的参数来标注工作程序节点。 对集群中的每个工作程序节点重复此步骤。

    sh setup.sh <node-name> <instanceID> <region-of-instanceID> <zone-of-instanceID>
    

检索 IAM 和 VPC 详细信息

To create the Kubernetes secret that is used in the Block Storage for VPC ConfigMap, you must retrieve your IAM and VPC details.

  1. 检索以下配置参数值。 这些值用于创建 Block Storage for VPC所需的 Kubernetes 私钥。

    • <g2_api_key>- IAM API 密钥。 您可以使用现有的 API 密钥,也可以通过运行 "ibmcloud iam api-key-create NAME 命令创建一个 API 密钥。
    • <g2_riaas_endpoint>-VPC 集群的 VPC 区域端点,格式为 https://<region>.iaas.cloud.ibm.com。 示例: https://eu-de.iaas.cloud.ibm.com。 有关更多信息,请参阅 VPC 端点
    • <g2_resource_group_id>-要检索此值,请运行 ibmcloud is vpc <vpc-ID> 命令并记下 Resource group 字段。
  2. 将以下 TOML 配置文件保存到名为 config.toml 的本地机器。 确保值之间没有空白行,并且文件末尾没有空白行。

    [server]
    debug_trace = false
    [vpc]
    iam_client_id = "bx"
    iam_client_secret = "bx"
    g2_token_exchange_endpoint_url = "https://iam.bluemix.net"
    g2_riaas_endpoint_url = "<g2_riaas_endpoint>"
    g2_resource_group_id = "<resource_group_id>"
    g2_api_key = "<IAM_API_key>"
    provider_type = "g2"
    
  3. 输入先前检索的值,并将 TOML 文件编码为 base64。 保存要在 Block Storage 驱动程序 ConfigMap中使用的 base64 输出。

    cat ./config.toml | base64
    

在集群中创建映像拉取私钥

在集群中创建映像拉取私钥。 您创建的私钥用于拉取 Block Storage for VPC 驱动程序映像。

  1. 查看并检索映像拉取私钥的以下值。

    • <docker-username>-输入字符串: iamapikey
    • <docker-password>- 输入您的 IAM API 密钥。 有关 IAM API 密钥的更多信息,请参阅 了解 API 密钥
    • <docker-email>-输入字符串: iamapikey
  2. 运行以下命令以在集群中创建映像拉取私钥。 请注意,您的私钥必须命名为 icr-io-secret

    oc create secret docker-registry icr-io-secret --docker-server=icr.io --docker-username=iamapikey --docker-password=-<iam-api-key> --docker-email=iamapikey -n kube-system
    

创建 Block Storage for VPC 驱动程序部署

选择与工作程序节点的操作系统匹配的 Block Storage for VPC 驱动程序 ConfigMap。 在集群中创建部署时,将安装 Block Storage for VPC 驱动程序和存储类。

  1. 将下列其中一个 YAML 配置保存到本地机器上名为 configmap.yaml 的文件中。 根据集群操作系统选择 ConfigMap。

  2. 将先前创建的编码 TOML 配置详细信息添加到 slclient.toml 私钥配置部分中的 ConfigMap。

  3. 在集群中创建ConfigMap。

    oc create -f configmap.yaml
    
  4. 验证是否已部署驱动程序 pod,并且状态为 Running

    oc get pods -n kube-system | grep vpc
    
  5. 验证是否创建了 "csidrivers

    oc get csidrivers | grep vpc
    

    示例输出:

    NAME                   ATTACHREQUIRED   PODINFOONMOUNT   MODES        AGE
    vpc.block.csi.ibm.io   true             true             Persistent   8m26s
    
  6. 确认已创建存储类。

    oc get sc
    

    示例输出

    NAME                                    PROVISIONER             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
    local-path (default)                    rancher.io/local-path   Delete          WaitForFirstConsumer   false                  8d
    ibmc-vpc-block-10iops-tier (default)    vpc.block.csi.ibm.io    Delete          Immediate              false                  9m
    ibmc-vpc-block-5iops-tier               vpc.block.csi.ibm.io    Delete          Immediate              false                  9m
    ibmc-vpc-block-custom                   vpc.block.csi.ibm.io    Delete          Immediate              false                  9m
    ibmc-vpc-block-general-purpose          vpc.block.csi.ibm.io    Delete          Immediate              false                  9m
    ibmc-vpc-block-retain-10iops-tier       vpc.block.csi.ibm.io    Retain          Immediate              false                  9m
    ibmc-vpc-block-retain-5iops-tier        vpc.block.csi.ibm.io    Retain          Immediate              false                  8m59s
    ibmc-vpc-block-retain-custom            vpc.block.csi.ibm.io    Retain          Immediate              false                  8m59s
    ibmc-vpc-block-retain-general-purpose   vpc.block.csi.ibm.io    Retain          Immediate              false                  8m59s
    
  7. 部署使用 Block Storage for VPC 的有状态集。

部署使用 Block Storage for VPC 的有状态集

部署 Block Storage for VPC 驱动程序后,可以创建利用 Block Storage for VPC的部署。 以下有状态集通过创建使用 ibmc-vpc-block-5iops-tier 存储类的 PVC 来动态供应 Block Storage for VPC 卷。

  1. 将以下 YAML 配置另存为本地机器上名为 statefulset.yaml 的文件。
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx
      labels:
        app: nginx
    spec:
      ports:
      - port: 80
        name: web
      clusterIP: None
      selector:
        app: nginx
    ---
    apiVersion: apps/v1
    kind: StatefulSet
    metadata:
      name: web
    spec:
      serviceName: "nginx"
      replicas: 2
      podManagementPolicy: "Parallel"
      selector:
        matchLabels:
          app: nginx
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - name: nginx
            securityContext:
              privileged: false
            image: k8s.gcr.io/nginx-slim:0.8
            ports:
            - containerPort: 80
            name: web
            volumeMounts:
            - name: www
              mountPath: /usr/share/nginx/html
          tolerations:
          - operator: Exists
      volumeClaimTemplates:
      - metadata:
          annotations:
            volume.beta.kubernetes.io/storage-class: ibmc-vpc-block-5iops-tier
          name: www
        spec:
          accessModes:
          - ReadWriteOnce # access mode
          resources:
            requests:
              storage: 25Gi #
    
  2. 在集群中创建有状态集。
    kubectl create -f statefulset.yaml
    
  3. 验证有状态设置 pod 是否正在运行。
    kubectl get pods
    
    示例输出
    NAME    READY   STATUS    RESTARTS   AGE
    web-0   1/1     Running   0          2m52s
    web-1   1/1     Running   0          2m52s
    

除去 Block Storage for VPC 驱动程序

如果不再希望在集群中使用 Block Storage for VPC 驱动程序,那么可以除去 ConfigMap 以除去驱动程序 pod。

从集群中除去 Block Storage for VPC 驱动程序不会除去存储卷中的数据。 如果要完全除去 PV 和 PVC,请参阅 清除持久存储器

  1. 从集群中删除 ibm-vpc-block-csi-configmap ConfigMap。
    oc rm cm ibm-vpc-block-csi-configmap -n kube-system
    
  2. 验证ConfigMap是否已删除。
    oc get cm -n kube-system | grep ibm-vpc-block-csi-configmap
    

配置映射参考

根据工作程序节点操作系统,选择下列其中一个配置映射。

RHEL 或 CentOS ConfigMap

将以下 ConfigMap YAML 另存为本地计算机上的文件。

apiVersion: v1
items:
- apiVersion: v1
  data:
    CSI_ENDPOINT: unix:/csi/csi.sock
    IKS_BLOCK_PROVIDER_NAME: iks-vpc
    IKS_ENABLED: "False"
    SECRET_CONFIG_PATH: /etc/storage_ibmc
    VPC_API_GENERATION: "1"
    VPC_API_TIMEOUT: 180s
    VPC_API_VERSION: "2019-07-02"
    VPC_BLOCK_PROVIDER_NAME: vpc
    VPC_ENABLED: "True"
    VPC_RETRY_ATTEMPT: "10"
    VPC_RETRY_INTERVAL: "120"
  kind: ConfigMap
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: ibm-vpc-block-csi-configmap
    namespace: kube-system
- apiVersion: v1
  imagePullSecrets:
  - name: bluemix-default-secret
  - name: bluemix-default-secret-regional
  - name: bluemix-default-secret-international
  - name: icr-io-secret
  kind: ServiceAccount
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: ibm-vpc-block-node-sa
    namespace: kube-system
- apiVersion: v1
  data:
    cluster-config.json: |
      {}
  kind: ConfigMap
  metadata:
    annotations:
    name: cluster-info
    namespace: kube-system
- apiVersion: v1
  data:
    slclient.toml: # Enter the base64 encoded TOML file that you created earlier
  kind: Secret
  metadata:
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      kubernetes.io/cluster-service: "true"
    name: storage-secret-store
    namespace: kube-system
  type: Opaque
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: vpc-block-driver-registrar-role
  rules:
  - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - get
    - list
    - watch
    - create
    - update
    - patch
  - apiGroups:
    - ""
    resources:
    - nodes
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - persistentvolumes
    verbs:
    - get
    - list
    - watch
    - create
    - delete
  - apiGroups:
    - ""
    resources:
    - persistentvolumeclaims
    verbs:
    - get
    - list
    - watch
    - update
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: vpc-block-driver-registrar-binding
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: vpc-block-driver-registrar-role
  subjects:
  - kind: ServiceAccount
    name: ibm-vpc-block-node-sa
    namespace: kube-system
- apiVersion: v1
  imagePullSecrets:
  - name: bluemix-default-secret
  - name: bluemix-default-secret-regional
  - name: bluemix-default-secret-international
  - name: icr-io-secret
  kind: ServiceAccount
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: ibm-vpc-block-controller-sa
    namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: vpc-block-provisioner-role
  rules:
  - apiGroups:
    - ""
    resources:
    - secrets
    verbs:
    - get
    - list
  - apiGroups:
    - ""
    resources:
    - persistentvolumes
    verbs:
    - get
    - list
    - watch
    - create
    - delete
  - apiGroups:
    - ""
    resources:
    - persistentvolumeclaims
    verbs:
    - get
    - list
    - watch
    - update
  - apiGroups:
    - storage.k8s.io
    resources:
    - storageclasses
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - list
    - watch
    - create
    - update
    - patch
  - apiGroups:
    - snapshot.storage.k8s.io
    resources:
    - volumesnapshots
    verbs:
    - get
    - list
  - apiGroups:
    - snapshot.storage.k8s.io
    resources:
    - volumesnapshotcontents
    verbs:
    - get
    - list
  - apiGroups:
    - storage.k8s.io
    resources:
    - csinodes
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - nodes
    verbs:
    - get
    - list
    - watch
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: vpc-block-provisioner-binding
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: vpc-block-provisioner-role
  subjects:
  - kind: ServiceAccount
    name: ibm-vpc-block-controller-sa
    namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: vpc-block-external-attacher-role
  rules:
  - apiGroups:
    - ""
    resources:
    - persistentvolumes
    verbs:
    - get
    - list
    - watch
    - update
    - patch
  - apiGroups:
    - ""
    resources:
    - nodes
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - csi.storage.k8s.io
    resources:
    - csinodeinfos
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - storage.k8s.io
    resources:
    - volumeattachments
    verbs:
    - get
    - list
    - watch
    - update
    - patch
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: vpc-block-external-attacher-binding
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: vpc-block-external-attacher-role
  subjects:
  - kind: ServiceAccount
    name: ibm-vpc-block-controller-sa
    namespace: kube-system
- apiVersion: storage.k8s.io/v1beta1
  kind: CSIDriver
  metadata:
    name: vpc.block.csi.ibm.io
  spec:
    attachRequired: true
    podInfoOnMount: true
    volumeLifecycleModes:
    - Persistent
- apiVersion: apps/v1
  kind: DaemonSet
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: ibm-vpc-block-csi-node
    namespace: kube-system
  spec:
    selector:
      matchLabels:
        app: ibm-vpc-block-csi-driver
    template:
      metadata:
        labels:
          app: ibm-vpc-block-csi-driver
      spec:
        containers:
        - args:
          - --v=5
          - --csi-address=$(ADDRESS)
          - --kubelet-registration-path=$(DRIVER_REGISTRATION_SOCK)
          env:
          - name: ADDRESS
            value: /csi/csi.sock
          - name: DRIVER_REGISTRATION_SOCK
            value: /var/lib/kubelet/plugins/vpc.block.csi.ibm.io/csi.sock
          - name: KUBE_NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          image: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0
          imagePullPolicy: Always
          lifecycle:
            preStop:
              exec:
                command:
                - /bin/sh
                - -c
                - rm -rf /registration/vpc.block.csi.ibm.io /registration/vpc.block.csi.ibm.io-reg.sock
          name: csi-driver-registrar
          securityContext:
            runAsNonRoot: false
            runAsUser: 0
            privileged: false
          resources:
            limits:
              cpu: 100m
              memory: 100Mi
            requests:
              cpu: 10m
              memory: 20Mi
          volumeMounts:
          - mountPath: /csi
            name: plugin-dir
          - mountPath: /registration
            name: registration-dir
        - args:
          - --v=5
          - --endpoint=unix:/csi/csi.sock
          env:
          - name: KUBE_NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          envFrom:
          - configMapRef:
              name: ibm-vpc-block-csi-configmap
          image: icr.io/ibm/ibm-vpc-block-csi-driver:v3.0.0
          imagePullPolicy: Always
          livenessProbe:
            failureThreshold: 5
            httpGet:
              path: /healthz
              port: healthz
            initialDelaySeconds: 10
            periodSeconds: 10
            timeoutSeconds: 3
          name: iks-vpc-block-node-driver
          ports:
          - containerPort: 9808
            name: healthz
            protocol: TCP
          resources:
            limits:
              cpu: 200m
              memory: 250Mi
            requests:
              cpu: 20m
              memory: 50Mi
          securityContext:
            runAsNonRoot: false
            runAsUser: 0
            privileged: true
          volumeMounts:
          - mountPath: /var/lib/kubelet
            mountPropagation: Bidirectional
            name: kubelet-data-dir
          - mountPath: /csi
            name: plugin-dir
          - mountPath: /dev
            name: device-dir
          - mountPath: /etc/udev
            name: etcudevpath
          - mountPath: /run/udev
            name: runudevpath
          - mountPath: /lib/udev
            name: libudevpath
          - mountPath: /sys
            name: syspath
          - mountPath: /etc/storage_ibmc
            name: customer-auth
            readOnly: true
          - mountPath: /etc/storage_ibmc/cluster_info
            name: cluster-info
            readOnly: true
        - args:
          - --csi-address=/csi/csi.sock
          image: quay.io/k8scsi/livenessprobe:v2.0.0
          name: liveness-probe
          securityContext:
              runAsNonRoot: false
              runAsUser: 0
              privileged: false
          resources:
            limits:
              cpu: 50m
              memory: 50Mi
            requests:
              cpu: 5m
              memory: 10Mi
          volumeMounts:
          - mountPath: /csi
            name: plugin-dir
        serviceAccountName: ibm-vpc-block-node-sa
        tolerations:
        - operator: Exists
        volumes:
        - hostPath:
            path: /var/lib/kubelet/plugins_registry/
            type: Directory
          name: registration-dir
        - hostPath:
            path: /var/lib/kubelet
            type: Directory
          name: kubelet-data-dir
        - hostPath:
            path: /var/lib/kubelet/plugins/vpc.block.csi.ibm.io/
            type: DirectoryOrCreate
          name: plugin-dir
        - hostPath:
            path: /dev
            type: Directory
          name: device-dir
        - hostPath:
            path: /etc/udev
            type: Directory
          name: etcudevpath
        - hostPath:
            path: /run/udev
            type: Directory
          name: runudevpath
        - hostPath:
            path: /lib/udev
            type: Directory
          name: libudevpath
        - hostPath:
            path: /sys
            type: Directory
          name: syspath
        - name: customer-auth
          secret:
            secretName: storage-secret-store
        - configMap:
            name: cluster-info
          name: cluster-info
- apiVersion: apps/v1
  kind: StatefulSet
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: ibm-vpc-block-csi-controller
    namespace: kube-system
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: ibm-vpc-block-csi-driver
    serviceName: ibm-vpc-block-service
    template:
      metadata:
        labels:
          app: ibm-vpc-block-csi-driver
      spec:
        securityContext:
            runAsNonRoot: true
            runAsUser: 2121
        containers:
        - args:
          - --v=5
          - --csi-address=$(ADDRESS)
          - --timeout=600s
          - --feature-gates=Topology=true
          env:
          - name: ADDRESS
            value: /csi/csi.sock
          image: quay.io/k8scsi/csi-provisioner:v1.6.0
          securityContext:
            privileged: false
            allowPrivilegeEscalation: false
          imagePullPolicy: Always
          name: csi-provisioner
          resources:
            limits:
              cpu: 100m
              memory: 100Mi
            requests:
              cpu: 10m
              memory: 20Mi
          volumeMounts:
          - mountPath: /csi
            name: socket-dir
        - args:
          - --v=5
          - --csi-address=/csi/csi.sock
          - --timeout=900s
          image: quay.io/k8scsi/csi-attacher:v2.2.0
          securityContext:
            privileged: false
            allowPrivilegeEscalation: false
          imagePullPolicy: Always
          name: csi-attacher
          resources:
            limits:
              cpu: 100m
              memory: 100Mi
            requests:
              cpu: 10m
              memory: 20Mi
          volumeMounts:
          - mountPath: /csi
            name: socket-dir
        - args:
          - --csi-address=/csi/csi.sock
          image: quay.io/k8scsi/livenessprobe:v2.0.0
          name: liveness-probe
          securityContext:
            privileged: false
            allowPrivilegeEscalation: false
          resources:
            limits:
              cpu: 50m
              memory: 50Mi
            requests:
              cpu: 5m
              memory: 10Mi
          volumeMounts:
          - mountPath: /csi
            name: socket-dir
        - args:
          - --v=5
          - --endpoint=$(CSI_ENDPOINT)
          - --lock_enabled=false
          env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          envFrom:
          - configMapRef:
              name: ibm-vpc-block-csi-configmap
          image: icr.io/ibm/ibm-vpc-block-csi-driver:v3.0.0
          imagePullPolicy: Always
          securityContext:
            privileged: false
            allowPrivilegeEscalation: false
          livenessProbe:
            failureThreshold: 5
            httpGet:
              path: /healthz
              port: healthz
            initialDelaySeconds: 10
            periodSeconds: 10
            timeoutSeconds: 3
          name: iks-vpc-block-driver
          ports:
          - containerPort: 9808
            name: healthz
            protocol: TCP
          resources:
            limits:
              cpu: 500m
              memory: 500Mi
            requests:
              cpu: 50m
              memory: 100Mi
          volumeMounts:
          - mountPath: /csi
            name: socket-dir
          - mountPath: /etc/storage_ibmc
            name: customer-auth
            readOnly: true
          - mountPath: /etc/storage_ibmc/cluster_info
            name: cluster-info
            readOnly: true
        serviceAccountName: ibm-vpc-block-controller-sa
        volumes:
        - emptyDir: {}
          name: socket-dir
        - name: customer-auth
          secret:
            secretName: storage-secret-store
        - configMap:
            name: cluster-info
          name: cluster-info
    volumeClaimTemplates: []
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      storageclass.beta.kubernetes.io/is-default-class: "true"
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-10iops-tier
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    profile: 10iops-tier
    region: ""
    resourceGroup: ""
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-5iops-tier
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    profile: 5iops-tier
    region: ""
    resourceGroup: ""
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-custom
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    iops: "400"
    profile: custom
    region: ""
    resourceGroup: ""
    sizeIOPSRange: |-
      [10-39]GiB:[100-1000]
      [40-79]GiB:[100-2000]
      [80-99]GiB:[100-4000]
      [100-499]GiB:[100-6000]
      [500-999]GiB:[100-10000]
      [1000-1999]GiB:[100-20000]
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-general-purpose
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    profile: general-purpose
    region: ""
    resourceGroup: ""
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-retain-10iops-tier
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    profile: 10iops-tier
    region: ""
    resourceGroup: ""
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Retain
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-retain-5iops-tier
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    profile: 5iops-tier
    region: ""
    resourceGroup: ""
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Retain
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-retain-custom
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    iops: "400"
    profile: custom
    region: ""
    resourceGroup: ""
    sizeIOPSRange: |-
      [10-39]GiB:[100-1000]
      [40-79]GiB:[100-2000]
      [80-99]GiB:[100-4000]
      [100-499]GiB:[100-6000]
      [500-999]GiB:[100-10000]
      [1000-1999]GiB:[100-20000]
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Retain
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.3_354
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-retain-general-purpose
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    profile: general-purpose
    region: ""
    resourceGroup: ""
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Retain
kind: List
metadata:
  annotations:
    version: 2.0.3_354
  name: ibm-vpc-block-csi-driver
  namespace: kube-system


Ubuntu ConfigMap

将以下 YAML 配置另存为本地计算机上的文件。

apiVersion: v1
items:
- apiVersion: v1
  data:
    CSI_ENDPOINT: unix:/csi/csi.sock
    IKS_BLOCK_PROVIDER_NAME: iks-vpc
    IKS_ENABLED: "False"
    SECRET_CONFIG_PATH: /etc/storage_ibmc
    VPC_API_GENERATION: "1"
    VPC_API_TIMEOUT: 180s
    VPC_API_VERSION: "2019-07-02"
    VPC_BLOCK_PROVIDER_NAME: vpc
    VPC_ENABLED: "True"
    VPC_RETRY_ATTEMPT: "10"
    VPC_RETRY_INTERVAL: "120"
  kind: ConfigMap
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: ibm-vpc-block-csi-configmap
    namespace: kube-system
- apiVersion: v1
  data:
    cluster-config.json: |
      {}
  kind: ConfigMap
  metadata:
    annotations:
    name: cluster-info
    namespace: kube-system
- apiVersion: v1
  data:
    slclient.toml: # Enter the base64 encoded TOML file that you created earlier.
  kind: Secret
  metadata:
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      kubernetes.io/cluster-service: "true"
    name: storage-secret-store
    namespace: kube-system
  type: Opaque
- apiVersion: v1
  imagePullSecrets:
  - name: bluemix-default-secret
  - name: bluemix-default-secret-regional
  - name: bluemix-default-secret-international
  - name: icr-io-secret
  kind: ServiceAccount
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: ibm-vpc-block-node-sa
    namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: vpc-block-driver-registrar-role
  rules:
  - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - get
    - list
    - watch
    - create
    - update
    - patch
  - apiGroups:
    - ""
    resources:
    - nodes
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - persistentvolumes
    verbs:
    - get
    - list
    - watch
    - create
    - delete
  - apiGroups:
    - ""
    resources:
    - persistentvolumeclaims
    verbs:
    - get
    - list
    - watch
    - update
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: vpc-block-driver-registrar-binding
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: vpc-block-driver-registrar-role
  subjects:
  - kind: ServiceAccount
    name: ibm-vpc-block-node-sa
    namespace: kube-system
- apiVersion: v1
  imagePullSecrets:
  - name: bluemix-default-secret
  - name: bluemix-default-secret-regional
  - name: bluemix-default-secret-international
  - name: icr-io-secret
  kind: ServiceAccount
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: ibm-vpc-block-controller-sa
    namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: vpc-block-provisioner-role
  rules:
  - apiGroups:
    - ""
    resources:
    - secrets
    verbs:
    - get
    - list
  - apiGroups:
    - ""
    resources:
    - persistentvolumes
    verbs:
    - get
    - list
    - watch
    - create
    - delete
  - apiGroups:
    - ""
    resources:
    - persistentvolumeclaims
    verbs:
    - get
    - list
    - watch
    - update
  - apiGroups:
    - storage.k8s.io
    resources:
    - storageclasses
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - list
    - watch
    - create
    - update
    - patch
  - apiGroups:
    - snapshot.storage.k8s.io
    resources:
    - volumesnapshots
    verbs:
    - get
    - list
  - apiGroups:
    - snapshot.storage.k8s.io
    resources:
    - volumesnapshotcontents
    verbs:
    - get
    - list
  - apiGroups:
    - storage.k8s.io
    resources:
    - csinodes
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - nodes
    verbs:
    - get
    - list
    - watch
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: vpc-block-provisioner-binding
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: vpc-block-provisioner-role
  subjects:
  - kind: ServiceAccount
    name: ibm-vpc-block-controller-sa
    namespace: kube-system
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: vpc-block-external-attacher-role
  rules:
  - apiGroups:
    - ""
    resources:
    - persistentvolumes
    verbs:
    - get
    - list
    - watch
    - update
    - patch
  - apiGroups:
    - ""
    resources:
    - nodes
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - csi.storage.k8s.io
    resources:
    - csinodeinfos
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - storage.k8s.io
    resources:
    - volumeattachments
    verbs:
    - get
    - list
    - watch
    - update
    - patch
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: vpc-block-external-attacher-binding
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: vpc-block-external-attacher-role
  subjects:
  - kind: ServiceAccount
    name: ibm-vpc-block-controller-sa
    namespace: kube-system
- apiVersion: apps/v1
  kind: DaemonSet
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: ibm-vpc-block-csi-node
    namespace: kube-system
  spec:
    selector:
      matchLabels:
        app: ibm-vpc-block-csi-driver
    template:
      metadata:
        labels:
          app: ibm-vpc-block-csi-driver
      spec:
        containers:
        - args:
          - --v=5
          - --csi-address=$(ADDRESS)
          - --kubelet-registration-path=$(DRIVER_REGISTRATION_SOCK)
          env:
          - name: ADDRESS
            value: /csi/csi.sock
          - name: DRIVER_REGISTRATION_SOCK
            value: /var/lib/kubelet/csi-plugins/vpc.block.csi.ibm.io/csi.sock
          - name: KUBE_NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          image: quay.io/k8scsi/csi-node-driver-registrar:v1.2.0
          lifecycle:
            preStop:
              exec:
                command:
                - /bin/sh
                - -c
                - rm -rf /registration/vpc.block.csi.ibm.io /registration/vpc.block.csi.ibm.io-reg.sock
          name: csi-driver-registrar
          securityContext:
            runAsNonRoot: false
            runAsUser: 0
            privileged: false
          volumeMounts:
          - mountPath: /csi
            name: plugin-dir
          - mountPath: /registration
            name: registration-dir
        - args:
          - --v=5
          - --endpoint=unix:/csi/csi.sock
          env:
          - name: KUBE_NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          envFrom:
          - configMapRef:
              name: ibm-vpc-block-csi-configmap
          image: icr.io/ibm/ibm-vpc-block-csi-driver:v3.0.0
          imagePullPolicy: IfNotPresent
          name: iks-vpc-block-node-driver
          securityContext:
            runAsNonRoot: false
            runAsUser: 0
            privileged: true
          volumeMounts:
          - mountPath: /var/lib/kubelet
            mountPropagation: Bidirectional
            name: kubelet-data-dir
          - mountPath: /csi
            name: plugin-dir
          - mountPath: /dev
            name: device-dir
          - mountPath: /etc/udev
            name: etcudevpath
          - mountPath: /run/udev
            name: runudevpath
          - mountPath: /lib/udev
            name: libudevpath
          - mountPath: /sys
            name: syspath
          - mountPath: /etc/storage_ibmc
            name: customer-auth
            readOnly: true
          - mountPath: /etc/storage_ibmc/cluster_info
            name: cluster-info
            readOnly: true
        serviceAccountName: ibm-vpc-block-node-sa
        volumes:
        - hostPath:
            path: /var/lib/kubelet/plugins_registry/
            type: Directory
          name: registration-dir
        - hostPath:
            path: /var/lib/kubelet
            type: Directory
          name: kubelet-data-dir
        - hostPath:
            path: /var/lib/kubelet/csi-plugins/vpc.block.csi.ibm.io/
            type: DirectoryOrCreate
          name: plugin-dir
        - hostPath:
            path: /dev
            type: Directory
          name: device-dir
        - hostPath:
            path: /etc/udev
            type: Directory
          name: etcudevpath
        - hostPath:
            path: /run/udev
            type: Directory
          name: runudevpath
        - hostPath:
            path: /lib/udev
            type: Directory
          name: libudevpath
        - hostPath:
            path: /sys
            type: Directory
          name: syspath
        - name: customer-auth
          secret:
            secretName: storage-secret-store
        - configMap:
            name: cluster-info
          name: cluster-info
- apiVersion: apps/v1
  kind: StatefulSet
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
    name: ibm-vpc-block-csi-controller
    namespace: kube-system
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: ibm-vpc-block-csi-driver
    serviceName: ibm-vpc-block-service
    template:
      metadata:
        labels:
          app: ibm-vpc-block-csi-driver
      spec:
        securityContext:
          runAsNonRoot: true
          runAsUser: 2121
        containers:
        - args:
          - --v=5
          - --csi-address=$(ADDRESS)
          - --timeout=600s
          - --feature-gates=Topology=true
          env:
          - name: ADDRESS
            value: /csi/csi.sock
          image: quay.io/k8scsi/csi-provisioner:v1.3.1
          securityContext:
            privileged: false
            allowPrivilegeEscalation: false
          name: csi-provisioner
          volumeMounts:
          - mountPath: /csi
            name: socket-dir
        - args:
          - --v=5
          - --csi-address=/csi/csi.sock
          - --timeout=900s
          image: quay.io/k8scsi/csi-attacher:v2.0.0
          name: csi-attacher
          securityContext:
            privileged: false
            allowPrivilegeEscalation: false
          volumeMounts:
          - mountPath: /csi
            name: socket-dir
        - args:
          - --v=5
          - --endpoint=$(CSI_ENDPOINT)
          env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          envFrom:
          - configMapRef:
              name: ibm-vpc-block-csi-configmap
          image: icr.io/ibm/ibm-vpc-block-csi-driver:v3.0.0
          securityContext:
            privileged: false
            allowPrivilegeEscalation: false
          imagePullPolicy: IfNotPresent
          name: iks-vpc-block-driver
          volumeMounts:
          - mountPath: /csi
            name: socket-dir
          - mountPath: /etc/storage_ibmc
            name: customer-auth
            readOnly: true
          - mountPath: /etc/storage_ibmc/cluster_info
            name: cluster-info
            readOnly: true
        serviceAccountName: ibm-vpc-block-controller-sa
        volumes:
        - emptyDir: {}
          name: socket-dir
        - name: customer-auth
          secret:
            secretName: storage-secret-store
        - configMap:
            name: cluster-info
          name: cluster-info
    volumeClaimTemplates: []
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      storageclass.beta.kubernetes.io/is-default-class: "true"
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-10iops-tier
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    profile: 10iops-tier
    region: ""
    resourceGroup: ""
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-5iops-tier
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    profile: 5iops-tier
    region: ""
    resourceGroup: ""
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-custom
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    iops: "400"
    profile: custom
    region: ""
    resourceGroup: ""
    sizeIOPSRange: |-
      [10-39]GiB:[100-1000]
      [40-79]GiB:[100-2000]
      [80-99]GiB:[100-4000]
      [100-499]GiB:[100-6000]
      [500-999]GiB:[100-10000]
      [1000-1999]GiB:[100-20000]
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-general-purpose
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    profile: general-purpose
    region: ""
    resourceGroup: ""
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Delete
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-retain-10iops-tier
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    profile: 10iops-tier
    region: ""
    resourceGroup: ""
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Retain
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-retain-5iops-tier
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    profile: 5iops-tier
    region: ""
    resourceGroup: ""
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Retain
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-retain-custom
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    iops: "400"
    profile: custom
    region: ""
    resourceGroup: ""
    sizeIOPSRange: |-
      [10-39]GiB:[100-1000]
      [40-79]GiB:[100-2000]
      [80-99]GiB:[100-4000]
      [100-499]GiB:[100-6000]
      [500-999]GiB:[100-10000]
      [1000-1999]GiB:[100-20000]
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Retain
- apiVersion: storage.k8s.io/v1
  kind: StorageClass
  metadata:
    annotations:
      version: 2.0.2_285
    labels:
      addonmanager.kubernetes.io/mode: Reconcile
      app: ibm-vpc-block-csi-driver
      razee/force-apply: "true"
    name: ibmc-vpc-block-retain-general-purpose
  parameters:
    billingType: hourly
    classVersion: "1"
    csi.storage.k8s.io/fstype: ext4
    encrypted: "false"
    encryptionKey: ""
    profile: general-purpose
    region: ""
    resourceGroup: ""
    sizeRange: '[10-2000]GiB'
    tags: ""
    zone: ""
  provisioner: vpc.block.csi.ibm.io
  reclaimPolicy: Retain
kind: List
metadata:
  annotations:
    version: 2.0.2_285
  name: ibm-vpc-block-csi-driver
  namespace: kube-system