gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: added hetzner csi plugin

Browse Source
master
Sven Ketelsen 4 years ago
parent 7a03c175f5
commit 8f94c4aae0
5 changed files with 429 additions and 47 deletions
Show Stats Download Patch File Download Diff File

99
group_vars/all/vault.yml
Unescape Escape View File

@ -1,48 +1,53 @@
$ANSIBLE_VAULT;1.1;AES256
36663361623738653132316466623231656662366262646435666439386336343134356437303136
3039663831636266663934633231323133356264653162330a303834396265623562313331396137
38323461343761653363643230393539663237663935656131376261613731323731643338666336
3137383131343136340a316462316564303832313136646631396162663036343637656166666439
32363134376639333364396561313936393739653762333334346531326332616362313132623831
35386130386265383237326134356366353033323437633466383038303264643061353731633063
37643636333466336561666465313235363265643233373738653864363335613233393332343966
30353866353161343762383161353965386538666430346430353763646265643534326661353162
31343233356464393433396135313064323433666132653966373961666433346666316336363535
36653565393462613237636439333566643765363762346362613932336135306130376366663235
64346335316561663363316232613036653837393439666537333961616232303535616361626263
39656631643161643862363162666531636561353932303532366235306664323731363732363635
62343561373935383936616463316239666139643835323439656162386636383439633034323164
36313630356664663530626137396638333462303462316432613639316238306564303439653838
32656339326531666263333430303334303635333261653933353339383935313032383662633332
30316132613339383761373830356537623531616632643762613935356230636439316431396466
34343465613730346639643462383633396664666362646231366436626332636365663766613764
61313334313131343663636331633330623030653235313363623531336630306435396131366433
37643733333962373031663561663636343932613663323731356136623462613930356635616432
63333237366335353461326336643533376139366461343161326135303364323035373030326432
39376263306266643536316532643661306430396261343732366662363933343161353933626134
39663739363436653461333631333539343739363738613133373966653362636138333462356437
38316533663139643334633635303435636332346561303838373061376536653263396234313932
62393836336633353337326233393334366138376161356536616433326665613365363131373164
62386361306365306264643466663762393330303963636339316333306638636566393339303033
39366136326637306235316666303137316634306535333032373132353630663833306138396663
63653232333363306138363131356435303230303362373239303365373161666164313639663433
64653436343865356663386132366638346465333738366462353333643336666534633930303836
63623265363832643832626561376666346561653062656264366131303866356365653439326338
63623235373636306432363563326564633764346439303165336338633963363437383264613339
34666432356636613364353035653964636138376235383333326233366463633038373736646137
36333465303961336632633539666338346464343534373439643764346433326637373732366236
34656338346536366133303732333537306132333438303166393330373632393137383763323961
39653833623262383966363162643737343932646563613839383963623330353531376130616134
62313561326135326666346330316331386531396465376438303263333335623864623462643862
37313230663163396535666538396131343437373638393063363065386363333664623130323336
30626637323764643639326536386532323238653935666462663732343831303064366636616338
33383934383735633561303333393163616262626536613734656239303538363730396530643136
65353537353534643933306262313664393963646163356363373261643832663365613964663763
36626366303330633536613234383839336361636661666664633132346663306634663430663361
32393436626332326339343836613639623135613431333762663236343333343964613135656263
64343331313563616464363261303434323562343863393566383234633833623631383464376535
66393437343866313865376263353238363734323332626663383332323939326133313761316663
33633762393461613636613736633737303030373266383232323663336639396462373730386233
61363264336465326530343939393465613264353061646662323135626365363362623134626163
33636365663364663565623030643664346434646338373830333665373837623238393761623834
306532353835663232373339333934393236
39366565366664306333663934306533353861616161323165356433646331663239396164383138
6436636361336164646564363036366439346335333533390a383061306436393933306239336239
37383430323965323533643866323761626134376632313035356565373864373161386163363963
3164613131346633350a636535316562316266323139323266643531313366656463653636306435
36353465646163623665386566316362363264663334626634626236666330316662323966626334
65653934383632663061663939656236653531663937663338653962633531316264656233326438
34346362666534316636636134633731333764336461376162643231386563656231643938393936
37366466313939656461376439623533346636623631363033633336336462306265663661613734
39653532656666323065643466376432633837663032306363616632306237326137323864393964
61346339343138383663633234643264353961323335393137653037343065366232376236356234
66346137346439343463393834336134376362316566333461383062613335326533636137383763
35333465393032666638616231623630313865353661623230313033333163303337623837363562
36396335326365636566393636323533633866366163333261333731343137336666366362366265
35333433616130373339343938356631316432626163313663366533323738353732636232323739
37316138643233613765663666666366396138623765346433646366623831333462663465353661
66383061336636613835313131363066343563383136373531626236653231633332663766303936
61653262326134343166303132643961393861376532613764666462386164303061303737643739
33376134366136323031366636643662653037646636323033313234363263346233633534386264
31373338653330323231373838373732383833333431383963383633326661333230316133316232
39313363663536653433366464323136333165396163326161393238636563353531383864613239
30323236633239666330363535626530666436373863383531383538323066363964353039313062
39356564336261383436636139393638313539636235356539323339353137663834623935656131
32363465626231653736366636316339303163616639666362636332623063356438326337326464
30386232623362666266616364396563323138616164323363616334313531616261613339323465
37613431653433653863346334656465303731373266376630336530363036386464303666313131
66383165356434323865636631656131313735313134386162646634666135396431326437653761
36633833353562653963316466333965316332366165653130363237366262346638376531313965
38386363656332396634623535633365396332363462356232366461393463626336383165663132
34393636616133356334653231366338386364396136643937613961653934333466303135346539
37393865373133363464626132323037336638383138343866626638616535333937303764383263
61386362313961626163383365376234666238633030306463666335373734616336303165653564
37393136363439393735383964386134333731643565613865393266383966333531316238353433
34303262633934386561363363643236646137653866356536613037613661663264333432306266
64343732643365396235636366366164313039333332366561646339343162613861346635393833
34346664303836386165336561333630616535383061333537323364623962666238396164333937
39633938303131383463313964383364333062306166623039626131663133373831343963633463
38386637393038396431666633366139393332393761316637653063633033363537333438306633
30623436363037363232303562383165636135333933346562326533623831363363653165376163
62363265343465303036306433366132666339396266333461383732343464343535626666646637
32646632623636663330383632303835336138366336393638346437656530313762363739323965
63336639383266386463653637306431316230353561373332353739383635663637343036623564
66373831353864633865626538633431636333363433656136366639643765396435656433313965
66643632623835343662616134383835323265646636343165373666383138306635373362303133
63633536663439343065386630386637363431303238633661643335343262383533643764643939
33396632333139336635356165643036323234613032643233346635326662383830313834343966
35656163313463343561383664656632363436613032643335363539636466393338623663356161
64363731393530633239303039636162633533396131663433323436376233313237336538623631
33616638333232383931646534363230663064346137366264316432306134393163646634336336
61323132336637323037356466366539323265303138623864316438613766613837383737383765
33323166373633303138633566313034663636303066616136383433616433616562663231383736
36316263386462353766373461636565323662356264376431313633353363646634623033616432
30303435643564303236

1
kubespray

@ -0,0 +1 @@
Subproject commit eeeca4a1d0334efebcf732d08bffc7e10240fc9c

3
roles/kubernetes/container-storage-interface/defaults/main.yml
Unescape Escape View File

@ -0,0 +1,3 @@
---
k8s_csi__template: "hcloud-csi.v1.5.1.yaml.j2"

32
roles/kubernetes/container-storage-interface/tasks/main.yml
Unescape Escape View File

@ -0,0 +1,32 @@
---
### tags:
### csi
- name: Create secret for Hetzner CSI
kubernetes.core.k8s:
definition:
api_version: v1
kind: Secret
metadata:
namespace: kube-system
name: hcloud-csi
label:
app: csi
provider: hcloud
type: Opaque
data:
token: "{{ hetzner_hcloud_csi_token | string | b64encode }}"
when:
- inventory_hostname == groups['kube-master'][0]
tags:
- csi
- name: Applying CSI deployment
kubernetes.core.k8s:
state: present
definition: "{{ lookup('template', k8s_csi__template) }}"
when:
- inventory_hostname == groups['kube-master'][0]
tags:
- csi

341
roles/kubernetes/container-storage-interface/templates/hcloud-csi.v1.5.1.yaml.j2
Unescape Escape View File

@ -0,0 +1,341 @@
---
apiVersion: storage.k8s.io/v1beta1
kind: CSIDriver
metadata:
name: csi.hetzner.cloud
spec:
attachRequired: true
podInfoOnMount: true
volumeLifecycleModes:
- Persistent
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
namespace: kube-system
name: hcloud-volumes
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: csi.hetzner.cloud
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: hcloud-csi
namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: hcloud-csi
rules:
# attacher
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update", "patch"]
# provisioner
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims", "persistentvolumeclaims/status"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["get", "list"]
# node
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: hcloud-csi
subjects:
- kind: ServiceAccount
name: hcloud-csi
namespace: kube-system
roleRef:
kind: ClusterRole
name: hcloud-csi
apiGroup: rbac.authorization.k8s.io
---
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: hcloud-csi-controller
namespace: kube-system
spec:
selector:
matchLabels:
app: hcloud-csi-controller
serviceName: hcloud-csi-controller
replicas: 1
template:
metadata:
labels:
app: hcloud-csi-controller
spec:
serviceAccount: hcloud-csi
containers:
- name: csi-attacher
image: quay.io/k8scsi/csi-attacher:v2.2.0
args:
- --csi-address=/var/lib/csi/sockets/pluginproxy/csi.sock
- --v=5
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
- name: csi-resizer
image: quay.io/k8scsi/csi-resizer:v0.3.0
args:
- --csi-address=/var/lib/csi/sockets/pluginproxy/csi.sock
- --v=5
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
- name: csi-provisioner
image: quay.io/k8scsi/csi-provisioner:v1.6.0
args:
- --provisioner=csi.hetzner.cloud
- --csi-address=/var/lib/csi/sockets/pluginproxy/csi.sock
- --feature-gates=Topology=true
- --v=5
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
- name: hcloud-csi-driver
image: hetznercloud/hcloud-csi-driver:1.5.1
imagePullPolicy: Always
env:
- name: CSI_ENDPOINT
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
- name: METRICS_ENDPOINT
value: 0.0.0.0:9189
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: HCLOUD_TOKEN
valueFrom:
secretKeyRef:
name: hcloud-csi
key: token
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
ports:
- containerPort: 9189
name: metrics
- name: healthz
containerPort: 9808
protocol: TCP
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 2
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
- name: liveness-probe
imagePullPolicy: Always
image: quay.io/k8scsi/livenessprobe:v1.1.0
args:
- --csi-address=/var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- mountPath: /var/lib/csi/sockets/pluginproxy/
name: socket-dir
volumes:
- name: socket-dir
emptyDir: {}
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: hcloud-csi-node
namespace: kube-system
labels:
app: hcloud-csi
spec:
selector:
matchLabels:
app: hcloud-csi
template:
metadata:
labels:
app: hcloud-csi
spec:
tolerations:
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
serviceAccount: hcloud-csi
containers:
- name: csi-node-driver-registrar
image: quay.io/k8scsi/csi-node-driver-registrar:v1.3.0
args:
- --v=5
- --csi-address=/csi/csi.sock
- --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/csi.sock
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
securityContext:
privileged: true
- name: hcloud-csi-driver
image: hetznercloud/hcloud-csi-driver:1.5.1
imagePullPolicy: Always
env:
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
- name: METRICS_ENDPOINT
value: 0.0.0.0:9189
- name: HCLOUD_TOKEN
valueFrom:
secretKeyRef:
name: hcloud-csi
key: token
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
volumeMounts:
- name: kubelet-dir
mountPath: /var/lib/kubelet
mountPropagation: "Bidirectional"
- name: plugin-dir
mountPath: /csi
- name: device-dir
mountPath: /dev
securityContext:
privileged: true
ports:
- containerPort: 9189
name: metrics
- name: healthz
containerPort: 9808
protocol: TCP
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 2
- name: liveness-probe
imagePullPolicy: Always
image: quay.io/k8scsi/livenessprobe:v1.1.0
args:
- --csi-address=/csi/csi.sock
volumeMounts:
- mountPath: /csi
name: plugin-dir
volumes:
- name: kubelet-dir
hostPath:
path: /var/lib/kubelet
type: Directory
- name: plugin-dir
hostPath:
path: /var/lib/kubelet/plugins/csi.hetzner.cloud/
type: DirectoryOrCreate
- name: registration-dir
hostPath:
path: /var/lib/kubelet/plugins_registry/
type: Directory
- name: device-dir
hostPath:
path: /dev
type: Directory
---
apiVersion: v1
kind: Service
metadata:
name: hcloud-csi-controller-metrics
namespace: kube-system
labels:
app: hcloud-csi
spec:
selector:
app: hcloud-csi-controller
ports:
- port: 9189
name: metrics
targetPort: metrics
---
apiVersion: v1
kind: Service
metadata:
name: hcloud-csi-node-metrics
namespace: kube-system
labels:
app: hcloud-csi
spec:
selector:
app: hcloud-csi
ports:
- port: 9189
name: metrics
targetPort: metrics
Write Preview
Loading…
Cancel
Save