Created
December 12, 2019 19:38
-
-
Save JohnStrunk/3681ddfca4667be82ceab711a52cab18 to your computer and use it in GitHub Desktop.
EBS CSI yamls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Taken from kubectl create -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/alpha/?ref=master" --dry-run -oyaml | |
# Changes: | |
# Change secret info | |
# Set hostNetwork for controller | |
# Remove liveness probe container | |
# Remove healthz ports from controller | |
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: ebs-csi-controller-sa | |
namespace: kube-system | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: ebs-external-attacher-role | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- persistentvolumes | |
verbs: | |
- get | |
- list | |
- watch | |
- update | |
- apiGroups: | |
- "" | |
resources: | |
- nodes | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- csi.storage.k8s.io | |
resources: | |
- csinodeinfos | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- storage.k8s.io | |
resources: | |
- volumeattachments | |
verbs: | |
- get | |
- list | |
- watch | |
- update | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: ebs-external-provisioner-role | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- persistentvolumes | |
verbs: | |
- get | |
- list | |
- watch | |
- create | |
- delete | |
- apiGroups: | |
- "" | |
resources: | |
- persistentvolumeclaims | |
verbs: | |
- get | |
- list | |
- watch | |
- update | |
- apiGroups: | |
- storage.k8s.io | |
resources: | |
- storageclasses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- events | |
verbs: | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- apiGroups: | |
- storage.k8s.io | |
resources: | |
- csinodes | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- nodes | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- coordination.k8s.io | |
resources: | |
- leases | |
verbs: | |
- get | |
- watch | |
- list | |
- delete | |
- update | |
- create | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: ebs-external-resizer-role | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- persistentvolumes | |
verbs: | |
- get | |
- list | |
- watch | |
- update | |
- patch | |
- apiGroups: | |
- "" | |
resources: | |
- persistentvolumeclaims | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- persistentvolumeclaims/status | |
verbs: | |
- update | |
- patch | |
- apiGroups: | |
- storage.k8s.io | |
resources: | |
- storageclasses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- events | |
verbs: | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: ebs-external-snapshotter-role | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- persistentvolumes | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- persistentvolumeclaims | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- storage.k8s.io | |
resources: | |
- storageclasses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- "" | |
resources: | |
- events | |
verbs: | |
- list | |
- watch | |
- create | |
- update | |
- patch | |
- apiGroups: | |
- "" | |
resources: | |
- secrets | |
verbs: | |
- get | |
- list | |
- apiGroups: | |
- snapshot.storage.k8s.io | |
resources: | |
- volumesnapshotclasses | |
verbs: | |
- get | |
- list | |
- watch | |
- apiGroups: | |
- snapshot.storage.k8s.io | |
resources: | |
- volumesnapshotcontents | |
verbs: | |
- create | |
- get | |
- list | |
- watch | |
- update | |
- delete | |
- apiGroups: | |
- snapshot.storage.k8s.io | |
resources: | |
- volumesnapshots | |
verbs: | |
- get | |
- list | |
- watch | |
- update | |
- apiGroups: | |
- apiextensions.k8s.io | |
resources: | |
- customresourcedefinitions | |
verbs: | |
- create | |
- list | |
- watch | |
- delete | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: ebs-csi-attacher-binding | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: ebs-external-attacher-role | |
subjects: | |
- kind: ServiceAccount | |
name: ebs-csi-controller-sa | |
namespace: kube-system | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: ebs-csi-provisioner-binding | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: ebs-external-provisioner-role | |
subjects: | |
- kind: ServiceAccount | |
name: ebs-csi-controller-sa | |
namespace: kube-system | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: ebs-csi-resizer-binding | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: ebs-external-resizer-role | |
subjects: | |
- kind: ServiceAccount | |
name: ebs-csi-controller-sa | |
namespace: kube-system | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: ebs-csi-snapshotter-binding | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: ebs-external-snapshotter-role | |
subjects: | |
- kind: ServiceAccount | |
name: ebs-csi-controller-sa | |
namespace: kube-system | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: ebs-csi-controller | |
namespace: kube-system | |
spec: | |
replicas: 2 | |
selector: | |
matchLabels: | |
app: ebs-csi-controller | |
template: | |
metadata: | |
labels: | |
app: ebs-csi-controller | |
spec: | |
hostNetwork: true | |
containers: | |
- args: | |
- --csi-address=$(ADDRESS) | |
- --v=5 | |
env: | |
- name: ADDRESS | |
value: /var/lib/csi/sockets/pluginproxy/csi.sock | |
image: quay.io/k8scsi/csi-resizer:v0.2.0 | |
name: csi-resizer | |
volumeMounts: | |
- mountPath: /var/lib/csi/sockets/pluginproxy/ | |
name: socket-dir | |
- args: | |
- --csi-address=$(ADDRESS) | |
- --connection-timeout=15s | |
env: | |
- name: ADDRESS | |
value: /var/lib/csi/sockets/pluginproxy/csi.sock | |
image: quay.io/k8scsi/csi-snapshotter:v1.1.0 | |
name: csi-snapshotter | |
volumeMounts: | |
- mountPath: /var/lib/csi/sockets/pluginproxy/ | |
name: socket-dir | |
- args: | |
- --endpoint=$(CSI_ENDPOINT) | |
- --logtostderr | |
- --v=5 | |
env: | |
- name: CSI_ENDPOINT | |
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock | |
- name: AWS_ACCESS_KEY_ID | |
valueFrom: | |
secretKeyRef: | |
key: aws_access_key_id | |
name: aws-creds | |
optional: true | |
- name: AWS_SECRET_ACCESS_KEY | |
valueFrom: | |
secretKeyRef: | |
key: aws_secret_access_key | |
name: aws-creds | |
optional: true | |
image: amazon/aws-ebs-csi-driver:latest | |
name: ebs-plugin | |
volumeMounts: | |
- mountPath: /var/lib/csi/sockets/pluginproxy/ | |
name: socket-dir | |
- args: | |
- --csi-address=$(ADDRESS) | |
- --v=5 | |
- --feature-gates=Topology=true | |
- --enable-leader-election | |
- --leader-election-type=leases | |
env: | |
- name: ADDRESS | |
value: /var/lib/csi/sockets/pluginproxy/csi.sock | |
image: quay.io/k8scsi/csi-provisioner:v1.3.0 | |
name: csi-provisioner | |
volumeMounts: | |
- mountPath: /var/lib/csi/sockets/pluginproxy/ | |
name: socket-dir | |
- args: | |
- --csi-address=$(ADDRESS) | |
- --v=5 | |
env: | |
- name: ADDRESS | |
value: /var/lib/csi/sockets/pluginproxy/csi.sock | |
image: quay.io/k8scsi/csi-attacher:v1.2.0 | |
name: csi-attacher | |
volumeMounts: | |
- mountPath: /var/lib/csi/sockets/pluginproxy/ | |
name: socket-dir | |
nodeSelector: | |
beta.kubernetes.io/os: linux | |
priorityClassName: system-cluster-critical | |
serviceAccount: ebs-csi-controller-sa | |
tolerations: | |
- key: CriticalAddonsOnly | |
operator: Exists | |
volumes: | |
- emptyDir: {} | |
name: socket-dir | |
--- | |
apiVersion: apps/v1 | |
kind: DaemonSet | |
metadata: | |
name: ebs-csi-node | |
namespace: kube-system | |
spec: | |
selector: | |
matchLabels: | |
app: ebs-csi-node | |
template: | |
metadata: | |
labels: | |
app: ebs-csi-node | |
spec: | |
containers: | |
- args: | |
- --endpoint=$(CSI_ENDPOINT) | |
- --logtostderr | |
- --v=5 | |
env: | |
- name: CSI_ENDPOINT | |
value: unix:/csi/csi.sock | |
image: amazon/aws-ebs-csi-driver:latest | |
livenessProbe: | |
failureThreshold: 5 | |
httpGet: | |
path: /healthz | |
port: healthz | |
initialDelaySeconds: 10 | |
periodSeconds: 10 | |
timeoutSeconds: 3 | |
name: ebs-plugin | |
ports: | |
- containerPort: 9808 | |
name: healthz | |
protocol: TCP | |
securityContext: | |
privileged: true | |
volumeMounts: | |
- mountPath: /var/lib/kubelet | |
mountPropagation: Bidirectional | |
name: kubelet-dir | |
- mountPath: /csi | |
name: plugin-dir | |
- mountPath: /dev | |
name: device-dir | |
- args: | |
- --csi-address=$(ADDRESS) | |
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) | |
- --v=5 | |
env: | |
- name: ADDRESS | |
value: /csi/csi.sock | |
- name: DRIVER_REG_SOCK_PATH | |
value: /var/lib/kubelet/plugins/ebs.csi.aws.com/csi.sock | |
image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 | |
lifecycle: | |
preStop: | |
exec: | |
command: | |
- /bin/sh | |
- -c | |
- rm -rf /registration/ebs.csi.aws.com-reg.sock /csi/csi.sock | |
name: node-driver-registrar | |
volumeMounts: | |
- mountPath: /csi | |
name: plugin-dir | |
- mountPath: /registration | |
name: registration-dir | |
- args: | |
- --csi-address=/csi/csi.sock | |
image: quay.io/k8scsi/livenessprobe:v1.1.0 | |
name: liveness-probe | |
volumeMounts: | |
- mountPath: /csi | |
name: plugin-dir | |
hostNetwork: true | |
nodeSelector: | |
beta.kubernetes.io/os: linux | |
priorityClassName: system-node-critical | |
tolerations: | |
- key: CriticalAddonsOnly | |
operator: Exists | |
volumes: | |
- hostPath: | |
path: /var/lib/kubelet | |
type: Directory | |
name: kubelet-dir | |
- hostPath: | |
path: /var/lib/kubelet/plugins/ebs.csi.aws.com/ | |
type: DirectoryOrCreate | |
name: plugin-dir | |
- hostPath: | |
path: /var/lib/kubelet/plugins_registry/ | |
type: Directory | |
name: registration-dir | |
- hostPath: | |
path: /dev | |
type: Directory | |
name: device-dir | |
--- | |
apiVersion: storage.k8s.io/v1beta1 | |
kind: CSIDriver | |
metadata: | |
name: ebs.csi.aws.com | |
spec: | |
attachRequired: true | |
podInfoOnMount: false | |
--- | |
kind: StorageClass | |
apiVersion: storage.k8s.io/v1 | |
metadata: | |
name: csi-ebs | |
provisioner: ebs.csi.aws.com | |
volumeBindingMode: WaitForFirstConsumer | |
parameters: | |
fsType: xfs | |
type: gp2 | |
encrypted: "true" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: snapshot.storage.k8s.io/v1alpha1 | |
kind: VolumeSnapshotClass | |
metadata: | |
name: csi-ebs | |
snapshotter: ebs.csi.aws.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment