Skip to content

Commit

Permalink
Merge pull request #194 from mikemcd3912/csiDriverGitOps
Browse files Browse the repository at this point in the history 
Addition of VMware CSI Driver to GitOps Addons Deployment, removal of OpenEBS
  • Loading branch information
@elamaran11
elamaran11 authored Jan 30, 2024
2 parents d8885f6 + c04d2ff commit 5f6f149
Show file tree
Hide file tree
Showing 11 changed files with 1,023 additions and 38 deletions.
19 changes: 0 additions & 19 deletions eks-anywhere-vsphere/Addons/Core/storage-driver/openebs/helm-release.yaml
View file

This file was deleted.

10 changes: 0 additions & 10 deletions eks-anywhere-vsphere/Addons/Core/storage-driver/openebs/helm-repo.yaml
View file

This file was deleted.

6 changes: 0 additions & 6 deletions eks-anywhere-vsphere/Addons/Core/storage-driver/openebs/kustomization.yaml
View file

This file was deleted.

4 changes: 2 additions & 2 deletions eks-anywhere-vsphere/Addons/Core/storage-driver/storage-driver.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: openebs
name: vmware-csi
namespace: flux-system
spec:
path: "./eks-anywhere-vsphere/Addons/Core/storage-driver/openebs"
path: "./eks-anywhere-vsphere/Addons/Core/storage-driver/vmware-csi"
sourceRef:
kind: GitRepository
name: addons
Expand Down
46 changes: 46 additions & 0 deletions eks-anywhere-vsphere/Addons/Core/storage-driver/vmware-csi/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
## VMware CSI Driver Pre-Requisites

In order to sucessfully install the VMware CSI Driver, the following items must be completed first:
1. Creation of the `ClusterSecretStore` Kubernetes resource detailed in the eks-anywhere-addons/README.md file

2. Creation of config secrets in AWS Secrets Manager that External secrets will reference in the
vsphere-csi-externalsecrets.yaml file.

# Creation of the Config Secrets

Two Secrets must be created, csi-vsphere.conf referenced by the
vsphere-csi-controller in the vsphere-csi-driver.yaml file, and
vsphere.conf that is referenced in the vsphere-cloud-controller.yaml file

Both secrets are multi-line configs, so the "Plaintext" secret type must be used.

In csi-vsphere.conf, the secret will contain Global configuration data and Virtual Center specific information in the following format:

```
[Global]
insecure-flag = "true"
port = "443"
[VirtualCenter "<Your Vcenter IP Address>"]
cluster-id = "<Your Cluster ID"
user = "<Your Vcenter Username>"
password = "<Your Vcenter Password>"
datacenters = "<Your Datacenter(s)>"
```

In vsphere.conf the same information is required, YAML formatted:

```
global:
port: 443
insecureFlag: true
vcenter:
<Your VCenter Name>:
server: <Your Vcenter IP Address>
user: <Your Vcenter Username>
password: <Your Vcenter Password>
datacenters:
- <Your Datacenter(s)>
```

8 changes: 8 additions & 0 deletions eks-anywhere-vsphere/Addons/Core/storage-driver/vmware-csi/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- vsphere-cloud-controller-manager.yaml
- vsphere-csi-externalsecrets.yaml
- vsphere-csi-driver.yaml
- vmware-sc.yaml
2 changes: 1 addition & 1 deletion ...ore/storage-driver/openebs/namespace.yaml → .../storage-driver/vmware-csi/namespace.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: openebs
name: vmware-system-csi
7 changes: 7 additions & 0 deletions eks-anywhere-vsphere/Addons/Core/storage-driver/vmware-csi/vmware-sc.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: vmware-sc
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: csi.vsphere.vmware.com
207 changes: 207 additions & 0 deletions ...where-vsphere/Addons/Core/storage-driver/vmware-csi/vsphere-cloud-controller-manager.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,207 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cloud-controller-manager
labels:
vsphere-cpi-infra: service-account
component: cloud-controller-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: servicecatalog.k8s.io:apiserver-authentication-reader
labels:
vsphere-cpi-infra: role-binding
component: cloud-controller-manager
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cloud-controller-manager
namespace: kube-system
- apiGroup: ""
kind: User
name: cloud-controller-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:cloud-controller-manager
labels:
vsphere-cpi-infra: cluster-role-binding
component: cloud-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:cloud-controller-manager
subjects:
- kind: ServiceAccount
name: cloud-controller-manager
namespace: kube-system
- kind: User
name: cloud-controller-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:cloud-controller-manager
labels:
vsphere-cpi-infra: role
component: cloud-controller-manager
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- "*"
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- create
- get
- list
- watch
- update
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: vsphere-cloud-controller-manager
labels:
component: cloud-controller-manager
tier: control-plane
namespace: kube-system
spec:
selector:
matchLabels:
name: vsphere-cloud-controller-manager
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
name: vsphere-cloud-controller-manager
component: cloud-controller-manager
tier: control-plane
spec:
tolerations:
- key: node.cloudprovider.kubernetes.io/uninitialized
value: "true"
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
operator: Exists
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
operator: Exists
- key: node.kubernetes.io/not-ready
effect: NoSchedule
operator: Exists
securityContext:
runAsUser: 1001
serviceAccountName: cloud-controller-manager
priorityClassName: system-node-critical
containers:
- name: vsphere-cloud-controller-manager
image: gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.28.0
args:
- --cloud-provider=vsphere
- --v=2
- --cloud-config=/etc/cloud/vsphere.conf
volumeMounts:
- mountPath: /etc/cloud
name: vsphere-config-volume
readOnly: true
resources:
requests:
cpu: 200m
hostNetwork: true
volumes:
- name: vsphere-config-volume
secret:
secretName: vsphere.conf
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
- matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
Loading

0 comments on commit 5f6f149

Please sign in to comment.