Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Addition of VMware CSI Driver to GitOps Addons Deployment, removal of OpenEBS #194

Merged
merged 15 commits into from
Jan 30, 2024
Merged

This file was deleted.

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: openebs
name: vmware-csi
namespace: flux-system
spec:
path: "./eks-anywhere-vsphere/Addons/Core/storage-driver/openebs"
path: "./eks-anywhere-vsphere/Addons/Core/storage-driver/vmware-csi"
sourceRef:
kind: GitRepository
name: addons
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
## VMware CSI Driver Pre-Requisites

In order to sucessfully install the VMware CSI Driver, the following items must be completed first:
1. Creation of the `ClusterSecretStore` Kubernetes resource detailed in the eks-anywhere-addons/README.md file

2. Creation of config secrets in AWS Secrets Manager that External secrets will reference in the
vsphere-csi-externalsecrets.yaml file.

# Creation of the Config Secrets

Two Secrets must be created, csi-vsphere.conf referenced by the
vsphere-csi-controller in the vsphere-csi-driver.yaml file, and
vsphere.conf that is referenced in the vsphere-cloud-controller.yaml file

Both secrets are multi-line configs, so the "Plaintext" secret type must be used.

In csi-vsphere.conf, the secret will contain Global configuration data and Virtual Center specific information in the following format:

```
[Global]
insecure-flag = "true"
port = "443"

[VirtualCenter "<Your Vcenter IP Address>"]
cluster-id = "<Your Cluster ID"
user = "<Your Vcenter Username>"
password = "<Your Vcenter Password>"
datacenters = "<Your Datacenter(s)>"
```

In vsphere.conf the same information is required, YAML formatted:

```
global:
port: 443
insecureFlag: true

vcenter:
<Your VCenter Name>:
server: <Your Vcenter IP Address>
user: <Your Vcenter Username>
password: <Your Vcenter Password>
datacenters:
- <Your Datacenter(s)>
```

Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- vsphere-cloud-controller-manager.yaml
- vsphere-csi-externalsecrets.yaml
- vsphere-csi-driver.yaml
- vmware-sc.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: openebs
name: vmware-system-csi
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: vmware-sc
annotations:
storageclass.kubernetes.io/is-default-class: "true"
provisioner: csi.vsphere.vmware.com
Original file line number Diff line number Diff line change
@@ -0,0 +1,207 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cloud-controller-manager
labels:
vsphere-cpi-infra: service-account
component: cloud-controller-manager
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: servicecatalog.k8s.io:apiserver-authentication-reader
labels:
vsphere-cpi-infra: role-binding
component: cloud-controller-manager
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cloud-controller-manager
namespace: kube-system
- apiGroup: ""
kind: User
name: cloud-controller-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:cloud-controller-manager
labels:
vsphere-cpi-infra: cluster-role-binding
component: cloud-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:cloud-controller-manager
subjects:
- kind: ServiceAccount
name: cloud-controller-manager
namespace: kube-system
- kind: User
name: cloud-controller-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:cloud-controller-manager
labels:
vsphere-cpi-infra: role
component: cloud-controller-manager
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- "*"
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- create
- get
- list
- watch
- update
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: vsphere-cloud-controller-manager
labels:
component: cloud-controller-manager
tier: control-plane
namespace: kube-system
spec:
selector:
matchLabels:
name: vsphere-cloud-controller-manager
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
name: vsphere-cloud-controller-manager
component: cloud-controller-manager
tier: control-plane
spec:
tolerations:
- key: node.cloudprovider.kubernetes.io/uninitialized
value: "true"
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
operator: Exists
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
operator: Exists
- key: node.kubernetes.io/not-ready
effect: NoSchedule
operator: Exists
securityContext:
runAsUser: 1001
serviceAccountName: cloud-controller-manager
priorityClassName: system-node-critical
containers:
- name: vsphere-cloud-controller-manager
image: gcr.io/cloud-provider-vsphere/cpi/release/manager:v1.28.0
args:
- --cloud-provider=vsphere
- --v=2
- --cloud-config=/etc/cloud/vsphere.conf
volumeMounts:
- mountPath: /etc/cloud
name: vsphere-config-volume
readOnly: true
resources:
requests:
cpu: 200m
hostNetwork: true
volumes:
- name: vsphere-config-volume
secret:
secretName: vsphere.conf
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
- matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
Loading
Loading