Skip to content

Commit

Permalink
docs: how to deploy with helm
Browse files Browse the repository at this point in the history
  • Loading branch information
@huww98
huww98 committed Apr 24, 2024
1 parent 5f3a2e6 commit 3c8a668
Show file tree
Hide file tree
Showing 5 changed files with 127 additions and 122 deletions.
35 changes: 2 additions & 33 deletions docs/disk-resizer.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,39 +8,8 @@ Aliyun EBS support to expand size of disk, this feature will show how to resize

## Requirements

* CSI resizer external runner (registry.cn-hangzhou.aliyuncs.com/acs/csi-resizer).
* Disk resizer plugin depends on csi-plugin (registry.cn-hangzhou.aliyuncs.com/acs/csi-plugin).
* Service Accounts with required RBAC permissions.
* Feature Gate Enable: ExpandCSIVolumes=true(kube-controller, kubelet), this is Beta feature in kubernetes 1.16+;

## Compiling and Package
Csi-resizer can be compiled in a form of a container.

To build a container:
```shell
cd build && sh build-all.sh
```

## Deploy

### 1. Requirements
Kubernetes cluster, api-server, kubelet configuration, please refer to [disk-plugin](./README-disk.md)

The resizer runner is working with CSI Plugin, so you should deploy the base plugin first. Please refer to [disk-plugin](./README-disk.md)

The API Authority:

The process of expand disk need to call aliyun ecs api, and your AK should have the ability to do it.

If you use STS in the csi plugin, the RAM should have the Authority of ResizeDisk.

### 2. Deploy Resizer and StorageClass

You can use below command to deploy csi resizer.

```
helm install csi-driver ./deploy/chart --values deploy/chart/values-ecs.yaml --namespace kube-system
```
Working Disk CSI driver,
Please refer to the [disk driver doc](./disk.md) for details.

## Usage

Expand Down
87 changes: 6 additions & 81 deletions docs/disk.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,92 +35,17 @@ Alternatively, you can try to deploy it manually on [ECS](https://www.alibabaclo
* A working Kubernetes cluster deployed on ECS.
* Local `kubectl` configured to communicate with this cluster.

### Step 1: Create RAM User with Required Permissions

CSI will create disks, attach disk to ECS, etc., on behalf of you. To do so, we need authorizations.

1. Create a RAM user, enable OpenAPI access. Once the user is created, record the AccessKey ID and AccessKey Secret.
2. Create a policy, paste in the following script
```json
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:AttachDisk",
"ecs:DetachDisk",
"ecs:DescribeDisks",
"ecs:CreateDisk",
"ecs:ResizeDisk",
"ecs:CreateSnapshot",
"ecs:DeleteSnapshot",
"ecs:CreateAutoSnapshotPolicy",
"ecs:ApplyAutoSnapshotPolicy",
"ecs:CancelAutoSnapshotPolicy",
"ecs:DeleteAutoSnapshotPolicy",
"ecs:DescribeAutoSnapshotPolicyEX",
"ecs:ModifyAutoSnapshotPolicyEx",
"ecs:AddTags",
"ecs:RemoveTags",
"ecs:DescribeTags",
"ecs:DescribeSnapshots",
"ecs:ListTagResources",
"ecs:TagResources",
"ecs:UntagResources",
"ecs:ModifyDiskSpec",
"ecs:CreateSnapshot",
"ecs:DescribeSnapshotGroups",
"ecs:CreateSnapshotGroup",
"ecs:DeleteSnapshotGroup",
"ecs:CopySnapshot",
"ecs:DeleteDisk",
"ecs:DescribeInstanceAttribute",
"ecs:DescribeInstanceHistoryEvents",
"ecs:DescribeTaskAttribute",
"ecs:DescribeInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"kms:ListAliases"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
```
3. Authorize the new policy for the new RAM user.

### Step 2: Config the AccessKey to Cluster

Store the access key of just created RAM user in the cluster.
```shell
kubectl create secret -n kube-system generic csi-access-key \
--from-literal=id='LTA******************GWN' \
--from-literal=secret='***********'
```

### Step 3: Apply Necessary Resources
### Step 1: Install the CSI driver

Create the service account, RBAC role, deploy the CSI provisioner and CSI plugin.
```shell
helm install csi-driver ./deploy/chart --values deploy/chart/values-ecs.yaml --namespace kube-system
```
Please refer to the [installation guide](./install.md) for detailed instructions.

Note: this will also deploy OSS and NAS CSI driver. Edit the manifests before applying if you want to disable them.
Note: this will also deploy OSS and NAS CSI driver. You may use configuration values to disable them.

### Step 4: Create StorageClass
### Step 2: Create StorageClass
Storage class is necessary for dynamic volume provisioning.
We already provided some predefined storage classes in the previous step. For more advanced features, please refer to [Aliyun docs](https://help.aliyun.com/zh/ack/ack-managed-and-ack-dedicated/user-guide/use-dynamically-provisioned-disk-volumes?#6d16e8a415nie).

### Step 5: Check the Status of CSI driver
### Step 3: Check the Status of CSI driver

Checks that all pods are running and ready.
```shell
Expand All @@ -141,7 +66,7 @@ csi-provisioner-76fcb8b894-5gmc2 9/9 Running 0 7d8h
csi-provisioner-76fcb8b894-mlgj5 9/9 Running 0 7d8h
```

### Step 6: Test the Deployment
### Step 4: Test the Deployment

To make sure your CSI plugin is working, create a simple workload to test it out:
```shell
Expand Down
66 changes: 66 additions & 0 deletions docs/install.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# Installation

If you are using [Alibaba Cloud Container Service for Kubernetes (ACK)](https://www.alibabacloud.com/product/kubernetes),
the CSI drivers will be deployed automatically. You can manage them as a component through the
[ACK console](https://www.alibabacloud.com/help/en/ack/ack-managed-and-ack-dedicated/user-guide/manage-system-components).

If you deploy Kubernetes yourself, you can still use [registered cluster](https://www.alibabacloud.com/help/en/ack/distributed-cloud-container-platform-for-kubernetes/user-guide/overview-9)
to manage the CSI drivers.

Read on if you want to deploy the drivers manually.

## Prerequisites

* Kubernetes version >= 1.26
* `kubectl` configured to communicate with the cluster
* Helm 3
* different drivers have their own requirements, please refer to their specific documentation

## Setup RAM Permissions

The driver requires RAM permissions to invoke Alibaba Cloud OpenAPIs to manage the volume on user's behalf.
Different drivers requires different permissions, please refer to the [example policies](./ram-policies).

There are several methods to grant the driver RAM permissions:

* If the CSI is deployed on ECS, you may use [instance RAM role](https://www.alibabacloud.com/help/en/ecs/user-guide/attach-an-instance-ram-role-to-an-ecs-instance).
Attach the above policies to the instance RAM role and turn on access to ECS metadata for the instances on which the driver Deployment runs.
For Disk driver, all the instances in the cluster need this.

* use a secret for access key.
1. Create a RAM user, enable OpenAPI access. Once the user is created, record the AccessKey ID and AccessKey Secret.
2. Create a policy, paste in the policies.
3. Authorize the new policy for the new RAM user.
4. Store the AccessKey to Cluster as a secret.
```shell
kubectl create secret -n kube-system generic csi-access-key \
--from-literal=id='LTA******************GWN' \
--from-literal=secret='***********'
```

## Deploy the Drivers

You can deploy the drivers using Helm.

The default values mimic the config of the drivers in ACK cluster.
We provides some configuration presets. Select one of them:
* values-ecs.yaml: for deploy on ECS
* values-nonecs.yaml: for deploy on non-ECS environment, disk driver is disabled

```shell
git clone https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver.git
cd alibaba-cloud-csi-driver/deploy
helm upgrade --install alibaba-cloud-csi-driver ./chart --values chart/values-ecs.yaml --namespace kube-system
```

Please review the [values file](../deploy/chart/values.yaml) before installing. Some important configurations are:
* deploy.accessKey.enabled: if you are using instance RAM role, disable this.

## Verify

Check the driver pods are running and ready:

```shell
kubectl get pods -n kube-system -l app=csi-plugin
kubectl get pods -n kube-system -l app=csi-provisioner
```
8 changes: 0 additions & 8 deletions docs/nas.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,14 +21,6 @@ cd build && sh build-nas.sh

Same as diskplugin.csi.alibabacloud.com;

> Note: The plugin log style can be configured by environment variable: LOG_TYPE.
> "host": logs will be printed into files which save to host(/var/log/alicloud/nasplugin.csi.alibabacloud.com.log);
> "stdout": logs will be printed to stdout, can be printed by docker logs or kubectl logs.
> "both": default option, log will be printed both to stdout and host file.
### Step 1: Create a statically provisioned PV.
```shell
kubectl apply -f ./examples/nas/pv.yaml
Expand Down
53 changes: 53 additions & 0 deletions docs/ram-policies/disk.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:AttachDisk",
"ecs:DetachDisk",
"ecs:DescribeDisks",
"ecs:CreateDisk",
"ecs:ResizeDisk",
"ecs:CreateSnapshot",
"ecs:DeleteSnapshot",
"ecs:CreateAutoSnapshotPolicy",
"ecs:ApplyAutoSnapshotPolicy",
"ecs:CancelAutoSnapshotPolicy",
"ecs:DeleteAutoSnapshotPolicy",
"ecs:DescribeAutoSnapshotPolicyEX",
"ecs:ModifyAutoSnapshotPolicyEx",
"ecs:AddTags",
"ecs:RemoveTags",
"ecs:DescribeTags",
"ecs:DescribeSnapshots",
"ecs:ListTagResources",
"ecs:TagResources",
"ecs:UntagResources",
"ecs:ModifyDiskSpec",
"ecs:CreateSnapshot",
"ecs:DescribeSnapshotGroups",
"ecs:CreateSnapshotGroup",
"ecs:DeleteSnapshotGroup",
"ecs:CopySnapshot",
"ecs:DeleteDisk",
"ecs:DescribeInstanceAttribute",
"ecs:DescribeInstanceHistoryEvents",
"ecs:DescribeTaskAttribute",
"ecs:DescribeInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"kms:ListAliases"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}

0 comments on commit 3c8a668

Please sign in to comment.