Merge pull request #14 from jmolmo/topolvm_node

CSI Node daemonset
openshift · Dec 20, 2021 · 24656b7 · 24656b7
2 parents 5be517e + 19f72a2
commit 24656b7
Show file tree

Hide file tree

Showing 9 changed files with 480 additions and 1 deletion.
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -13,6 +13,11 @@ resources:
 - topolvm_controller_service_account.yaml
 - topolvm_controller_role.yaml
 - topolvm_controller_role_bindings.yaml
+# topolvm-node rbac
+- topolvm_node_service_account.yaml
+- topolvm_node_scc.yaml
+- topolvm_node_role.yaml
+- topolvm_node_role_bindings.yaml
 # Comment the following 4 lines if you want to disable
 # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
 # which protects your /metrics endpoint.

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -6,6 +6,17 @@ metadata:
   creationTimestamp: null
   name: manager-role
 rules:
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - update
+  - watch
 - apiGroups:
   - apps
   resources:

diff --git a/config/rbac/topolvm_node_role.yaml b/config/rbac/topolvm_node_role.yaml
@@ -0,0 +1,45 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: topolvm-node
+rules:
+- apiGroups:
+    - ""
+  resources:
+    - nodes
+  verbs:
+    - get
+    - list
+    - watch
+    - update
+    - patch
+- apiGroups:
+    - topolvm.cybozu.com
+  resources:
+    - logicalvolumes
+    - logicalvolumes/status
+  verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+    - patch
+- apiGroups:
+    - storage.k8s.io
+  resources:
+    - csidrivers
+  verbs:
+    - get
+    - list
+    - watch
+- apiGroups:
+    - security.openshift.io
+  resources:
+    - securitycontextconstraints
+  verbs:
+    - use
+  resourceNames:
+    - privileged
+    #- topolvm-node TODO: this scc (topolvm-node) does not provide all the rights needed .. why?
diff --git a/config/rbac/topolvm_node_role_bindings.yaml b/config/rbac/topolvm_node_role_bindings.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: topolvm-node
+subjects:
+  - kind: ServiceAccount
+    name: topolvm-node
+    namespace: system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: topolvm-node
+
diff --git a/config/rbac/topolvm_node_service_account.yaml b/config/rbac/topolvm_node_service_account.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: topolvm-node
+  namespace: system
diff --git a/controllers/defaults.go b/controllers/defaults.go
@@ -74,6 +74,21 @@ var (
 	// CSI Provisioner requires below environment values to make use of CSIStorageCapacity
 	PodNameEnv   = "POD_NAME"
 	NameSpaceEnv = "NAMESPACE"
+
+	// topoLVM Node
+	TopolvmNodeServiceAccount       = "topolvm-node"
+	TopolvmNodeDaemonsetName        = "topolvm-node"
+	CSIKubeletRootDir               = "/var/lib/kubelet/"
+	NodeContainerName               = "topolvm-node"
+	TopolvmNodeContainerHealthzName = "healthz"
+	auxImage                        = "registry.access.redhat.com/ubi8/ubi-minimal"
+	lvmdConfigFile                  = "/etc/topolvm/lvmd.yaml"
+
+	// topoLVM Node resource requests/limits
+	TopolvmNodeMemRequest = "250Mi"
+	TopolvmNodeMemLimit   = "250Mi"
+	TopolvmNodeCPURequest = "250m"
+	TopolvmNodeCPULimit   = "250m"
 )
 
 func GetEnvOrDefault(env string) string {

diff --git a/controllers/lvmcluster_controller.go b/controllers/lvmcluster_controller.go
@@ -99,6 +99,7 @@ func (r *LVMClusterReconciler) reconcile(ctx context.Context, instance *lvmv1alp
 	resourceList := []resourceManager{
 		&csiDriver{},
 		&topolvmController{},
+		&topolvmNode{},
 	}
 
 	//The resource was deleted

diff --git a/controllers/lvmcluster_controller_test.go b/controllers/lvmcluster_controller_test.go
@@ -56,6 +56,10 @@ var _ = Describe("LVMCluster controller", func() {
 	controllerName := types.NamespacedName{Name: TopolvmControllerDeploymentName, Namespace: testLvmClusterNamespace}
 	controllerOut := &appsv1.Deployment{}
 
+	// CSI Node resource
+	csiNodeName := types.NamespacedName{Namespace: testLvmClusterNamespace, Name: TopolvmNodeDaemonsetName}
+	csiNodeOut := &appsv1.DaemonSet{}
+
 	Context("Reconciliation on creating an LVMCluster CR", func() {
 		It("should reconcile LVMCluster CR creation, ", func() {
 			By("verifying CR status.Ready is set to true on reconciliation")
@@ -81,6 +85,12 @@ var _ = Describe("LVMCluster controller", func() {
 				err := k8sClient.Get(ctx, controllerName, controllerOut)
 				return err == nil
 			}, timeout, interval).Should(BeTrue())
+
+			By("confirming the existence of CSI Node resource")
+			Eventually(func() bool {
+				err := k8sClient.Get(ctx, csiNodeName, csiNodeOut)
+				return err == nil
+			}, timeout, interval).Should(BeTrue())
 		})
 	})
 
@@ -100,13 +110,18 @@ var _ = Describe("LVMCluster controller", func() {
 				return errors.IsNotFound(err)
 			}, timeout, interval).Should(BeTrue())
 
-			// auto deletion of Topolvm Controller deployment based on CR deletion
 			By("confirming absence of Topolvm Controller Deployment")
 			Eventually(func() bool {
 				err := k8sClient.Get(ctx, controllerName, controllerOut)
 				return errors.IsNotFound(err)
 			}, timeout, interval).Should(BeTrue())
 
+			By("confirming absence of CSI Node Resource")
+			Eventually(func() bool {
+				err := k8sClient.Get(ctx, csiNodeName, csiNodeOut)
+				return errors.IsNotFound(err)
+			}, timeout, interval).Should(BeTrue())
+
 			By("confirming absence of LVMCluster CR")
 			Eventually(func() bool {
 				err := k8sClient.Get(ctx, lvmClusterName, lvmClusterOut)