apiVersion: v1 kind: Namespace metadata: name: local-storage-provider labels: workload.edge.ncr.com: platform platform.edge.ncr.com/component: rancher-local-storage annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: local-storage-provider pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: local-path labels: platform.edge.ncr.com/component: rancher-local-storage annotations: defaultVolumeType: local storageclass.kubernetes.io/is-default-class: "true" pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: local-storage-provider pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a provisioner: rancher.io/local-path reclaimPolicy: Delete volumeBindingMode: WaitForFirstConsumer --- apiVersion: v1 kind: ServiceAccount metadata: name: local-path-provisioner-service-account namespace: local-storage-provider labels: platform.edge.ncr.com/component: rancher-local-storage annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: local-storage-provider pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: local-path-provisioner-role labels: platform.edge.ncr.com/component: rancher-local-storage annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: local-storage-provider pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a rules: - resources: - nodes - persistentvolumeclaims - configmaps apiGroups: - "" verbs: - get - list - watch - resources: - endpoints - persistentvolumes - pods apiGroups: - "" verbs: - '*' - resources: - events apiGroups: - "" verbs: - create - patch - resources: - storageclasses apiGroups: - storage.k8s.io verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: local-path-provisioner-bind labels: platform.edge.ncr.com/component: rancher-local-storage annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: local-storage-provider pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a roleRef: name: local-path-provisioner-role kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - name: local-path-provisioner-service-account namespace: local-storage-provider kind: ServiceAccount --- apiVersion: v1 kind: ConfigMap metadata: name: local-path-config namespace: local-storage-provider labels: platform.edge.ncr.com/component: rancher-local-storage annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: local-storage-provider pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a data: helperConfig.json: |- { "nodePathMap": [ { "node": "DEFAULT_PATH_FOR_NON_LISTED_NODES", "paths": [ "/mnt/k8s-local" ] } ] } helperPod.yaml: | apiVersion: v1 kind: Pod metadata: name: helper-pod namespace: local-storage-provider spec: containers: - name: helper-pod image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/local-path-provisioner-helper:v0.0.3 # TODO: automate build+push via bazel volumeMounts: - name: lvm-lock readOnly: false mountPath: /run/lock/lvm - name: host-devices readOnly: false mountPath: /dev - name: data mountPropagation: Bidirectional imagePullPolicy: IfNotPresent securityContext: capabilities: drop: - all privileged: true volumes: - name: host-devices hostPath: type: DirectoryOrCreate path: /dev - name: lvm-lock hostPath: type: DirectoryOrCreate path: /run/lock/lvm imagePullSecrets: - name: edge-docker-pull-secret setup: |- #!/bin/sh set -eu echo "Disabled udev in lvm config" sed -i -e 's/udev_rules.*/udev_rules = 0/' -e 's/udev_scan.*/udev_scan = 0/' /etc/lvm/lvm.conf mkdir -vp "$$VOL_DIR" pvcName=$$(basename "$$VOL_DIR") if ! [ -L "/dev/ien/$$pvcName" ]; then echo "Creating a new logical volume called $pvcName" lvcreate -v -V"$$VOL_SIZE_BYTES"b -T ien/lvthin -n "$$pvcName" else echo "Tried creating a new logical volume called $$pvcName but it already exists" fi vol_realp=$$(readlink -f "/dev/ien/$$pvcName") if ! findmnt --source "$$vol_realp" >/dev/null; then echo "Checking for Ext4 filesystem" if ! e2fsck -fvy /dev/ien/"$$pvcName"; then echo "Creating an Ext4 filesystem on a logical volume called $$pvcName" wipefs --all --force /dev/ien/"$$pvcName" mkfs.ext4 -v /dev/ien/"$$pvcName" fi tunePerc=1 echo "Setting ext4 reserved blocks in $${pvcName} to $${tunePerc}%" tune2fs -m"$$tunePerc" /dev/ien/"$$pvcName" mount -v /dev/ien/"$$pvcName" "$$VOL_DIR" else echo "$$pvcName is already mounted" fi echo "Shutting down linkerd-proxy" curl -X POST http://localhost:4191/shutdown || true teardown: |- #!/bin/sh set -eu echo "Disabled udev in lvm config" sed -i -e 's/udev_rules.*/udev_rules = 0/' -e 's/udev_scan.*/udev_scan = 0/' /etc/lvm/lvm.conf pvcName=$$(basename "$$VOL_DIR") vol_realp=$$(readlink -f "/dev/ien/$$pvcName") if ! findmnt --source "$$vol_realp" >/dev/null; then echo "$$pvcName has already been unmounted" else umount -v "$$VOL_DIR" fi rm -rfv "$$VOL_DIR" if [ -L "/dev/ien/$$pvcName" ]; then echo "Removing logical volume called $$pvcName" lvremove -v -y /dev/ien/"$$pvcName" else echo "Logical volume called $$pvcName has already been removed" fi echo "Shutting down linkerd-proxy" curl -X POST http://localhost:4191/shutdown || true --- apiVersion: apps/v1 kind: Deployment metadata: name: local-path-provisioner namespace: local-storage-provider labels: platform.edge.ncr.com/component: rancher-local-storage annotations: pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: local-storage-provider pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: replicas: 1 selector: matchLabels: app: local-path-provisioner platform.edge.ncr.com/component: rancher-local-storage template: metadata: labels: app: local-path-provisioner platform.edge.ncr.com/component: rancher-local-storage annotations: rancher/local.storage.provisioner: "reprovision" pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: local-storage-provider pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: serviceAccountName: local-path-provisioner-service-account containers: - name: local-path-provisioner image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/thirdparty/rancher/local-path-provisioner@sha256:4e56dad0fbb7fb06c41eb282bbdc591869d3b3ce9880a97dfa64608cf842fd86 command: - local-path-provisioner - --debug - start - --config - /etc/config/config.json env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: config-volume mountPath: /etc/config/ imagePullPolicy: IfNotPresent volumes: - name: config-volume configMap: name: local-path-config