Skip to content

PVC mount support #462

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bacongobbler merged 1 commit into from
Feb 1, 2021
Merged

PVC mount support #462

bacongobbler merged 1 commit into from
Feb 1, 2021

Conversation

@bacongobbler
Copy link
Collaborator

@bacongobbler bacongobbler commented Nov 30, 2020
edited
Loading

Adds support for mounting PersistentVolumeClaims to a Pod via the Container Storage Interface.

Closes #182

@bacongobbler bacongobbler force-pushed the pvc-mount-support branch 7 times, most recently from 42c0fb5 to ee2dcdf Compare January 12, 2021 22:57
@bacongobbler bacongobbler marked this pull request as ready for review January 12, 2021 23:17
@bacongobbler
Copy link
Collaborator Author

bacongobbler commented Jan 20, 2021
edited
Loading

I got everything working here according to the CSI examples. I DO NOT expect anyone else to be able to reproduce the same environment, but if you want to try giving it a whirl... Here goes:

  1. compile the following projects from HEAD, and move them into your PATH:
    a. https://github.com/kubernetes-csi/csi-driver-host-path
    b. https://github.com/kubernetes-csi/node-driver-registrar
    c. https://github.com/kubernetes-csi/external-provisioner

  2. In separate terminals spawn the following:

# hostpathplugin will need root permissions to execute 'mount'
# change your node ID to the name of your Krustlet node. In my case it's 'ultralisk'
./hostpathplugin --nodeid ultralisk --endpoint unix://csi/csi.sock -v 5
./csi-node-driver-registrar --csi-address /csi/csi.sock --kubelet-registration-path /csi/csi.sock --plugin-registration-path ~/.krustlet/plugins
./csi-provisioner --csi-address /csi/csi.sock --kubeconfig ~/.kube/config
  1. Start Krustlet. Approve the bootstrap TLS certificate.
  2. Create the storage class: kubectl create -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-host-path/master/examples/csi-storageclass.yaml
  3. Create the PVC: kubectl create -f https://raw.githubusercontent.com/kubernetes-csi/csi-driver-host-path/master/examples/csi-pvc.yaml
  4. Create the modified k8s.yaml example in demos/wasi

@bacongobbler
Copy link
Collaborator Author

bacongobbler commented Jan 20, 2021

Note: this is blocked until kflansburg/k8s-csi#1 is merged and a new version of k8s-csi is released, as it will not compile until it's been re-compiled against tonic 0.3. I've pointed Krustlet at a temporary fork for the time being.

thomastaylor312
thomastaylor312 requested changes Jan 25, 2021
View reviewed changes
Copy link
Member

@thomastaylor312 thomastaylor312 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is looking pretty good! We definitely should document all the steps required (basically at least the components needed) and a bug "THIS IS VERY ALPHA" label somewhere

kflansburg
kflansburg reviewed Jan 25, 2021
View reviewed changes
Copy link
Collaborator

@kflansburg kflansburg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand this enough to approve but had some comments.

itowlson
itowlson suggested changes Jan 26, 2021
View reviewed changes
Copy link
Contributor

@itowlson itowlson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have basically no idea whether this is right or wrong, but I sure do have a lot of opinions about how to organise code I don't understand!

@bacongobbler bacongobbler force-pushed the pvc-mount-support branch 14 times, most recently from 894c7ca to 8559b4b Compare January 28, 2021 17:10
@bacongobbler bacongobbler force-pushed the pvc-mount-support branch 3 times, most recently from bb4a0ca to 638031b Compare January 28, 2021 17:15
thomastaylor312
thomastaylor312 requested changes Jan 28, 2021
View reviewed changes
Copy link
Member

@thomastaylor312 thomastaylor312 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Docs look really good. I realized we were missing some things this second go around

thomastaylor312 added a commit to thomastaylor312/node-driver-registrar that referenced this pull request Jan 28, 2021
@thomastaylor312
feat(util): Allows building for darwin targets
083d5ab 
This is a simple change that allows the registrar to be built for MacOS.
All of the `unix` package being used works for Mac as well. The reason for
enabling this is completely selfish I'll admit. We are adding
[CSI Support](krustlet/krustlet#462) to the Krustlet
project, which supports Mac as well. As most CSI implementations don't support
registering themselves with the Kubelet directly, we wanted to unblock any
users to need to register their plugins with a Krustlet Kubelet. This change
shouldn't affect normal container-based usage of the registrar
@thomastaylor312 thomastaylor312 mentioned this pull request Jan 28, 2021
Merged
@bacongobbler bacongobbler force-pushed the pvc-mount-support branch 9 times, most recently from 480dd32 to 9acdac1 Compare January 28, 2021 22:44
@thomastaylor312
Copy link
Member

thomastaylor312 commented Jan 28, 2021

Looks like the doc tests are failing @bacongobbler. I also am seeing a lot of clippy errors, but I can fix those later

@bacongobbler
Copy link
Collaborator Author

bacongobbler commented Jan 29, 2021
edited
Loading

Oh yeah I see that. Never run the doc tests locally... My laptop is having a hard enough time as it is with just cargo build lol. Will fix those right up!

Thanks for catching the clippy errors as well.

@thomastaylor312
Copy link
Member

thomastaylor312 commented Jan 29, 2021

One last doc add I just thought of. In some clusters, the system:nodes group doesn't have access to read StorageClass objects. So if the Pod is erroring saying that the kubelet doesn't have access, you'll have to create the following cluster role and role binding to allow the nodes group to access them:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: storageclass-reader
rules:
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: node-storageclass-reader
subjects:
  - kind: Group
    name: system:nodes
    apiGroup: rbac.authorization.k8s.io
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: storageclass-reader

PVC mount support
e42772c 
Signed-off-by: Matthew Fisher <matt.fisher@microsoft.com>
@bacongobbler
Copy link
Collaborator Author

bacongobbler commented Jan 29, 2021

Good call. I just added it to the HOWTO doc as an addendum. Let me know if you'd like me to make further changes/tweaks there.

@bacongobbler
Copy link
Collaborator Author

bacongobbler commented Feb 1, 2021

Thanks @thomastaylor312!

@itowlson are there any further changes you'd like me to address here?

itowlson
itowlson approved these changes Feb 1, 2021
View reviewed changes
Copy link
Contributor

@itowlson itowlson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bacongobbler bacongobbler merged commit b720389 into krustlet:master Feb 1, 2021
@bacongobbler bacongobbler deleted the pvc-mount-support branch February 1, 2021 19:46
thomastaylor312 added a commit to thomastaylor312/node-driver-registrar that referenced this pull request Aug 3, 2021
@thomastaylor312
feat(util): Allows building for darwin targets
24a855e 
This is a simple change that allows the registrar to be built for MacOS.
All of the `unix` package being used works for Mac as well. The reason for
enabling this is completely selfish I'll admit. We are adding
[CSI Support](krustlet/krustlet#462) to the Krustlet
project, which supports Mac as well. As most CSI implementations don't support
registering themselves with the Kubelet directly, we wanted to unblock any
users to need to register their plugins with a Krustlet Kubelet. This change
shouldn't affect normal container-based usage of the registrar
thomastaylor312 added a commit to thomastaylor312/node-driver-registrar that referenced this pull request Aug 4, 2021
@thomastaylor312
feat(util): Allows building for darwin targets
9d1ccf4 
This is a simple change that allows the registrar to be built for MacOS.
All of the `unix` package being used works for Mac as well. The reason for
enabling this is completely selfish I'll admit. We are adding
[CSI Support](krustlet/krustlet#462) to the Krustlet
project, which supports Mac as well. As most CSI implementations don't support
registering themselves with the Kubelet directly, we wanted to unblock any
users to need to register their plugins with a Krustlet Kubelet. This change
shouldn't affect normal container-based usage of the registrar
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kflansburg kflansburg kflansburg left review comments

@thomastaylor312 thomastaylor312 thomastaylor312 approved these changes

+1 more reviewer

@itowlson itowlson itowlson approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

How should Krustlet handle the Container Storage Interface?

4 participants

@bacongobbler @thomastaylor312 @itowlson @kflansburg