Skip to content

feat: Run Windows containers as host-process containers #1201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
andyzhangx merged 1 commit into from
Mar 23, 2022
Merged

feat: Run Windows containers as host-process containers #1201

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,9 @@ ALL_OSVERSIONS.windows := 1809 20H2 ltsc2022
ALL_OS_ARCH.windows = $(foreach arch, $(ALL_ARCH.windows), $(foreach osversion, ${ALL_OSVERSIONS.windows}, windows-${osversion}-${arch}))
ALL_OS_ARCH = $(foreach os, $(ALL_OS), ${ALL_OS_ARCH.${os}})

# If set to true Windows containers will run as HostProcessContainers
WINDOWS_USE_HOST_PROCESS_CONTAINERS ?= false

# The current context of image building
# The architecture of the image
ARCH ?= amd64
Expand Down Expand Up @@ -117,6 +120,7 @@ ifdef TEST_WINDOWS
helm install azuredisk-csi-driver charts/${CHART_VERSION}/azuredisk-csi-driver --namespace kube-system --wait --timeout=15m -v=5 --debug \
${E2E_HELM_OPTIONS} \
--set windows.enabled=true \
--set windows.useHostProcessContainers=${WINDOWS_USE_HOST_PROCESS_CONTAINERS} \
--set linux.enabled=false \
--set controller.replicas=1 \
--set controller.logLevel=6 \
Expand Down
5 changes: 3 additions & 2 deletions charts/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ The following table lists the configurable parameters of the latest Azure Disk C
| `controller.allowEmptyCloudConfig` | Whether allow running controller driver without cloud config | `false`
| `controller.replicas` | the replicas of csi-azuredisk-controller | `2` |
| `controller.metricsPort` | metrics port of csi-azuredisk-controller | `29604` |
| `controller.livenessProbe.healthPort ` | health check port for liveness probe | `29602` |
| `controller.livenessProbe.healthPort` | health check port for liveness probe | `29602` |
| `controller.runOnMaster` | run csi-azuredisk-controller on master node | `false` |
| `controller.logLevel` | controller driver log level |`5` |
| `controller.tolerations` | controller pod tolerations | |
Expand Down Expand Up @@ -186,7 +186,7 @@ The following table lists the configurable parameters of the latest Azure Disk C
| `node.allowEmptyCloudConfig` | Whether allow running node driver without cloud config | `true`
| `node.maxUnavailable` | `maxUnavailable` value of driver node daemonset | `1`
| `node.metricsPort` | metrics port of csi-azuredisk-node |`29605` |
| `node.livenessProbe.healthPort ` | health check port for liveness probe | `29603` |
| `node.livenessProbe.healthPort` | health check port for liveness probe | `29603` |
| `node.logLevel` | node driver log level |`5` |
| `snapshot.enabled` | whether enable snapshot feature | `false` |
| `snapshot.image.csiSnapshotter.repository` | csi-snapshotter docker image | `/oss/kubernetes-csi/csi-snapshotter` |
Expand Down Expand Up @@ -230,6 +230,7 @@ The following table lists the configurable parameters of the latest Azure Disk C
| `windows.resources.azuredisk.limits.memory` | azuredisk memory limits | 200Mi |
| `windows.resources.azuredisk.requests.cpu` | azuredisk cpu requests | 10m |
| `windows.resources.azuredisk.requests.memory` | azuredisk memory requests | 40Mi |
| `windows.useHostProcessContainers` | use HostProcessContainers for deployment | false |
| `cloud` | cloud environment driver is running on | `AzurePublicCloud` |

---
Expand Down
Binary file modified charts/latest/azuredisk-csi-driver-v1.14.0.tgz
View file
Open in desktop
Binary file not shown.
163 changes: 163 additions & 0 deletions charts/latest/azuredisk-csi-driver/templates/csi-azuredisk-node-windows-hostprocess.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,163 @@
{{- if and (.Values.windows.enabled) (eq .Values.windows.useHostProcessContainers true) }}
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ .Values.windows.dsName }}
namespace: {{ .Release.Namespace }}
{{ include "azuredisk.labels" . | indent 2 }}
spec:
updateStrategy:
rollingUpdate:
maxUnavailable: {{ .Values.node.maxUnavailable }}
type: RollingUpdate
selector:
matchLabels:
app: {{ .Values.windows.dsName }}
template:
metadata:
{{ include "azuredisk.labels" . | indent 6 }}
app: {{ .Values.windows.dsName }}
{{- with .Values.windows.podLabels }}
{{ toYaml . | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.serviceAccount.node }}
{{- with .Values.windows.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
nodeSelector:
kubernetes.io/os: windows
affinity:
nodeAffinity:
{{ toYaml .Values.windows.nodeAffinity | indent 10 }}
priorityClassName: system-node-critical
{{- include "azuredisk.pullSecrets" . | indent 6 }}
securityContext:
windowsOptions:
hostProcess: true
runAsUserName: "NT AUTHORITY\\SYSTEM"
hostNetwork: true
initContainers:
Comment thread
andyzhangx marked this conversation as resolved.
- name: init
{{- if hasPrefix "/" .Values.image.azuredisk.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.azuredisk.repository }}:{{ .Values.image.azuredisk.tag }}"
{{- else }}
image: "{{ .Values.image.azuredisk.repository }}:{{ .Values.image.azuredisk.tag }}"
{{- end }}
imagePullPolicy: {{ .Values.image.azuredisk.pullPolicy }}
command:
- "powershell.exe"
- "-c"
- "New-Item"
- "-ItemType"
- "Directory"
- "-Path"
- "C:\\var\\lib\\kubelet\\plugins\\{{ .Values.driver.name }}\\"
- "-Force"
containers:
- name: liveness-probe
{{- if hasPrefix "/" .Values.image.livenessProbe.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
{{- else }}
image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
{{- end }}
command:
- "livenessprobe.exe"
args:
- "--csi-address=$(CSI_ENDPOINT)"
- "--probe-timeout=3s"
- "--health-port={{ .Values.node.livenessProbe.healthPort }}"
- "--v=2"
env:
- name: CSI_ENDPOINT
value: unix://C:\\var\\lib\\kubelet\\plugins\\{{ .Values.driver.name }}\\csi.sock
imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
- name: node-driver-registrar
{{- if hasPrefix "/" .Values.image.nodeDriverRegistrar.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
{{- else }}
image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}"
{{- end }}
command:
- "csi-node-driver-registrar.exe"
args:
- "--v=2"
- "--csi-address=$(CSI_ENDPOINT)"
- "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
- "--plugin-registration-path=$(PLUGIN_REG_DIR)"
livenessProbe:
exec:
command:
- csi-node-driver-registrar.exe
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --mode=kubelet-registration-probe
initialDelaySeconds: 60
timeoutSeconds: 30
env:
- name: CSI_ENDPOINT
value: unix://C:\\var\\lib\\kubelet\\plugins\\{{ .Values.driver.name }}\\csi.sock
- name: DRIVER_REG_SOCK_PATH
value: C:\\var\\lib\\kubelet\\plugins\\{{ .Values.driver.name }}\\csi.sock
- name: PLUGIN_REG_DIR
value: C:\\var\\lib\\kubelet\\plugins_registry\\
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }}
- name: azuredisk
{{- if hasPrefix "/" .Values.image.azuredisk.repository }}
image: "{{ .Values.image.baseRepo }}{{ .Values.image.azuredisk.repository }}:{{ .Values.image.azuredisk.tag }}"
{{- else }}
image: "{{ .Values.image.azuredisk.repository }}:{{ .Values.image.azuredisk.tag }}"
{{- end }}
command:
- "azurediskplugin.exe"
args:
- "--v={{ .Values.node.logLevel }}"
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
- "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}"
- "--drivername={{ .Values.driver.name }}"
- "--volume-attach-limit={{ .Values.driver.volumeAttachLimit }}"
- "--cloud-config-secret-name={{ .Values.node.cloudConfigSecretName }}"
- "--cloud-config-secret-namespace={{ .Values.node.cloudConfigSecretNamespace }}"
- "--custom-user-agent={{ .Values.driver.customUserAgent }}"
- "--user-agent-suffix={{ .Values.driver.userAgentSuffix }}"
- "--allow-empty-cloud-config={{ .Values.node.allowEmptyCloudConfig }}"
- "--support-zone={{ .Values.node.supportZone }}"
ports:
- containerPort: {{ .Values.node.livenessProbe.healthPort }}
name: healthz
protocol: TCP
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 30
timeoutSeconds: 10
periodSeconds: 30
env:
- name: AZURE_CREDENTIAL_FILE
valueFrom:
configMapKeyRef:
name: azure-cred-file
key: path-windows
optional: true
- name: CSI_ENDPOINT
value: unix://C:\\var\\lib\\kubelet\\plugins\\{{ .Values.driver.name }}\\csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: AZURE_GO_SDK_LOG_LEVEL
value: {{ .Values.driver.azureGoSDKLogLevel }}
{{- if eq .Values.cloud "AzureStackCloud" }}
- name: AZURE_ENVIRONMENT_FILEPATH
value: C:\k\azurestackcloud.json
{{- end }}
imagePullPolicy: {{ .Values.image.azuredisk.pullPolicy }}
{{- end -}}
2 changes: 1 addition & 1 deletion charts/latest/azuredisk-csi-driver/templates/csi-azuredisk-node-windows.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if .Values.windows.enabled}}
{{- if and (.Values.windows.enabled) (ne .Values.windows.useHostProcessContainers true) }}
kind: DaemonSet
apiVersion: apps/v1
metadata:
Expand Down
4 changes: 4 additions & 0 deletions charts/latest/azuredisk-csi-driver/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,9 @@ controller:
- key: "node-role.kubernetes.io/controlplane"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
hostNetwork: true # this setting could be disabled if controller does not depend on MSI setting
podLabels: {}
resources:
Expand Down Expand Up @@ -218,6 +221,7 @@ windows:
requests:
cpu: 10m
memory: 40Mi
useHostProcessContainers: false

cloud: AzurePublicCloud

Expand Down
3 changes: 3 additions & 0 deletions deploy/csi-azuredisk-controller.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ spec:
- key: "node-role.kubernetes.io/controlplane"
operator: "Exists"
effect: "NoSchedule"
- key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
effect: "NoSchedule"
containers:
- name: csi-provisioner
image: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner:v3.1.0
Expand Down
132 changes: 132 additions & 0 deletions deploy/csi-azuredisk-node-windows-hostprocess.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: csi-azuredisk-node-win
namespace: kube-system
spec:
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app: csi-azuredisk-node-win
template:
metadata:
labels:
app: csi-azuredisk-node-win
spec:
serviceAccountName: csi-azuredisk-node-sa
tolerations:
- key: "node.kubernetes.io/os"
operator: "Exists"
effect: "NoSchedule"
nodeSelector:
kubernetes.io/os: windows
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
priorityClassName: system-node-critical
securityContext:
windowsOptions:
hostProcess: true
runAsUserName: "NT AUTHORITY\\SYSTEM"
hostNetwork: true
initContainers:
- name: init
image: mcr.microsoft.com/k8s/csi/azuredisk-csi:latest
imagePullPolicy: IfNotPresent
command:
- "powershell.exe"
- "-c"
- "New-Item"
- "-ItemType"
- "Directory"
- "-Path"
- "C:\\var\\lib\\kubelet\\plugins\\disk.csi.azure.com\\"
- "-Force"
containers:
- name: liveness-probe
image: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.5.0
command:
- "livenessprobe.exe"
args:
- "--csi-address=$(CSI_ENDPOINT)"
- "--probe-timeout=3s"
- "--health-port=29603"
- "--v=2"
env:
- name: CSI_ENDPOINT
value: unix://C:\\var\\lib\\kubelet\\plugins\\disk.csi.azure.com\\csi.sock
- name: node-driver-registrar
image: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.4.0
command:
- "csi-node-driver-registrar.exe"
args:
- "--v=2"
- "--csi-address=$(CSI_ENDPOINT)"
- "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
- "--plugin-registration-path=$(PLUGIN_REG_DIR)"
livenessProbe:
exec:
command:
- csi-node-driver-registrar.exe
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --mode=kubelet-registration-probe
initialDelaySeconds: 60
timeoutSeconds: 30
env:
- name: CSI_ENDPOINT
value: unix://C:\\var\\lib\\kubelet\\plugins\\disk.csi.azure.com\\csi.sock
- name: DRIVER_REG_SOCK_PATH
value: C:\\var\\lib\\kubelet\\plugins\\disk.csi.azure.com\\csi.sock
- name: PLUGIN_REG_DIR
value: C:\\var\\lib\\kubelet\\plugins_registry\\
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: azuredisk
image: mcr.microsoft.com/k8s/csi/azuredisk-csi:latest
imagePullPolicy: IfNotPresent
command:
- "azurediskplugin.exe"
args:
- "--v=5"
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
- "--metrics-address=0.0.0.0:29605"
- "--allow-empty-cloud-config=true"
ports:
- containerPort: 29603
name: healthz
protocol: TCP
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 30
timeoutSeconds: 10
periodSeconds: 30
env:
- name: AZURE_CREDENTIAL_FILE
valueFrom:
configMapKeyRef:
name: azure-cred-file
key: path-windows
optional: true
- name: CSI_ENDPOINT
value: unix://C:\\var\\lib\\kubelet\\plugins\\disk.csi.azure.com\\csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
6 changes: 5 additions & 1 deletion deploy/install-driver.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,11 @@ kubectl apply -f $repo/csi-azuredisk-driver.yaml
kubectl apply -f $repo/rbac-csi-azuredisk-controller.yaml
kubectl apply -f $repo/rbac-csi-azuredisk-node.yaml
kubectl apply -f $repo/csi-azuredisk-node.yaml
kubectl apply -f $repo/csi-azuredisk-node-windows.yaml
if [[ "${WINDOWS_USE_HOST_PROCESS_CONTAINERS:=false}" == "true" ]]; then
kubectl apply -f $repo/csi-azuredisk-node-windows-hostprocess.yaml
else
kubectl apply -f $repo/csi-azuredisk-node-windows.yaml
fi
kubectl apply -f $repo/csi-azuredisk-controller.yaml

if [[ $ver == "v2"* ]]; then
Expand Down
Loading