diff --git a/nextcloud/samba.yaml b/nextcloud/samba.yaml index 92f0b04..40ece0d 100644 --- a/nextcloud/samba.yaml +++ b/nextcloud/samba.yaml @@ -3,20 +3,13 @@ kind: StorageClass metadata: name: smb-nextcloud provisioner: smb.csi.k8s.io -parameters: - source: //samba.fileserver.svc.k8s.undercloud.local./data - # if csi.storage.k8s.io/provisioner-secret is provided, will create a sub directory - # with PV name under source - csi.storage.k8s.io/provisioner-secret-name: fileserver-smb-account - csi.storage.k8s.io/provisioner-secret-namespace: fileserver - csi.storage.k8s.io/node-stage-secret-name: fileserver-smb-account - csi.storage.k8s.io/node-stage-secret-namespace: fileserver -reclaimPolicy: Delete # available values: Delete, Retain +reclaimPolicy: Retain volumeBindingMode: Immediate -allowVolumeExpansion: true +allowVolumeExpansion: false mountOptions: - - dir_mode=0777 - - file_mode=0777 + - vers=3.0 + - dir_mode=0770 + - file_mode=0660 - uid=1001 - gid=1001 --- @@ -28,14 +21,13 @@ metadata: type: Opaque stringData: username: samba - domain: "" -data: - password: dGhpc2lzbXlzZWN1cmVMREFQUFdzYW1iYQ== + password: "1thisismySECURELDAPPWsamba" + domain: UNDERCLOUD --- apiVersion: v1 kind: PersistentVolume metadata: - name: music-nextcloud + name: nextcloud-data-pv spec: storageClassName: smb-nextcloud capacity: @@ -44,15 +36,18 @@ spec: - ReadWriteMany persistentVolumeReclaimPolicy: Retain mountOptions: - - dir_mode=0777 - - file_mode=0777 - vers=3.0 + - dir_mode=0770 + - file_mode=0660 + - uid=1001 + - gid=1001 csi: driver: smb.csi.k8s.io readOnly: false - volumeHandle: nextcloud-music # make sure it's a unique id in the cluster + volumeHandle: files.undercloud.local#data#data volumeAttributes: - source: "//samba.fileserver.svc.k8s.undercloud.local/music" + source: "//files.undercloud.local/data" + subDir: "data" nodeStageSecretRef: name: fileserver-smb-account namespace: nextcloud @@ -60,7 +55,7 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: movies-nextcloud + name: nextcloud-music-pv spec: storageClassName: smb-nextcloud capacity: @@ -69,15 +64,18 @@ spec: - ReadWriteMany persistentVolumeReclaimPolicy: Retain mountOptions: - - dir_mode=0777 - - file_mode=0777 - vers=3.0 + - dir_mode=0770 + - file_mode=0660 + - uid=1001 + - gid=1001 csi: driver: smb.csi.k8s.io readOnly: false - volumeHandle: nextcloud-movies # make sure it's a unique id in the cluster + volumeHandle: files.undercloud.local#music#data volumeAttributes: - source: "//samba.fileserver.svc.k8s.undercloud.local/movies" + source: "//files.undercloud.local/data" + subDir: "music" nodeStageSecretRef: name: fileserver-smb-account namespace: nextcloud @@ -85,7 +83,7 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: tvshows-nextcloud + name: nextcloud-movies-pv spec: storageClassName: smb-nextcloud capacity: @@ -94,15 +92,18 @@ spec: - ReadWriteMany persistentVolumeReclaimPolicy: Retain mountOptions: - - dir_mode=0777 - - file_mode=0777 - vers=3.0 + - dir_mode=0770 + - file_mode=0660 + - uid=1001 + - gid=1001 csi: driver: smb.csi.k8s.io readOnly: false - volumeHandle: nextcloud-tvshows # make sure it's a unique id in the cluster + volumeHandle: files.undercloud.local#movies#data volumeAttributes: - source: "//samba.fileserver.svc.k8s.undercloud.local/tvshows" + source: "//files.undercloud.local/data" + subDir: "movies" nodeStageSecretRef: name: fileserver-smb-account namespace: nextcloud @@ -110,7 +111,7 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: data-nextcloud + name: nextcloud-tvshows-pv spec: storageClassName: smb-nextcloud capacity: @@ -119,63 +120,24 @@ spec: - ReadWriteMany persistentVolumeReclaimPolicy: Retain mountOptions: - - dir_mode=0777 - - file_mode=0777 - vers=3.0 + - dir_mode=0770 + - file_mode=0660 + - uid=1001 + - gid=1001 csi: driver: smb.csi.k8s.io readOnly: false - volumeHandle: nextcloud-data # make sure it's a unique id in the cluster + volumeHandle: files.undercloud.local#tvshows#data volumeAttributes: - source: "//samba.fileserver.svc.k8s.undercloud.local/data" + source: "//files.undercloud.local/data" + subDir: "tvshows" nodeStageSecretRef: name: fileserver-smb-account namespace: nextcloud --- -kind: PersistentVolumeClaim apiVersion: v1 -metadata: - name: music - namespace: nextcloud -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 30Gi - volumeName: music-nextcloud - storageClassName: smb-nextcloud ---- kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: movies - namespace: nextcloud -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 30Gi - volumeName: movies-nextcloud - storageClassName: smb-nextcloud ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: tvshows - namespace: nextcloud -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 30Gi - volumeName: tvshows-nextcloud - storageClassName: smb-nextcloud ---- -kind: PersistentVolumeClaim -apiVersion: v1 metadata: name: data namespace: nextcloud @@ -185,5 +147,47 @@ spec: resources: requests: storage: 30Gi - volumeName: data-nextcloud + volumeName: nextcloud-data-pv + storageClassName: smb-nextcloud +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: music + namespace: nextcloud +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 30Gi + volumeName: nextcloud-music-pv + storageClassName: smb-nextcloud +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: movies + namespace: nextcloud +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 30Gi + volumeName: nextcloud-movies-pv + storageClassName: smb-nextcloud +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: tvshows + namespace: nextcloud +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 30Gi + volumeName: nextcloud-tvshows-pv storageClassName: smb-nextcloud \ No newline at end of file diff --git a/samba-files/csi-driver.yaml b/samba-files/csi-driver.yaml new file mode 100644 index 0000000..c81533a --- /dev/null +++ b/samba-files/csi-driver.yaml @@ -0,0 +1,7 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: smb.csi.k8s.io +spec: + attachRequired: false + podInfoOnMount: true \ No newline at end of file diff --git a/samba-files/csi-smb-controller.yaml b/samba-files/csi-smb-controller.yaml new file mode 100644 index 0000000..9b42d40 --- /dev/null +++ b/samba-files/csi-smb-controller.yaml @@ -0,0 +1,108 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: csi-smb-controller + namespace: samba-files +spec: + replicas: 1 + selector: + matchLabels: + app: csi-smb-controller + template: + metadata: + labels: + app: csi-smb-controller + spec: + dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst + serviceAccountName: csi-smb-controller-sa + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/controlplane" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + containers: + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.2.0 + args: + - "-v=2" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--leader-election-namespace=kube-system" + - "--extra-create-metadata=true" + env: + - name: ADDRESS + value: /csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir + #resources: + # limits: + # cpu: 1 + # memory: 300Mi + # requests: + # cpu: 10m + # memory: 20Mi + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.7.0 + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --health-port=29642 + - --v=2 + volumeMounts: + - name: socket-dir + mountPath: /csi + #resources: + # limits: + # cpu: 1 + # memory: 100Mi + # requests: + # cpu: 10m + # memory: 20Mi + - name: smb + image: registry.k8s.io/sig-storage/smbplugin:v1.9.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + - "--metrics-address=0.0.0.0:29644" + ports: + - containerPort: 29642 + name: healthz + protocol: TCP + - containerPort: 29644 + name: metrics + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + #resources: + # limits: + # memory: 200Mi + # requests: + # cpu: 10m + # memory: 20Mi + volumes: + - name: socket-dir + emptyDir: {} \ No newline at end of file diff --git a/samba-files/csi-smb-node.yaml b/samba-files/csi-smb-node.yaml new file mode 100644 index 0000000..534ad87 --- /dev/null +++ b/samba-files/csi-smb-node.yaml @@ -0,0 +1,128 @@ +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-smb-node + namespace: samba-files +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: csi-smb-node + template: + metadata: + labels: + app: csi-smb-node + spec: + hostNetwork: true + dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst + serviceAccountName: csi-smb-node-sa + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + tolerations: + - operator: "Exists" + containers: + - name: liveness-probe + volumeMounts: + - mountPath: /csi + name: socket-dir + image: registry.k8s.io/sig-storage/livenessprobe:v2.7.0 + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --health-port=29643 + - --v=2 + #resources: + # limits: + # memory: 100Mi + # requests: + # cpu: 10m + # memory: 20Mi + - name: node-driver-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1 + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v=2 + livenessProbe: + exec: + command: + - /csi-node-driver-registrar + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --mode=kubelet-registration-probe + initialDelaySeconds: 30 + timeoutSeconds: 15 + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/smb.csi.k8s.io/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + #resources: + #limits: + # memory: 100Mi + #requests: + # cpu: 10m + # memory: 20Mi + - name: smb + image: registry.k8s.io/sig-storage/smbplugin:v1.9.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + - "--nodeid=$(KUBE_NODE_NAME)" + - "--metrics-address=0.0.0.0:29645" + ports: + - containerPort: 29643 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /var/lib/kubelet/ + mountPropagation: Bidirectional + name: mountpoint-dir + #resources: + # limits: + # memory: 200Mi + # requests: + # cpu: 10m + # memory: 20Mi + volumes: + - hostPath: + path: /var/lib/kubelet/plugins/smb.csi.k8s.io + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: /var/lib/kubelet/ + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + name: registration-dir diff --git a/samba-files/csi-smb-rbac.yaml b/samba-files/csi-smb-rbac.yaml new file mode 100644 index 0000000..d37158c --- /dev/null +++ b/samba-files/csi-smb-rbac.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-smb-controller-sa + namespace: samba-files +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-smb-node-sa + namespace: samba-files +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: smb-external-provisioner-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: smb-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: csi-smb-controller-sa + namespace: samba-files +roleRef: + kind: ClusterRole + name: smb-external-provisioner-role + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/samba-files/samba-fileserver.yaml b/samba-files/samba-fileserver.yaml index af77b56..5f04cb1 100644 --- a/samba-files/samba-fileserver.yaml +++ b/samba-files/samba-fileserver.yaml @@ -219,6 +219,12 @@ spec: chgrp 'UNDERCLOUD\fileserver-access' /data || chgrp 21105 /data chmod 2770 /data + mkdir /data/mkdir + mkdir /data/data + mkdir /data/music + mkdir /data/movies + mkdir /data/tvshows + exec smbd --foreground --no-process-group --debug-stdout -d 3 volumeMounts: - name: samba-config