k4mrul · December 19, 2023 09:31
diff --git a/nfs-ganesha-server.yaml b/nfs-ganesha-server.yaml
 ######## Source: https://github.com/kubernetes-sigs/nfs-ganesha-server-and-external-provisioner/tree/master
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: nfs-provisioner
 ---
 kind: Service
 apiVersion: v1
 metadata:
  name: nfs-provisioner
  labels:
    app: nfs-provisioner
 spec:
  ports:
    - name: nfs
      port: 2049
    - name: nfs-udp
      port: 2049
      protocol: UDP
    - name: nlockmgr
      port: 32803
    - name: nlockmgr-udp
      port: 32803
      protocol: UDP
    - name: mountd
      port: 20048
    - name: mountd-udp
      port: 20048
      protocol: UDP
    - name: rquotad
      port: 875
    - name: rquotad-udp
      port: 875
      protocol: UDP
    - name: rpcbind
      port: 111
    - name: rpcbind-udp
      port: 111
      protocol: UDP
    - name: statd
      port: 662
    - name: statd-udp
      port: 662
      protocol: UDP
  selector:
    app: nfs-provisioner
 ---
 kind: Deployment
 apiVersion: apps/v1
 metadata:
  name: nfs-provisioner
 spec:
  selector:
    matchLabels:
      app: nfs-provisioner
  replicas: 1
  strategy:
    type: Recreate 
  template:
    metadata:
      labels:
        app: nfs-provisioner
    spec:
      serviceAccount: nfs-provisioner
      containers:
        - name: nfs-provisioner
          image: registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8
          ports:
            - name: nfs
              containerPort: 2049
            - name: nfs-udp
              containerPort: 2049
              protocol: UDP
            - name: nlockmgr
              containerPort: 32803
            - name: nlockmgr-udp
              containerPort: 32803
              protocol: UDP
            - name: mountd
              containerPort: 20048
            - name: mountd-udp
              containerPort: 20048
              protocol: UDP
            - name: rquotad
              containerPort: 875
            - name: rquotad-udp
              containerPort: 875
              protocol: UDP
            - name: rpcbind
              containerPort: 111
            - name: rpcbind-udp
              containerPort: 111
              protocol: UDP
            - name: statd
              containerPort: 662
            - name: statd-udp
              containerPort: 662
              protocol: UDP
          securityContext:
            capabilities:
              add:
                - DAC_READ_SEARCH
                - SYS_RESOURCE
          args:
            - "-provisioner=wedevs.com/nfs"
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: SERVICE_NAME
              value: nfs-provisioner
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          imagePullPolicy: "IfNotPresent"
          volumeMounts:
            - name: export-volume
              mountPath: /export
      volumes:
        - name: export-volume
          hostPath:
            path: /tmp/nfs-provisioner
      #     volumeMounts:
      #       - mountPath: /exports
      #         name: export-volume
      # volumes:
      #   - name: export-volume
      #     persistentVolumeClaim:
      #       claimName: nfs-pvc
 ---
 ######################################################
 ## RBAC Start
 ######################################################
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: nfs-provisioner-runner
 rules:
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "update", "patch"]
  - apiGroups: [""]
    resources: ["services", "endpoints"]
    verbs: ["get"]
  - apiGroups: ["extensions"]
    resources: ["podsecuritypolicies"]
    resourceNames: ["nfs-provisioner"]
    verbs: ["use"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: run-nfs-provisioner
 subjects:
  - kind: ServiceAccount
    name: nfs-provisioner
     # replace with namespace where provisioner is deployed
    namespace: default
 roleRef:
  kind: ClusterRole
  name: nfs-provisioner-runner
  apiGroup: rbac.authorization.k8s.io
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: leader-locking-nfs-provisioner
 rules:
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: leader-locking-nfs-provisioner
 subjects:
  - kind: ServiceAccount
    name: nfs-provisioner
    # replace with namespace where provisioner is deployed
    namespace: default
 roleRef:
  kind: Role
  name: leader-locking-nfs-provisioner
  apiGroup: rbac.authorization.k8s.io
 ######################################################
 ## RBAC END
 ######################################################
 ---
 kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
  name: wedevs-nfs
 provisioner: wedevs.com/nfs
 mountOptions:
  - vers=4.1
 ---
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: nfs
 spec:
  storageClassName: wedevs-nfs
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 500Mi
	######## Source: https://github.com/kubernetes-sigs/nfs-ganesha-server-and-external-provisioner/tree/master
	---
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: nfs-provisioner
	---
	kind: Service
	apiVersion: v1
	metadata:
	name: nfs-provisioner
	labels:
	app: nfs-provisioner
	spec:
	ports:
	- name: nfs
	port: 2049
	- name: nfs-udp
	port: 2049
	protocol: UDP
	- name: nlockmgr
	port: 32803
	- name: nlockmgr-udp
	port: 32803
	protocol: UDP
	- name: mountd
	port: 20048
	- name: mountd-udp
	port: 20048
	protocol: UDP
	- name: rquotad
	port: 875
	- name: rquotad-udp
	port: 875
	protocol: UDP
	- name: rpcbind
	port: 111
	- name: rpcbind-udp
	port: 111
	protocol: UDP
	- name: statd
	port: 662
	- name: statd-udp
	port: 662
	protocol: UDP
	selector:
	app: nfs-provisioner
	---
	kind: Deployment
	apiVersion: apps/v1
	metadata:
	name: nfs-provisioner
	spec:
	selector:
	matchLabels:
	app: nfs-provisioner
	replicas: 1
	strategy:
	type: Recreate
	template:
	metadata:
	labels:
	app: nfs-provisioner
	spec:
	serviceAccount: nfs-provisioner
	containers:
	- name: nfs-provisioner
	image: registry.k8s.io/sig-storage/nfs-provisioner:v4.0.8
	ports:
	- name: nfs
	containerPort: 2049
	- name: nfs-udp
	containerPort: 2049
	protocol: UDP
	- name: nlockmgr
	containerPort: 32803
	- name: nlockmgr-udp
	containerPort: 32803
	protocol: UDP
	- name: mountd
	containerPort: 20048
	- name: mountd-udp
	containerPort: 20048
	protocol: UDP
	- name: rquotad
	containerPort: 875
	- name: rquotad-udp
	containerPort: 875
	protocol: UDP
	- name: rpcbind
	containerPort: 111
	- name: rpcbind-udp
	containerPort: 111
	protocol: UDP
	- name: statd
	containerPort: 662
	- name: statd-udp
	containerPort: 662
	protocol: UDP
	securityContext:
	capabilities:
	add:
	- DAC_READ_SEARCH
	- SYS_RESOURCE
	args:
	- "-provisioner=wedevs.com/nfs"
	env:
	- name: POD_IP
	valueFrom:
	fieldRef:
	fieldPath: status.podIP
	- name: SERVICE_NAME
	value: nfs-provisioner
	- name: POD_NAMESPACE
	valueFrom:
	fieldRef:
	fieldPath: metadata.namespace
	imagePullPolicy: "IfNotPresent"
	volumeMounts:
	- name: export-volume
	mountPath: /export
	volumes:
	- name: export-volume
	hostPath:
	path: /tmp/nfs-provisioner
	# volumeMounts:
	# - mountPath: /exports
	# name: export-volume
	# volumes:
	# - name: export-volume
	# persistentVolumeClaim:
	# claimName: nfs-pvc
	---
	######################################################
	## RBAC Start
	######################################################
	kind: ClusterRole
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: nfs-provisioner-runner
	rules:
	- apiGroups: [""]
	resources: ["persistentvolumes"]
	verbs: ["get", "list", "watch", "create", "delete"]
	- apiGroups: [""]
	resources: ["persistentvolumeclaims"]
	verbs: ["get", "list", "watch", "update"]
	- apiGroups: ["storage.k8s.io"]
	resources: ["storageclasses"]
	verbs: ["get", "list", "watch"]
	- apiGroups: [""]
	resources: ["events"]
	verbs: ["create", "update", "patch"]
	- apiGroups: [""]
	resources: ["services", "endpoints"]
	verbs: ["get"]
	- apiGroups: ["extensions"]
	resources: ["podsecuritypolicies"]
	resourceNames: ["nfs-provisioner"]
	verbs: ["use"]
	---
	kind: ClusterRoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: run-nfs-provisioner
	subjects:
	- kind: ServiceAccount
	name: nfs-provisioner
	# replace with namespace where provisioner is deployed
	namespace: default
	roleRef:
	kind: ClusterRole
	name: nfs-provisioner-runner
	apiGroup: rbac.authorization.k8s.io
	---
	kind: Role
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: leader-locking-nfs-provisioner
	rules:
	- apiGroups: [""]
	resources: ["endpoints"]
	verbs: ["get", "list", "watch", "create", "update", "patch"]
	---
	kind: RoleBinding
	apiVersion: rbac.authorization.k8s.io/v1
	metadata:
	name: leader-locking-nfs-provisioner
	subjects:
	- kind: ServiceAccount
	name: nfs-provisioner
	# replace with namespace where provisioner is deployed
	namespace: default
	roleRef:
	kind: Role
	name: leader-locking-nfs-provisioner
	apiGroup: rbac.authorization.k8s.io
	######################################################
	## RBAC END
	######################################################
	---
	kind: StorageClass
	apiVersion: storage.k8s.io/v1
	metadata:
	name: wedevs-nfs
	provisioner: wedevs.com/nfs
	mountOptions:
	- vers=4.1
	---
	kind: PersistentVolumeClaim
	apiVersion: v1
	metadata:
	name: nfs
	spec:
	storageClassName: wedevs-nfs
	accessModes:
	- ReadWriteMany
	resources:
	requests:
	storage: 500Mi
No results found