README
¶
UpCloud CSI Driver 
Overview
UpCloud CSI Driver provides a basis for using the UpCloud Storage service in CO systems, such as Kubernetes, to obtain stateful application deployment with ease.
Additional info about the CSI can be found in Kubernetes CSI Developer Documentation and Kubernetes Blog.
Disclaimer
Before reaching the v1.0.0 version, UpCloud CSI Driver is NOT recommended for production environment usage.
Deployment
Requirements
- Kubernetes v1.16+
- UpCloud account
Create a Kubernetes secret
Execute the following commands to add UpCloud credentials as Kubernetes secret:
export UPCLOUD_USERNAME=your-username && export UPCLOUD_PASSWORD=your-password
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: upcloud
namespace: kube-system
stringData:
username: "$UPCLOUD_USERNAME"
password: "$UPCLOUD_PASSWORD"
EOF
After the message, that secret was created, you can run this command to check the existence of upcloud secret
in kube-system namespace:
$ kubectl -n kube-system get secret upcloud
NAME TYPE DATA AGE
upcloud Opaque 2 18h
Deploy CSI Driver
The following command will deploy the CSI driver with the related Kubernetes custom resources, volume attachment, driver registration, and provisioning sidecars:
kubectl apply -fhttps://raw.githubusercontent.com/UpCloudLtd/upcloud-csi/main/deploy/kubernetes/{crd-upcloud-csi.yaml,rbac-upcloud-csi.yaml,setup-upcloud-csi.yaml}
note: no blank space after -f
Deploy snapshot validation webhook (optional)
The snapshot validating webhook is service that provides tightened validation on snapshot objects.
Service is optional but recommended if volume snapshots are used in cluster.
Validation service requires proper CA certificate, x509 certificate and matching private key for secure communication.
More information can be found from official snapshot webhook example along with example how to deploy certificates.
Manifest snapshot-webhook-upcloud-csi.yaml can be used to deploy webhook service.
Manifest assumes that secret named snapshot-validation-secret exists and is populated with valid x509 certificate cert.pem (CA cert, if any, concatenated after server cert) and matching private key key.pem.
If custom CA is used (e.g. when using self-signed certificate) caBundle field needs to be set with CA data as value.
kubectl apply -f https://raw.githubusercontent.com/UpCloudLtd/upcloud-csi/main/deploy/kubernetes/snapshot-webhook-upcloud-csi.yaml
Choose storage disk type
It's possible to select an option of disk type between HDD and MaxIOPS.
For setting desired type you can set a storageClassName field in PVC to:
upcloud-block-storage-maxiopsupcloud-block-storage-hdd
If storageClassName field is not set, the default provisioned option will be upcloud-block-storage-maxiops.
Example Usage
In example directory you may find 2 manifests for deploying a pod and persistent volume claim to test CSI Driver
operations
kubectl apply -f https://raw.githubusercontent.com/UpCloudLtd/upcloud-csi/example/test-pod.yaml
kubectl apply -f https://raw.githubusercontent.com/UpCloudLtd/upcloud-csi/example/test-pvc.yaml
Check if pod is deployed with Running status and already using the PVC:
kubectl get pvc/csi-pvc pods/csi-app
kubectl describe pvc/csi-pvc pods/csi-app | less
To check the persistence feature - you may create the sample file in Pod, later, delete the pod and re-create it from yaml manifest and notice that the file is still in mounted directory
$ kubectl exec -it csi-app -- /bin/sh -c "touch /data/persistent-file.txt"
total 24K
-rw-r--r-- 1 root root 0 Feb 22 12:29 persistent-file.txt
drwx------ 2 root root 16.0K Feb 22 12:25 lost+found
$ kubectl delete pods/csi-app
pod "csi-app" deleted
$ kubectl apply -f https://raw.githubusercontent.com/UpCloudLtd/upcloud-csi/example/test-pod.yaml
pod/csi-app created
$ kubectl exec -it csi-app -- /bin/sh -c "ls -l /data"
total 20
-rw-r--r-- 1 root root 0 Feb 22 12:29 persistent-file.txt
drwx------ 2 root root 16.0K Feb 22 12:25 lost+found
Contribution
Feel free to open PRs and issues, as the development of CSI driver is in progress.
Directories