README ¶
BeeGFS CSI Driver Operator
Contents
- Overview
- Requirements
- Verify the Operator Image Signature
- Install the Operator
- Install the Driver
- Modify the Driver Configuration
- Upgrade the Driver
- Uninstall the Driver and/or Operator
Overview
An operator can be used to deploy the BeeGFS CSI driver to a Kubernetes cluster and manage its configuration/state within that cluster. The BeeGFS CSI driver operator is designed for integration with Operator Lifecycle Manager (OLM) and is primarily intended as an easy way for OpenShift administrators or administrators with clusters running OLM to install the driver directly from OperatorHub and keep it updated.
Management of the BeeGFS CSI driver with the operator involves two "phases":
- Install the operator itself. This step can be done simply through the OLM interface with virtually no configuration.
- Use the operator to install the BeeGFS CSI driver operand (i.e. install a BeegfsDriver custom resource). This step allows for full configuration and is what actually enables a cluster to handle BeeGFS volumes.
Requirements
A full compatibility matrix is included in the main driver README.
The BeeGFS CSI driver is only supported on nodes running a BeeGFS supported Linux distribution. Red Hat CoreOS (RHCOS), the default distribution in OpenShift environments, is NOT supported. However, Red Hat Enterprise Linux (RHEL) nodes can be added to an OpenShift cluster and RHEL is supported for running BeeGFS. By default, the operator will install the driver in an OpenShift cluster with a node affinity that ensures it does not run on RHCOS nodes.
Verify the Operator Image Signature
The BeeGFS CSI Driver Operator is signed with the same key as the BeeGFS CSI Driver container images. You can choose to manually verify the signature associated with the BeeGFS CSI Driver Operator image starting with version 1.4.0 of the driver and operator.
Validate the BeeGFS CSI Driver Operator Image Signature
First find the container image reference used for the operator.
If you are installing from the OpenShift Console:
- Navigate to the OperatorHub pane of the console.
- Search for and click on the BeeGFS CSI driver operator.
- Within the details of the operator you can find the container image which is the reference to the image used for the operator. Note this image reference.
If you are installing from OperatorHub:
- Navigate to OperatorHub.io.
- search for and click on the BeeGFS CSI driver operator. It is in the Storage category.
- Within the details for the BeeGFS CSI driver operator find the container image. Note this image reference.
On a host with the cosign command installed and the BeeGFS signing key file available, verify the image signature using the cosign command. Remember to use the image reference of the version you want to install.
Example validation using the certificate file.
cosign verify --key <PUBLIC_KEY_FILE> ghcr.io/thinkparq/beegfs-csi-driver-operator:<TAG>
If the image signature is properly validated then continue installing the operator.
Install the Operator
Install from OperatorHub
Operators can be installed from OperatorHub.io on any Operator Lifecycle Manager (OLM)-enabled cluster.
As a user with administrative permissions and "kubectl" access to a cluster:
- Navigate to OperatorHub.io.
- Search for and click on the BeeGFS CSI driver operator. It is a tagged for "storage".
- Click "Install".
- Copy the installation command and run it in your cluster.
NOTE: Because the BeeGFS CSI driver operator is configured to install in a single namespace, the installation command will configure an Operator Group and install it in the "my-beegfs-csi-driver" namespace
It is also possible to install an operator listed on OperatorHub in a more manual way by creating a Subscription that references a Catalog Source. See the OLM documentation for details.
Install from the OpenShift Console (deprecated)
Operators are first-class citizens in OpenShift and are easy to install from the OpenShift console. As a user with administrative permissions:
- Navigate to the OperatorHub pane of the console.
- Search for and click on the BeeGFS CSI driver operator. It is a "community" operator tagged for "storage".
- Click "Install", verify the defaults, and click "Install" again.
Install from Manifests
It is possible, though not recommended, to install the operator (and to use the operator to install the driver) directly from this repository. This is not a supported operation and the instructions provided are not intended for production environments.
- Install the operator. The kustomizations scaffolded by the
operator-sdk are not supported by the version of Kustomize that ships with
kubectl (or oc). Kustomize must be installed and used (v3.8.7 is the
scaffolded Kustomize version).
-> kustomize build operator/config/default | kubectl apply -f - namespace/beegfs-csi unchanged customresourcedefinition.apiextensions.k8s.io/beegfsdrivers.beegfs.csi.netapp.com configured serviceaccount/beegfs-csi-driver-operator-controller-manager created role.rbac.authorization.k8s.io/beegfs-csi-driver-operator-leader-election-role created clusterrole.rbac.authorization.k8s.io/beegfs-csi-driver-operator-manager-role created clusterrole.rbac.authorization.k8s.io/beegfs-csi-driver-operator-metrics-reader created clusterrole.rbac.authorization.k8s.io/beegfs-csi-driver-operator-proxy-role created rolebinding.rbac.authorization.k8s.io/beegfs-csi-driver-operator-leader-election-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/beegfs-csi-driver-operator-manager-rolebinding created clusterrolebinding.rbac.authorization.k8s.io/beegfs-csi-driver-operator-proxy-rolebinding created configmap/beegfs-csi-driver-operator-manager-config created service/beegfs-csi-driver-operator-controller-manager-metrics-service created deployment.apps/beegfs-csi-driver-operator-controller-manager created
- Verify the operator is running. If you did not modify the default
kustomization, it is running in the
beegfs-csi
namespace.-> kubectl get pods -n beegfs-csi NAME READY STATUS RESTARTS AGE beegfs-csi-driver-operator-controller-manager-7b5cccff65-mzjxn 2/2 Running 0 61m
Install the Driver
The BeegfsDriver Custom Resource Definition (CRD) defines the API for BeeGFS CSI Driver installation using the operator. The operator watches for a Custom Resource (CR) written according to the CRD and installs the driver and/or modifies the driver's installation based on the information contained within.
NOTE: The operator ONLY watches for a CR in its own namespace.
NOTE: There can only be ONE CR in the cluster at a time. It must be named csi-beegfs-cr.
BeegfsDriver Custom Resource Fields
The CRD contains complete details on how the CR should be filled out. An example containing all allowed fields is below.
NOTE: The driver is designed to run easily out-of-the-box using the minimal
configuration defined in operator/config/samples/beegfs_v1_beegfsdriver.yaml
.
There is typically no need to modify the configuration. Some environments
require BeeGFS client configuration in the pluginConfig section, and air-gapped
environments can use the containerImageOverrides section to allow for an
internal registry mirror.
kind: BeegfsDriver
apiVersion: beegfs.csi.netapp.com/v1
metadata:
name: csi-beegfs-cr # CR must have this name.
spec:
containerImageOverrides:
beegfsCsiDriver:
image: some.registry/netapp/beegfs-csi-driver
tag: some-tag # Changing this tag is not supported.
csiNodeDriverRegistrar:
image: some.registry/sig-storage/csi-node-driver-registrar
tag: # Changing this tag is not supported.
csiProvisioner:
image: some.registry/sig-storage/csi-provisioner
tag: # Changing this tag is not supported.
csiResizer:
image: some.registry/sig-storage/csi-resizer
tag: # Changing this tag is not supported.
livenessProbe:
image: some.registry/sig-storage/livenessprobe
tag: # Changing this tag is not supported.
logLevel: 3
nodeAffinityControllerService:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 50
preference:
matchExpressions:
- key: node-role.kubernetes.io/master
operator: Exists
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node.openshift.io/os_id
operator: NotIn
values:
- rhcos # The BeeGFS CSI driver does not run on Red Hat CoreOS.
nodeAffinityNodeService:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node.openshift.io/os_id
operator: NotIn
values:
- rhcos # The BeeGFS CSI driver does not run on Red Hat CoreOS.
# The pluginConfig field can contain significant detail. See the deployment
# documentation at docs/deployment (in addition to the CRD).
pluginConfig:
config:
filesystemSpecificConfigs:
nodeSpecificConfigs:
ConnAuth Configuration
The Kubernetes deployment of the BeeGFS CSI driver makes use of a Secret to store the contents of BeeGFS connAuthFiles. The driver expects the Secret to be named csi-beegfs-connauth and to exist in the driver namespace. If the Secret does not exist when a BeegfsDriver resource is applied, the operator creates it with an empty data field.
To use connAuth information with a driver deployed by the operator, either:
- Pre-create a Secret named csi-beegfs-connauth in the driver namespace, or
- Modify the Secret after it has been created by the operator.
NOTE: A Secret'sdata
field must be Base64-encoded, making it cumbersome to modify directly. A simpler approach is to add connAuth information to the existing Secret'sstringData
field. Kubernetes will automatically encode the string and add the result to thedata
field in the background.
A correctly formatted Secret looks like this:
kind: Secret
metadata:
name: csi-beegfs-connauth
namespace: beegfs-csi
type: Opaque
data:
csi-beegfs-connauth.yaml: |
- sysMgmtdHost: some.specific.file.system
connAuth: some-secret
encoding: encoding-type # raw or base64
- sysMgmtdHost: some.other.specific.file.system
connAuth: some-other-secret
encoding: encoding-type # raw or base64
Verify the BeeGFS CSI Driver Image Signature
If you want to verify the signature of the BeeGFS CSI Driver image deployed by the operator you can follow the steps in the BeeGFS CSI Driver Deployment guide for verifying the signature of the driver image.
Note that by default the operator will deploy an image using the same version tag as is used by the operator.
For example, if you have the following operator version installed.
beegfs-csi-driver-operator.v1.5.0
The version of the driver that would be deployed would match v1.5.0
and
would deploy the image ghcr.io/thinkparq/beegfs-csi-driver:v1.5.0
. In this
case the image ghcr.io/thinkparq/beegfs-csi-driver:v1.5.0
would be the
image to use with for the signature verification.
Install from the OpenShift Console (deprecated)
Operator "operands" are first-class citizens in OpenShift and are easy to install from the OpenShift console. As a user with administrative permissions:
- Navigate to the BeeGFS CSI driver page in the "Installed Operators" pane of the OpenShift console.
- Click the "BeeGFS Driver" tab and "Create BeegfsDriver".
- Do one (or both) of the following:
- Use "Form view" to modify the driver's configuration.
NOTE: beegfsClientConf fields of the pluginConfig section are not represented in "Form view". Use "YAML view" instead - Use "YAML view" to modify the driver's configuration.
NOTE: The "Schema" navigator to the right in "YAML view" makes it easy to figure out what fields exist for configuration.
- Use "Form view" to modify the driver's configuration.
- Click "Create".
Install Using kubectl
Use this method if you have installed the operator either from OperatorHub or directly from manifests.
- Create and/or modify a BeegfsDriver CR.
-> cp operator/config/samples/beegfs_v1_beegfsdriver.yaml my_cr.yaml -> vim my_cr.yaml
- Install the BeegfsDriver CR (this action kicks of the installation of the
BeeGFS CSI driver). The operator is typically running in the beegfs-csi
namespace.
-> kubectl apply -k my_cr.yaml -n beegfs-csi beegfsdriver.beegfs.csi.netapp.com/csi-beegfs-cr created
- Verify the driver is running. The total number of Pods running depends on the
number of nodes in your cluster.
-> kubectl get pods -n beegfs-csi NAME READY STATUS RESTARTS AGE beegfs-csi-driver-operator-controller-manager-7b5cccff65-z8qdx 0/2 Running 0 53m csi-beegfs-controller-0 2/2 Running 0 37s csi-beegfs-node-hfxv2 3/3 Running 0 37s csi-beegfs-node-jhwgs 3/3 Running 0 37s csi-beegfs-node-jmpxk 3/3 Running 0 37s
Modify the Driver Configuration
Aside from connAuth configuration, all other aspects of the BeeGFS CSI driver's configuration are handled through the BeegfsDriver CRD. Modifying the applied CR results in the redeployment of the driver with updated configuration.
Upgrade the Driver
The BeeGFS CSI Driver and the operator are versioned together. Unless a
specific version of the driver is tagged in the
spec.containerImageOverrides.beegfsCsiDriver.tag
field of the applied CR,
upgrading the operator to a new minor version results in an automatic upgrade
of the driver to the same version.
Uninstall the Driver and/or Operator
To uninstall the driver, simply delete the applied CR (named csi-beegfs-cr)
and wait a few minutes for the operator to clean the driver up. This can be
done from the OpenShift console (if avalable) or by using kubectl
/oc
.
To uninstall the operator, reverse the steps you used to install it. These steps differ depending on the environment.
NOTE: Uninstalling the operator will typically not uninstall the driver, and the operator is required for driver uninstallation. To completely clean up a cluster, uninstall the driver BEFORE uninstalling the operator.
Documentation ¶
There is no documentation for this package.
Directories ¶
Path | Synopsis |
---|---|
api
|
|
v1
Package v1 contains API Schema definitions for the beegfs v1 API group +kubebuilder:object:generate=true +groupName=beegfs.csi.netapp.com
|
Package v1 contains API Schema definitions for the beegfs v1 API group +kubebuilder:object:generate=true +groupName=beegfs.csi.netapp.com |