diff --git a/components/cluster-configs/csi-rclone/README.md b/components/cluster-configs/csi-rclone/README.md new file mode 100644 index 000000000..f2fb6dbfb --- /dev/null +++ b/components/cluster-configs/csi-rclone/README.md @@ -0,0 +1,3 @@ +# Rclone CSI driver + +See https://github.com/wunderio/csi-rclone diff --git a/components/cluster-configs/csi-rclone/base/kustomization.yaml b/components/cluster-configs/csi-rclone/base/kustomization.yaml new file mode 100644 index 000000000..7aa5dd949 --- /dev/null +++ b/components/cluster-configs/csi-rclone/base/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: csi-rclone + +resources: +- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/_csi-rclone-namespace.yaml +- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/csi-controller-rbac.yaml +- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/csi-controller-rclone.yaml +- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/csi-driver.yaml +- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/csi-nodeplugin-rbac.yaml +- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/csi-nodeplugin-rclone.yaml +- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/csi-rclone-storageclass.yaml +- scc.yaml diff --git a/components/cluster-configs/csi-rclone/base/scc.yaml b/components/cluster-configs/csi-rclone/base/scc.yaml new file mode 100644 index 000000000..a1cdaa4ed --- /dev/null +++ b/components/cluster-configs/csi-rclone/base/scc.yaml @@ -0,0 +1,46 @@ +allowHostDirVolumePlugin: true +allowHostIPC: false +allowHostNetwork: true +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: true +allowPrivilegedContainer: true +allowedCapabilities: null +apiVersion: security.openshift.io/v1 +defaultAddCapabilities: +- SYS_ADMIN +fsGroup: + type: RunAsAny +groups: [] +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: |- + hostmount-anyuid provides all the features of the + restricted SCC but allows host mounts and any UID by a pod. This is primarily + used by the persistent volume recycler. WARNING: this SCC allows host file + system access as any UID, including UID 0. Grant with caution. + name: csi-rclone +priority: null +readOnlyRootFilesystem: false +requiredDropCapabilities: +- MKNOD +runAsUser: + type: RunAsAny +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +users: +- system:serviceaccount:csi-rclone:csi-nodeplugin-rclone +volumes: +- configMap +- csi +- downwardAPI +- emptyDir +- ephemeral +- hostPath +# - nfs +# - persistentVolumeClaim +- projected +- secret diff --git a/components/cluster-configs/csi-rclone/example/pod.yaml b/components/cluster-configs/csi-rclone/example/pod.yaml new file mode 100644 index 000000000..2002797b3 --- /dev/null +++ b/components/cluster-configs/csi-rclone/example/pod.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Pod +metadata: + name: toolbox + labels: + run: toolbox +spec: + containers: + - image: nginx + imagePullPolicy: Always + name: toolbox + volumeMounts: + - mountPath: /data + name: rclone-example + volumes: + - name: rclone-example + persistentVolumeClaim: + claimName: rclone-example diff --git a/components/cluster-configs/csi-rclone/example/pv.yaml b/components/cluster-configs/csi-rclone/example/pv.yaml new file mode 100644 index 000000000..dfb86bf6c --- /dev/null +++ b/components/cluster-configs/csi-rclone/example/pv.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: rclone-example + labels: + name: rclone-example +spec: + accessModes: + - ReadWriteMany + capacity: + storage: 20Gi + storageClassName: rclone + csi: + driver: csi-rclone + volumeHandle: data-id + volumeAttributes: + remote: "s3" + remotePath: "bucket/extra" + s3-provider: "Minio" + s3-endpoint: "http://minio.minio:9000" + s3-access-key-id: "minioadmin" + s3-secret-access-key: "minioadmin" diff --git a/components/cluster-configs/csi-rclone/example/pvc.yaml b/components/cluster-configs/csi-rclone/example/pvc.yaml new file mode 100644 index 000000000..7ec057a54 --- /dev/null +++ b/components/cluster-configs/csi-rclone/example/pvc.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: rclone-example + annotations: + csi-rclone/storage-path: example + csi-rclone/umask: "022" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 10Gi + storageClassName: rclone diff --git a/components/cluster-configs/csi-rclone/example/rclone-secret-file-config.yaml b/components/cluster-configs/csi-rclone/example/rclone-secret-file-config.yaml new file mode 100644 index 000000000..9bd86f593 --- /dev/null +++ b/components/cluster-configs/csi-rclone/example/rclone-secret-file-config.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: rclone-secret + namespace: csi-rclone +type: Opaque +stringData: + remote: "minio-s3" + remotePath: "example" + configData: | + [minio-s3] + type = s3 + provider = Minio + access_key_id = minioadmin + secret_access_key = minioadmin + endpoint = http://minio.minio.svc.cluster.local:9000 diff --git a/components/cluster-configs/csi-rclone/overlays/default/kustomization.yaml b/components/cluster-configs/csi-rclone/overlays/default/kustomization.yaml new file mode 100644 index 000000000..2b87e6b19 --- /dev/null +++ b/components/cluster-configs/csi-rclone/overlays/default/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../../base