redhat-na-ssa · codekow · Feb 27, 2025 · Feb 4, 2025 · Feb 4, 2025 · Feb 4, 2025
diff --git a/components/cluster-configs/csi-rclone/README.md b/components/cluster-configs/csi-rclone/README.md
@@ -0,0 +1,3 @@
+# Rclone CSI driver
+
+See https://github.com/wunderio/csi-rclone
diff --git a/components/cluster-configs/csi-rclone/base/kustomization.yaml b/components/cluster-configs/csi-rclone/base/kustomization.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: csi-rclone
+
+resources:
+- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/_csi-rclone-namespace.yaml
+- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/csi-controller-rbac.yaml
+- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/csi-controller-rclone.yaml
+- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/csi-driver.yaml
+- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/csi-nodeplugin-rbac.yaml
+- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/csi-nodeplugin-rclone.yaml
+- https://raw.githubusercontent.com/wunderio/csi-rclone/refs/heads/master/deploy/kubernetes/1.20/csi-rclone-storageclass.yaml
+- scc.yaml
diff --git a/components/cluster-configs/csi-rclone/base/scc.yaml b/components/cluster-configs/csi-rclone/base/scc.yaml
@@ -0,0 +1,46 @@
+allowHostDirVolumePlugin: true
+allowHostIPC: false
+allowHostNetwork: true
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegeEscalation: true
+allowPrivilegedContainer: true
+allowedCapabilities: null
+apiVersion: security.openshift.io/v1
+defaultAddCapabilities:
+- SYS_ADMIN
+fsGroup:
+  type: RunAsAny
+groups: []
+kind: SecurityContextConstraints
+metadata:
+  annotations:
+    kubernetes.io/description: |-
+      hostmount-anyuid provides all the features of the
+      restricted SCC but allows host mounts and any UID by a pod.  This is primarily
+      used by the persistent volume recycler. WARNING: this SCC allows host file
+      system access as any UID, including UID 0.  Grant with caution.
+  name: csi-rclone
+priority: null
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+- MKNOD
+runAsUser:
+  type: RunAsAny
+seLinuxContext:
+  type: MustRunAs
+supplementalGroups:
+  type: RunAsAny
+users:
+- system:serviceaccount:csi-rclone:csi-nodeplugin-rclone
+volumes:
+- configMap
+- csi
+- downwardAPI
+- emptyDir
+- ephemeral
+- hostPath
+# - nfs
+# - persistentVolumeClaim
+- projected
+- secret
diff --git a/components/cluster-configs/csi-rclone/example/pod.yaml b/components/cluster-configs/csi-rclone/example/pod.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: toolbox
+  labels:
+    run: toolbox
+spec:
+  containers:
+  - image: nginx
+    imagePullPolicy: Always
+    name: toolbox
+    volumeMounts:
+      - mountPath: /data
+        name: rclone-example
+  volumes:
+  - name: rclone-example
+    persistentVolumeClaim:
+      claimName: rclone-example
diff --git a/components/cluster-configs/csi-rclone/example/pv.yaml b/components/cluster-configs/csi-rclone/example/pv.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: rclone-example
+  labels:
+    name: rclone-example
+spec:
+  accessModes:
+  - ReadWriteMany
+  capacity:
+    storage: 20Gi
+  storageClassName: rclone
+  csi:
+    driver: csi-rclone
+    volumeHandle: data-id
+    volumeAttributes:
+      remote: "s3"
+      remotePath: "bucket/extra"
+      s3-provider: "Minio"
+      s3-endpoint: "http://minio.minio:9000"
+      s3-access-key-id: "minioadmin"
+      s3-secret-access-key: "minioadmin"
diff --git a/components/cluster-configs/csi-rclone/example/pvc.yaml b/components/cluster-configs/csi-rclone/example/pvc.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: rclone-example
+  annotations:
+    csi-rclone/storage-path: example
+    csi-rclone/umask: "022"
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: rclone
diff --git a/components/cluster-configs/csi-rclone/example/rclone-secret-file-config.yaml b/components/cluster-configs/csi-rclone/example/rclone-secret-file-config.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rclone-secret
+  namespace: csi-rclone
+type: Opaque
+stringData:
+  remote: "minio-s3"
+  remotePath: "example"
+  configData: |
+    [minio-s3]
+    type = s3
+    provider = Minio
+    access_key_id = minioadmin
+    secret_access_key = minioadmin
+    endpoint = http://minio.minio.svc.cluster.local:9000
diff --git a/components/cluster-configs/csi-rclone/overlays/default/kustomization.yaml b/components/cluster-configs/csi-rclone/overlays/default/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- ../../base
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# Rclone CSI driver

		See https://github.com/wunderio/csi-rclone