diff --git a/README.md b/README.md index a9a2c7f..df2ec3f 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ This driver allows Kubernetes to access LocalStorage on Linux node. ### Installation - 选择运行 `localstorage` 的 `kubernetes` 节点 ```shell - kubectl label node storage.caoyingjunz.io/node= + kubectl label node storage.caoyingjunz.io/node= ``` - 安装 `localstorage` 组件 diff --git a/deploy/v1.0.3/ls-controller.yaml b/deploy/v1.0.3/ls-controller.yaml new file mode 100644 index 0000000..6531fd9 --- /dev/null +++ b/deploy/v1.0.3/ls-controller.yaml @@ -0,0 +1,47 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pixiu-ls-controller + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app: pixiu-ls-controller + template: + metadata: + labels: + app: pixiu-ls-controller + spec: + serviceAccountName: csi-ls-node-sa + containers: + - args: + - -v=2 + # port's value equals 0 means health check func disabled + - --healthz-port=10258 + - --cert-dir=/tmp/cert + - --port=8443 + image: pixiuio/localstorage-controller:v1.0.3 + imagePullPolicy: Always + name: ls-controller + volumeMounts: + - mountPath: /tmp/cert + name: cert + readOnly: true + livenessProbe: + httpGet: + path: /healthz + port: 10258 + failureThreshold: 5 + initialDelaySeconds: 30 + timeoutSeconds: 5 + periodSeconds: 5 + dnsPolicy: Default + nodeSelector: + kubernetes.io/os: linux + restartPolicy: Always + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: pixiu-localstorage-cert diff --git a/deploy/v1.0.3/ls-driverinfo.yaml b/deploy/v1.0.3/ls-driverinfo.yaml new file mode 100644 index 0000000..85a5d25 --- /dev/null +++ b/deploy/v1.0.3/ls-driverinfo.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: localstorage.caoyingjunz.io +spec: + attachRequired: false + volumeLifecycleModes: + - Persistent + fsGroupPolicy: File diff --git a/deploy/v1.0.3/ls-node.yaml b/deploy/v1.0.3/ls-node.yaml new file mode 100644 index 0000000..bf83105 --- /dev/null +++ b/deploy/v1.0.3/ls-node.yaml @@ -0,0 +1,164 @@ +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: pixiu-ls-node + namespace: kube-system +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: pixiu-ls-node + template: + metadata: + labels: + app: pixiu-ls-node + spec: +# hostNetwork: true + dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst + serviceAccountName: csi-ls-node-sa + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: storage.caoyingjunz.io/node + operator: Exists + tolerations: + - operator: "Exists" + containers: + - name: liveness-probe + image: pixiuio/livenessprobe:v2.8.0 + args: + - --csi-address=/csi/csi.sock + - --probe-timeout=3s + - --health-port=29653 + - --v=2 + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + + - name: node-driver-registrar + image: pixiuio/csi-node-driver-registrar:v2.6.2 + args: + - --v=2 + - --csi-address=/csi/csi.sock + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + livenessProbe: + exec: + command: + - /csi-node-driver-registrar + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --mode=kubelet-registration-probe + initialDelaySeconds: 30 + timeoutSeconds: 15 + env: + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/csi-lsplugin/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: + limits: + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + + - name: csi-provisioner + image: jacky06/csi-provisioner:v0.1 + args: + - -v=5 + - --csi-address=/csi/csi.sock + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + securityContext: + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + + - name: ls-plugin + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: pixiuio/localstorageplugin:v1.0.3 + args: + - --endpoint=$(CSI_ENDPOINT) + - --volume-dir=/data + - --create-localstorage + - -v=5 + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + ports: + - containerPort: 29653 + name: healthz + protocol: TCP + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 30 + timeoutSeconds: 10 + periodSeconds: 30 + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + - mountPath: /data + name: volume-dir + resources: + limits: + memory: 300Mi + requests: + cpu: 10m + memory: 20Mi + volumes: + - name: socket-dir + hostPath: + path: /var/lib/kubelet/plugins/csi-lsplugin + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + name: registration-dir + - hostPath: + path: /data + type: DirectoryOrCreate + name: volume-dir diff --git a/deploy/v1.0.3/ls-rbac.yaml b/deploy/v1.0.3/ls-rbac.yaml new file mode 100644 index 0000000..92a5387 --- /dev/null +++ b/deploy/v1.0.3/ls-rbac.yaml @@ -0,0 +1,70 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-ls-node-sa + namespace: kube-system +--- + +apiVersion: v1 +kind: Secret +metadata: + name: pixiu-ls-token + namespace: kube-system + annotations: + kubernetes.io/service-account.name: "csi-ls-node-sa" +type: kubernetes.io/service-account-token +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ls-external-provisioner-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: [ "get", "list", "watch", "create", "update", "patch" ] + - apiGroups: ["storage.caoyingjunz.io"] + resources: ["localstorages"] + verbs: [ "get", "list", "watch", "create", "update", "patch" ] +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ls-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: csi-ls-node-sa + namespace: kube-system +roleRef: + kind: ClusterRole + name: ls-external-provisioner-role + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/v1.0.3/ls-secret.yaml b/deploy/v1.0.3/ls-secret.yaml new file mode 100644 index 0000000..eee9cd6 --- /dev/null +++ b/deploy/v1.0.3/ls-secret.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURwekNDQW8rZ0F3SUJBZ0lVRURBYzkwa1dVUXN5UmJodThlUitzOFlHR3Y4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0lURWZNQjBHQTFVRUF3d1djR2w0YVhVdGJITXRZMjl1ZEhKdmJHeGxjaUJEUVRBZ0Z3MHlNekEzTVRNeApNekl5TWpaYUdBOHlNVEl6TURZeE9URXpNakl5Tmxvd0xqRXNNQ29HQTFVRUF3d2pjR2w0YVhVdGJITXRZMjl1CmRISnZiR3hsY2k1cmRXSmxMWE41YzNSbGJTNXpkbU13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXcKZ2dFS0FvSUJBUUN5d1dZcHFGekFlaS9oL2pBMjFFOWJIZ1NhcjJBTnJNQlcrRk5vOUJCMG9FLytXZkpRejRlaQowVnNuWGpVdTNHTm5ZR1BVMU81ZTdibmtEYjRhOGRremUyZzc1aEFWZ25ldXJFSERuemVVdkpHdnBOZ3dMSFNHClprbERSQkJoTDJJTEVVZkl5bWNnV21mZGtFL2d2M1dTcFowdWdZSnYrR1F1ZmFiNW5lT3ZZYWpyS3pOZFIzb1MKZ0pyUDNzMkNUdU1lcnNIdGtsVWxhZlZNK3ltNlhWSjZXV25veEE3akhUYjJ5OGNkSFdYTmZYVjFuUlhONENkeApXRWFubk9SS0lIc3l4cXdzUXRGYUx6R0hzekhiVTA5VzJYeTNIZ1gxVDFsQzBCSFNlYUdjNHV6cEpQK3VSRzMwCk1GSXNTclhSY2RRckNSakszM0VJWW1TVWVRdkd0Um03QWdNQkFBR2pnY2N3Z2NRd0NRWURWUjBUQkFJd0FEQUwKQmdOVkhROEVCQU1DQmVBd2FnWURWUjBSQkdNd1lZSVRjR2w0YVhVdGJITXRZMjl1ZEhKdmJHeGxjb0lmY0dsNAphWFV0YkhNdFkyOXVkSEp2Ykd4bGNpNXJkV0psTFhONWMzUmxiWUlqY0dsNGFYVXRiSE10WTI5dWRISnZiR3hsCmNpNXJkV0psTFhONWMzUmxiUzV6ZG1PSEJIOEFBQUV3SFFZRFZSME9CQllFRkwwdFZSOGNiTnBTWnF6K3E5ZjAKdWlERXV3eEhNQjhHQTFVZEl3UVlNQmFBRlB4T1FkcmRuOXJjSkVVa3VLRVprWVFBRElXaE1BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFpeG03cEZvOHU2S2FnL0NoMndjaGtTRHVUZXNqRlNDQVpsc01JTkk3dFptTnFadVliCmVJeEZUSEorKzkrVmlNRXJCQ0xhanU4VVorUExlN2p4Mm01UGYvbEY0NDZRdi9EUkhuYlVlS1d6NkRXamhBTngKMFJjalpRVXNMZE9BaUxtYmZvOTBjZnorcjc3KzduZzN6NitPSlpPSCtYWnVOUFM1Z2lUQTdYMmpLSUFQazJCcwpNcGFscVpETElFczFWM3BTaFdCTFZYa1FZeEFBUGJRaG1VTHJUMDNXdmRUOTZEeURiM0gvcHFhb0ZsK0RPMCt3CktwdFZQNW5vVVg1eVRWSG5pMnRldkttbHZwb0Z4RUVDMmFnd3RNeGpaK0EzUGV6YzAzVnhyZllzb0cyNU4xN3IKaGp4STJBQStCZ2g0dm1GRzkvM2E0VE1nbHVWOGlDa0dqQUp2Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURwekNDQW8rZ0F3SUJBZ0lVRURBYzkwa1dVUXN5UmJodThlUitzOFlHR3Y4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0lURWZNQjBHQTFVRUF3d1djR2w0YVhVdGJITXRZMjl1ZEhKdmJHeGxjaUJEUVRBZ0Z3MHlNekEzTVRNeApNekl5TWpaYUdBOHlNVEl6TURZeE9URXpNakl5Tmxvd0xqRXNNQ29HQTFVRUF3d2pjR2w0YVhVdGJITXRZMjl1CmRISnZiR3hsY2k1cmRXSmxMWE41YzNSbGJTNXpkbU13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXcKZ2dFS0FvSUJBUUN5d1dZcHFGekFlaS9oL2pBMjFFOWJIZ1NhcjJBTnJNQlcrRk5vOUJCMG9FLytXZkpRejRlaQowVnNuWGpVdTNHTm5ZR1BVMU81ZTdibmtEYjRhOGRremUyZzc1aEFWZ25ldXJFSERuemVVdkpHdnBOZ3dMSFNHClprbERSQkJoTDJJTEVVZkl5bWNnV21mZGtFL2d2M1dTcFowdWdZSnYrR1F1ZmFiNW5lT3ZZYWpyS3pOZFIzb1MKZ0pyUDNzMkNUdU1lcnNIdGtsVWxhZlZNK3ltNlhWSjZXV25veEE3akhUYjJ5OGNkSFdYTmZYVjFuUlhONENkeApXRWFubk9SS0lIc3l4cXdzUXRGYUx6R0hzekhiVTA5VzJYeTNIZ1gxVDFsQzBCSFNlYUdjNHV6cEpQK3VSRzMwCk1GSXNTclhSY2RRckNSakszM0VJWW1TVWVRdkd0Um03QWdNQkFBR2pnY2N3Z2NRd0NRWURWUjBUQkFJd0FEQUwKQmdOVkhROEVCQU1DQmVBd2FnWURWUjBSQkdNd1lZSVRjR2w0YVhVdGJITXRZMjl1ZEhKdmJHeGxjb0lmY0dsNAphWFV0YkhNdFkyOXVkSEp2Ykd4bGNpNXJkV0psTFhONWMzUmxiWUlqY0dsNGFYVXRiSE10WTI5dWRISnZiR3hsCmNpNXJkV0psTFhONWMzUmxiUzV6ZG1PSEJIOEFBQUV3SFFZRFZSME9CQllFRkwwdFZSOGNiTnBTWnF6K3E5ZjAKdWlERXV3eEhNQjhHQTFVZEl3UVlNQmFBRlB4T1FkcmRuOXJjSkVVa3VLRVprWVFBRElXaE1BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFpeG03cEZvOHU2S2FnL0NoMndjaGtTRHVUZXNqRlNDQVpsc01JTkk3dFptTnFadVliCmVJeEZUSEorKzkrVmlNRXJCQ0xhanU4VVorUExlN2p4Mm01UGYvbEY0NDZRdi9EUkhuYlVlS1d6NkRXamhBTngKMFJjalpRVXNMZE9BaUxtYmZvOTBjZnorcjc3KzduZzN6NitPSlpPSCtYWnVOUFM1Z2lUQTdYMmpLSUFQazJCcwpNcGFscVpETElFczFWM3BTaFdCTFZYa1FZeEFBUGJRaG1VTHJUMDNXdmRUOTZEeURiM0gvcHFhb0ZsK0RPMCt3CktwdFZQNW5vVVg1eVRWSG5pMnRldkttbHZwb0Z4RUVDMmFnd3RNeGpaK0EzUGV6YzAzVnhyZllzb0cyNU4xN3IKaGp4STJBQStCZ2g0dm1GRzkvM2E0VE1nbHVWOGlDa0dqQUp2Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ3l3V1lwcUZ6QWVpL2gKL2pBMjFFOWJIZ1NhcjJBTnJNQlcrRk5vOUJCMG9FLytXZkpRejRlaTBWc25YalV1M0dObllHUFUxTzVlN2JuawpEYjRhOGRremUyZzc1aEFWZ25ldXJFSERuemVVdkpHdnBOZ3dMSFNHWmtsRFJCQmhMMklMRVVmSXltY2dXbWZkCmtFL2d2M1dTcFowdWdZSnYrR1F1ZmFiNW5lT3ZZYWpyS3pOZFIzb1NnSnJQM3MyQ1R1TWVyc0h0a2xVbGFmVk0KK3ltNlhWSjZXV25veEE3akhUYjJ5OGNkSFdYTmZYVjFuUlhONENkeFdFYW5uT1JLSUhzeXhxd3NRdEZhTHpHSApzekhiVTA5VzJYeTNIZ1gxVDFsQzBCSFNlYUdjNHV6cEpQK3VSRzMwTUZJc1NyWFJjZFFyQ1JqSzMzRUlZbVNVCmVRdkd0Um03QWdNQkFBRUNnZ0VBTitraS9jT2g0emcwa3VDeER1MUFOdlZBSm12VlJPRzBOVit0b3lXM29lcmsKcWw5UzJmRFhjVmMvUmlTQ3lQbjVBNFFVSmFWR081M3FwMGlmSGdsb1VPQjRIVWdiM3NaMGpjZG1PSHdyNDlOSgpWQ0ZnMTB5SVUrTlpaZmM3a2xKQ1BjajFaWG5kWUxLMlN3aFEyN0MyNHh2MittMWFzWkFGTWI5dWd5UGQ2K1ErCjVHVWZ4OHNMckZ2QklRMFFWNkxZR0tkZ2xBS1ZvV0JOWS9HcXY0UU1zaXBjcW1mWHRGVlpIOWg1Ny9QY3ZnKzYKMkxMWlRnS3VrM0NTY0U0dFlZZ0pSbjY0MDdJWVZ2dEdIWTBRZ2FFT3BVU2ZHc080QjRzK2MwWTdRZXZDZTFEawovY1BmTFlZRzlYVG9HSExNWDRxZ0ZWRGFWWEU5TENPTk4rQ0JkUUl3TFFLQmdRRHRvNHRTYzZrS1lGcVcybHNUCmRvWlo3dk9ZS2tkc0hNeXIwVStTbytwQklnWHdoTGpSSzVXUGUrblRoeno5enlTWUYyRzJzaTZGOFVwVER1UGYKY1pZak5qL3NNdk5RZy9yMm96N2cwMjIrejJQRURCUVJVYUVIKzFOTVh5N2xmWWFVbW0yMEppeHZ6c3J5b2l0Wgo4MDduTmFkTnp3d0pIYlVQSmlJTnlYOCtSUUtCZ1FEQWtTYlN2c0tCRUFvaWNrbDBxWmFsbEY4c3NXQWlFNHlTCjVSc0dUYjd0aGxKQW5SNEVPUS91Z0Qwd3gvUGVFYSt1WXV6Y2MvVkRMeE5uaGs2QnJqUm1GRjRMam43YWtzNm0KM3o2THJvT2hmMHVPQnQxSk9ucVNFSEtFaFFUNjl2eDZTeVZiM0tiN2lVQlA4V1NlQmNBclpZZ1FEaHUrMGl2aQpPVFhEQVRSMy93S0JnR2xBclgyWWNyK0F5NzdTK2RIV0JrMmc4MDFyTkhVakVGZnRmaVFCNjhocmJGd0tQTjJRClEwN280RGpyUmsxWVNPb0FPU3cxSVR2OEVpSlZqd0l4aWdFUWp5RnJzNjd1dGVJMWphMEFtRFFTSVNyOCtvcHQKTURpYnpWb2ZNbU04eExYZTdFWUZQbHRMS1VKc0oyMVF3WnJRZmNpTnN0UDZ6MjNsUXVIK1pCaE5Bb0dCQUkwawpGcU9TNC9jNjdXS3dCN3oxYkJCeXZvdUFlcWlmVVlKOVlDQnZyWWhrMGphL3NqZUFKM2cxRUNTSCtldURaUlBaCk9DaWc2VnhUemRJc003Q0RJYTdNTU40aGxFTGFKWk5UdjRFYjZTamVwMTh6RXRCUWgzUTFqK29ub1MzZEI5TU8KN3hQMGw0TjM1dVp4Vk1FcUQ5Nys3UXB2Zk5DUk5VNzdoYmNuVS9DN0FvR0FiT2FaSTU3alVpRTl0SFdaODg0dQpuaXZaUmpPM0xBS0s5cVNKUC9TSjdCNENSbndwY2JObUZUTFdnd1FJUEdzdkwvSXlXbSs4UFF2dzZ0Y2VUdVFjCjBQS2k1eld0UGpwVUVpRXZGM3JPaUdqaG15U2VVQUw0Vld0QUQ4ZmgzY0I3Sk9KcEdQNm5uU3BRbE8rMEo5d1IKalhvV2VmM3lCd2RzcGFPM1Yrd3Vrb2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +kind: Secret +metadata: + name: pixiu-localstorage-cert + namespace: kube-system +type: kubernetes.io/tls diff --git a/deploy/v1.0.3/ls-service.yaml b/deploy/v1.0.3/ls-service.yaml new file mode 100644 index 0000000..2dec307 --- /dev/null +++ b/deploy/v1.0.3/ls-service.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: Service +metadata: + name: pixiu-ls-controller + namespace: kube-system +spec: + ports: + - name: tcp-8443 + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app: pixiu-ls-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + name: pixiu-ls-scheduler + namespace: kube-system +spec: + ports: + - name: tcp-8090 + nodePort: 30666 + port: 8090 + protocol: TCP + targetPort: 8090 + selector: + app: pixiu-ls-scheduler + type: NodePort diff --git a/deploy/v1.0.3/ls-webhookconfiguration.yaml b/deploy/v1.0.3/ls-webhookconfiguration.yaml new file mode 100644 index 0000000..6a753e9 --- /dev/null +++ b/deploy/v1.0.3/ls-webhookconfiguration.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: pixiu-ls-mutating-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURwekNDQW8rZ0F3SUJBZ0lVRURBYzkwa1dVUXN5UmJodThlUitzOFlHR3Y4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0lURWZNQjBHQTFVRUF3d1djR2w0YVhVdGJITXRZMjl1ZEhKdmJHeGxjaUJEUVRBZ0Z3MHlNekEzTVRNeApNekl5TWpaYUdBOHlNVEl6TURZeE9URXpNakl5Tmxvd0xqRXNNQ29HQTFVRUF3d2pjR2w0YVhVdGJITXRZMjl1CmRISnZiR3hsY2k1cmRXSmxMWE41YzNSbGJTNXpkbU13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXcKZ2dFS0FvSUJBUUN5d1dZcHFGekFlaS9oL2pBMjFFOWJIZ1NhcjJBTnJNQlcrRk5vOUJCMG9FLytXZkpRejRlaQowVnNuWGpVdTNHTm5ZR1BVMU81ZTdibmtEYjRhOGRremUyZzc1aEFWZ25ldXJFSERuemVVdkpHdnBOZ3dMSFNHClprbERSQkJoTDJJTEVVZkl5bWNnV21mZGtFL2d2M1dTcFowdWdZSnYrR1F1ZmFiNW5lT3ZZYWpyS3pOZFIzb1MKZ0pyUDNzMkNUdU1lcnNIdGtsVWxhZlZNK3ltNlhWSjZXV25veEE3akhUYjJ5OGNkSFdYTmZYVjFuUlhONENkeApXRWFubk9SS0lIc3l4cXdzUXRGYUx6R0hzekhiVTA5VzJYeTNIZ1gxVDFsQzBCSFNlYUdjNHV6cEpQK3VSRzMwCk1GSXNTclhSY2RRckNSakszM0VJWW1TVWVRdkd0Um03QWdNQkFBR2pnY2N3Z2NRd0NRWURWUjBUQkFJd0FEQUwKQmdOVkhROEVCQU1DQmVBd2FnWURWUjBSQkdNd1lZSVRjR2w0YVhVdGJITXRZMjl1ZEhKdmJHeGxjb0lmY0dsNAphWFV0YkhNdFkyOXVkSEp2Ykd4bGNpNXJkV0psTFhONWMzUmxiWUlqY0dsNGFYVXRiSE10WTI5dWRISnZiR3hsCmNpNXJkV0psTFhONWMzUmxiUzV6ZG1PSEJIOEFBQUV3SFFZRFZSME9CQllFRkwwdFZSOGNiTnBTWnF6K3E5ZjAKdWlERXV3eEhNQjhHQTFVZEl3UVlNQmFBRlB4T1FkcmRuOXJjSkVVa3VLRVprWVFBRElXaE1BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFpeG03cEZvOHU2S2FnL0NoMndjaGtTRHVUZXNqRlNDQVpsc01JTkk3dFptTnFadVliCmVJeEZUSEorKzkrVmlNRXJCQ0xhanU4VVorUExlN2p4Mm01UGYvbEY0NDZRdi9EUkhuYlVlS1d6NkRXamhBTngKMFJjalpRVXNMZE9BaUxtYmZvOTBjZnorcjc3KzduZzN6NitPSlpPSCtYWnVOUFM1Z2lUQTdYMmpLSUFQazJCcwpNcGFscVpETElFczFWM3BTaFdCTFZYa1FZeEFBUGJRaG1VTHJUMDNXdmRUOTZEeURiM0gvcHFhb0ZsK0RPMCt3CktwdFZQNW5vVVg1eVRWSG5pMnRldkttbHZwb0Z4RUVDMmFnd3RNeGpaK0EzUGV6YzAzVnhyZllzb0cyNU4xN3IKaGp4STJBQStCZ2g0dm1GRzkvM2E0VE1nbHVWOGlDa0dqQUp2Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: pixiu-ls-controller + namespace: kube-system + path: /mutate-v1-localstorage + port: 443 + failurePolicy: Fail + matchPolicy: Equivalent + name: webhook.pixiu.io + namespaceSelector: {} + objectSelector: {} + reinvocationPolicy: Never + rules: + - apiGroups: + - storage.caoyingjunz.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - localstorages + scope: '*' + sideEffects: None + timeoutSeconds: 10 + +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: pixiu-ls-validating-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURwekNDQW8rZ0F3SUJBZ0lVRURBYzkwa1dVUXN5UmJodThlUitzOFlHR3Y4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0lURWZNQjBHQTFVRUF3d1djR2w0YVhVdGJITXRZMjl1ZEhKdmJHeGxjaUJEUVRBZ0Z3MHlNekEzTVRNeApNekl5TWpaYUdBOHlNVEl6TURZeE9URXpNakl5Tmxvd0xqRXNNQ29HQTFVRUF3d2pjR2w0YVhVdGJITXRZMjl1CmRISnZiR3hsY2k1cmRXSmxMWE41YzNSbGJTNXpkbU13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXcKZ2dFS0FvSUJBUUN5d1dZcHFGekFlaS9oL2pBMjFFOWJIZ1NhcjJBTnJNQlcrRk5vOUJCMG9FLytXZkpRejRlaQowVnNuWGpVdTNHTm5ZR1BVMU81ZTdibmtEYjRhOGRremUyZzc1aEFWZ25ldXJFSERuemVVdkpHdnBOZ3dMSFNHClprbERSQkJoTDJJTEVVZkl5bWNnV21mZGtFL2d2M1dTcFowdWdZSnYrR1F1ZmFiNW5lT3ZZYWpyS3pOZFIzb1MKZ0pyUDNzMkNUdU1lcnNIdGtsVWxhZlZNK3ltNlhWSjZXV25veEE3akhUYjJ5OGNkSFdYTmZYVjFuUlhONENkeApXRWFubk9SS0lIc3l4cXdzUXRGYUx6R0hzekhiVTA5VzJYeTNIZ1gxVDFsQzBCSFNlYUdjNHV6cEpQK3VSRzMwCk1GSXNTclhSY2RRckNSakszM0VJWW1TVWVRdkd0Um03QWdNQkFBR2pnY2N3Z2NRd0NRWURWUjBUQkFJd0FEQUwKQmdOVkhROEVCQU1DQmVBd2FnWURWUjBSQkdNd1lZSVRjR2w0YVhVdGJITXRZMjl1ZEhKdmJHeGxjb0lmY0dsNAphWFV0YkhNdFkyOXVkSEp2Ykd4bGNpNXJkV0psTFhONWMzUmxiWUlqY0dsNGFYVXRiSE10WTI5dWRISnZiR3hsCmNpNXJkV0psTFhONWMzUmxiUzV6ZG1PSEJIOEFBQUV3SFFZRFZSME9CQllFRkwwdFZSOGNiTnBTWnF6K3E5ZjAKdWlERXV3eEhNQjhHQTFVZEl3UVlNQmFBRlB4T1FkcmRuOXJjSkVVa3VLRVprWVFBRElXaE1BMEdDU3FHU0liMwpEUUVCQ3dVQUE0SUJBUUFpeG03cEZvOHU2S2FnL0NoMndjaGtTRHVUZXNqRlNDQVpsc01JTkk3dFptTnFadVliCmVJeEZUSEorKzkrVmlNRXJCQ0xhanU4VVorUExlN2p4Mm01UGYvbEY0NDZRdi9EUkhuYlVlS1d6NkRXamhBTngKMFJjalpRVXNMZE9BaUxtYmZvOTBjZnorcjc3KzduZzN6NitPSlpPSCtYWnVOUFM1Z2lUQTdYMmpLSUFQazJCcwpNcGFscVpETElFczFWM3BTaFdCTFZYa1FZeEFBUGJRaG1VTHJUMDNXdmRUOTZEeURiM0gvcHFhb0ZsK0RPMCt3CktwdFZQNW5vVVg1eVRWSG5pMnRldkttbHZwb0Z4RUVDMmFnd3RNeGpaK0EzUGV6YzAzVnhyZllzb0cyNU4xN3IKaGp4STJBQStCZ2g0dm1GRzkvM2E0VE1nbHVWOGlDa0dqQUp2Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + service: + name: pixiu-ls-controller + namespace: kube-system + path: /validate-v1-localstorage + port: 443 + failurePolicy: Fail + matchPolicy: Equivalent + name: webhook.pixiu.io + namespaceSelector: {} + objectSelector: {} + rules: + - apiGroups: + - storage.caoyingjunz.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - localstorages + scope: '*' + sideEffects: None + timeoutSeconds: 10