From 4e0ee7621a1a8d445abb2e9dbfc2267ead28ae6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Thu, 18 May 2017 17:27:17 +0100 Subject: [PATCH] working on setup --- setup/pod.yaml | 8 +++-- setup/roles.yaml | 69 +++++++++++--------------------------- setup/service-account.yaml | 4 +++ setup/setup.sh | 7 ++++ 4 files changed, 37 insertions(+), 51 deletions(-) create mode 100644 setup/service-account.yaml create mode 100644 setup/setup.sh diff --git a/setup/pod.yaml b/setup/pod.yaml index 58c495c..3322e5b 100644 --- a/setup/pod.yaml +++ b/setup/pod.yaml @@ -8,14 +8,18 @@ spec: image: hostpath-provisioner:latest imagePullPolicy: "IfNotPresent" env: + - name: HOSTPATH_TO_USE + value: /var/openshift/ - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: pv-volume - mountPath: /tmp/hostpath-provisioner + mountPath: /var/openshift volumes: - name: pv-volume hostPath: - path: /tmp/hostpath-provisioner + path: /var/openshift + serviceAccount: hostpath-provisioner + diff --git a/setup/roles.yaml b/setup/roles.yaml index d1cebdf..bede5e8 100644 --- a/setup/roles.yaml +++ b/setup/roles.yaml @@ -1,49 +1,20 @@ -- apiVersion: rbac.authorization.k8s.io/v1beta1 - kind: ClusterRole - metadata: - creationTimestamp: null - labels: - kubernetes.io/bootstrapping: rbac-defaults - name: system:persistent-volume-provisioner - rules: - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - update - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update +kind: ClusterRole +apiVersion: v1 +metadata: + name: hostpath-provisioner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["services", "endpoints"] + verbs: ["get"] diff --git a/setup/service-account.yaml b/setup/service-account.yaml new file mode 100644 index 0000000..3df2ee4 --- /dev/null +++ b/setup/service-account.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hostpath-provisioner diff --git a/setup/setup.sh b/setup/setup.sh new file mode 100644 index 0000000..c9fe8be --- /dev/null +++ b/setup/setup.sh @@ -0,0 +1,7 @@ +oc create -f service-account.yaml +oc create -f roles.yaml +# oc adm policy add-scc-to-user hostmount-anyuid system:serviceaccount:test-provisioner:hostpath-provisioner +# oc adm policy add-cluster-role-to-user hostpath-provisioner-runner system:serviceaccount:test-provisioner:hostpath-provisioner + +oc create -f pod.yaml +oc create -f class.yaml