Comments (8)
Hey @aivanov-citc,
I just looked at the problem and found out a few things.
There is already a --namespace
flag in the plugin (see here). The flag is used for provisioner pod to be deployed in the given namespace: https://github.com/metal-stack/csi-driver-lvm/blob/v0.5.2/pkg/lvm/lvm.go#L395.
The flag is set through the helm-chart automatically: https://github.com/metal-stack/helm-charts/blob/v0.3.32/charts/csi-driver-lvm/templates/plugin.yaml#L176. Did you deploy this project through our helm repo? Otherwise, maybe you missed setting the existing --namespace
flag for the lvm plugin?
In #93, I created a branch that activates Pod Security on the Kind cluster. For the integration tests, I deployed the driver to a dedicated csi-driver-lvm
namespace. During the integration tests, you can see that the provisioner pods are correctly deployed to the same plugin's namespace and not to the default namespace:
❯ k get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
csi-driver-lvm create-pvc-7a7013ea-1b39-464d-baf7-50dad87a356b 0/1 ContainerCreating 0 1s
csi-driver-lvm csi-driver-lvm-controller-0 3/3 Running 0 9s
csi-driver-lvm csi-driver-lvm-plugin-b4265 3/3 Running 0 9s
default volume-test 0/1 Pending 0 1s
default volume-test-inline-xfs 0/1 Terminating 0 49m
from csi-driver-lvm.
It is up to you where the provisioner is deployed, the driver itself has not preference
from csi-driver-lvm.
We did several checks on deploying test pods to different namespaces and made sure that the provisioner pod always runs in the "default" namespace.
How can we manage it?
from csi-driver-lvm.
We did several checks on deploying test pods to different namespaces and made sure that the provisioner pod always runs in the "default" namespace. How can we manage it?
I have problems understanding what you are aiming for, maybe you can create a PR which shows the Problem.
from csi-driver-lvm.
I'm trying to deploy a test pod
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: csi-lvm-system
spec:
containers:
- name: hello-container
image: busybox
command: ["sh","-c","sleep 3600"]
volumeMounts:
- mountPath: /mnt/store
name: storage
volumes:
- name: storage
persistentVolumeClaim:
claimName: storage-claim
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: storage-claim
namespace: csi-lvm-system
spec:
storageClassName: csi-driver-lvm-linear
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
In whatever namespace I deploy this pod to "default", "test", "csi-lvm-system", the pod responsible for creating lv (create-pvc- ххххххх) is always deployed in the "default" namespace. Since "create-pvc-ххххххх" is privileged, it would be logical to create it in the namespace of the "csi-lvm-system" driver itself, apply annotations only to it, and not to the default namespace
$ kubectl get pods -A
csi-lvm-system busybox 0/1 Pending 0 2s
default create-pvc-dd2780e5-8b79-4620-b9c9-c5420a76abf0 0/1 ContainerCreating 0 1s
from csi-driver-lvm.
Maybe we can just create a pull request for a flag (--namespace
), which passes the namespace on to the provisioner pod metadata.
We can use environment field refs for injecting the namespace in our manifests and helm-charts like:
- name: CSI_DRIVER_LVM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
This resolves the problem, right?
from csi-driver-lvm.
I think yes, it does. Thank you
from csi-driver-lvm.
Hey @Gerrit91.
So it is, I'm sorry, I did not see it. I close issue.
from csi-driver-lvm.
Related Issues (20)
- csi-driver-lvm-plugin fails to mount /lib/modules directory HOT 5
- Implement VolumeSnapshotClass for backup and restore HOT 3
- [BUG] Example files provisioner name inconsistent HOT 1
- tags on volumegroups
- helm install CSIDriver.spec validation error HOT 4
- Resize failing despite free VG space HOT 2
- Multiple deprecatation warning during deployment
- How to limit nodes that cdi-driver is trying to provision a volume to? HOT 2
- [Enhancment] Support for LVM-HA HOT 5
- Kubernetes 1.22 and v1beta1 versus v1 HOT 4
- unable to activate logical volumes: Volume group "csi-lvm" not found HOT 2
- PVCs pending with WaitForFirstConsumer on fresh install HOT 5
- Dockerfile dependency packages questions HOT 8
- chmod 0777 causes recursively setting volume ownership even with fsGroupChangePolicy: OnRootMismatch HOT 2
- [new feature request] add clone volume function HOT 2
- Feature Request: hashicorp nomad support HOT 4
- /etc/lvm/archive not mapping, possible data loss HOT 2
- Read-only filesystems are not supported HOT 4
- Operator documentation + resize + adding new volumes HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csi-driver-lvm.