# SOURCE: https://install.portworx.com/2.3?mc=false&kbver=1.11.0%2Bd4cacc0&b=true&s=%2Fdev%2Fmapper%2Fpx_vg-px_storage&md=%2Fdev%2Fmapper%2Fpvdb_vg-pvdb_meta&m=ens192&d=ens192&c=px-cluster-720c8731-71f3-40bb-9ca5-32b929480cc4&osft=true&stork=true&lh=true&st=k8s --- kind: Service apiVersion: v1 metadata: name: portworx-service namespace: kube-system labels: name: portworx spec: selector: name: portworx type: ClusterIP ports: - name: px-api protocol: TCP port: 9001 targetPort: 9001 - name: px-kvdb protocol: TCP port: 9019 targetPort: 9019 - name: px-sdk protocol: TCP port: 9020 targetPort: 9020 - name: px-rest-gateway protocol: TCP port: 9021 targetPort: 9021 --- apiVersion: v1 kind: ServiceAccount metadata: name: px-account namespace: kube-system --- apiVersion: apps/v1 kind: DaemonSet metadata: name: portworx namespace: kube-system labels: name: portworx annotations: portworx.com/install-source: "https://install.portworx.com/2.3?mc=false&kbver=1.11.0%2Bd4cacc0&b=true&s=%2Fdev%2Fmapper%2Fpx_vg-px_storage&md=%2Fdev%2Fmapper%2Fpvdb_vg-pvdb_meta&m=ens192&d=ens192&c=px-cluster-720c8731-71f3-40bb-9ca5-32b929480cc4&osft=true&stork=true&lh=true&st=k8s" spec: selector: matchLabels: name: portworx minReadySeconds: 0 updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 template: metadata: labels: name: portworx spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: px/enabled operator: NotIn values: - "false" - key: node-role.kubernetes.io/infra operator: DoesNotExist - key: node-role.kubernetes.io/master operator: DoesNotExist hostNetwork: true hostPID: false containers: - name: portworx image: portworx/oci-monitor:3.1.0 imagePullPolicy: Always args: ["-c", "px-cluster-720c8731-71f3-40bb-9ca5-32b929480cc4", "-d", "ens192", "-m", "ens192", "-s", "/dev/mapper/px_vg-px_storage", "-secret_type", "k8s", "-metadata", "/dev/mapper/pvdb_vg-pvdb_meta", "-b", "-x", "kubernetes"] env: - name: "PX_TEMPLATE_VERSION" value: "v4" - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: PX_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace livenessProbe: periodSeconds: 30 initialDelaySeconds: 840 # allow image pull in slow networks httpGet: host: 127.0.0.1 path: /status port: 9001 readinessProbe: periodSeconds: 10 httpGet: host: 127.0.0.1 path: /health port: 9015 terminationMessagePath: "/tmp/px-termination-log" securityContext: privileged: true volumeMounts: - name: diagsdump mountPath: /var/cores - name: dockersock mountPath: /var/run/docker.sock - name: containerddir mountPath: /run/containerd - name: containerdvardir mountPath: /var/lib/containerd - name: criosock mountPath: /var/run/crio - name: etcpwx mountPath: /etc/pwx - name: dev mountPath: /dev - name: optpwx mountPath: /opt/pwx - name: procmount mountPath: /host_proc - name: sysdmount mountPath: /etc/systemd/system - name: journalmount1 mountPath: /var/run/log readOnly: true - name: journalmount2 mountPath: /var/log readOnly: true - name: dbusmount mountPath: /var/run/dbus restartPolicy: Always serviceAccountName: px-account volumes: - name: diagsdump hostPath: path: /var/cores - name: dockersock hostPath: path: /var/run/docker.sock - name: containerddir hostPath: path: /run/containerd - name: containerdvardir hostPath: path: /var/lib/containerd - name: criosock hostPath: path: /var/run/crio - name: etcpwx hostPath: path: /etc/pwx - name: dev hostPath: path: /dev - name: optpwx hostPath: path: /opt/pwx - name: procmount hostPath: path: /proc - name: sysdmount hostPath: path: /etc/systemd/system - name: journalmount1 hostPath: path: /var/run/log - name: journalmount2 hostPath: path: /var/log - name: dbusmount hostPath: path: /var/run/dbus --- kind: Service apiVersion: v1 metadata: name: portworx-api namespace: kube-system labels: name: portworx-api spec: selector: name: portworx-api type: ClusterIP ports: - name: px-api protocol: TCP port: 9001 targetPort: 9001 - name: px-sdk protocol: TCP port: 9020 targetPort: 9020 - name: px-rest-gateway protocol: TCP port: 9021 targetPort: 9021 --- apiVersion: apps/v1 kind: DaemonSet metadata: name: portworx-api namespace: kube-system labels: name: portworx-api spec: selector: matchLabels: name: portworx-api minReadySeconds: 0 updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 100% template: metadata: labels: name: portworx-api spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: px/enabled operator: NotIn values: - "false" - key: node-role.kubernetes.io/infra operator: DoesNotExist - key: node-role.kubernetes.io/master operator: DoesNotExist hostNetwork: true hostPID: false containers: - name: portworx-api image: registry.k8s.io/pause:3.1 imagePullPolicy: Always readinessProbe: periodSeconds: 10 httpGet: host: 127.0.0.1 path: /status port: 9001 restartPolicy: Always serviceAccountName: px-account --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: volumeplacementstrategies.portworx.io spec: group: portworx.io versions: - name: v1beta2 served: true storage: true - name: v1beta1 served: false storage: false scope: Cluster names: plural: volumeplacementstrategies singular: volumeplacementstrategy kind: VolumePlacementStrategy shortNames: - vps - vp validation: openAPIV3Schema: type: object required: - spec properties: spec: type: object description: The desired spec of the volume placement strategy properties: replicaAffinity: type: array description: Allows you to specify a rule which creates an affinity for replicas within a volume items: type: object properties: affected_replicas: type: integer description: The number of volume replicas affected by the replica affinity enforcement: type: string enum: - required - preferred description: Specifies if the given rule is required (hard) or preferred (soft) topologyKey: type: string minLength: 1 description: Key for the node label that the system uses to denote a topology domain. The key can be for any node label that is present on the Kubernetes node. matchExpressions: description: Expression to use for the replica affinity rule type: array items: type: object properties: key: type: string minLength: 1 operator: type: string enum: - In - NotIn - Exists - DoesNotExist - Lt - Gt description: The logical operator to use for comparing the key and values in the match expression values: type: array items: type: string required: - key - operator replicaAntiAffinity: type: array description: Allows you to specify a rule that creates an anti-affinity for replicas within a volume items: type: object properties: affected_replicas: type: integer description: The number of volume replicas affected by the replica anti affinity enforcement: type: string enum: - required - preferred description: Specifies if the given rule is required (hard) or preferred (soft) topologyKey: type: string minLength: 1 description: Key for the node label that the system uses to denote a topology domain. The key can be for any node label that is present on the Kubernetes node. required: - topologyKey volumeAffinity: type: array description: Allows you to colocate volumes by specifying rules that place replicas of a volume together with those of another volume for which the specified labels match items: type: object properties: enforcement: type: string enum: - required - preferred description: Specifies if the given rule is required (hard) or preferred (soft) topologyKey: type: string minLength: 1 description: Key for the node label that the system uses to denote a topology domain. The key can be for any node label that is present on the Kubernetes node. matchExpressions: description: Expression to use for the volume affinity rule type: array items: type: object properties: key: type: string minLength: 1 operator: type: string enum: - In - NotIn - Exists - DoesNotExist - Lt - Gt description: The logical operator to use for comparing the key and values in the match expression values: type: array items: type: string required: - key - operator required: - matchExpressions volumeAntiAffinity: type: array description: Allows you to specify dissociation rules between 2 or more volumes that match the given labels items: type: object properties: enforcement: type: string enum: - required - preferred description: Specifies if the given rule is required (hard) or preferred (soft) topologyKey: type: string minLength: 1 description: Key for the node label that the system uses to denote a topology domain. The key can be for any node label that is present on the Kubernetes node. matchExpressions: description: Expression to use for the volume anti affinity rule type: array items: type: object properties: key: type: string minLength: 1 operator: type: string enum: - In - NotIn - Exists - DoesNotExist - Lt - Gt description: The logical operator to use for comparing the key and values in the match expression values: type: array items: type: string required: - key - operator required: - matchExpressions --- --- apiVersion: v1 kind: Namespace metadata: name: portworx --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-role namespace: portworx rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "create", "update", "patch", "delete"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-role-binding namespace: portworx subjects: - kind: ServiceAccount name: px-account namespace: kube-system roleRef: kind: Role name: px-role apiGroup: rbac.authorization.k8s.io --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-role namespace: kube-system rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "create", "update", "patch", "delete"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-role-binding namespace: kube-system subjects: - kind: ServiceAccount name: px-account namespace: kube-system roleRef: kind: Role name: px-role apiGroup: rbac.authorization.k8s.io --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: node-get-put-list-role rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["nodes"] verbs: ["watch", "get", "update", "list"] - apiGroups: [""] resources: ["pods"] verbs: ["delete", "get", "list", "watch", "update"] - apiGroups: [""] resources: ["persistentvolumeclaims", "persistentvolumes"] verbs: ["get", "list", "create", "delete", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses", "csinodes"] verbs: ["get", "list"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "create", "delete", "update"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "update", "create"] - apiGroups: [""] resources: ["services"] verbs: ["get", "list", "create", "update", "delete"] - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "list", "create", "update", "delete"] - apiGroups: ["extensions"] resources: ["podsecuritypolicies"] resourceNames: ["privileged"] verbs: ["use"] - apiGroups: ["portworx.io"] resources: ["volumeplacementstrategies"] verbs: ["get", "list"] - apiGroups: ["stork.libopenstorage.org"] resources: ["backuplocations"] verbs: ["get", "list"] - apiGroups: ["core.libopenstorage.org"] resources: ["*"] verbs: ["*"] - apiGroups: ["", "events.k8s.io"] resources: ["events"] verbs: ["get", "watch", "list", "delete", "update", "create"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: node-role-binding subjects: - kind: ServiceAccount name: px-account namespace: kube-system roleRef: kind: ClusterRole name: node-get-put-list-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: name: stork-account namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: tier: control-plane name: stork namespace: kube-system spec: selector: matchLabels: name: stork strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate replicas: 3 template: metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: name: stork tier: control-plane spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "name" operator: In values: - stork topologyKey: "kubernetes.io/hostname" hostPID: false containers: - command: - /stork - --driver=pxd - --verbose - --leader-elect=true - --health-monitor-interval=120 - --webhook-controller=true image: openstorage/stork:23.11.1 imagePullPolicy: Always env: - name: "PX_SERVICE_NAME" value: "portworx-api" resources: requests: cpu: '0.1' name: stork serviceAccountName: stork-account --- kind: Service apiVersion: v1 metadata: name: stork-service namespace: kube-system spec: selector: name: stork ports: - name: extender protocol: TCP port: 8099 targetPort: 8099 - name: webhook protocol: TCP port: 443 targetPort: 443 --- apiVersion: v1 kind: ConfigMap metadata: name: stork-config namespace: kube-system data: policy.cfg: |- { "kind": "Policy", "apiVersion": "v1", "extenders": [ { "urlPrefix": "http://stork-service.kube-system:8099", "apiVersion": "v1beta1", "filterVerb": "filter", "prioritizeVerb": "prioritize", "weight": 5, "enableHttps": false, "nodeCacheCapable": false, "httpTimeout": 300000000000 } ] } --- apiVersion: v1 kind: ServiceAccount metadata: name: stork-scheduler-account namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: labels: component: scheduler tier: control-plane name: stork-scheduler name: stork-scheduler namespace: kube-system spec: selector: matchLabels: name: stork-scheduler replicas: 3 template: metadata: labels: component: scheduler tier: control-plane name: stork-scheduler name: stork-scheduler spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "name" operator: In values: - stork-scheduler topologyKey: "kubernetes.io/hostname" hostPID: false containers: - command: - /usr/local/bin/kube-scheduler - --address=0.0.0.0 - --leader-elect=true - --scheduler-name=stork - --policy-configmap=stork-config - --policy-configmap-namespace=kube-system - --lock-object-name=stork-scheduler image: gcr.io/google_containers/kube-scheduler-amd64:v1.11.0 imagePullPolicy: Always livenessProbe: httpGet: path: /healthz port: 10251 scheme: HTTP initialDelaySeconds: 15 name: stork-scheduler readinessProbe: httpGet: path: /healthz port: 10251 scheme: HTTP resources: requests: cpu: '0.1' serviceAccountName: stork-scheduler-account --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-scheduler-role rules: - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "create", "update"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "watch"] - apiGroups: ["", "events.k8s.io"] resources: ["events"] verbs: ["get", "list", "watch", "create", "update", "patch"] - apiGroups: [""] resourceNames: ["kube-scheduler"] resources: ["endpoints"] verbs: ["delete", "get", "patch", "update"] - apiGroups: [""] resources: ["nodes", "namespaces"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["pods"] verbs: ["delete", "get", "list", "watch"] - apiGroups: [""] resources: ["bindings", "pods/binding"] verbs: ["create"] - apiGroups: [""] resources: ["pods/status"] verbs: ["patch", "update"] - apiGroups: [""] resources: ["replicationcontrollers", "services"] verbs: ["get", "list", "watch"] - apiGroups: ["apps", "extensions"] resources: ["replicasets"] verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: ["statefulsets"] verbs: ["get", "list", "watch"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims", "persistentvolumes"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses", "csinodes","csidrivers", "csistoragecapacities"] verbs: ["get", "list", "watch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["create", "update", "get", "list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-scheduler-role-binding subjects: - kind: ServiceAccount name: stork-scheduler-account namespace: kube-system roleRef: kind: ClusterRole name: stork-scheduler-role apiGroup: rbac.authorization.k8s.io --- kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: stork-snapshot-sc provisioner: stork-snapshot --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-role rules: - apiGroups: ["*"] resources: ["*"] verbs: ["*"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-role-binding subjects: - kind: ServiceAccount name: stork-account namespace: kube-system roleRef: kind: ClusterRole name: stork-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: name: portworx-pvc-controller-account namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: tier: control-plane name: portworx-pvc-controller namespace: kube-system spec: selector: matchLabels: name: portworx-pvc-controller replicas: 3 strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: name: portworx-pvc-controller tier: control-plane spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "name" operator: In values: - portworx-pvc-controller topologyKey: "kubernetes.io/hostname" hostNetwork: true containers: - command: - kube-controller-manager - --leader-elect=true - --address=0.0.0.0 - --controllers=persistentvolume-binder,persistentvolume-expander - --use-service-account-credentials=true image: gcr.io/google_containers/kube-controller-manager-amd64:v1.11.0 imagePullPolicy: Always livenessProbe: failureThreshold: 8 httpGet: host: 127.0.0.1 path: /healthz port: 10252 scheme: HTTP initialDelaySeconds: 15 timeoutSeconds: 15 name: portworx-pvc-controller-manager resources: requests: cpu: 200m serviceAccountName: portworx-pvc-controller-account --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: portworx-pvc-controller-role rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["create","delete","get","list","update","watch"] - apiGroups: [""] resources: ["persistentvolumes/status"] verbs: ["update"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "update", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims/status"] verbs: ["update"] - apiGroups: [""] resources: ["pods"] verbs: ["create", "delete", "get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["endpoints", "services"] verbs: ["create", "delete", "get", "update"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["", "events.k8s.io"] resources: ["events"] verbs: ["get", "list", "watch", "create", "update", "patch"] - apiGroups: [""] resources: ["serviceaccounts"] verbs: ["get", "create"] - apiGroups: [""] resources: ["serviceaccounts/token"] verbs: ["create"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "create", "update", "list", "watch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["create", "update", "get", "list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: portworx-pvc-controller-role-binding subjects: - kind: ServiceAccount name: portworx-pvc-controller-account namespace: kube-system roleRef: kind: ClusterRole name: portworx-pvc-controller-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ConfigMap metadata: name: autopilot-config namespace: kube-system data: config.yaml: |- providers: - name: default type: prometheus params: url=http://prometheus:9090 min_poll_interval: 2 --- apiVersion: v1 kind: ServiceAccount metadata: name: autopilot-account namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: tier: control-plane name: autopilot namespace: kube-system spec: selector: matchLabels: name: autopilot strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate replicas: 1 template: metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: name: autopilot tier: control-plane spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "name" operator: In values: - autopilot topologyKey: "kubernetes.io/hostname" hostPID: false containers: - command: - /autopilot - -f - ./etc/config/config.yaml - -log-level - debug imagePullPolicy: Always image: portworx/autopilot:1.3.14 resources: requests: cpu: '0.1' securityContext: privileged: false name: autopilot volumeMounts: - name: config-volume mountPath: /etc/config serviceAccountName: autopilot-account volumes: - name: config-volume configMap: name: autopilot-config items: - key: config.yaml path: config.yaml --- apiVersion: v1 kind: Service metadata: name: autopilot namespace: kube-system labels: name: autopilot-service spec: ports: - name: autopilot protocol: TCP port: 9628 selector: name: autopilot tier: control-plane --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: autopilot-role rules: - apiGroups: ["*"] resources: ["*"] verbs: ["*"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: autopilot-role-binding subjects: - kind: ServiceAccount name: autopilot-account namespace: kube-system roleRef: kind: ClusterRole name: autopilot-role apiGroup: rbac.authorization.k8s.io