# SOURCE: https://install.portworx.com/2.5?mc=false&kbver=1.18.2&oem=esse&user=d4f15375-d0bb-11ea-a2c5-c24e499c7467&b=true&f=true&j=auto&c=px-cluster-a09d6d11-b585-424f-ad96-08dd5d07b079&stork=true&lh=true&st=k8s --- kind: Service apiVersion: v1 metadata: name: portworx-service namespace: kube-system labels: name: portworx spec: selector: name: portworx type: ClusterIP ports: - name: px-api protocol: TCP port: 9001 targetPort: 9001 - name: px-kvdb protocol: TCP port: 9019 targetPort: 9019 - name: px-sdk protocol: TCP port: 9020 targetPort: 9020 - name: px-rest-gateway protocol: TCP port: 9021 targetPort: 9021 --- apiVersion: v1 kind: ServiceAccount metadata: name: px-account namespace: kube-system --- apiVersion: v1 kind: Secret metadata: name: px-essential namespace: kube-system data: px-essen-user-id: ZDRmMTUzNzUtZDBiYi0xMWVhLWEyYzUtYzI0ZTQ5OWM3NDY3 px-osb-endpoint: aHR0cHM6Ly9weGVzc2VudGlhbHMucG9ydHdvcnguY29tL29zYi9iaWxsaW5nL3YxL3JlZ2lzdGVy --- apiVersion: apps/v1 kind: DaemonSet metadata: name: portworx namespace: kube-system labels: name: portworx annotations: portworx.com/install-source: "https://install.portworx.com/2.5?mc=false&kbver=1.18.2&oem=esse&user=d4f15375-d0bb-11ea-a2c5-c24e499c7467&b=true&f=true&j=auto&c=px-cluster-a09d6d11-b585-424f-ad96-08dd5d07b079&stork=true&lh=true&st=k8s" spec: selector: matchLabels: name: portworx minReadySeconds: 0 updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 template: metadata: labels: name: portworx spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: px/enabled operator: NotIn values: - "false" - key: node-role.kubernetes.io/master operator: DoesNotExist hostNetwork: true hostPID: false containers: - name: portworx image: portworx/oci-monitor:3.1.0 imagePullPolicy: Always args: ["-c", "px-cluster-a09d6d11-b585-424f-ad96-08dd5d07b079", "-A", "-f", "-secret_type", "k8s", "-j", "auto", "-b", "--oem", "esse", "-x", "kubernetes"] env: - name: "PX_TEMPLATE_VERSION" value: "v4" - name: NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: PX_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: CSI_ENDPOINT value: unix:///var/lib/kubelet/plugins/pxd.portworx.com/csi.sock livenessProbe: periodSeconds: 30 initialDelaySeconds: 840 # allow image pull in slow networks httpGet: host: 127.0.0.1 path: /status port: 9001 readinessProbe: periodSeconds: 10 httpGet: host: 127.0.0.1 path: /health port: 9015 terminationMessagePath: "/tmp/px-termination-log" securityContext: privileged: true volumeMounts: - name: diagsdump mountPath: /var/cores - name: dockersock mountPath: /var/run/docker.sock - name: containerddir mountPath: /run/containerd - name: containerdvardir mountPath: /var/lib/containerd - name: criosock mountPath: /var/run/crio - name: etcpwx mountPath: /etc/pwx - name: dev mountPath: /dev - name: optpwx mountPath: /opt/pwx - name: procmount mountPath: /host_proc - name: sysdmount mountPath: /etc/systemd/system - name: journalmount1 mountPath: /var/run/log readOnly: true - name: journalmount2 mountPath: /var/log readOnly: true - name: dbusmount mountPath: /var/run/dbus - name: csi-node-driver-registrar image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0 imagePullPolicy: Always args: - "--v=5" - "--csi-address=$(ADDRESS)" - "--kubelet-registration-path=/var/lib/kubelet/plugins/pxd.portworx.com/csi.sock" env: - name: ADDRESS value: /csi/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName securityContext: privileged: true volumeMounts: - name: csi-driver-path mountPath: /csi - name: registration-dir mountPath: /registration restartPolicy: Always serviceAccountName: px-account volumes: - name: diagsdump hostPath: path: /var/cores - name: dockersock hostPath: path: /var/run/docker.sock - name: containerddir hostPath: path: /run/containerd - name: containerdvardir hostPath: path: /var/lib/containerd - name: criosock hostPath: path: /var/run/crio - name: etcpwx hostPath: path: /etc/pwx - name: dev hostPath: path: /dev - name: registration-dir hostPath: path: /var/lib/kubelet/plugins_registry type: DirectoryOrCreate - name: csi-driver-path hostPath: path: /var/lib/kubelet/plugins/pxd.portworx.com type: DirectoryOrCreate - name: optpwx hostPath: path: /opt/pwx - name: procmount hostPath: path: /proc - name: sysdmount hostPath: path: /etc/systemd/system - name: journalmount1 hostPath: path: /var/run/log - name: journalmount2 hostPath: path: /var/log - name: dbusmount hostPath: path: /var/run/dbus --- apiVersion: v1 kind: ServiceAccount metadata: name: px-csi-account namespace: kube-system --- kind: Service apiVersion: v1 metadata: name: px-csi-service namespace: kube-system spec: clusterIP: None --- kind: Deployment apiVersion: apps/v1 metadata: name: px-csi-ext namespace: kube-system spec: replicas: 3 selector: matchLabels: app: px-csi-driver template: metadata: labels: app: px-csi-driver spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: px/enabled operator: NotIn values: - "false" - key: node-role.kubernetes.io/master operator: DoesNotExist serviceAccount: px-csi-account containers: - name: csi-external-provisioner image: docker.io/openstorage/csi-provisioner:v2.2.2-1 imagePullPolicy: Always args: - "--v=3" - "--csi-address=$(ADDRESS)" - "--leader-election=true" - "--default-fstype=ext4" - "--extra-create-metadata=true" env: - name: ADDRESS value: /csi/csi.sock securityContext: privileged: true volumeMounts: - name: socket-dir mountPath: /csi - name: csi-snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 imagePullPolicy: Always args: - "--v=3" - "--csi-address=$(ADDRESS)" - "--leader-election=true" env: - name: ADDRESS value: /csi/csi.sock securityContext: privileged: true volumeMounts: - name: socket-dir mountPath: /csi - name: csi-snapshot-controller image: registry.k8s.io/sig-storage/snapshot-controller:v3.0.3 imagePullPolicy: Always args: - "--v=3" - "--leader-election=true" env: - name: ADDRESS value: /csi/csi.sock securityContext: privileged: true volumeMounts: - name: socket-dir mountPath: /csi - name: csi-resizer image: registry.k8s.io/sig-storage/csi-resizer:v1.9.1 imagePullPolicy: Always args: - "--v=3" - "--csi-address=$(ADDRESS)" - "--leader-election=true" env: - name: ADDRESS value: /csi/csi.sock securityContext: privileged: true volumeMounts: - name: socket-dir mountPath: /csi volumes: - name: socket-dir hostPath: path: /var/lib/kubelet/plugins/pxd.portworx.com type: DirectoryOrCreate --- kind: Service apiVersion: v1 metadata: name: portworx-api namespace: kube-system labels: name: portworx-api spec: selector: name: portworx-api type: ClusterIP ports: - name: px-api protocol: TCP port: 9001 targetPort: 9001 - name: px-sdk protocol: TCP port: 9020 targetPort: 9020 - name: px-rest-gateway protocol: TCP port: 9021 targetPort: 9021 --- apiVersion: apps/v1 kind: DaemonSet metadata: name: portworx-api namespace: kube-system labels: name: portworx-api spec: selector: matchLabels: name: portworx-api minReadySeconds: 0 updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: 100% template: metadata: labels: name: portworx-api spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: px/enabled operator: NotIn values: - "false" - key: node-role.kubernetes.io/master operator: DoesNotExist hostNetwork: true hostPID: false containers: - name: portworx-api image: registry.k8s.io/pause:3.1 imagePullPolicy: Always readinessProbe: periodSeconds: 10 httpGet: host: 127.0.0.1 path: /status port: 9001 restartPolicy: Always serviceAccountName: px-account --- apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: pxd.portworx.com spec: attachRequired: false podInfoOnMount: true volumeLifecycleModes: - Persistent - Ephemeral --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: volumeplacementstrategies.portworx.io spec: group: portworx.io versions: - name: v1beta2 served: true storage: true - name: v1beta1 served: false storage: false scope: Cluster names: plural: volumeplacementstrategies singular: volumeplacementstrategy kind: VolumePlacementStrategy shortNames: - vps - vp preserveUnknownFields: false validation: openAPIV3Schema: type: object required: - spec properties: spec: type: object description: The desired spec of the volume placement strategy properties: replicaAffinity: type: array description: Allows you to specify a rule which creates an affinity for replicas within a volume items: type: object properties: affected_replicas: type: integer description: The number of volume replicas affected by the replica affinity enforcement: type: string enum: - required - preferred description: Specifies if the given rule is required (hard) or preferred (soft) topologyKey: type: string minLength: 1 description: Key for the node label that the system uses to denote a topology domain. The key can be for any node label that is present on the Kubernetes node. matchExpressions: description: Expression to use for the replica affinity rule type: array items: type: object properties: key: type: string minLength: 1 operator: type: string enum: - In - NotIn - Exists - DoesNotExist - Lt - Gt description: The logical operator to use for comparing the key and values in the match expression values: type: array items: type: string required: - key - operator replicaAntiAffinity: type: array description: Allows you to specify a rule that creates an anti-affinity for replicas within a volume items: type: object properties: affected_replicas: type: integer description: The number of volume replicas affected by the replica anti affinity enforcement: type: string enum: - required - preferred description: Specifies if the given rule is required (hard) or preferred (soft) topologyKey: type: string minLength: 1 description: Key for the node label that the system uses to denote a topology domain. The key can be for any node label that is present on the Kubernetes node. required: - topologyKey volumeAffinity: type: array description: Allows you to colocate volumes by specifying rules that place replicas of a volume together with those of another volume for which the specified labels match items: type: object properties: enforcement: type: string enum: - required - preferred description: Specifies if the given rule is required (hard) or preferred (soft) topologyKey: type: string minLength: 1 description: Key for the node label that the system uses to denote a topology domain. The key can be for any node label that is present on the Kubernetes node. matchExpressions: description: Expression to use for the volume affinity rule type: array items: type: object properties: key: type: string minLength: 1 operator: type: string enum: - In - NotIn - Exists - DoesNotExist - Lt - Gt description: The logical operator to use for comparing the key and values in the match expression values: type: array items: type: string required: - key - operator required: - matchExpressions volumeAntiAffinity: type: array description: Allows you to specify dissociation rules between 2 or more volumes that match the given labels items: type: object properties: enforcement: type: string enum: - required - preferred description: Specifies if the given rule is required (hard) or preferred (soft) topologyKey: type: string minLength: 1 description: Key for the node label that the system uses to denote a topology domain. The key can be for any node label that is present on the Kubernetes node. matchExpressions: description: Expression to use for the volume anti affinity rule type: array items: type: object properties: key: type: string minLength: 1 operator: type: string enum: - In - NotIn - Exists - DoesNotExist - Lt - Gt description: The logical operator to use for comparing the key and values in the match expression values: type: array items: type: string required: - key - operator required: - matchExpressions --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.3.0 api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" creationTimestamp: null name: volumesnapshotclasses.snapshot.storage.k8s.io spec: group: snapshot.storage.k8s.io names: kind: VolumeSnapshotClass listKind: VolumeSnapshotClassList plural: volumesnapshotclasses singular: volumesnapshotclass scope: Cluster versions: - additionalPrinterColumns: - jsonPath: .driver name: Driver type: string - description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. jsonPath: .deletionPolicy name: DeletionPolicy type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1beta1 schema: openAPIV3Schema: description: VolumeSnapshotClass specifies parameters that a underlying storage system uses when creating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses are non-namespaced properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string deletionPolicy: description: deletionPolicy determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. Required. enum: - Delete - Retain type: string driver: description: driver is the name of the storage driver that handles this VolumeSnapshotClass. Required. type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string parameters: additionalProperties: type: string description: parameters is a key-value map with storage driver specific parameters for creating snapshots. These values are opaque to Kubernetes. type: object required: - deletionPolicy - driver type: object served: true storage: true subresources: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.3.0 api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" creationTimestamp: null name: volumesnapshotcontents.snapshot.storage.k8s.io spec: group: snapshot.storage.k8s.io names: kind: VolumeSnapshotContent listKind: VolumeSnapshotContentList plural: volumesnapshotcontents singular: volumesnapshotcontent scope: Cluster versions: - additionalPrinterColumns: - description: Indicates if a snapshot is ready to be used to restore a volume. jsonPath: .status.readyToUse name: ReadyToUse type: boolean - description: Represents the complete size of the snapshot in bytes jsonPath: .status.restoreSize name: RestoreSize type: integer - description: Determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. jsonPath: .spec.deletionPolicy name: DeletionPolicy type: string - description: Name of the CSI driver used to create the physical snapshot on the underlying storage system. jsonPath: .spec.driver name: Driver type: string - description: Name of the VolumeSnapshotClass to which this snapshot belongs. jsonPath: .spec.volumeSnapshotClassName name: VolumeSnapshotClass type: string - description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. jsonPath: .spec.volumeSnapshotRef.name name: VolumeSnapshot type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1beta1 schema: openAPIV3Schema: description: VolumeSnapshotContent represents the actual "on-disk" snapshot object in the underlying storage system properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string spec: description: spec defines properties of a VolumeSnapshotContent created by the underlying storage system. Required. properties: deletionPolicy: description: deletionPolicy determines whether this VolumeSnapshotContent and its physical snapshot on the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. In dynamic snapshot creation case, this field will be filled in with the "DeletionPolicy" field defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For pre-existing snapshots, users MUST specify this field when creating the VolumeSnapshotContent object. Required. enum: - Delete - Retain type: string driver: description: driver is the name of the CSI driver used to create the physical snapshot on the underlying storage system. This MUST be the same as the name returned by the CSI GetPluginName() call for that driver. Required. type: string source: description: source specifies from where a snapshot will be created. This field is immutable after creation. Required. properties: snapshotHandle: description: snapshotHandle specifies the CSI "snapshot_id" of a pre-existing snapshot on the underlying storage system. This field is immutable. type: string volumeHandle: description: volumeHandle specifies the CSI "volume_id" of the volume from which a snapshot should be dynamically taken from. This field is immutable. type: string type: object volumeSnapshotClassName: description: name of the VolumeSnapshotClass to which this snapshot belongs. type: string volumeSnapshotRef: description: volumeSnapshotRef specifies the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName field must reference to this VolumeSnapshotContent's name for the bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent object, name and namespace of the VolumeSnapshot object MUST be provided for binding to happen. This field is immutable after creation. Required. properties: apiVersion: description: API version of the referent. type: string fieldPath: description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string resourceVersion: description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' type: string uid: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object required: - deletionPolicy - driver - source - volumeSnapshotRef type: object status: description: status represents the current information of a snapshot. properties: creationTime: description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in with the "creation_time" value returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it indicates the creation time is unknown. The format of this field is a Unix nanoseconds time encoded as an int64. On Unix, the command `date +%s%N` returns the current time in nanoseconds since 1970-01-01 00:00:00 UTC. format: int64 type: integer error: description: error is the latest observed error during snapshot creation, if any. properties: message: description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' type: string time: description: time is the timestamp when the error was encountered. format: date-time type: string type: object readyToUse: description: readyToUse indicates if a snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in with the "ready_to_use" value returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. type: boolean restoreSize: description: restoreSize represents the complete size of the snapshot in bytes. In dynamic snapshot creation case, this field will be filled in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. format: int64 minimum: 0 type: integer snapshotHandle: description: snapshotHandle is the CSI "snapshot_id" of a snapshot on the underlying storage system. If not specified, it indicates that dynamic snapshot creation has either failed or it is still in progress. type: string type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.3.0 api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/139" creationTimestamp: null name: volumesnapshots.snapshot.storage.k8s.io spec: group: snapshot.storage.k8s.io names: kind: VolumeSnapshot listKind: VolumeSnapshotList plural: volumesnapshots singular: volumesnapshot scope: Namespaced versions: - additionalPrinterColumns: - description: Indicates if a snapshot is ready to be used to restore a volume. jsonPath: .status.readyToUse name: ReadyToUse type: boolean - description: Name of the source PVC from where a dynamically taken snapshot will be created. jsonPath: .spec.source.persistentVolumeClaimName name: SourcePVC type: string - description: Name of the VolumeSnapshotContent which represents a pre-provisioned snapshot. jsonPath: .spec.source.volumeSnapshotContentName name: SourceSnapshotContent type: string - description: Represents the complete size of the snapshot. jsonPath: .status.restoreSize name: RestoreSize type: string - description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. jsonPath: .spec.volumeSnapshotClassName name: SnapshotClass type: string - description: The name of the VolumeSnapshotContent to which this VolumeSnapshot is bound. jsonPath: .status.boundVolumeSnapshotContentName name: SnapshotContent type: string - description: Timestamp when the point-in-time snapshot is taken by the underlying storage system. jsonPath: .status.creationTime name: CreationTime type: date - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1beta1 schema: openAPIV3Schema: description: VolumeSnapshot is a user's request for either creating a point-in-time snapshot of a persistent volume, or binding to a pre-existing snapshot. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string spec: description: 'spec defines the desired characteristics of a snapshot requested by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots Required.' properties: source: description: source specifies where a snapshot will be created from. This field is immutable after creation. Required. properties: persistentVolumeClaimName: description: persistentVolumeClaimName specifies the name of the PersistentVolumeClaim object in the same namespace as the VolumeSnapshot object where the snapshot should be dynamically taken from. This field is immutable. type: string volumeSnapshotContentName: description: volumeSnapshotContentName specifies the name of a pre-existing VolumeSnapshotContent object. This field is immutable. type: string type: object volumeSnapshotClassName: description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass requested by the VolumeSnapshot. If not specified, the default snapshot class will be used if one exists. If not specified, and there is no default snapshot class, dynamic snapshot creation will fail. Empty string is not allowed for this field. TODO(xiangqian): a webhook validation on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes' type: string required: - source type: object status: description: 'status represents the current information of a snapshot. NOTE: status can be modified by sources other than system controllers, and must not be depended upon for accuracy. Controllers should only use information from the VolumeSnapshotContent object after verifying that the binding is accurate and complete.' properties: boundVolumeSnapshotContentName: description: 'boundVolumeSnapshotContentName represents the name of the VolumeSnapshotContent object to which the VolumeSnapshot object is bound. If not specified, it indicates that the VolumeSnapshot object has not been successfully bound to a VolumeSnapshotContent object yet. NOTE: Specified boundVolumeSnapshotContentName alone does not mean binding is valid. Controllers MUST always verify bidirectional binding between VolumeSnapshot and VolumeSnapshotContent to avoid possible security issues.' type: string creationTime: description: creationTime is the timestamp when the point-in-time snapshot is taken by the underlying storage system. In dynamic snapshot creation case, this field will be filled in with the "creation_time" value returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this field will be filled with the "creation_time" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. If not specified, it indicates that the creation time of the snapshot is unknown. format: date-time type: string error: description: error is the last observed error during snapshot creation, if any. This field could be helpful to upper level controllers(i.e., application controller) to decide whether they should continue on waiting for the snapshot to be created based on the type of error reported. properties: message: description: 'message is a string detailing the encountered error during snapshot creation if specified. NOTE: message may be logged, and it should not contain sensitive information.' type: string time: description: time is the timestamp when the error was encountered. format: date-time type: string type: object readyToUse: description: readyToUse indicates if a snapshot is ready to be used to restore a volume. In dynamic snapshot creation case, this field will be filled in with the "ready_to_use" value returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this field will be filled with the "ready_to_use" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, this field will be set to "True". If not specified, it means the readiness of a snapshot is unknown. type: boolean restoreSize: type: string description: restoreSize represents the complete size of the snapshot in bytes. In dynamic snapshot creation case, this field will be filled in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this field will be filled with the "size_bytes" value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. When restoring a volume from this snapshot, the size of the volume MUST NOT be smaller than the restoreSize if it is specified, otherwise the restoration will fail. If not specified, it indicates that the size is unknown. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object required: - spec type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: v1 kind: Namespace metadata: name: portworx --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-role namespace: portworx rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "create", "update", "patch", "delete"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-role-binding namespace: portworx subjects: - kind: ServiceAccount name: px-account namespace: kube-system roleRef: kind: Role name: px-role apiGroup: rbac.authorization.k8s.io --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-role namespace: kube-system rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "create", "update", "patch", "delete"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-role-binding namespace: kube-system subjects: - kind: ServiceAccount name: px-account namespace: kube-system roleRef: kind: Role name: px-role apiGroup: rbac.authorization.k8s.io --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: node-get-put-list-role rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["nodes"] verbs: ["watch", "get", "update", "list"] - apiGroups: [""] resources: ["pods"] verbs: ["delete", "get", "list", "watch", "update"] - apiGroups: [""] resources: ["persistentvolumeclaims", "persistentvolumes"] verbs: ["get", "list", "create", "delete", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses", "csinodes"] verbs: ["get", "list"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "create", "delete", "update"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "update", "create"] - apiGroups: [""] resources: ["services"] verbs: ["get", "list", "create", "update", "delete"] - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "list", "create", "update", "delete"] - apiGroups: ["extensions"] resources: ["podsecuritypolicies"] resourceNames: ["privileged"] verbs: ["use"] - apiGroups: ["portworx.io"] resources: ["volumeplacementstrategies"] verbs: ["get", "list"] - apiGroups: ["stork.libopenstorage.org"] resources: ["backuplocations"] verbs: ["get", "list"] - apiGroups: ["core.libopenstorage.org"] resources: ["*"] verbs: ["*"] - apiGroups: ["", "events.k8s.io"] resources: ["events"] verbs: ["get", "watch", "list", "delete", "update", "create"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: node-role-binding subjects: - kind: ServiceAccount name: px-account namespace: kube-system roleRef: kind: ClusterRole name: node-get-put-list-role apiGroup: rbac.authorization.k8s.io --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-csi-role rules: - apiGroups: ["extensions"] resources: ["podsecuritypolicies"] resourceNames: ["privileged"] verbs: ["use"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["*"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: [""] resources: ["persistentvolumeclaims/status"] verbs: ["update", "patch"] - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: ["apps"] resources: ["replicasets"] verbs: ["get"] - apiGroups: ["", "events.k8s.io"] resources: ["events"] verbs: ["get", "list", "watch", "create", "update", "patch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots", "volumesnapshotcontents", "volumesnapshotclasses", "volumesnapshots/status", "volumesnapshotcontents/status"] verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch", "update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["csi.storage.k8s.io"] resources: ["csidrivers"] verbs: ["create", "delete"] - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "watch", "list", "delete", "update", "create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["*"] - apiGroups: ["certificates.k8s.io"] resources: ["certificatesigningrequests"] verbs: ["get", "watch", "list", "delete", "update", "create"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: px-csi-role-binding subjects: - kind: ServiceAccount name: px-csi-account namespace: kube-system roleRef: kind: ClusterRole name: px-csi-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ServiceAccount metadata: name: stork-account namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: tier: control-plane name: stork namespace: kube-system spec: selector: matchLabels: name: stork strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate replicas: 3 template: metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: name: stork tier: control-plane spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "name" operator: In values: - stork topologyKey: "kubernetes.io/hostname" hostPID: false containers: - command: - /stork - --driver=pxd - --verbose - --leader-elect=true - --health-monitor-interval=120 - --webhook-controller=true image: openstorage/stork:23.11.0 imagePullPolicy: Always env: - name: "PX_SERVICE_NAME" value: "portworx-api" resources: requests: cpu: '0.1' name: stork serviceAccountName: stork-account --- kind: Service apiVersion: v1 metadata: name: stork-service namespace: kube-system spec: selector: name: stork ports: - name: extender protocol: TCP port: 8099 targetPort: 8099 - name: webhook protocol: TCP port: 443 targetPort: 443 --- apiVersion: v1 kind: ConfigMap metadata: name: stork-config namespace: kube-system data: policy.cfg: |- { "kind": "Policy", "apiVersion": "v1", "extenders": [ { "urlPrefix": "http://stork-service.kube-system:8099", "apiVersion": "v1beta1", "filterVerb": "filter", "prioritizeVerb": "prioritize", "weight": 5, "enableHttps": false, "nodeCacheCapable": false, "httpTimeout": 300000000000 } ] } --- apiVersion: v1 kind: ServiceAccount metadata: name: stork-scheduler-account namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: labels: component: scheduler tier: control-plane name: stork-scheduler name: stork-scheduler namespace: kube-system spec: selector: matchLabels: name: stork-scheduler replicas: 3 template: metadata: labels: component: scheduler tier: control-plane name: stork-scheduler name: stork-scheduler spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "name" operator: In values: - stork-scheduler topologyKey: "kubernetes.io/hostname" hostPID: false containers: - command: - /usr/local/bin/kube-scheduler - --address=0.0.0.0 - --leader-elect=true - --scheduler-name=stork - --policy-configmap=stork-config - --policy-configmap-namespace=kube-system - --lock-object-name=stork-scheduler image: gcr.io/google_containers/kube-scheduler-amd64:v1.18.2 imagePullPolicy: Always livenessProbe: httpGet: path: /healthz port: 10251 scheme: HTTP initialDelaySeconds: 15 name: stork-scheduler readinessProbe: httpGet: path: /healthz port: 10251 scheme: HTTP resources: requests: cpu: '0.1' serviceAccountName: stork-scheduler-account --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-scheduler-role rules: - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "create", "update"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "watch"] - apiGroups: ["", "events.k8s.io"] resources: ["events"] verbs: ["get", "list", "watch", "create", "update", "patch"] - apiGroups: [""] resourceNames: ["kube-scheduler"] resources: ["endpoints"] verbs: ["delete", "get", "patch", "update"] - apiGroups: [""] resources: ["nodes", "namespaces"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["pods"] verbs: ["delete", "get", "list", "watch"] - apiGroups: [""] resources: ["bindings", "pods/binding"] verbs: ["create"] - apiGroups: [""] resources: ["pods/status"] verbs: ["patch", "update"] - apiGroups: [""] resources: ["replicationcontrollers", "services"] verbs: ["get", "list", "watch"] - apiGroups: ["apps", "extensions"] resources: ["replicasets"] verbs: ["get", "list", "watch"] - apiGroups: ["apps"] resources: ["statefulsets"] verbs: ["get", "list", "watch"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims", "persistentvolumes"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses", "csinodes","csidrivers", "csistoragecapacities"] verbs: ["get", "list", "watch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["create", "update", "get", "list", "watch"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-scheduler-role-binding subjects: - kind: ServiceAccount name: stork-scheduler-account namespace: kube-system roleRef: kind: ClusterRole name: stork-scheduler-role apiGroup: rbac.authorization.k8s.io --- kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: stork-snapshot-sc provisioner: stork-snapshot --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-role rules: - apiGroups: ["*"] resources: ["*"] verbs: ["*"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: stork-role-binding subjects: - kind: ServiceAccount name: stork-account namespace: kube-system roleRef: kind: ClusterRole name: stork-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ConfigMap metadata: name: autopilot-config namespace: kube-system data: config.yaml: |- providers: - name: default type: prometheus params: url=http://prometheus:9090 min_poll_interval: 2 --- apiVersion: v1 kind: ServiceAccount metadata: name: autopilot-account namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: tier: control-plane name: autopilot namespace: kube-system spec: selector: matchLabels: name: autopilot strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate replicas: 1 template: metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: name: autopilot tier: control-plane spec: affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: "name" operator: In values: - autopilot topologyKey: "kubernetes.io/hostname" hostPID: false containers: - command: - /autopilot - -f - ./etc/config/config.yaml - -log-level - debug imagePullPolicy: Always image: portworx/autopilot:1.3.14 resources: requests: cpu: '0.1' securityContext: privileged: false name: autopilot volumeMounts: - name: config-volume mountPath: /etc/config serviceAccountName: autopilot-account volumes: - name: config-volume configMap: name: autopilot-config items: - key: config.yaml path: config.yaml --- apiVersion: v1 kind: Service metadata: name: autopilot namespace: kube-system labels: name: autopilot-service spec: ports: - name: autopilot protocol: TCP port: 9628 selector: name: autopilot tier: control-plane --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: autopilot-role rules: - apiGroups: ["*"] resources: ["*"] verbs: ["*"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: autopilot-role-binding subjects: - kind: ServiceAccount name: autopilot-account namespace: kube-system roleRef: kind: ClusterRole name: autopilot-role apiGroup: rbac.authorization.k8s.io