Skip to content

Commit

Permalink
WIP: Add controller and rbac yaml for CacheFSRuntime
Browse files Browse the repository at this point in the history 
Fixes: fluid-cloudnative#3674
Signed-off-by: Eryu Guan <eguan@linux.alibaba.com>
  • Loading branch information
@eryugey
eryugey committed Jan 24, 2024
1 parent 82c4c90 commit 4f914d3
Show file tree
Hide file tree
Showing 7 changed files with 256 additions and 2 deletions.
86 changes: 86 additions & 0 deletions charts/fluid/fluid/templates/controller/cachefsruntime_controller.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cachefsruntime-controller
namespace: {{ include "fluid.namespace" . }}
labels:
control-plane: cachefsruntime-controller
spec:
selector:
matchLabels:
control-plane: cachefsruntime-controller
{{ if .Values.runtime.cachefs.enabled -}}
replicas: {{ .Values.runtime.cachefs.replicas }}
{{- else }}
replicas: 0
{{- end }}
template:
metadata:
labels:
control-plane: cachefsruntime-controller
annotations:
{{ if gt (.Values.runtime.cachefs.replicas | int) 1 -}}
controller.runtime.fluid.io/replicas: {{ .Values.runtime.cachefs.replicas | quote }}
{{- end }}
spec:
{{- with .Values.image.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: cachefsruntime-controller
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: type
operator: NotIn
values:
- virtual-kubelet
{{- if .Values.runtime.cachefs.tolerations }}
tolerations:
{{ toYaml .Values.runtime.cachefs.tolerations | indent 6 }}
{{- end }}
#hostNetwork: true
containers:
- image: "{{ .Values.runtime.cachefs.controller.image }}"
name: manager
args:
- --development=false
- --pprof-addr=:6060
- --enable-leader-election
- --runtime-workers={{ .Values.runtime.cachefs.runtimeWorkers }}
- --leader-election-namespace={{ include "fluid.namespace" . }}
command: ["cachefsruntime-controller", "start"]
env:
{{- if .Values.runtime.cachefs.fuse.image }}
- name: CACHEFS_IMAGE_ENV
value: {{ .Values.runtime.cachefs.fuse.image | quote }}
{{- end }}
{{- if .Values.runtime.mountRoot }}
- name: MOUNT_ROOT
value: {{ .Values.runtime.mountRoot | quote }}
{{- end }}
{{- if .Values.runtime.criticalFusePod }}
- name: CRITICAL_FUSE_POD
value: {{ ternary "true" "false" (semverCompare ">=1.16.0-0" .Capabilities.KubeVersion.Version) | quote }}
{{- end }}
{{- if .Values.runtime.syncRetryDuration }}
- name: FLUID_SYNC_RETRY_DURATION
value: {{ .Values.runtime.syncRetryDuration | quote }}
{{- end }}
- name: HELM_DRIVER
value: {{ template "fluid.helmDriver" . }}
ports:
- containerPort: 8080
name: metrics
protocol: TCP
resources:
limits:
cpu: 100m
memory: 1536Mi
requests:
cpu: 100m
memory: 200Mi
terminationGracePeriodSeconds: 10
152 changes: 152 additions & 0 deletions charts/fluid/fluid/templates/role/cachefs/rbac.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cachefsruntime-controller
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- create
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- list
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
{{- template "fluid.helmDriver.rbacs" . }}
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- list
- watch
- get
- apiGroups:
- data.fluid.io
resources:
- cachefsruntimes
- datasets
- cachefsruntimes/status
- datasets/status
verbs:
- '*'
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- list
- get
- delete
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
verbs:
- create
- list
- get
- delete
- apiGroups:
- apps
resources:
- daemonsets
- statefulsets
- daemonsets/status
- statefulsets/status
verbs:
- '*'
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cachefsruntime-clusterrolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cachefsruntime-controller
subjects:
- kind: ServiceAccount
name: cachefsruntime-controller
namespace: {{ include "fluid.namespace" . }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cachefsruntime-controller
namespace: {{ include "fluid.namespace" . }}
4 changes: 3 additions & 1 deletion charts/fluid/fluid/templates/role/csi/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ rules:
- efcruntimes
- datasets
- vineyardruntimes
- cachefsruntimes
- alluxioruntimes/status
- jindoruntimes/status
- goosefsruntimes/status
Expand All @@ -28,6 +29,7 @@ rules:
- efcruntimes/status
- datasets/status
- vineyardruntimes/status
- cachefsruntimes/status
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
Expand Down Expand Up @@ -56,4 +58,4 @@ subjects:
roleRef:
kind: ClusterRole
name: fluid-csi-plugin
apiGroup: rbac.authorization.k8s.io
apiGroup: rbac.authorization.k8s.io
2 changes: 2 additions & 0 deletions charts/fluid/fluid/templates/role/dataset/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,8 @@ rules:
- efcruntimes/status
- vineyardruntimes
- vineyardruntimes/status
- cachefsruntimes
- cachefsruntimes/status
verbs:
- '*'
- apiGroups:
Expand Down
1 change: 1 addition & 0 deletions charts/fluid/fluid/templates/role/thin/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ rules:
- thinruntimes/status
- thinruntimeprofiles/status
- datasets/status
- cachefsruntimes
verbs:
- '*'
- apiGroups:
Expand Down
1 change: 1 addition & 0 deletions charts/fluid/fluid/templates/role/webhook/rabc.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ rules:
- thinruntimes
- efcruntimes
- vineyardruntimes
- cachefsruntimes
verbs:
- get
- list
Expand Down
12 changes: 11 additions & 1 deletion charts/fluid/fluid/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ csi:
kubeConfigFile: /etc/kubernetes/kubelet.conf
certDir: /var/lib/kubelet/pki
rootDir: /var/lib/kubelet
pruneFs: fuse.alluxio-fuse,fuse.jindofs-fuse,fuse.juicefs,fuse.goosefs-fuse,ossfs,alifuse.aliyun-alinas-efc
pruneFs: fuse.alluxio-fuse,fuse.jindofs-fuse,fuse.juicefs,fuse.goosefs-fuse,ossfs,alifuse.aliyun-alinas-efc,fuse.cachefs
recoverWarningThreshold: 50
# default method is "bindMount", "symlink" is also support
# Notice: if use nodePublishMethod symlink, fuse recovery is not support
Expand Down Expand Up @@ -148,6 +148,16 @@ runtime:
controller:
image: fluidcloudnative/vineyardruntime-controller:v1.0.0-5206a2b
imagePullPolicy: Always
cachefs:
replicas: 1
tolerations:
- operator: Exists
enabled: false
runtimeWorkers: 3
controller:
image: fluidcloudnative/cachefsruntime-controller:v1.0.0-TODO
fuse:
image: kangaroo-registry.cn-hangzhou.cr.aliyuncs.com/storage/cachefs:1.0.5-2.1

webhook:
enabled: true
Expand Down

0 comments on commit 4f914d3

Please sign in to comment.