GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → kubernetes-csi → csi-proxy

kubernetes-csi / csi-proxy

Licence: Apache-2.0 License
CSI Proxy utility to enable CSI Plugins on Windows

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects
Makefile
30231 projects
python
139335 projects - #7 most used programming language
powershell
5483 projects

Labels

k8s-sig-storage

Projects that are alternatives of or similar to csi-proxy

node-driver-registrar
Sidecar container that registers a CSI driver with the kubelet using the kubelet plugin registration mechanism.
Stars: ✭ 63 (+125%)
Mutual labels:  k8s-sig-storage
csi-driver-nfs
This driver allows Kubernetes to access NFS server on Linux node.
Stars: ✭ 227 (+710.71%)
Mutual labels:  k8s-sig-storage
container-object-storage-interface-controller
Container Object Storage Interface (COSI) controller responsible to manage lifecycle of COSI objects.
Stars: ✭ 38 (+35.71%)
Mutual labels:  k8s-sig-storage
csi-driver-nvmf
CSI driver NVMf mainly supports RDMA and TCP for Software Defined Storage by NVMf
Stars: ✭ 28 (+0%)
Mutual labels:  k8s-sig-storage
livenessprobe
A sidecar container that can be included in a CSI plugin pod to enable integration with Kubernetes Liveness Probe.
Stars: ✭ 42 (+50%)
Mutual labels:  k8s-sig-storage
driver-registrar
[Deprecated] Sidecar container that 1) registers the CSI driver with kubelet, and 2) adds the drivers custom NodeId to a label on the Kubernetes Node API Object
Stars: ✭ 19 (-32.14%)
Mutual labels:  k8s-sig-storage
container-object-storage-interface-spec
Container Object Storage (COSI) Specification
Stars: ✭ 39 (+39.29%)
Mutual labels:  k8s-sig-storage
external-resizer
Sidecar container that watches Kubernetes PersistentVolumeClaims objects and triggers controller side expansion operation against a CSI endpoint
Stars: ✭ 82 (+192.86%)
Mutual labels:  k8s-sig-storage
Longhorn
Cloud-Native distributed storage built on and for Kubernetes
Stars: ✭ 3,384 (+11985.71%)
Mutual labels:  k8s-sig-storage
Glusterfs
Gluster Filesystem : Build your distributed storage in minutes
Stars: ✭ 3,437 (+12175%)
Mutual labels:  k8s-sig-storage

CSI Proxy

CSI Proxy (which might be more aptly named "csi-node-proxy") is a binary that exposes a set of gRPC APIs (over named pipes) around local storage operations for nodes in Windows. A container, such as CSI node plugins, can mount the named pipes depending on operations it wants to exercise on the host and invoke the APIs. This allows a storage plugin to run as if were a CSI plugin on linux which have the ability to perform "privileged" actions on the windows host OS.

CSI Proxy High Level Architecture Diagram

In the above diagram, there are 3 communication channels being utilized for CSI proxy:

  • csi.sock : This usually lives at c:/var/lib/kubelet/plugins/csi-plugin/csi.sock, and is used for the host OS to communicate with the CSI node plugin
  • csi-plugin-reg.sock : This lives here, c:/var/lib/kubelet/plugins_registry/csi-plugin-reg.sock, and is used for the kubelet itself to get metadata as needed from the csi plugin .
  • \\.\pipe\csi-proxy : This will live in a pipe, i.e. at \.\pipe/csi-proxy-api-group-v-... : upon receipt of specific requests from the Node plugin, it carries out actions on the node plugins behalf. Since it doesn't execute arbitrary commands on the host, its more secure then simply being a black-box proxy to run host commands.

Each named pipe will support a specific version of an API (e.g. v1alpha1, v1beta1, v1beta2, v1) that targets a specific area of storage (e.g. disk, volume, file, SMB, iSCSI).

Overview

CSI drivers are recommended to be deployed as containers. Node plugin containers need to run with privileges to perform storage related operations. However, Windows does not support privileged containers currently. With CSIProxy, the node plugins can now be deployed as unprivileged pods that use the proxy to perform privileged storage operations on the node. Kubernetes administrators will need to install and maintain csi-proxy.exe on all Windows nodes in a manner similar to kubelet.exe.

Compatibility

Recommended K8s Version: 1.18

Feature status

CSI Proxy is in a stable status (GA Blogpost), the latest versions of the API Groups are:

API Group Latest Version API Docs
Disk v1 link
Filesystem v1 link
SMB v1 link
Volume v1 link
iSCSI v1alpha2 link to proto
System v1alpha1 link to proto

Build

csi-proxy.exe binary has not published yet. You need to clone the repo and build it. The easiest way to build this binary is using the makefile in this repo.

   git clone https://github.com/kubernetes-csi/csi-proxy
   sudo make build

On successful execution of make build, the output binary csi-proxy.exe will be available under /bin directory.

Installation

csi-proxy.exe can be installed and run as binary or run as a Windows service on each Windows node. See the following as an example to run CSI Proxy as a web service.

    $flags = "-windows-service -log_file=C:\etc\kubernetes\logs\csi-proxy.log -logtostderr=false"
    sc.exe create csiproxy start= "auto" binPath= "C:\etc\kubernetes\node\bin\csi-proxy.exe $flags"
    sc.exe failure csiproxy reset= 0 actions= restart/10000
    sc.exe start csiproxy

If you are using kube-up to start a Windows cluster, node startup script will automatically run csi-proxy as a service. For GKE 1.18+, csi-proxy will be installed automatically.

Usage

Command line options

  • --kubelet-path: This is the prefix path of the kubelet path directory in the host file system (C:\var\lib\kubelet is used by default).
  • --working-dir (repeated flag): Prefix path where CSI Proxy is allowed to make privileged operations in the host file system (no value by default).

Setup for CSI Driver Deployment

Deploy and start csiproxy.exe on all Windows hosts in the cluster. Next, the named pipes can be mounted in a CSI node plugin DaemonSet YAML in the following manner:

kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: csi-storage-node-win
spec:
  selector:
    matchLabels:
      app: csi-driver-win
  template:
    metadata:
      labels:
        app: csi-driver-win
    spec:
      serviceAccountName: csi-node-sa
      tolerations:
      - key: "node.kubernetes.io/os"
        operator: "Equal"
        value: "win1809"
        effect: "NoSchedule"
      nodeSelector:
        kubernetes.io/os: windows
      containers:
        - name: csi-driver-registrar
          image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.1.0
          args:
            - "--v=5"
            - "--csi-address=unix://C:\\csi\\csi.sock"
            - "--kubelet-registration-path=C:\\var\\lib\\kubelet\\plugins\\pd.csi.storage.gke.io\\csi.sock"
          env:
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          volumeMounts:
            - name: plugin-dir
              mountPath: C:\csi
            - name: registration-dir
              mountPath: C:\registration
        - name: csi-driver
          # placeholder, use your CSI driver
          image: org/csi-driver:win-v1
          args:
            - "--v=5"
            - "--endpoint=unix:/csi/csi.sock"
          volumeMounts:
            - name: kubelet-dir
              mountPath: C:\var\lib\kubelet
            - name: plugin-dir
              mountPath: C:\csi
            - name: csi-proxy-disk-pipe
              mountPath: \\.\pipe\csi-proxy-disk-v1
            - name: csi-proxy-volume-pipe
              mountPath: \\.\pipe\csi-proxy-volume-v1
            - name: csi-proxy-filesystem-pipe
              mountPath: \\.\pipe\csi-proxy-filesystem-v1
            - name: csi-proxy-smb-pipe
              mountPath: \\.\pipe\csi-proxy-smb-v1
      volumes:
        - name: csi-proxy-disk-pipe
          hostPath:
            path: \\.\pipe\csi-proxy-disk-v1
            type: ""
        - name: csi-proxy-volume-pipe
          hostPath:
            path: \\.\pipe\csi-proxy-volume-v1
            type: ""
        - name: csi-proxy-filesystem-pipe
          hostPath:
            path: \\.\pipe\csi-proxy-filesystem-v1
            type: ""
        - name: csi-proxy-smb-pipe
          hostPath:
            path: \\.\pipe\csi-proxy-smb-v1
            type: ""
        - name: registration-dir
          hostPath:
            path: C:\var\lib\kubelet\plugins_registry\
            type: Directory
        - name: kubelet-dir
          hostPath:
            path: C:\var\lib\kubelet\
            type: Directory
        - name: plugin-dir
          hostPath:
            path: C:\var\lib\kubelet\plugins\csi.org.io\
            type: DirectoryOrCreate

Community, discussion, contribution, and support

Check out development.md for instructions to set up a development enviroment to run CSI Proxy.

Learn how to engage with the Kubernetes community on the community page.

You can reach the maintainers of this project at:

Supported CSI Drivers

Code of conduct

Participation in the Kubernetes community is governed by the Kubernetes Code of Conduct.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].