d0108a6f38
With the help of this client, the commands we need in order to implement the data copy and migration is added. During the process we need to create/update/get/list PVs, get nodes and get/create/delete/update PVCs. Dockerfile is updated to install kubectl on the docker images. Note that we won't use any ruby gems for interacting with kubernetes since most are not maintained well and the best they do is assembling a REST client and giving you back the whole response which kubectl does with no effort. Also kubectl will use the credentials avaialbe in pod and won't be affected by token rotations as it would read the token on every command. ClusterRole of node_plugin is also updated to give enough access to perform the commands.
25 lines
658 B
YAML
25 lines
658 B
YAML
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: ubicsi-nodeplugin
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["nodes"]
|
|
verbs: ["get"]
|
|
- apiGroups: [""]
|
|
resources: ["serviceaccounts"]
|
|
verbs: ["get"]
|
|
- apiGroups: [""]
|
|
resources: ["persistentvolumes"]
|
|
verbs: ["get", "list", "update", "create", "patch"]
|
|
- apiGroups: [""]
|
|
resources: ["persistentvolumeclaims"]
|
|
verbs: ["get", "create", "delete", "update", "patch"]
|
|
- apiGroups: ["storage.k8s.io"]
|
|
resources: ["volumeattachments"]
|
|
verbs: ["list", "get"]
|
|
- apiGroups: [""]
|
|
resources: ["serviceaccounts/token"]
|
|
verbs: ["create"]
|