Skip to content

CSI-Addons implementation and APIs for Kubernetes

License

Notifications You must be signed in to change notification settings

csi-addons/kubernetes-csi-addons

Repository files navigation

CSI-Addons for Kubernetes

GitHub release Go Report Card TODOs

This repository contains the implementation for the CSI-Addons specification that can be used with Kubernetes. As such, this project is part of the Container Storage Interface Addons community.

The CSI API is tightly integrated with Kubernetes. In order to extend the interface, a new CSI-Addons Controller is needed. The CSI-Addons Controller will watch for Kubernetes events (CRs) and relay operation initiated by the user to the CSI-driver.

.------.   CR  .------------.
| User |-------| CSI-Addons |
'------'       | Controller |
               '------------'
                      |
                      | gRPC
                      |
            .---------+------------------------------.
            |         |                              |
            |  .------------.        .------------.  |
            |  | CSI-Addons |  gRPC  |    CSI     |  |
            |  |  side-car  |--------| Controller |  |
            |  '------------'        | NodePlugin |  |
            |                        '------------'  |
            | CSI-driver Pod                         |
            '----------------------------------------'

A CSI-Addons side-car will be running in the CSI-driver (provisioner and node-plugin) Pods. The side-car calls gRPC procedures for CSI-Addons operations.

CSI-driver side-car

The CSI-driver side-car is located with the CSI-Controller (provisioner) and the CSI-nodeplugin containers. The side-car registers itself by creating a CSIAddonsNode CR that the CSI-Addons Controller can use to connect to the side-car and execute operations.

Enabling authentication for side-car

When deploying the side-car set enable-auth flag to true. Self signed certificates are generated by the sidecar. Checks for valid Bearer token on request headers and performs token review. Sidecar must be deployed with TokenReview create and get access for the associated ServiceAccount.

csi-addons executable

The csi-addons executable can be used to call CSI-Addons operations against a CSI-driver. It is included in the side-car container image, so that manual execution by admins and (automated) testing can easily be done.

See the csi-addons tool documentation for more details.

Controller

The CSI-Addons Controller handles the requests from users to initiate an operation. Users create a CR that the controller inspects, and forwards a request to one or more CSI-Addons side-cars for execution.

By listing the CSIAddonsNode CRs, the CSI-Addons Controller knows how to connect to the side-cars. By checking the supported capabilities of the side-cars, it can decide where to execute operations that the user requested.

Enabling authentication for manager

When deploying the manager set enable-auth flag to true. This will use TLS for transport layer and adds Bearer token to request headers.

Installation

Refer to the installation guide for more details.

Contributing

The Contribution Guidelines contain details on the process to contribute to this project. For feature enhancements, or questions about particular features or design choices, there is a mailinglist. All regular contributors are encouraged to subscribe to the list, and participate in the discussions.

Subscribing can be done through the mailman web interface or by sending an email to [email protected] with subject subscribe.