kubernetes app add

nfs_external_provisioner/defaults/main.yml

@@ -0,0 +1,9 @@
+---
+# defaults file for nfs_external_provisioner
+nfs_external_provisioner_enabled: true
+# replace with namespace where provisioner will be deployed
+nfs_namespace: nfs
+# replace with your nfs server
+nfs_server: 192.168.7.17
+# replace with your nfs exported path
+nfs_path: /root/test

nfs_external_provisioner/tasks/main.yml

@@ -0,0 +1,37 @@
+---
+# tasks file for nfs_external_provisioner
+#- name: NFS External Provisioner | Install Pre-Packages
+#  yum:
+#    name: "{{ item }}"
+#    state: present
+#    update_cache: True
+#  with_items:
+#    - nfs-utils.x86_64
+#  when:
+#    - not is_this_offline
+- name: NFS External Provisioner | Generate Manifests
+  template:
+    src: "{{ item }}.j2"
+    dest: "{{ kube_config_dir }}/{{ item }}"
+  with_items: ["nfs-namespace.yml", "nfs-rbac.yml", "nfs-deployment.yml", "nfs-storageclass.yml"]
+  register: nfs_provisioner_manifests
+  when: inventory_hostname == groups['kube_control_plane'][0]
+
+- name: NFS External Provisioner | Apply Manifests
+  kube:
+    kubectl: "{{ bin_dir }}/kubectl"
+    filename: "{{ kube_config_dir }}/{{ item.item }}"
+    state: "latest"
+    wait: true
+  with_items:
+    - "{{ nfs_provisioner_manifests.results }}"
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]
+  loop_control:
+    label: "{{ item.item }}"
+
+- name: NFS External Provisioner | Default Storage Class
+  shell: >-
+    {{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf
+    patch storageclass nfs
+    -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

nfs_external_provisioner/templates/nfs-deployment.yml.j2

@@ -0,0 +1,40 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nfs-client-provisioner
+  labels:
+    app: nfs-client-provisioner
+  namespace: {{ nfs_namespace }}
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: nfs-client-provisioner
+  template:
+    metadata:
+      labels:
+        app: nfs-client-provisioner
+    spec:
+      serviceAccountName: nfs-client-provisioner
+      containers:
+        - name: nfs-client-provisioner
+          image: >-
+            gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:v4.0.0
+          volumeMounts:
+            - name: nfs-client-root
+              mountPath: /persistentvolumes
+          env:
+            - name: PROVISIONER_NAME
+              value: k8s-sigs.io/nfs-subdir-external-provisioner
+            - name: NFS_SERVER
+              value: {{ nfs_server }}
+            - name: NFS_PATH
+              value: {{ nfs_path }}
+      volumes:
+        - name: nfs-client-root
+          nfs:
+            server: {{ nfs_server }}
+            path: {{ nfs_path }}

nfs_external_provisioner/templates/nfs-namespace.yml.j2

@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ nfs_namespace }}

nfs_external_provisioner/templates/nfs-rbac.yml.j2

@@ -0,0 +1,62 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: nfs-client-provisioner
+  namespace: {{ nfs_namespace }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: nfs-client-provisioner-runner
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "update", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: run-nfs-client-provisioner
+subjects:
+  - kind: ServiceAccount
+    name: nfs-client-provisioner
+    # replace with namespace where provisioner is deployed
+    namespace: nfs
+roleRef:
+  kind: ClusterRole
+  name: nfs-client-provisioner-runner
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: leader-locking-nfs-client-provisioner
+  namespace: {{ nfs_namespace }}
+rules:
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: leader-locking-nfs-client-provisioner
+  namespace: {{ nfs_namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: nfs-client-provisioner
+    namespace: {{ nfs_namespace }}
+roleRef:
+  kind: Role
+  name: leader-locking-nfs-client-provisioner
+  apiGroup: rbac.authorization.k8s.io

nfs_external_provisioner/templates/nfs-storageclass.yml.j2

@@ -0,0 +1,9 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: nfs
+provisioner: k8s-sigs.io/nfs-subdir-external-provisioner
+parameters:
+  onDelete: delete
+  pathPattern: "${.PVC.namespace}/${.PVC.name}"