From 94798a7c277047c2d079c630895cf0a478626bad Mon Sep 17 00:00:00 2001 From: zhujian Date: Tue, 2 Jul 2024 07:39:31 +0000 Subject: [PATCH 1/2] Update fluid addon Signed-off-by: zhujian --- fluid-addon/README.md | 24 ++++++++++--------- .../addon/addon-template-fluid-0.0.1.yaml | 10 ++++++++ fluid-addon/deploy/addon/cma-fluid.yaml | 4 +++- fluid-addon/deploy/sample/mca-fluid.yaml | 2 +- fluid-addon/quick-start/app.yaml | 17 +++++++++++++ fluid-addon/quick-start/dataset.yaml | 9 +++++++ fluid-addon/quick-start/runtime.yaml | 16 +++++++++++++ 7 files changed, 69 insertions(+), 13 deletions(-) create mode 100644 fluid-addon/quick-start/app.yaml create mode 100644 fluid-addon/quick-start/dataset.yaml create mode 100644 fluid-addon/quick-start/runtime.yaml diff --git a/fluid-addon/README.md b/fluid-addon/README.md index 852ca791..9426b606 100644 --- a/fluid-addon/README.md +++ b/fluid-addon/README.md @@ -19,17 +19,7 @@ $ kubectl get addontemplate fluid-0.0.1 ## Enable the fluid addon for a managed cluster -Then apply a managedclusteraddon to enable the fluid for a managed cluster(eg cluster1) by: - -``` -# Replace 'cluster1' with the managed cluster name - -$ MANAGED_CLUSTER=cluster1 \ - sed -e "s,MANAGED_CLUSTER,${MANAGED_CLUSTER}," deploy/sample/mca-fluid.yaml | \ - kubectl apply -f - -``` - -OR use the [clusteradm](https://github.com/open-cluster-management-io/clusteradm/) cli: +Then apply a managedclusteraddon to enable the fluid for a managed cluster(eg cluster1) by the tool [clusteradm](https://github.com/open-cluster-management-io/clusteradm/) cli: ``` clusteradm addon enable --names=fluid --clusters=cluster1 @@ -59,6 +49,18 @@ fluidapp-controller-6c59d668cf-pxhjc 1/1 Running 0 16m ## Verify the fluid addon is functioning +### As a Managed cluster admin + Switch context to the Managed cluster. Please refer to the [Get Started of the fluid doc to crate a dataset](https://github.com/fluid-cloudnative/fluid/blob/v0.9.2/docs/en/userguide/get_started.md#create-a-dataset) to verify that the fluid is functioning properly. + +### As a Hub cluster admin + +Switch context to the Hub cluster. Distribute fluid resources by manifestworks to the managed cluster. + +``` +# clusteradm create work dataset-demo -c cluster1 -f quick-start/dataset.yaml +# clusteradm create work runtime-demo -c cluster1 -f quick-start/runtime.yaml +# clusteradm create work app-demo -c cluster1 -f quick-start/app.yaml +``` diff --git a/fluid-addon/deploy/addon/addon-template-fluid-0.0.1.yaml b/fluid-addon/deploy/addon/addon-template-fluid-0.0.1.yaml index c0f4c38a..c0ef878e 100644 --- a/fluid-addon/deploy/addon/addon-template-fluid-0.0.1.yaml +++ b/fluid-addon/deploy/addon/addon-template-fluid-0.0.1.yaml @@ -57,6 +57,16 @@ spec: type: ServerSideApply workload: manifests: + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: open-cluster-management:klusterlet-work:fluid-clusterrole + labels: + open-cluster-management.io/aggregate-to-work: "true" # with this label, the clusterRole will be selected to aggregate + rules: + - apiGroups: ["data.fluid.io"] + resources: ['*'] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiVersion: apps/v1 kind: Deployment metadata: diff --git a/fluid-addon/deploy/addon/cma-fluid.yaml b/fluid-addon/deploy/addon/cma-fluid.yaml index 11a5d034..30c44337 100644 --- a/fluid-addon/deploy/addon/cma-fluid.yaml +++ b/fluid-addon/deploy/addon/cma-fluid.yaml @@ -6,7 +6,9 @@ metadata: name: fluid spec: addOnConfiguration: {} - addOnMeta: {} + addOnMeta: + displayName: Fluid + description: Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications, such as big data and AI applications. installStrategy: type: Manual supportedConfigs: diff --git a/fluid-addon/deploy/sample/mca-fluid.yaml b/fluid-addon/deploy/sample/mca-fluid.yaml index 46076ef2..f37c94cd 100644 --- a/fluid-addon/deploy/sample/mca-fluid.yaml +++ b/fluid-addon/deploy/sample/mca-fluid.yaml @@ -2,6 +2,6 @@ apiVersion: addon.open-cluster-management.io/v1alpha1 kind: ManagedClusterAddOn metadata: name: fluid - namespace: MANAGED_CLUSTER + namespace: cluster1 spec: installNamespace: open-cluster-management-agent-addon diff --git a/fluid-addon/quick-start/app.yaml b/fluid-addon/quick-start/app.yaml new file mode 100644 index 00000000..4295c620 --- /dev/null +++ b/fluid-addon/quick-start/app.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Pod +metadata: + name: demo-app + namespace: default +spec: + containers: + - name: demo + image: nginx + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /data + name: demo + volumes: + - name: demo + persistentVolumeClaim: + claimName: demo diff --git a/fluid-addon/quick-start/dataset.yaml b/fluid-addon/quick-start/dataset.yaml new file mode 100644 index 00000000..e3232d14 --- /dev/null +++ b/fluid-addon/quick-start/dataset.yaml @@ -0,0 +1,9 @@ +apiVersion: data.fluid.io/v1alpha1 +kind: Dataset +metadata: + name: demo + namespace: default +spec: + mounts: + - mountPoint: https://mirrors.bit.edu.cn/apache/spark/ + name: spark diff --git a/fluid-addon/quick-start/runtime.yaml b/fluid-addon/quick-start/runtime.yaml new file mode 100644 index 00000000..07f899da --- /dev/null +++ b/fluid-addon/quick-start/runtime.yaml @@ -0,0 +1,16 @@ +apiVersion: data.fluid.io/v1alpha1 +kind: AlluxioRuntime +metadata: + name: demo + namespace: default +spec: + replicas: 1 + tieredstore: + levels: + - mediumtype: MEM + #path: /dev/shm + #quota: 64Mi + path: /home/tmp/fluid + quota: 2Gi + high: "0.95" + low: "0.7" From 7d7b09c4d4a754b0606ad7b9ba63e55d3ce89a64 Mon Sep 17 00:00:00 2001 From: zhujian Date: Thu, 11 Jul 2024 10:16:58 +0000 Subject: [PATCH 2/2] Upgrade fluid addon to 1.0.0 Signed-off-by: zhujian --- fluid-addon/README.md | 20 +- .../addon/addon-deployment-config-gke.yaml | 12 + .../addon/addon-deployment-config-ocp.yaml | 12 + .../deploy/addon/addon-deployment-config.yaml | 12 + ...1.yaml => addon-template-fluid-1.0.0.yaml} | 995 ++++-- .../addon/addon-template-fluid-gke-1.0.0.yaml | 2832 +++++++++++++++++ .../addon/addon-template-fluid-ocp-1.0.0.yaml | 2818 ++++++++++++++++ fluid-addon/deploy/addon/cma-fluid.yaml | 33 +- .../managedclustersetbinding-global.yaml | 8 + fluid-addon/deploy/addon/placement-all.yaml | 8 + fluid-addon/quick-start/dataset.yaml | 2 +- 11 files changed, 6552 insertions(+), 200 deletions(-) create mode 100644 fluid-addon/deploy/addon/addon-deployment-config-gke.yaml create mode 100644 fluid-addon/deploy/addon/addon-deployment-config-ocp.yaml create mode 100644 fluid-addon/deploy/addon/addon-deployment-config.yaml rename fluid-addon/deploy/addon/{addon-template-fluid-0.0.1.yaml => addon-template-fluid-1.0.0.yaml} (74%) create mode 100644 fluid-addon/deploy/addon/addon-template-fluid-gke-1.0.0.yaml create mode 100644 fluid-addon/deploy/addon/addon-template-fluid-ocp-1.0.0.yaml create mode 100644 fluid-addon/deploy/addon/managedclustersetbinding-global.yaml create mode 100644 fluid-addon/deploy/addon/placement-all.yaml diff --git a/fluid-addon/README.md b/fluid-addon/README.md index 9426b606..9931c2aa 100644 --- a/fluid-addon/README.md +++ b/fluid-addon/README.md @@ -19,7 +19,25 @@ $ kubectl get addontemplate fluid-0.0.1 ## Enable the fluid addon for a managed cluster -Then apply a managedclusteraddon to enable the fluid for a managed cluster(eg cluster1) by the tool [clusteradm](https://github.com/open-cluster-management-io/clusteradm/) cli: +By default, all the managed clusters selected by the placement `placement-all` will have the fluid addon enabled with +the default configuration. + +If you want to enable the addon on GKE clusters, use the `placement-gke` to select your GKE clusters. Then GKE specific +configuration will be applied to the managed clusters selected by the placement `placement-gke`. + +If you want to enable the addon on OCP clusters, use the `placement-ocp` to select your OCP clusters. Then OCP specific +configuration will be applied to the managed clusters selected by the placement `placement-ocp`. +NOTE: Enable the fluid addon on OCP clusters is still **work-in-progress**. but here are some notable points that are +reqquired for the OCP SecurityContextConstraints: + * use `oc adm policy add-scc-to-user anyuid -z fluid-webhook -n fluid-system` to allow the fluid-webhook to run as + anyuid; + * Custimize a SecurityContextConstraints, then use `oc adm policy add-scc-to-user fluid-scc -z fluid-csi -n fluid-system` + to grant the fluid-csi necessary permissions; + + +If you want to enable the fluid addon for a specific managed cluster, you can change the `.spec.installStrategy` in the +clusterManagementAddon to `type: Manual`, then apply a managedclusteraddon to enable the fluid for a managed cluster(eg +cluster1) by the tool [clusteradm](https://github.com/open-cluster-management-io/clusteradm/) cli: ``` clusteradm addon enable --names=fluid --clusters=cluster1 diff --git a/fluid-addon/deploy/addon/addon-deployment-config-gke.yaml b/fluid-addon/deploy/addon/addon-deployment-config-gke.yaml new file mode 100644 index 00000000..06463a22 --- /dev/null +++ b/fluid-addon/deploy/addon/addon-deployment-config-gke.yaml @@ -0,0 +1,12 @@ +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: AddOnDeploymentConfig +metadata: + name: fluid-gke-config + namespace: default +spec: + agentInstallNamespace: fluid-system + customizedVariables: + - name: RUNTIME_MOUNT_PATH + value: /tmp/runtime-mnt + - name: CRITICAL_FUSE_POD + value: "false" diff --git a/fluid-addon/deploy/addon/addon-deployment-config-ocp.yaml b/fluid-addon/deploy/addon/addon-deployment-config-ocp.yaml new file mode 100644 index 00000000..c296d934 --- /dev/null +++ b/fluid-addon/deploy/addon/addon-deployment-config-ocp.yaml @@ -0,0 +1,12 @@ +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: AddOnDeploymentConfig +metadata: + name: fluid-ocp-config + namespace: default +spec: + agentInstallNamespace: fluid-system + customizedVariables: + - name: RUNTIME_MOUNT_PATH + value: /tmp/runtime-mnt + - name: CRITICAL_FUSE_POD + value: "true" diff --git a/fluid-addon/deploy/addon/addon-deployment-config.yaml b/fluid-addon/deploy/addon/addon-deployment-config.yaml new file mode 100644 index 00000000..d6b3115b --- /dev/null +++ b/fluid-addon/deploy/addon/addon-deployment-config.yaml @@ -0,0 +1,12 @@ +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: AddOnDeploymentConfig +metadata: + name: fluid-config + namespace: default +spec: + agentInstallNamespace: fluid-system + customizedVariables: + - name: RUNTIME_MOUNT_PATH + value: /runtime-mnt + - name: CRITICAL_FUSE_POD + value: "true" diff --git a/fluid-addon/deploy/addon/addon-template-fluid-0.0.1.yaml b/fluid-addon/deploy/addon/addon-template-fluid-1.0.0.yaml similarity index 74% rename from fluid-addon/deploy/addon/addon-template-fluid-0.0.1.yaml rename to fluid-addon/deploy/addon/addon-template-fluid-1.0.0.yaml index c0ef878e..defab4d2 100644 --- a/fluid-addon/deploy/addon/addon-template-fluid-0.0.1.yaml +++ b/fluid-addon/deploy/addon/addon-template-fluid-1.0.0.yaml @@ -1,18 +1,20 @@ apiVersion: addon.open-cluster-management.io/v1alpha1 kind: AddOnTemplate metadata: - name: fluid-0.0.1 + name: fluid-1.0.0 spec: addonName: fluid agentSpec: manifestConfigs: - resourceIdentifier: group: batch - name: fluid-crds-upgrade-0.9.2-02f70ac + name: fluid-crds-upgrade-100-31f5433 namespace: fluid-system - resource: jobs + resource: jobs # server-side apply for jobs since the job resources will also be updated by k8s controllers updateStrategy: type: ServerSideApply + # server-side apply for all *runtime-controller, since the initial replicas for these controllers are 0, but + # the replicas will be updated if there is a corresponding runtime CR created - resourceIdentifier: group: apps name: alluxioruntime-controller @@ -55,18 +57,42 @@ spec: resource: deployments updateStrategy: type: ServerSideApply + - resourceIdentifier: + group: apps + name: vineyardruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply workload: manifests: + # grant permission for work agent ----- begin - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: open-cluster-management:klusterlet-work:fluid-clusterrole labels: - open-cluster-management.io/aggregate-to-work: "true" # with this label, the clusterRole will be selected to aggregate + # with this label, the clusterRole will be selected to aggregate + open-cluster-management.io/aggregate-to-work: "true" rules: - - apiGroups: ["data.fluid.io"] - resources: ['*'] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["data.fluid.io"] + resources: ['*'] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["csidrivers"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + # grant permission for work agent ----- end + - apiVersion: v1 + kind: Namespace + metadata: + annotations: + addon.open-cluster-management.io/deletion-orphan: "" + labels: + addon.open-cluster-management.io/namespace: "true" + name: fluid-system - apiVersion: apps/v1 kind: Deployment metadata: @@ -116,12 +142,16 @@ spec: - name: ALLUXIO_FUSE_IMAGE_ENV value: alluxio/alluxio-dev:2.9.0 - name: MOUNT_ROOT - value: /runtime-mnt + value: "{{RUNTIME_MOUNT_PATH}}" - name: CRITICAL_FUSE_POD - value: "true" + value: "{{CRITICAL_FUSE_POD}}" - name: FLUID_SYNC_RETRY_DURATION value: 15s - image: fluidcloudnative/alluxioruntime-controller:v0.9.2-02f70ac + - name: HELM_DRIVER + value: configmap + - name: ALLUXIO_MOUNT_CONFIG_STORAGE + value: configmap + image: fluidcloudnative/alluxioruntime-controller:v1.0.0-31f5433 name: manager ports: - containerPort: 8080 @@ -176,13 +206,17 @@ spec: env: - name: FLUID_WORKDIR value: /tmp + - name: JINDO_ENGINE_TYPE + value: jindocache - name: ALLUXIO_RUNTIME_IMAGE_ENV value: alluxio/alluxio-dev:2.9.0 - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: fluidcloudnative/dataset-controller:v0.9.2-02f70ac + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/dataset-controller:v1.0.0-31f5433 name: manager ports: - containerPort: 8080 @@ -237,9 +271,9 @@ spec: - start env: - name: MOUNT_ROOT - value: /runtime-mnt + value: "{{RUNTIME_MOUNT_PATH}}" - name: CRITICAL_FUSE_POD - value: "true" + value: "{{CRITICAL_FUSE_POD}}" - name: FLUID_SYNC_RETRY_DURATION value: 15s - name: EFC_INIT_FUSE_IMAGE_ENV @@ -252,7 +286,9 @@ spec: value: registry.cn-zhangjiakou.aliyuncs.com/nascache/efc-fuse:v1.2.2-19dcee9 - name: EFC_SESSMGR_IMAGE_ENV value: registry.cn-zhangjiakou.aliyuncs.com/nascache/efc-fuse:v1.2.2-19dcee9 - image: fluidcloudnative/efcruntime-controller:v0.9.2-02f70ac + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/efcruntime-controller:v1.0.0-31f5433 imagePullPolicy: Always name: manager ports: @@ -308,7 +344,7 @@ spec: env: - name: FLUID_WORKDIR value: /tmp - image: fluidcloudnative/application-controller:v0.9.2-02f70ac + image: fluidcloudnative/application-controller:v1.0.0-31f5433 name: manager ports: - containerPort: 8080 @@ -374,12 +410,12 @@ spec: - name: GOOSEFS_FUSE_IMAGE_ENV value: ccr.ccs.tencentyun.com/qcloud/goosefs-fuse:v1.2.0 - name: MOUNT_ROOT - value: /runtime-mnt + value: "{{RUNTIME_MOUNT_PATH}}" - name: CRITICAL_FUSE_POD - value: "true" + value: "{{CRITICAL_FUSE_POD}}" - name: FLUID_SYNC_RETRY_DURATION value: 15s - image: fluidcloudnative/goosefsruntime-controller:v0.9.2-02f70ac + image: fluidcloudnative/goosefsruntime-controller:v1.0.0-31f5433 imagePullPolicy: Always name: manager ports: @@ -440,24 +476,26 @@ spec: - name: FLUID_WORKDIR value: /tmp - name: MOUNT_ROOT - value: /runtime-mnt + value: "{{RUNTIME_MOUNT_PATH}}" - name: JINDO_SMARTDATA_IMAGE_ENV - value: registry.cn-shanghai.aliyuncs.com/jindofs/smartdata:4.6.7 + value: registry.cn-shanghai.aliyuncs.com/jindofs/smartdata:6.2.0 - name: JINDO_FUSE_IMAGE_ENV - value: registry.cn-shanghai.aliyuncs.com/jindofs/jindo-fuse:4.6.7 + value: registry.cn-shanghai.aliyuncs.com/jindofs/jindo-fuse:6.2.0 - name: DEFAULT_INIT_IMAGE_ENV value: fluidcloudnative/init-users:v0.9.0 - name: INIT_PORT_CHECK_ENABLED value: "false" - name: CRITICAL_FUSE_POD - value: "true" + value: "{{CRITICAL_FUSE_POD}}" - name: FLUID_SYNC_RETRY_DURATION value: 15s - name: JINDO_ENGINE_TYPE - value: jindofsx + value: jindocache - name: QUERY_UFS_TOTAL value: "true" - image: fluidcloudnative/jindoruntime-controller:v0.9.2-02f70ac + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/jindoruntime-controller:v1.0.0-31f5433 name: manager ports: - containerPort: 8080 @@ -512,15 +550,19 @@ spec: - juicefsruntime-controller - start env: - - name: JUICEFS_FUSE_IMAGE_ENV - value: juicedata/juicefs-fuse:v1.0.4-4.9.2 + - name: JUICEFS_CE_IMAGE_ENV + value: juicedata/juicefs-fuse:ce-v1.1.0-rc1 + - name: JUICEFS_EE_IMAGE_ENV + value: juicedata/juicefs-fuse:ee-4.9.16 - name: MOUNT_ROOT - value: /runtime-mnt + value: "{{RUNTIME_MOUNT_PATH}}" - name: CRITICAL_FUSE_POD - value: "true" + value: "{{CRITICAL_FUSE_POD}}" - name: FLUID_SYNC_RETRY_DURATION value: 15s - image: fluidcloudnative/juicefsruntime-controller:v0.9.2-02f70ac + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/juicefsruntime-controller:v1.0.0-31f5433 name: manager ports: - containerPort: 8080 @@ -575,12 +617,16 @@ spec: - start env: - name: MOUNT_ROOT - value: /runtime-mnt + value: "{{RUNTIME_MOUNT_PATH}}" - name: CRITICAL_FUSE_POD - value: "true" + value: "{{CRITICAL_FUSE_POD}}" - name: FLUID_SYNC_RETRY_DURATION value: 15s - image: fluidcloudnative/thinruntime-controller:v0.9.2-02f70ac + - name: HELM_DRIVER + value: configmap + - name: THIN_FUSE_CONFIG_STORAGE + value: configmap + image: fluidcloudnative/thinruntime-controller:v1.0.0-31f5433 name: manager ports: - containerPort: 8080 @@ -597,6 +643,74 @@ spec: terminationGracePeriodSeconds: 10 tolerations: - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: vineyardruntime-controller + name: vineyardruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: vineyardruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: vineyardruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + command: + - vineyardruntime-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: VINEYARD_MASTER_IMAGE_ENV + value: bitnami/etcd:3.5.10 + - name: VINEYARD_WORKER_IMAGE_ENV + value: vineyardcloudnative/vineyardd:v0.21.5 + - name: VINEYARD_FUSE_IMAGE_ENV + value: vineyardcloudnative/vineyard-fluid-fuse:v0.21.5 + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/vineyardruntime-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: vineyardruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists - apiVersion: apps/v1 kind: DaemonSet metadata: @@ -644,7 +758,7 @@ spec: - --v=5 - --feature-gates=FuseRecovery=false - --prune-fs=fuse.alluxio-fuse,fuse.jindofs-fuse,fuse.juicefs,fuse.goosefs-fuse,ossfs,alifuse.aliyun-alinas-efc - - --prune-path=/runtime-mnt + - --prune-path="{{RUNTIME_MOUNT_PATH}}" - --pprof-addr=:6060 command: - /usr/local/bin/entrypoint.sh @@ -658,7 +772,7 @@ spec: fieldRef: fieldPath: status.hostIP - name: MOUNT_ROOT - value: /runtime-mnt + value: "{{RUNTIME_MOUNT_PATH}}" - name: REVOCER_WARNING_THRESHOLD value: "50" - name: ALLOW_PATCH_STALE_NODE @@ -667,7 +781,9 @@ spec: value: /var/lib/kubelet - name: CSI_ENDPOINT value: unix:///var/lib/kubelet/csi-plugins/fuse.csi.fluid.io/csi.sock - image: fluidcloudnative/fluid-csi:v0.9.2-02f70ac + - name: NODEPUBLISH_METHOD + value: bindMount + image: fluidcloudnative/fluid-csi:v1.0.0-31f5433 imagePullPolicy: IfNotPresent name: plugins securityContext: @@ -683,8 +799,8 @@ spec: - mountPath: /var/lib/kubelet mountPropagation: Bidirectional name: kubelet-dir - - mountPath: /runtime-mnt - mountPropagation: Bidirectional + - mountPath: "{{RUNTIME_MOUNT_PATH}}" + mountPropagation: HostToContainer name: fluid-src-dir - mountPath: /etc/kubernetes/kubelet.conf mountPropagation: HostToContainer @@ -694,7 +810,7 @@ spec: name: updatedb-conf - mountPath: /host-etc/updatedb.conf.bak name: updatedb-conf-bak - hostPID: true + hostPID: false serviceAccountName: fluid-csi tolerations: - operator: Exists @@ -712,7 +828,7 @@ spec: type: DirectoryOrCreate name: registration-dir - hostPath: - path: /runtime-mnt + path: "{{RUNTIME_MOUNT_PATH}}" type: DirectoryOrCreate name: fluid-src-dir - hostPath: @@ -736,14 +852,6 @@ spec: spec: attachRequired: false podInfoOnMount: true - - apiVersion: v1 - kind: Namespace - metadata: - annotations: - addon.open-cluster-management.io/deletion-orphan: "" - labels: - addon.open-cluster-management.io/namespace: "true" - name: fluid-system - apiVersion: v1 kind: ServiceAccount metadata: @@ -824,17 +932,6 @@ spec: verbs: - create - patch - - apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch - - get - - create - - delete - - update - apiGroups: - "" resources: @@ -855,7 +952,13 @@ spec: - alluxioruntimes/status - datasets/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete - apiGroups: - apps resources: @@ -864,20 +967,58 @@ spec: - daemonsets/status - statefulsets/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: alluxioruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alluxioruntime-controller + subjects: + - kind: ServiceAccount + name: alluxioruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: alluxioruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - coordination.k8s.io + resourceNames: + - alluxio.data.fluid.io resources: - leases verbs: - - '*' + - get + - list + - watch + - update + - patch + - delete - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding + kind: RoleBinding metadata: - name: alluxioruntime-clusterrolebinding + name: alluxioruntime-controller + namespace: fluid-system roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: alluxioruntime-controller subjects: - kind: ServiceAccount @@ -903,6 +1044,7 @@ spec: - thinruntimes - efcruntimes - datasets + - vineyardruntimes - alluxioruntimes/status - jindoruntimes/status - goosefsruntimes/status @@ -910,6 +1052,7 @@ spec: - thinruntimes/status - efcruntimes/status - datasets/status + - vineyardruntimes/status verbs: - get - list @@ -989,6 +1132,8 @@ spec: resources: - jobs - jobs/status + - cronjobs + - cronjobs/status verbs: - get - list @@ -1007,6 +1152,14 @@ spec: - create - delete - update + - apiGroups: + - "" + resources: + - services + verbs: + - create + - get + - delete - apiGroups: - "" resources: @@ -1028,17 +1181,6 @@ spec: verbs: - create - patch - - apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch - - get - - create - - delete - - update - apiGroups: - data.fluid.io resources: @@ -1048,6 +1190,8 @@ spec: - dataloads/status - databackups - databackups/status + - dataprocesses + - dataprocesses/status - datasets - datasets/status - alluxioruntimes @@ -1062,17 +1206,38 @@ spec: - thinruntimes/status - efcruntimes - efcruntimes/status + - vineyardruntimes + - vineyardruntimes/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete - apiGroups: - apps resources: - - daemonsets - statefulsets - - daemonsets/status - statefulsets/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - daemonsets/status + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -1085,19 +1250,51 @@ spec: - watch - update - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: dataset-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dataset-controller + subjects: + - kind: ServiceAccount + name: dataset-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: dataset-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - coordination.k8s.io + resourceNames: + - dataset.data.fluid.io resources: - leases verbs: - - '*' + - get + - list + - watch + - update + - patch + - delete - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding + kind: RoleBinding metadata: - name: dataset-clusterrolebinding + name: dataset-controller + namespace: fluid-system roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: dataset-controller subjects: - kind: ServiceAccount @@ -1184,17 +1381,6 @@ spec: verbs: - create - patch - - apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch - - get - - create - - delete - - update - apiGroups: - "" resources: @@ -1213,7 +1399,13 @@ spec: - efcruntimes/status - datasets/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete - apiGroups: - apps resources: @@ -1222,17 +1414,17 @@ spec: - daemonsets/status - statefulsets/status verbs: - - '*' - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - '*' - - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: efcruntime-clusterrolebinding + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: efcruntime-clusterrolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -1241,6 +1433,44 @@ spec: - kind: ServiceAccount name: efcruntime-controller namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: efcruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - efc.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: efcruntime-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: efcruntime-controller + subjects: + - kind: ServiceAccount + name: efcruntime-controller + namespace: fluid-system - apiVersion: v1 kind: ServiceAccount metadata: @@ -1285,20 +1515,58 @@ spec: resources: - configmaps verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: fluidapp-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fluidapp-controller + subjects: + - kind: ServiceAccount + name: fluidapp-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: fluidapp-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - coordination.k8s.io + resourceNames: + - fluidapp.data.fluid.io resources: - leases verbs: - - '*' + - get + - list + - watch + - update + - patch + - delete - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding + kind: RoleBinding metadata: - name: fluidapp-clusterrolebinding + name: fluidapp-controller + namespace: fluid-system roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: fluidapp-controller subjects: - kind: ServiceAccount @@ -1415,7 +1683,13 @@ spec: - goosefsruntimes/status - datasets/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete - apiGroups: - apps resources: @@ -1424,20 +1698,58 @@ spec: - daemonsets/status - statefulsets/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: goosefsruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: goosefsruntime-controller + subjects: + - kind: ServiceAccount + name: goosefsruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: goosefsruntime-controller + namespace: fluid-system + rules: - apiGroups: - coordination.k8s.io resources: - leases verbs: - - '*' + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - goosefs.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding + kind: RoleBinding metadata: - name: goosefsruntime-clusterrolebinding + name: goosefsruntime-rolebinding + namespace: fluid-system roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: goosefsruntime-controller subjects: - kind: ServiceAccount @@ -1528,12 +1840,7 @@ spec: resources: - secrets verbs: - - list - - watch - get - - create - - delete - - update - apiGroups: - "" resources: @@ -1552,7 +1859,13 @@ spec: - jindoruntimes/status - datasets/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete - apiGroups: - apps resources: @@ -1561,20 +1874,58 @@ spec: - daemonsets/status - statefulsets/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: jindoruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jindoruntime-controller + subjects: + - kind: ServiceAccount + name: jindoruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: jindoruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - coordination.k8s.io + resourceNames: + - jindo.data.fluid.io resources: - leases verbs: - - '*' + - get + - list + - watch + - update + - patch + - delete - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding + kind: RoleBinding metadata: - name: jindoruntime-clusterrolebinding + name: jindoruntime-rolebinding + namespace: fluid-system roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: jindoruntime-controller subjects: - kind: ServiceAccount @@ -1663,17 +2014,6 @@ spec: verbs: - create - patch - - apiGroups: - - "" - resources: - - secrets - verbs: - - list - - watch - - get - - create - - delete - - update - apiGroups: - "" resources: @@ -1692,7 +2032,13 @@ spec: - juicefsruntimes/status - datasets/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete - apiGroups: - "" resources: @@ -1720,20 +2066,58 @@ spec: - daemonsets/status - statefulsets/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: juicefsruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: juicefsruntime-controller + subjects: + - kind: ServiceAccount + name: juicefsruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: juicefsruntime-controller + namespace: fluid-system + rules: - apiGroups: - coordination.k8s.io resources: - leases verbs: - - '*' + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - juicefs.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding + kind: RoleBinding metadata: - name: juicefsruntime-clusterrolebinding + name: juicefsruntime-rolebinding + namespace: fluid-system roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: juicefsruntime-controller subjects: - kind: ServiceAccount @@ -1821,17 +2205,6 @@ spec: verbs: - create - patch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - list - - watch - - get - - update - apiGroups: - "" resources: @@ -1857,7 +2230,13 @@ spec: - thinruntimeprofiles/status - datasets/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete - apiGroups: - "" resources: @@ -1885,25 +2264,229 @@ spec: - daemonsets/status - statefulsets/status verbs: - - '*' + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: thinruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: thinruntime-controller + subjects: + - kind: ServiceAccount + name: thinruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: thinruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create - apiGroups: - coordination.k8s.io + resourceNames: + - thin.data.fluid.io resources: - leases verbs: - - '*' + - get + - list + - watch + - update + - patch + - delete - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding + kind: RoleBinding metadata: - name: thinruntime-clusterrolebinding + name: thinruntime-rolebinding + namespace: fluid-system roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: thinruntime-controller subjects: - kind: ServiceAccount name: thinruntime-controller namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: vineyardruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: vineyardruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - vineyardruntimes + - datasets + - vineyardruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: vineyardruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vineyardruntime-controller + subjects: + - kind: ServiceAccount + name: vineyardruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: vineyardruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - vineyard.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: vineyardruntime-controller + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: vineyardruntime-controller + subjects: + - kind: ServiceAccount + name: vineyardruntime-controller + namespace: fluid-system - apiVersion: v1 kind: ServiceAccount metadata: @@ -1935,6 +2518,7 @@ spec: - goosefsruntimes - thinruntimes - efcruntimes + - vineyardruntimes verbs: - get - list @@ -2063,7 +2647,7 @@ spec: helm.sh/hook: pre-upgrade helm.sh/hook-delete-policy: before-hook-creation helm.sh/hook-weight: "-4" - name: fluid-crds-upgrade-0.9.2-02f70ac + name: fluid-crds-upgrade-100-31f5433 namespace: fluid-system spec: template: @@ -2072,10 +2656,49 @@ spec: - command: - bash - /fluid/upgrade-crds.sh - image: fluidcloudnative/fluid-crd-upgrader:v0.9.2-02f70ac + image: fluidcloudnative/fluid-crd-upgrader:v1.0.0-31f5433 name: fluid-crds-upgrade restartPolicy: OnFailure serviceAccountName: fluid-crds-upgrade + ttlSecondsAfterFinished: 259200 + - apiVersion: v1 + data: + pluginsProfile: | + pluginConfig: + - args: | + preferred: + # fluid.io/fuse is a fluid built-in affinity, prefer to schedule pods to nodes with runtime fuse pods. + # - name: fluid.io/fuse + # weight: 100 + # fluid.io/node is a fluid built-in affinity, prefer to schedule pods to nodes with runtime worker pods. + - name: fluid.io/node + weight: 100 + # runtime worker's zone label name, can be changed according to k8s environment. + - name: topology.kubernetes.io/zone + weight: 50 + # runtime worker's region label name, can be changed according to k8s environment. + - name: topology.kubernetes.io/region + weight: 20 + # used when app pod with label fluid.io/dataset.{dataset name}.sched set true + required: + - fluid.io/node + name: NodeAffinityWithCache + plugins: + serverful: + withDataset: + - RequireNodeWithFuse + - NodeAffinityWithCache + - MountPropagationInjector + withoutDataset: + - PreferNodesWithoutCache + serverless: + withDataset: + - FuseSidecar + withoutDataset: [] + kind: ConfigMap + metadata: + name: webhook-plugins + namespace: fluid-system - apiVersion: v1 kind: Service metadata: @@ -2120,15 +2743,26 @@ spec: fieldPath: metadata.namespace - name: TIME_TRACK value: "false" - image: fluidcloudnative/fluid-webhook:v0.9.2-02f70ac + image: fluidcloudnative/fluid-webhook:v1.0.0-31f5433 name: manager ports: - containerPort: 8080 name: metrics protocol: TCP + volumeMounts: + - mountPath: /etc/fluid + name: webhook-plugins serviceAccountName: fluid-webhook tolerations: - operator: Exists + volumes: + - configMap: + items: + - key: pluginsProfile + mode: 292 + path: plugins.profile + name: webhook-plugins + name: webhook-plugins - apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -2188,35 +2822,4 @@ spec: - pods sideEffects: None timeoutSeconds: 15 - - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - open-cluster-management.io/aggregate-to-work: "true" - name: fluid-ocm-work-apply - rules: - - apiGroups: - - storage.k8s.io - resources: - - csidrivers - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - patch - - delete registration: [] diff --git a/fluid-addon/deploy/addon/addon-template-fluid-gke-1.0.0.yaml b/fluid-addon/deploy/addon/addon-template-fluid-gke-1.0.0.yaml new file mode 100644 index 00000000..b9f316e4 --- /dev/null +++ b/fluid-addon/deploy/addon/addon-template-fluid-gke-1.0.0.yaml @@ -0,0 +1,2832 @@ +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: AddOnTemplate +metadata: + name: fluid-gke-1.0.0 +spec: + addonName: fluid + agentSpec: + manifestConfigs: + - resourceIdentifier: + group: batch + name: fluid-crds-upgrade-100-31f5433 + namespace: fluid-system + resource: jobs # server-side apply for jobs since the job resources will also be updated by k8s controllers + updateStrategy: + type: ServerSideApply + # server-side apply for all *runtime-controller, since the initial replicas for these controllers are 0, but + # the replicas will be updated if there is a corresponding runtime CR created + - resourceIdentifier: + group: apps + name: alluxioruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + - resourceIdentifier: + group: apps + name: efcruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + - resourceIdentifier: + group: apps + name: goosefsruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + - resourceIdentifier: + group: apps + name: jindoruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + - resourceIdentifier: + group: apps + name: juicefsruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + - resourceIdentifier: + group: apps + name: thinruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + - resourceIdentifier: + group: apps + name: vineyardruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + workload: + manifests: + # grant permission for work agent ----- begin + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: open-cluster-management:klusterlet-work:fluid-clusterrole + labels: + # with this label, the clusterRole will be selected to aggregate + open-cluster-management.io/aggregate-to-work: "true" + rules: + - apiGroups: ["data.fluid.io"] + resources: ['*'] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["csidrivers"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + # grant permission for work agent ----- end + - apiVersion: v1 + kind: Namespace + metadata: + annotations: + addon.open-cluster-management.io/deletion-orphan: "" + labels: + addon.open-cluster-management.io/namespace: "true" + name: fluid-system + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: alluxioruntime-controller + name: alluxioruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: alluxioruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: alluxioruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --runtime-node-port-range=20000-26000 + - --runtime-workers=3 + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + - --port-allocate-policy=random + command: + - alluxioruntime-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + - name: DEFAULT_INIT_IMAGE_ENV + value: fluidcloudnative/init-users:v0.9.0 + - name: ALLUXIO_RUNTIME_IMAGE_ENV + value: alluxio/alluxio-dev:2.9.0 + - name: ALLUXIO_FUSE_IMAGE_ENV + value: alluxio/alluxio-dev:2.9.0 + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: CRITICAL_FUSE_POD + value: "{{CRITICAL_FUSE_POD}}" + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: HELM_DRIVER + value: configmap + - name: ALLUXIO_MOUNT_CONFIG_STORAGE + value: configmap + image: fluidcloudnative/alluxioruntime-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: alluxioruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: dataset-controller + name: dataset-controller + namespace: fluid-system + spec: + replicas: 1 + selector: + matchLabels: + control-plane: dataset-controller + template: + metadata: + labels: + control-plane: dataset-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + command: + - dataset-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + - name: JINDO_ENGINE_TYPE + value: jindocache + - name: ALLUXIO_RUNTIME_IMAGE_ENV + value: alluxio/alluxio-dev:2.9.0 + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/dataset-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: dataset-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: efcruntime-controller + name: efcruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: efcruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: efcruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=true + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + command: + - efcruntime-controller + - start + env: + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: CRITICAL_FUSE_POD + value: "{{CRITICAL_FUSE_POD}}" + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: EFC_INIT_FUSE_IMAGE_ENV + value: registry.cn-zhangjiakou.aliyuncs.com/nascache/init-alifuse:v1.2.2-19dcee9 + - name: EFC_MASTER_IMAGE_ENV + value: registry.cn-zhangjiakou.aliyuncs.com/nascache/efc-master:v1.2.2-19dcee9 + - name: EFC_WORKER_IMAGE_ENV + value: registry.cn-zhangjiakou.aliyuncs.com/nascache/efc-worker:v1.2.2-19dcee9 + - name: EFC_FUSE_IMAGE_ENV + value: registry.cn-zhangjiakou.aliyuncs.com/nascache/efc-fuse:v1.2.2-19dcee9 + - name: EFC_SESSMGR_IMAGE_ENV + value: registry.cn-zhangjiakou.aliyuncs.com/nascache/efc-fuse:v1.2.2-19dcee9 + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/efcruntime-controller:v1.0.0-31f5433 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: efcruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: fluidapp-controller + name: fluidapp-controller + namespace: fluid-system + spec: + replicas: 1 + selector: + matchLabels: + control-plane: fluidapp-controller + template: + metadata: + labels: + control-plane: fluidapp-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + command: + - fluidapp-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + image: fluidcloudnative/application-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: fluidapp-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: goosefsruntime-controller + name: goosefsruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: goosefsruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: goosefsruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --runtime-node-port-range=26000-32000 + - --runtime-workers=3 + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + - --port-allocate-policy=random + command: + - goosefsruntime-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + - name: DEFAULT_INIT_IMAGE_ENV + value: fluidcloudnative/init-users:v0.9.0 + - name: GOOSEFS_RUNTIME_IMAGE_ENV + value: ccr.ccs.tencentyun.com/qcloud/goosefs:v1.2.0 + - name: GOOSEFS_FUSE_IMAGE_ENV + value: ccr.ccs.tencentyun.com/qcloud/goosefs-fuse:v1.2.0 + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: CRITICAL_FUSE_POD + value: "{{CRITICAL_FUSE_POD}}" + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + image: fluidcloudnative/goosefsruntime-controller:v1.0.0-31f5433 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: goosefsruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: jindoruntime-controller + name: jindoruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: jindoruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: jindoruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --runtime-node-port-range=18000-19999 + - --runtime-workers=3 + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + - --port-allocate-policy=random + command: + - jindoruntime-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: JINDO_SMARTDATA_IMAGE_ENV + value: registry.cn-shanghai.aliyuncs.com/jindofs/smartdata:6.2.0 + - name: JINDO_FUSE_IMAGE_ENV + value: registry.cn-shanghai.aliyuncs.com/jindofs/jindo-fuse:6.2.0 + - name: DEFAULT_INIT_IMAGE_ENV + value: fluidcloudnative/init-users:v0.9.0 + - name: INIT_PORT_CHECK_ENABLED + value: "false" + - name: CRITICAL_FUSE_POD + value: "{{CRITICAL_FUSE_POD}}" + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: JINDO_ENGINE_TYPE + value: jindocache + - name: QUERY_UFS_TOTAL + value: "true" + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/jindoruntime-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: jindoruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: juicefsruntime-controller + name: juicefsruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: juicefsruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: juicefsruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --pprof-addr=:6060 + - --enable-leader-election + - --runtime-workers=3 + - --leader-election-namespace=fluid-system + command: + - juicefsruntime-controller + - start + env: + - name: JUICEFS_CE_IMAGE_ENV + value: juicedata/juicefs-fuse:ce-v1.1.0-rc1 + - name: JUICEFS_EE_IMAGE_ENV + value: juicedata/juicefs-fuse:ee-4.9.16 + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: CRITICAL_FUSE_POD + value: "{{CRITICAL_FUSE_POD}}" + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/juicefsruntime-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: juicefsruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: thinruntime-controller + name: thinruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: thinruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: thinruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + command: + - thinruntime-controller + - start + env: + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: CRITICAL_FUSE_POD + value: "{{CRITICAL_FUSE_POD}}" + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: HELM_DRIVER + value: configmap + - name: THIN_FUSE_CONFIG_STORAGE + value: configmap + image: fluidcloudnative/thinruntime-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: thinruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: vineyardruntime-controller + name: vineyardruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: vineyardruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: vineyardruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + command: + - vineyardruntime-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: VINEYARD_MASTER_IMAGE_ENV + value: bitnami/etcd:3.5.10 + - name: VINEYARD_WORKER_IMAGE_ENV + value: vineyardcloudnative/vineyardd:v0.21.5 + - name: VINEYARD_FUSE_IMAGE_ENV + value: vineyardcloudnative/vineyard-fluid-fuse:v0.21.5 + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/vineyardruntime-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: vineyardruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: csi-nodeplugin-fluid + namespace: fluid-system + spec: + selector: + matchLabels: + app: csi-nodeplugin-fluid + template: + metadata: + labels: + app: csi-nodeplugin-fluid + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --v=5 + - --csi-address=/var/lib/kubelet/csi-plugins/fuse.csi.fluid.io/csi.sock + - --kubelet-registration-path=/var/lib/kubelet/csi-plugins/fuse.csi.fluid.io/csi.sock + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: fluidcloudnative/csi-node-driver-registrar:v2.3.0 + name: node-driver-registrar + volumeMounts: + - mountPath: /var/lib/kubelet + mountPropagation: HostToContainer + name: kubelet-dir + - mountPath: /registration + name: registration-dir + - args: + - --nodeid=$(NODE_ID) + - --endpoint=$(CSI_ENDPOINT) + - --v=5 + - --feature-gates=FuseRecovery=false + - --prune-fs=fuse.alluxio-fuse,fuse.jindofs-fuse,fuse.juicefs,fuse.goosefs-fuse,ossfs,alifuse.aliyun-alinas-efc + - --prune-path="{{RUNTIME_MOUNT_PATH}}" + - --pprof-addr=:6060 + - --kubelet-kube-config=/var/lib/kubelet/kubeconfig + command: + - /usr/local/bin/entrypoint.sh + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: REVOCER_WARNING_THRESHOLD + value: "50" + - name: ALLOW_PATCH_STALE_NODE + value: "true" + - name: KUBELET_ROOTDIR + value: /var/lib/kubelet + - name: CSI_ENDPOINT + value: unix:///var/lib/kubelet/csi-plugins/fuse.csi.fluid.io/csi.sock + - name: NODEPUBLISH_METHOD + value: bindMount + image: fluidcloudnative/fluid-csi:v1.0.0-31f5433 + imagePullPolicy: IfNotPresent + name: plugins + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + privileged: true + runAsUser: 0 + volumeMounts: + - mountPath: /home/kubernetes/bin/gke-exec-auth-plugin + name: gke-auth-plugin + readOnly: true + - mountPath: /etc/srv/kubernetes/pki/ca-certificates.crt + name: gke-ca + readOnly: true + - mountPath: /plugin + name: plugin-dir + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: kubelet-dir + - mountPath: "{{RUNTIME_MOUNT_PATH}}" + mountPropagation: HostToContainer + name: fluid-src-dir + - mountPath: /host-etc/updatedb.conf + name: updatedb-conf + - mountPath: /host-etc/updatedb.conf.bak + name: updatedb-conf-bak + hostPID: false + serviceAccountName: fluid-csi + tolerations: + - operator: Exists + volumes: + - hostPath: + path: /home/kubernetes/bin/gke-exec-auth-plugin + type: File + name: gke-auth-plugin + - hostPath: + path: /etc/srv/kubernetes/pki/ca-certificates.crt + type: File + name: gke-ca + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/csi-fluid-plugin + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: "{{RUNTIME_MOUNT_PATH}}" + type: DirectoryOrCreate + name: fluid-src-dir + - hostPath: + path: /etc/updatedb.conf + type: FileOrCreate + name: updatedb-conf + - hostPath: + path: /etc/updatedb.conf.backup + type: FileOrCreate + name: updatedb-conf-bak + updateStrategy: + type: RollingUpdate + - apiVersion: storage.k8s.io/v1 + kind: CSIDriver + metadata: + name: fuse.csi.fluid.io + spec: + attachRequired: false + podInfoOnMount: true + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: alluxioruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: alluxioruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - alluxiodataloads + - alluxioruntimes + - datasets + - alluxiodataloads/status + - alluxioruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: alluxioruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alluxioruntime-controller + subjects: + - kind: ServiceAccount + name: alluxioruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: alluxioruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - alluxio.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: alluxioruntime-controller + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: alluxioruntime-controller + subjects: + - kind: ServiceAccount + name: alluxioruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: fluid-csi + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: fluid-csi-plugin + rules: + - apiGroups: + - data.fluid.io + resources: + - alluxioruntimes + - jindoruntimes + - goosefsruntimes + - juicefsruntimes + - thinruntimes + - efcruntimes + - datasets + - vineyardruntimes + - alluxioruntimes/status + - jindoruntimes/status + - goosefsruntimes/status + - juicefsruntimes/status + - thinruntimes/status + - efcruntimes/status + - datasets/status + - vineyardruntimes/status + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - apiGroups: + - "" + resources: + - persistentvolumes/status + verbs: + - get + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: fluid-csi-plugin + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fluid-csi-plugin + subjects: + - kind: ServiceAccount + name: fluid-csi + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: dataset-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: dataset-controller + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - jobs/status + - cronjobs + - cronjobs/status + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - delete + - update + - apiGroups: + - "" + resources: + - services + verbs: + - create + - get + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - data.fluid.io + resources: + - datamigrates + - datamigrates/status + - dataloads + - dataloads/status + - databackups + - databackups/status + - dataprocesses + - dataprocesses/status + - datasets + - datasets/status + - alluxioruntimes + - alluxioruntimes/status + - jindoruntimes + - jindoruntimes/status + - goosefsruntimes + - goosefsruntimes/status + - juicefsruntimes + - juicefsruntimes/status + - thinruntimes + - thinruntimes/status + - efcruntimes + - efcruntimes/status + - vineyardruntimes + - vineyardruntimes/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - statefulsets + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - daemonsets/status + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/scale + - deployments/status + verbs: + - get + - list + - watch + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: dataset-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dataset-controller + subjects: + - kind: ServiceAccount + name: dataset-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: dataset-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - dataset.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: dataset-controller + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dataset-controller + subjects: + - kind: ServiceAccount + name: dataset-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: efcruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: efcruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - create + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - efcruntimes + - datasets + - efcruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: efcruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: efcruntime-controller + subjects: + - kind: ServiceAccount + name: efcruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: efcruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - efc.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: efcruntime-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: efcruntime-controller + subjects: + - kind: ServiceAccount + name: efcruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: fluidapp-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: fluidapp-controller + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - get + - watch + - create + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - get + - create + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: fluidapp-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fluidapp-controller + subjects: + - kind: ServiceAccount + name: fluidapp-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: fluidapp-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - fluidapp.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: fluidapp-controller + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fluidapp-controller + subjects: + - kind: ServiceAccount + name: fluidapp-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: goosefsruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: goosefsruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - get + - create + - delete + - update + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - goosefsdataloads + - goosefsruntimes + - datasets + - goosefsdataloads/status + - goosefsruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: goosefsruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: goosefsruntime-controller + subjects: + - kind: ServiceAccount + name: goosefsruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: goosefsruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - goosefs.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: goosefsruntime-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: goosefsruntime-controller + subjects: + - kind: ServiceAccount + name: goosefsruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: jindoruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: jindoruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - jindoruntimes + - datasets + - jindoruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: jindoruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jindoruntime-controller + subjects: + - kind: ServiceAccount + name: jindoruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: jindoruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - jindo.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: jindoruntime-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jindoruntime-controller + subjects: + - kind: ServiceAccount + name: jindoruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: juicefsruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: juicefsruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - create + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - get + - list + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - juicefsruntimes + - datasets + - juicefsruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - list + - get + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - list + - get + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: juicefsruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: juicefsruntime-controller + subjects: + - kind: ServiceAccount + name: juicefsruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: juicefsruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - juicefs.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: juicefsruntime-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: juicefsruntime-controller + subjects: + - kind: ServiceAccount + name: juicefsruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: thinruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: thinruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - alluxioruntimes + - jindoruntimes + - juicefsruntimes + - goosefsruntimes + - efcruntimes + - thinruntimes + - thinruntimeprofiles + - datasets + - thinruntimes/status + - thinruntimeprofiles/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - list + - get + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - create + - list + - get + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: thinruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: thinruntime-controller + subjects: + - kind: ServiceAccount + name: thinruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: thinruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - thin.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: thinruntime-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: thinruntime-controller + subjects: + - kind: ServiceAccount + name: thinruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: vineyardruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: vineyardruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - vineyardruntimes + - datasets + - vineyardruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: vineyardruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vineyardruntime-controller + subjects: + - kind: ServiceAccount + name: vineyardruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: vineyardruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - vineyard.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: vineyardruntime-controller + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: vineyardruntime-controller + subjects: + - kind: ServiceAccount + name: vineyardruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: fluid-webhook + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: fluid-webhook + rules: + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - fluid-pod-admission-webhook + resources: + - mutatingwebhookconfigurations + verbs: + - get + - patch + - list + - watch + - apiGroups: + - data.fluid.io + resources: + - datasets + - alluxioruntimes + - jindoruntimes + - juicefsruntimes + - goosefsruntimes + - thinruntimes + - efcruntimes + - vineyardruntimes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + - persistentvolumeclaims + - persistentvolumes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - create + - update + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - daemonsets/status + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: fluid-webhook-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fluid-webhook + subjects: + - kind: ServiceAccount + name: fluid-webhook + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: fluid-webhook + namespace: fluid-system + rules: + - apiGroups: + - "" + resourceNames: + - fluid-webhook-certs + resources: + - secrets + verbs: + - get + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: fluid-webhook-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fluid-webhook + subjects: + - kind: ServiceAccount + name: fluid-webhook + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "-5" + name: fluid-crds-upgrade + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "-5" + name: fluid-crds-upgrade + rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - update + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "-5" + name: fluid-crds-upgrade + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fluid-crds-upgrade + subjects: + - kind: ServiceAccount + name: fluid-crds-upgrade + namespace: fluid-system + - apiVersion: batch/v1 + kind: Job + metadata: + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation + helm.sh/hook-weight: "-4" + name: fluid-crds-upgrade-100-31f5433 + namespace: fluid-system + spec: + template: + spec: + containers: + - command: + - bash + - /fluid/upgrade-crds.sh + image: fluidcloudnative/fluid-crd-upgrader:v1.0.0-31f5433 + name: fluid-crds-upgrade + restartPolicy: OnFailure + serviceAccountName: fluid-crds-upgrade + ttlSecondsAfterFinished: 259200 + - apiVersion: v1 + data: + pluginsProfile: | + pluginConfig: + - args: | + preferred: + # fluid.io/fuse is a fluid built-in affinity, prefer to schedule pods to nodes with runtime fuse pods. + # - name: fluid.io/fuse + # weight: 100 + # fluid.io/node is a fluid built-in affinity, prefer to schedule pods to nodes with runtime worker pods. + - name: fluid.io/node + weight: 100 + # runtime worker's zone label name, can be changed according to k8s environment. + - name: topology.kubernetes.io/zone + weight: 50 + # runtime worker's region label name, can be changed according to k8s environment. + - name: topology.kubernetes.io/region + weight: 20 + # used when app pod with label fluid.io/dataset.{dataset name}.sched set true + required: + - fluid.io/node + name: NodeAffinityWithCache + plugins: + serverful: + withDataset: + - RequireNodeWithFuse + - NodeAffinityWithCache + - MountPropagationInjector + withoutDataset: + - PreferNodesWithoutCache + serverless: + withDataset: + - FuseSidecar + withoutDataset: [] + kind: ConfigMap + metadata: + name: webhook-plugins + namespace: fluid-system + - apiVersion: v1 + kind: Service + metadata: + name: fluid-pod-admission-webhook + namespace: fluid-system + spec: + ports: + - name: https-rest + port: 9443 + targetPort: 9443 + selector: + control-plane: fluid-webhook + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: fluid-webhook + name: fluid-webhook + namespace: fluid-system + spec: + replicas: 1 + selector: + matchLabels: + control-plane: fluid-webhook + template: + metadata: + labels: + control-plane: fluid-webhook + spec: + containers: + - args: + - --development=false + - --full-go-profile=false + - --pprof-addr=:6060 + command: + - fluid-webhook + - start + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TIME_TRACK + value: "false" + image: fluidcloudnative/fluid-webhook:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + volumeMounts: + - mountPath: /etc/fluid + name: webhook-plugins + serviceAccountName: fluid-webhook + tolerations: + - operator: Exists + volumes: + - configMap: + items: + - key: pluginsProfile + mode: 292 + path: plugins.profile + name: webhook-plugins + name: webhook-plugins + - apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + name: fluid-pod-admission-webhook + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + caBundle: Cg== + service: + name: fluid-pod-admission-webhook + namespace: fluid-system + path: /mutate-fluid-io-v1alpha1-schedulepod + port: 9443 + failurePolicy: Fail + name: sidecar.fuse.fluid.io + objectSelector: + matchLabels: + serverless.fluid.io/inject: "true" + reinvocationPolicy: IfNeeded + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + timeoutSeconds: 15 + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + caBundle: Cg== + service: + name: fluid-pod-admission-webhook + namespace: fluid-system + path: /mutate-fluid-io-v1alpha1-schedulepod + port: 9443 + failurePolicy: Fail + name: fuse.serverful.fluid.io + objectSelector: + matchLabels: + fuse.serverful.fluid.io/inject: "true" + reinvocationPolicy: IfNeeded + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + timeoutSeconds: 15 + registration: [] diff --git a/fluid-addon/deploy/addon/addon-template-fluid-ocp-1.0.0.yaml b/fluid-addon/deploy/addon/addon-template-fluid-ocp-1.0.0.yaml new file mode 100644 index 00000000..8ff53080 --- /dev/null +++ b/fluid-addon/deploy/addon/addon-template-fluid-ocp-1.0.0.yaml @@ -0,0 +1,2818 @@ +apiVersion: addon.open-cluster-management.io/v1alpha1 +kind: AddOnTemplate +metadata: + name: fluid-ocp-1.0.0 +spec: + addonName: fluid + agentSpec: + manifestConfigs: + - resourceIdentifier: + group: batch + name: fluid-crds-upgrade-100-31f5433 + namespace: fluid-system + resource: jobs # server-side apply for jobs since the job resources will also be updated by k8s controllers + updateStrategy: + type: ServerSideApply + # server-side apply for all *runtime-controller, since the initial replicas for these controllers are 0, but + # the replicas will be updated if there is a corresponding runtime CR created + - resourceIdentifier: + group: apps + name: alluxioruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + - resourceIdentifier: + group: apps + name: efcruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + - resourceIdentifier: + group: apps + name: goosefsruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + - resourceIdentifier: + group: apps + name: jindoruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + - resourceIdentifier: + group: apps + name: juicefsruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + - resourceIdentifier: + group: apps + name: thinruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + - resourceIdentifier: + group: apps + name: vineyardruntime-controller + namespace: fluid-system + resource: deployments + updateStrategy: + type: ServerSideApply + workload: + manifests: + # grant permission for work agent ----- begin + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: open-cluster-management:klusterlet-work:fluid-clusterrole + labels: + # with this label, the clusterRole will be selected to aggregate + open-cluster-management.io/aggregate-to-work: "true" + rules: + - apiGroups: ["data.fluid.io"] + resources: ['*'] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["csidrivers"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + # grant permission for work agent ----- end + - apiVersion: v1 + kind: Namespace + metadata: + annotations: + addon.open-cluster-management.io/deletion-orphan: "" + labels: + addon.open-cluster-management.io/namespace: "true" + name: fluid-system + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: alluxioruntime-controller + name: alluxioruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: alluxioruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: alluxioruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --runtime-node-port-range=20000-26000 + - --runtime-workers=3 + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + - --port-allocate-policy=random + command: + - alluxioruntime-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + - name: DEFAULT_INIT_IMAGE_ENV + value: fluidcloudnative/init-users:v0.9.0 + - name: ALLUXIO_RUNTIME_IMAGE_ENV + value: alluxio/alluxio-dev:2.9.0 + - name: ALLUXIO_FUSE_IMAGE_ENV + value: alluxio/alluxio-dev:2.9.0 + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: CRITICAL_FUSE_POD + value: "{{CRITICAL_FUSE_POD}}" + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: HELM_DRIVER + value: configmap + - name: ALLUXIO_MOUNT_CONFIG_STORAGE + value: configmap + image: fluidcloudnative/alluxioruntime-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: alluxioruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: dataset-controller + name: dataset-controller + namespace: fluid-system + spec: + replicas: 1 + selector: + matchLabels: + control-plane: dataset-controller + template: + metadata: + labels: + control-plane: dataset-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + command: + - dataset-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + - name: JINDO_ENGINE_TYPE + value: jindocache + - name: ALLUXIO_RUNTIME_IMAGE_ENV + value: alluxio/alluxio-dev:2.9.0 + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/dataset-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: dataset-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: efcruntime-controller + name: efcruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: efcruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: efcruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=true + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + command: + - efcruntime-controller + - start + env: + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: CRITICAL_FUSE_POD + value: "{{CRITICAL_FUSE_POD}}" + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: EFC_INIT_FUSE_IMAGE_ENV + value: registry.cn-zhangjiakou.aliyuncs.com/nascache/init-alifuse:v1.2.2-19dcee9 + - name: EFC_MASTER_IMAGE_ENV + value: registry.cn-zhangjiakou.aliyuncs.com/nascache/efc-master:v1.2.2-19dcee9 + - name: EFC_WORKER_IMAGE_ENV + value: registry.cn-zhangjiakou.aliyuncs.com/nascache/efc-worker:v1.2.2-19dcee9 + - name: EFC_FUSE_IMAGE_ENV + value: registry.cn-zhangjiakou.aliyuncs.com/nascache/efc-fuse:v1.2.2-19dcee9 + - name: EFC_SESSMGR_IMAGE_ENV + value: registry.cn-zhangjiakou.aliyuncs.com/nascache/efc-fuse:v1.2.2-19dcee9 + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/efcruntime-controller:v1.0.0-31f5433 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: efcruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: fluidapp-controller + name: fluidapp-controller + namespace: fluid-system + spec: + replicas: 1 + selector: + matchLabels: + control-plane: fluidapp-controller + template: + metadata: + labels: + control-plane: fluidapp-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + command: + - fluidapp-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + image: fluidcloudnative/application-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: fluidapp-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: goosefsruntime-controller + name: goosefsruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: goosefsruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: goosefsruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --runtime-node-port-range=26000-32000 + - --runtime-workers=3 + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + - --port-allocate-policy=random + command: + - goosefsruntime-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + - name: DEFAULT_INIT_IMAGE_ENV + value: fluidcloudnative/init-users:v0.9.0 + - name: GOOSEFS_RUNTIME_IMAGE_ENV + value: ccr.ccs.tencentyun.com/qcloud/goosefs:v1.2.0 + - name: GOOSEFS_FUSE_IMAGE_ENV + value: ccr.ccs.tencentyun.com/qcloud/goosefs-fuse:v1.2.0 + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: CRITICAL_FUSE_POD + value: "{{CRITICAL_FUSE_POD}}" + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + image: fluidcloudnative/goosefsruntime-controller:v1.0.0-31f5433 + imagePullPolicy: Always + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: goosefsruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: jindoruntime-controller + name: jindoruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: jindoruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: jindoruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --runtime-node-port-range=18000-19999 + - --runtime-workers=3 + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + - --port-allocate-policy=random + command: + - jindoruntime-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: JINDO_SMARTDATA_IMAGE_ENV + value: registry.cn-shanghai.aliyuncs.com/jindofs/smartdata:6.2.0 + - name: JINDO_FUSE_IMAGE_ENV + value: registry.cn-shanghai.aliyuncs.com/jindofs/jindo-fuse:6.2.0 + - name: DEFAULT_INIT_IMAGE_ENV + value: fluidcloudnative/init-users:v0.9.0 + - name: INIT_PORT_CHECK_ENABLED + value: "false" + - name: CRITICAL_FUSE_POD + value: "{{CRITICAL_FUSE_POD}}" + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: JINDO_ENGINE_TYPE + value: jindocache + - name: QUERY_UFS_TOTAL + value: "true" + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/jindoruntime-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: jindoruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: juicefsruntime-controller + name: juicefsruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: juicefsruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: juicefsruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --pprof-addr=:6060 + - --enable-leader-election + - --runtime-workers=3 + - --leader-election-namespace=fluid-system + command: + - juicefsruntime-controller + - start + env: + - name: JUICEFS_CE_IMAGE_ENV + value: juicedata/juicefs-fuse:ce-v1.1.0-rc1 + - name: JUICEFS_EE_IMAGE_ENV + value: juicedata/juicefs-fuse:ee-4.9.16 + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: CRITICAL_FUSE_POD + value: "{{CRITICAL_FUSE_POD}}" + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/juicefsruntime-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: juicefsruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: thinruntime-controller + name: thinruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: thinruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: thinruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + command: + - thinruntime-controller + - start + env: + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: CRITICAL_FUSE_POD + value: "{{CRITICAL_FUSE_POD}}" + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: HELM_DRIVER + value: configmap + - name: THIN_FUSE_CONFIG_STORAGE + value: configmap + image: fluidcloudnative/thinruntime-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: thinruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: vineyardruntime-controller + name: vineyardruntime-controller + namespace: fluid-system + spec: + replicas: 0 + selector: + matchLabels: + control-plane: vineyardruntime-controller + template: + metadata: + annotations: null + labels: + control-plane: vineyardruntime-controller + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --development=false + - --pprof-addr=:6060 + - --enable-leader-election + - --leader-election-namespace=fluid-system + command: + - vineyardruntime-controller + - start + env: + - name: FLUID_WORKDIR + value: /tmp + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: VINEYARD_MASTER_IMAGE_ENV + value: bitnami/etcd:3.5.10 + - name: VINEYARD_WORKER_IMAGE_ENV + value: vineyardcloudnative/vineyardd:v0.21.5 + - name: VINEYARD_FUSE_IMAGE_ENV + value: vineyardcloudnative/vineyard-fluid-fuse:v0.21.5 + - name: FLUID_SYNC_RETRY_DURATION + value: 15s + - name: HELM_DRIVER + value: configmap + image: fluidcloudnative/vineyardruntime-controller:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + resources: + limits: + cpu: 100m + memory: 1536Mi + requests: + cpu: 100m + memory: 200Mi + serviceAccountName: vineyardruntime-controller + terminationGracePeriodSeconds: 10 + tolerations: + - operator: Exists + - apiVersion: apps/v1 + kind: DaemonSet + metadata: + name: csi-nodeplugin-fluid + namespace: fluid-system + spec: + selector: + matchLabels: + app: csi-nodeplugin-fluid + template: + metadata: + labels: + app: csi-nodeplugin-fluid + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: NotIn + values: + - virtual-kubelet + containers: + - args: + - --v=5 + - --csi-address=/var/lib/kubelet/csi-plugins/fuse.csi.fluid.io/csi.sock + - --kubelet-registration-path=/var/lib/kubelet/csi-plugins/fuse.csi.fluid.io/csi.sock + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: fluidcloudnative/csi-node-driver-registrar:v2.3.0 + name: node-driver-registrar + volumeMounts: + - mountPath: /var/lib/kubelet + mountPropagation: HostToContainer + name: kubelet-dir + - mountPath: /registration + name: registration-dir + - args: + - --nodeid=$(NODE_ID) + - --endpoint=$(CSI_ENDPOINT) + - --v=5 + - --feature-gates=FuseRecovery=false + - --prune-fs=fuse.alluxio-fuse,fuse.jindofs-fuse,fuse.juicefs,fuse.goosefs-fuse,ossfs,alifuse.aliyun-alinas-efc + - --prune-path="{{RUNTIME_MOUNT_PATH}}" + - --pprof-addr=:6060 + - --kubelet-kube-config=/var/lib/kubelet/kubeconfig + command: + - /usr/local/bin/entrypoint.sh + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: MOUNT_ROOT + value: "{{RUNTIME_MOUNT_PATH}}" + - name: REVOCER_WARNING_THRESHOLD + value: "50" + - name: ALLOW_PATCH_STALE_NODE + value: "true" + - name: KUBELET_ROOTDIR + value: /var/lib/kubelet + - name: CSI_ENDPOINT + value: unix:///var/lib/kubelet/csi-plugins/fuse.csi.fluid.io/csi.sock + - name: NODEPUBLISH_METHOD + value: bindMount + image: fluidcloudnative/fluid-csi:v1.0.0-31f5433 + imagePullPolicy: IfNotPresent + name: plugins + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + privileged: true + runAsUser: 0 + volumeMounts: + - mountPath: /plugin + name: plugin-dir + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: kubelet-dir + - mountPath: "{{RUNTIME_MOUNT_PATH}}" + mountPropagation: HostToContainer + name: fluid-src-dir + - mountPath: /host-etc/updatedb.conf + name: updatedb-conf + - mountPath: /host-etc/updatedb.conf.bak + name: updatedb-conf-bak + hostPID: false + serviceAccountName: fluid-csi + tolerations: + - operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/csi-fluid-plugin + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: DirectoryOrCreate + name: registration-dir + - hostPath: + path: "{{RUNTIME_MOUNT_PATH}}" + type: DirectoryOrCreate + name: fluid-src-dir + - hostPath: + path: /etc/updatedb.conf + type: FileOrCreate + name: updatedb-conf + - hostPath: + path: /etc/updatedb.conf.backup + type: FileOrCreate + name: updatedb-conf-bak + updateStrategy: + type: RollingUpdate + - apiVersion: storage.k8s.io/v1 + kind: CSIDriver + metadata: + name: fuse.csi.fluid.io + spec: + attachRequired: false + podInfoOnMount: true + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: alluxioruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: alluxioruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - alluxiodataloads + - alluxioruntimes + - datasets + - alluxiodataloads/status + - alluxioruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: alluxioruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alluxioruntime-controller + subjects: + - kind: ServiceAccount + name: alluxioruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: alluxioruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - alluxio.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: alluxioruntime-controller + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: alluxioruntime-controller + subjects: + - kind: ServiceAccount + name: alluxioruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: fluid-csi + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: fluid-csi-plugin + rules: + - apiGroups: + - data.fluid.io + resources: + - alluxioruntimes + - jindoruntimes + - goosefsruntimes + - juicefsruntimes + - thinruntimes + - efcruntimes + - datasets + - vineyardruntimes + - alluxioruntimes/status + - jindoruntimes/status + - goosefsruntimes/status + - juicefsruntimes/status + - thinruntimes/status + - efcruntimes/status + - datasets/status + - vineyardruntimes/status + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - apiGroups: + - "" + resources: + - persistentvolumes/status + verbs: + - get + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: fluid-csi-plugin + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fluid-csi-plugin + subjects: + - kind: ServiceAccount + name: fluid-csi + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: dataset-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: dataset-controller + rules: + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + - jobs/status + - cronjobs + - cronjobs/status + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - delete + - update + - apiGroups: + - "" + resources: + - services + verbs: + - create + - get + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - data.fluid.io + resources: + - datamigrates + - datamigrates/status + - dataloads + - dataloads/status + - databackups + - databackups/status + - dataprocesses + - dataprocesses/status + - datasets + - datasets/status + - alluxioruntimes + - alluxioruntimes/status + - jindoruntimes + - jindoruntimes/status + - goosefsruntimes + - goosefsruntimes/status + - juicefsruntimes + - juicefsruntimes/status + - thinruntimes + - thinruntimes/status + - efcruntimes + - efcruntimes/status + - vineyardruntimes + - vineyardruntimes/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - statefulsets + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - daemonsets/status + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments + - deployments/scale + - deployments/status + verbs: + - get + - list + - watch + - update + - patch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: dataset-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dataset-controller + subjects: + - kind: ServiceAccount + name: dataset-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: dataset-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - dataset.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: dataset-controller + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: dataset-controller + subjects: + - kind: ServiceAccount + name: dataset-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: efcruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: efcruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - create + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - efcruntimes + - datasets + - efcruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: efcruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: efcruntime-controller + subjects: + - kind: ServiceAccount + name: efcruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: efcruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - efc.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: efcruntime-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: efcruntime-controller + subjects: + - kind: ServiceAccount + name: efcruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: fluidapp-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: fluidapp-controller + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - get + - watch + - create + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - get + - create + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: fluidapp-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fluidapp-controller + subjects: + - kind: ServiceAccount + name: fluidapp-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: fluidapp-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - fluidapp.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: fluidapp-controller + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fluidapp-controller + subjects: + - kind: ServiceAccount + name: fluidapp-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: goosefsruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: goosefsruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - watch + - get + - create + - delete + - update + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - goosefsdataloads + - goosefsruntimes + - datasets + - goosefsdataloads/status + - goosefsruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: goosefsruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: goosefsruntime-controller + subjects: + - kind: ServiceAccount + name: goosefsruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: goosefsruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - goosefs.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: goosefsruntime-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: goosefsruntime-controller + subjects: + - kind: ServiceAccount + name: goosefsruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: jindoruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: jindoruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - jindoruntimes + - datasets + - jindoruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: jindoruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jindoruntime-controller + subjects: + - kind: ServiceAccount + name: jindoruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: jindoruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - jindo.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: jindoruntime-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jindoruntime-controller + subjects: + - kind: ServiceAccount + name: jindoruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: juicefsruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: juicefsruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - create + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - get + - list + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - juicefsruntimes + - datasets + - juicefsruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - list + - get + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - create + - list + - get + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: juicefsruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: juicefsruntime-controller + subjects: + - kind: ServiceAccount + name: juicefsruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: juicefsruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - juicefs.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: juicefsruntime-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: juicefsruntime-controller + subjects: + - kind: ServiceAccount + name: juicefsruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: thinruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: thinruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - alluxioruntimes + - jindoruntimes + - juicefsruntimes + - goosefsruntimes + - efcruntimes + - thinruntimes + - thinruntimeprofiles + - datasets + - thinruntimes/status + - thinruntimeprofiles/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - list + - get + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - create + - list + - get + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: thinruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: thinruntime-controller + subjects: + - kind: ServiceAccount + name: thinruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: thinruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - thin.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: thinruntime-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: thinruntime-controller + subjects: + - kind: ServiceAccount + name: thinruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: vineyardruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: vineyardruntime-controller + rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - list + - watch + - get + - apiGroups: + - data.fluid.io + resources: + - vineyardruntimes + - datasets + - vineyardruntimes/status + - datasets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - daemonsets + - statefulsets + - daemonsets/status + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: vineyardruntime-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vineyardruntime-controller + subjects: + - kind: ServiceAccount + name: vineyardruntime-controller + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: vineyardruntime-controller + namespace: fluid-system + rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - coordination.k8s.io + resourceNames: + - vineyard.data.fluid.io + resources: + - leases + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: vineyardruntime-controller + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: vineyardruntime-controller + subjects: + - kind: ServiceAccount + name: vineyardruntime-controller + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: fluid-webhook + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: fluid-webhook + rules: + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - fluid-pod-admission-webhook + resources: + - mutatingwebhookconfigurations + verbs: + - get + - patch + - list + - watch + - apiGroups: + - data.fluid.io + resources: + - datasets + - alluxioruntimes + - jindoruntimes + - juicefsruntimes + - goosefsruntimes + - thinruntimes + - efcruntimes + - vineyardruntimes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + - persistentvolumeclaims + - persistentvolumes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - create + - update + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - daemonsets/status + verbs: + - get + - list + - watch + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: fluid-webhook-clusterrolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fluid-webhook + subjects: + - kind: ServiceAccount + name: fluid-webhook + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + name: fluid-webhook + namespace: fluid-system + rules: + - apiGroups: + - "" + resourceNames: + - fluid-webhook-certs + resources: + - secrets + verbs: + - get + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: fluid-webhook-rolebinding + namespace: fluid-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fluid-webhook + subjects: + - kind: ServiceAccount + name: fluid-webhook + namespace: fluid-system + - apiVersion: v1 + kind: ServiceAccount + metadata: + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "-5" + name: fluid-crds-upgrade + namespace: fluid-system + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "-5" + name: fluid-crds-upgrade + rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - get + - update + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation + helm.sh/hook-weight: "-5" + name: fluid-crds-upgrade + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fluid-crds-upgrade + subjects: + - kind: ServiceAccount + name: fluid-crds-upgrade + namespace: fluid-system + - apiVersion: batch/v1 + kind: Job + metadata: + annotations: + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation + helm.sh/hook-weight: "-4" + name: fluid-crds-upgrade-100-31f5433 + namespace: fluid-system + spec: + template: + spec: + containers: + - command: + - bash + - /fluid/upgrade-crds.sh + image: fluidcloudnative/fluid-crd-upgrader:v1.0.0-31f5433 + name: fluid-crds-upgrade + restartPolicy: OnFailure + serviceAccountName: fluid-crds-upgrade + ttlSecondsAfterFinished: 259200 + - apiVersion: v1 + data: + pluginsProfile: | + pluginConfig: + - args: | + preferred: + # fluid.io/fuse is a fluid built-in affinity, prefer to schedule pods to nodes with runtime fuse pods. + # - name: fluid.io/fuse + # weight: 100 + # fluid.io/node is a fluid built-in affinity, prefer to schedule pods to nodes with runtime worker pods. + - name: fluid.io/node + weight: 100 + # runtime worker's zone label name, can be changed according to k8s environment. + - name: topology.kubernetes.io/zone + weight: 50 + # runtime worker's region label name, can be changed according to k8s environment. + - name: topology.kubernetes.io/region + weight: 20 + # used when app pod with label fluid.io/dataset.{dataset name}.sched set true + required: + - fluid.io/node + name: NodeAffinityWithCache + plugins: + serverful: + withDataset: + - RequireNodeWithFuse + - NodeAffinityWithCache + - MountPropagationInjector + withoutDataset: + - PreferNodesWithoutCache + serverless: + withDataset: + - FuseSidecar + withoutDataset: [] + kind: ConfigMap + metadata: + name: webhook-plugins + namespace: fluid-system + - apiVersion: v1 + kind: Service + metadata: + name: fluid-pod-admission-webhook + namespace: fluid-system + spec: + ports: + - name: https-rest + port: 9443 + targetPort: 9443 + selector: + control-plane: fluid-webhook + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + control-plane: fluid-webhook + name: fluid-webhook + namespace: fluid-system + spec: + replicas: 1 + selector: + matchLabels: + control-plane: fluid-webhook + template: + metadata: + labels: + control-plane: fluid-webhook + spec: + containers: + - args: + - --development=false + - --full-go-profile=false + - --pprof-addr=:6060 + command: + - fluid-webhook + - start + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TIME_TRACK + value: "false" + image: fluidcloudnative/fluid-webhook:v1.0.0-31f5433 + name: manager + ports: + - containerPort: 8080 + name: metrics + protocol: TCP + volumeMounts: + - mountPath: /etc/fluid + name: webhook-plugins + serviceAccountName: fluid-webhook + tolerations: + - operator: Exists + volumes: + - configMap: + items: + - key: pluginsProfile + mode: 292 + path: plugins.profile + name: webhook-plugins + name: webhook-plugins + - apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + name: fluid-pod-admission-webhook + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + caBundle: Cg== + service: + name: fluid-pod-admission-webhook + namespace: fluid-system + path: /mutate-fluid-io-v1alpha1-schedulepod + port: 9443 + failurePolicy: Fail + name: sidecar.fuse.fluid.io + objectSelector: + matchLabels: + serverless.fluid.io/inject: "true" + reinvocationPolicy: IfNeeded + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + timeoutSeconds: 15 + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + caBundle: Cg== + service: + name: fluid-pod-admission-webhook + namespace: fluid-system + path: /mutate-fluid-io-v1alpha1-schedulepod + port: 9443 + failurePolicy: Fail + name: fuse.serverful.fluid.io + objectSelector: + matchLabels: + fuse.serverful.fluid.io/inject: "true" + reinvocationPolicy: IfNeeded + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None + timeoutSeconds: 15 + registration: [] diff --git a/fluid-addon/deploy/addon/cma-fluid.yaml b/fluid-addon/deploy/addon/cma-fluid.yaml index 30c44337..f1ea85ab 100644 --- a/fluid-addon/deploy/addon/cma-fluid.yaml +++ b/fluid-addon/deploy/addon/cma-fluid.yaml @@ -10,9 +10,38 @@ spec: displayName: Fluid description: Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications, such as big data and AI applications. installStrategy: - type: Manual + # type: Manual + type: Placements + placements: + - name: placement-all + namespace: default + - name: placement-gke + namespace: default + configs: + - group: addon.open-cluster-management.io + resource: addontemplates + name: fluid-gke-1.0.0 + - group: addon.open-cluster-management.io + resource: addondeploymentconfigs + name: fluid-gke-config + namespace: default + - name: placement-ocp + namespace: default + configs: + - group: addon.open-cluster-management.io + resource: addontemplates + name: fluid-ocp-1.0.0 + - group: addon.open-cluster-management.io + resource: addondeploymentconfigs + name: fluid-ocp-config + namespace: default supportedConfigs: - defaultConfig: - name: fluid-0.0.1 + name: fluid-1.0.0 group: addon.open-cluster-management.io resource: addontemplates + - defaultConfig: + name: fluid-config + namespace: default + group: addon.open-cluster-management.io + resource: addondeploymentconfigs diff --git a/fluid-addon/deploy/addon/managedclustersetbinding-global.yaml b/fluid-addon/deploy/addon/managedclustersetbinding-global.yaml new file mode 100644 index 00000000..add22e42 --- /dev/null +++ b/fluid-addon/deploy/addon/managedclustersetbinding-global.yaml @@ -0,0 +1,8 @@ +apiVersion: cluster.open-cluster-management.io/v1beta2 +kind: ManagedClusterSetBinding +metadata: + generation: 1 + name: global + namespace: default +spec: + clusterSet: global diff --git a/fluid-addon/deploy/addon/placement-all.yaml b/fluid-addon/deploy/addon/placement-all.yaml new file mode 100644 index 00000000..17ee6c1d --- /dev/null +++ b/fluid-addon/deploy/addon/placement-all.yaml @@ -0,0 +1,8 @@ +apiVersion: cluster.open-cluster-management.io/v1beta1 +kind: Placement +metadata: + name: placement-all + namespace: default +spec: + clusterSets: + - global diff --git a/fluid-addon/quick-start/dataset.yaml b/fluid-addon/quick-start/dataset.yaml index e3232d14..76e56c69 100644 --- a/fluid-addon/quick-start/dataset.yaml +++ b/fluid-addon/quick-start/dataset.yaml @@ -5,5 +5,5 @@ metadata: namespace: default spec: mounts: - - mountPoint: https://mirrors.bit.edu.cn/apache/spark/ + - mountPoint: https://downloads.apache.org/zookeeper/stable/ name: spark