runtime-rs: add README and user guide to deploy directvol CSI Driver

Fixes: #8602 Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
2025-07-19 18:01:01 +00:00 · 2023-12-13 20:21:35 +08:00 · 2023-12-13 20:21:35 +08:00 · 3b317e69e2
commit 3b317e69e2
parent 1c42d94550
2 changed files with 248 additions and 0 deletions
--- a/src/tools/csi-kata-directvolume/README.md
+++ b/src/tools/csi-kata-directvolume/README.md
@ -0,0 +1,79 @@
+# CSI Direct Volume Driver
+
+The `Direct Volume CSI driver` is heavily inspired by the [`K8s CSI HostPath driver`](https://github.com/kubernetes-csi/csi-driver-host-path). It aims to provide a production-ready implementation and a reference implementation for Kubernetes to connect to `Direct Volume`.
+
+This repository houses the `Direct Volume CSI driver`, along with all build and dependent configuration files needed for deployment.
+
+*WARNING* It is important to note that it is still under development.
+
+## Pre-requisite
+
+- K8S cluster
+- Running version 1.20 or later
+- Access to terminal with `kubectl` installed
+
+## Features
+
+The driver can provision volumes based on direct block devices, eliminating the need for loop devices and relying solely on single files stored on the host.
+
+## Deployment
+
+[Deployment for K8S 1.20+](docs/deploy-csi-kata-directvol.md)
+
+## Building the Binary
+
+If you want to build the driver yourself, you can do so with the following command from `csi-kata-directvolume` path:
+
+```shell
+cd tools/csi-kata-directvolume/ && make
+```
+
+## Building the Container Image
+
+If you want to build the container image yourself, you can do so with the following command from a specified path.
+Here, we just use `buildah/podman` as an example:
+
+```shell
+$ tree -L 2 buildah-directv/
+buildah-directv/
+├── bin
+│   └── directvolplugin
+└── Dockerfile
+
+$ buildah bud -t kata-directvolume:v1.0.19
+STEP 1/7: FROM alpine
+STEP 2/7: LABEL maintainers="Kata Containers Authors"
+STEP 3/7: LABEL description="Kata DirectVolume Driver"
+STEP 4/7: ARG binary=./bin/directvolplugin
+STEP 5/7: RUN apk add util-linux coreutils e2fsprogs xfsprogs xfsprogs-extra btrfs-progs && apk update && apk upgrade
+fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/APKINDEX.tar.gz
+fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/x86_64/APKINDEX.tar.gz
+(1/66) Installing libblkid (2.39.3-r0)
+...
+(66/66) Installing xfsprogs-extra (6.5.0-r0)
+Executing busybox-1.36.1-r15.trigger
+OK: 64 MiB in 81 packages
+fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/APKINDEX.tar.gz
+fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/x86_64/APKINDEX.tar.gz
+v3.19.0-19-ga0ddaee500e [https://dl-cdn.alpinelinux.org/alpine/v3.19/main]
+v3.19.0-18-gec62a609516 [https://dl-cdn.alpinelinux.org/alpine/v3.19/community]
+OK: 22983 distinct packages available
+OK: 64 MiB in 81 packages
+STEP 6/7: COPY ${binary} /kata-directvol-plugin
+STEP 7/7: ENTRYPOINT ["/kata-directvol-plugin"]
+COMMIT kata-directvolume:v1.0.19
+Getting image source signatures
+Copying blob 5af4f8f59b76 skipped: already exists
+Copying blob a55645705de3 done
+Copying config 244001cc51 done
+Writing manifest to image destination
+Storing signatures
+--> 244001cc51d
+Successfully tagged localhost/kata-directvolume:v1.0.19
+244001cc51d77302c4ed5e1a0ec347d12d85dec4576ea1313f700f66e2a7d36d
+$ podman save localhost/kata-directvolume:v1.0.19 -o kata-directvolume-v1.0.19.tar
+$ ctr -n k8s.io image import kata-directvolume-v1.0.19.tar
+unpacking localhost/kata-directvolume:v1.0.19 (sha256:1bdc33ff7f9cee92e74cbf77a9d79d00dce6dbb9ba19b9811f683e1a087f8fbf)...done
+$ crictl images |grep 1.0.19
+localhost/kata-directvolume                                          v1.0.19             244001cc51d77       83.8MB
+```
--- a/src/tools/csi-kata-directvolume/docs/deploy-csi-kata-directvol.md
+++ b/src/tools/csi-kata-directvolume/docs/deploy-csi-kata-directvol.md
@ -0,0 +1,169 @@
+# Deploy Kata Direct Volume CSI and Do Validation
+
+## How to Deploy Kata Direct Volume CSI
+
+First, you need to make sure you have a healthy Kubernetes(1.20+) cluster and have the permissions to create Kata pods.
+
+*WARNING* If you select a `K8S` with lower version, It cannot ensure that it will work well.
+
+The `CSI driver` is deployed as a `daemonset` and the pods of the `daemonset` contain 4 containers:
+
+1. `Kata Direct Volume CSI Driver`, which is the key implementation in it
+2. [CSI-External-Provisioner](https://github.com/kubernetes-csi/external-provisioner)
+3. [CSI-Liveness-Probe](https://github.com/kubernetes-csi/livenessprobe)
+4. [CSI-Node-Driver-Registrar](https://github.com/kubernetes-csi/node-driver-registrar)
+
+The easiest way to deploy the `Direct Volume CSI driver` is to run the `deploy.sh` script for the Kubernetes version used by
+the cluster as shown below for Kubernetes 1.28.2.
+
+```shell
+sudo deploy/deploy.sh
+```
+
+You'll get an output similar to the following, indicating the application of `RBAC rules` and the successful deployment of `csi-provisioner`, `node-driver-registrar`, `kata directvolume csi driver`(`csi-kata-directvol-plugin`), liveness-probe. Please note that the following output is specific to Kubernetes 1.28.2.
+
+```shell
+Creating Namespace kata-directvolume ...
+kubectl apply -f /tmp/tmp.kN43BWUGQ5/kata-directvol-ns.yaml
+namespace/kata-directvolume created
+Namespace kata-directvolume created Done !
+Applying RBAC rules ...
+curl https://raw.githubusercontent.com/kubernetes-csi/external-provisioner/v3.6.0/deploy/kubernetes/rbac.yaml --output /tmp/tmp.kN43BWUGQ5/rbac.yaml --silent --location
+kubectl apply -f ./kata-directvolume/kata-directvol-rbac.yaml
+serviceaccount/csi-provisioner created
+clusterrole.rbac.authorization.k8s.io/external-provisioner-runner created
+clusterrolebinding.rbac.authorization.k8s.io/csi-provisioner-role created
+role.rbac.authorization.k8s.io/external-provisioner-cfg created
+rolebinding.rbac.authorization.k8s.io/csi-provisioner-role-cfg created
+
+$ ./directvol-deploy.sh
+deploying kata directvolume components
+   ./csi-directvol-driverinfo.yaml
+csidriver.storage.k8s.io/directvolume.csi.katacontainers.io created
+   ./csi-directvol-plugin.yaml
+        using           image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.0
+        using           image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0
+        using           image: localhost/kata-directvolume:v1.0.18
+        using           image: registry.k8s.io/sig-storage/livenessprobe:v2.8.0
+daemonset.apps/csi-kata-directvol-plugin created
+NAMESPACE      NAME                                  READY   STATUS    RESTARTS       AGE
+default        pod/csi-kata-directvol-plugin-dlphw   4/4     Running   0              3s
+kube-flannel   pod/kube-flannel-ds-vq796             1/1     Running   1 (52d ago)    52d
+kube-system    pod/coredns-66f779496c-9bmp2          1/1     Running   3 (52d ago)    52d
+kube-system    pod/coredns-66f779496c-qlq6d          1/1     Running   1 (52d ago)    52d
+kube-system    pod/etcd-node001                      1/1     Running   19 (52d ago)   52d
+kube-system    pod/kube-apiserver-node001            1/1     Running   5 (52d ago)    52d
+kube-system    pod/kube-controller-manager-node001   1/1     Running   8 (52d ago)    52d
+kube-system    pod/kube-proxy-p9t6t                  1/1     Running   6 (52d ago)    52d
+kube-system    pod/kube-scheduler-node001            1/1     Running   8 (52d ago)    52d
+
+NAMESPACE      NAME                                       DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
+default        daemonset.apps/csi-kata-directvol-plugin   1         1         1       1            1           <none>                   3s
+kube-flannel   daemonset.apps/kube-flannel-ds             1         1         1       1            1           <none>                   52d
+kube-system    daemonset.apps/kube-proxy                  1         1         1       1            1           kubernetes.io/os=linux   52d
+```
+
+
+## How to Run a Kata Pod and Validate it
+
+
+First, ensure all expected pods are running properly, including `csi-provisioner`, `node-driver-registrar`, `kata-directvolume` `csi driver(csi-kata-directvol-plugin)`, liveness-probe:
+
+```shell
+$ kubectl get po -A
+NAMESPACE      NAME                              READY   STATUS    RESTARTS       AGE
+default        csi-kata-directvol-plugin-dlphw   4/4     Running   0              68m
+kube-flannel   kube-flannel-ds-vq796             1/1     Running   1 (52d ago)    52d
+kube-system    coredns-66f779496c-9bmp2          1/1     Running   3 (52d ago)    52d
+kube-system    coredns-66f779496c-qlq6d          1/1     Running   1 (52d ago)    52d
+kube-system    etcd-node001                      1/1     Running   19 (52d ago)   52d
+kube-system    kube-apiserver-node001            1/1     Running   5 (52d ago)    52d
+kube-system    kube-controller-manager-node001   1/1     Running   8 (52d ago)    52d
+kube-system    kube-proxy-p9t6t                  1/1     Running   6 (52d ago)    52d
+kube-system    kube-scheduler-node001            1/1     Running   8 (52d ago)    52d
+```
+
+From the root directory, deploy the application pods including a storage class, a `PVC`, and a pod which uses direct block device based volume. The details can be seen in  `/examples/pod-with-directvol/*.yaml`:
+
+```shell
+kubectl apply -f ${BASE_DIR}/csi-storageclass.yaml
+kubectl apply -f ${BASE_DIR}/csi-pvc.yaml
+kubectl apply -f ${BASE_DIR}/csi-app.yaml
+```
+
+Let's validate the components are deployed:
+
+```shell
+$ kubectl get po -A
+NAMESPACE      NAME                              READY   STATUS    RESTARTS       AGE
+kata-directvolume        csi-kata-directvol-plugin-dlphw   4/4     Running   0              68m
+default        kata-driectvol-01                 1/1     Running   0              67m
+
+$ kubectl get sc,pvc -A
+NAME                                                   PROVISIONER                          RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
+storageclass.storage.k8s.io/csi-kata-directvolume-sc   directvolume.csi.katacontainers.io   Delete          Immediate           false                  71m
+
+NAMESPACE   NAME                                         STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS               AGE
+default     persistentvolumeclaim/csi-directvolume-pvc   Bound    pvc-d7644547-f850-4bdf-8c93-aa745c7f31b5   1Gi        RWO            csi-kata-directvolume-sc   71m
+
+```
+
+Finally, inspect the application pod `kata-driectvol-01`  which running with direct block device based volume:
+
+```shell
+$ kubectl describe po kata-driectvol-01
+Name:                kata-driectvol-01
+Namespace:           kata-directvolume
+Priority:            0
+Runtime Class Name:  kata
+Service Account:     default
+Node:                node001/10.10.1.19
+Start Time:          Sat, 09 Dec 2023 23:06:49 +0800
+Labels:              <none>
+Annotations:         <none>
+Status:              Running
+IP:                  10.244.0.232
+IPs:
+  IP:  10.244.0.232
+Containers:
+  first-container:
+    Container ID:  containerd://c5eec9d645a67b982549321f382d83c56297d9a2a705857e8f3eaa6c6676908e
+    Image:         ubuntu:22.04
+    Image ID:      docker.io/library/ubuntu@sha256:2b7412e6465c3c7fc5bb21d3e6f1917c167358449fecac8176c6e496e5c1f05f
+    Port:          <none>
+    Host Port:     <none>
+    Command:
+      sleep
+      1000000
+    State:          Running
+      Started:      Sat, 09 Dec 2023 23:06:51 +0800
+    Ready:          True
+    Restart Count:  0
+    Environment:    <none>
+    Mounts:
+      /data from kata-driectvol0-volume (rw)
+      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-zs9tm (ro)
+Conditions:
+  Type              Status
+  Initialized       True 
+  Ready             True 
+  ContainersReady   True 
+  PodScheduled      True 
+Volumes:
+  kata-driectvol0-volume:
+    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
+    ClaimName:  csi-directvolume-pvc
+    ReadOnly:   false
+  kube-api-access-zs9tm:
+    Type:                    Projected (a volume that contains injected data from multiple sources)
+    TokenExpirationSeconds:  3607
+    ConfigMapName:           kube-root-ca.crt
+    ConfigMapOptional:       <nil>
+    DownwardAPI:             true
+QoS Class:                   BestEffort
+Node-Selectors:              <none>
+Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
+                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
+Events:                      <none>
+
+```