Initial FlexVol Setup

This commit is the first part of consuming secrets from the Azure Key Vault. This will set up the required services to consume Azure's RBAC controls in the cluster, an identity to read the secrets, and the tool (FlexVol) to mount the secrets.
2019-11-25 11:19:38 -05:00
parent 018229dcd8
commit f8e95ae104
5 changed files with 380 additions and 1 deletions
--- a/deploy/azure/keyvault/kv-flex-vol-installer.yml
+++ b/deploy/azure/keyvault/kv-flex-vol-installer.yml
@@ -0,0 +1,49 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kv
+---
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  labels:
+    app: keyvault-flexvolume
+  name: keyvault-flexvolume
+  namespace: kv
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: keyvault-flexvolume
+    spec:
+      tolerations:
+      containers:
+        - name: flexvol-driver-installer
+          image: "mcr.microsoft.com/k8s/flexvolume/keyvault-flexvolume:v0.0.15"
+          imagePullPolicy: Always
+          resources:
+            requests:
+              cpu: 50m
+              memory: 100Mi
+            limits:
+              cpu: 50m
+              memory: 100Mi
+          env:
+            # if you have used flex before on your cluster, use same directory
+            # set TARGET_DIR env var and mount the same directory to to the container
+            - name: TARGET_DIR
+              value: "/etc/kubernetes/volumeplugins"
+          volumeMounts:
+            - mountPath: "/etc/kubernetes/volumeplugins"
+              name: volplugins
+      volumes:
+        - hostPath:
+            # Modify this directory if your nodes are using a different one
+            # default is "/usr/libexec/kubernetes/kubelet-plugins/volume/exec"
+            # below is Azure default
+            path: "/etc/kubernetes/volumeplugins"
+          name: volplugins
+      nodeSelector:
+        beta.kubernetes.io/os: linux