caa258b924
* Node/monolith plugins require root privileges and this wasn't being made super clear. * Node/monolith plugins should always be run as system jobs.
103 lines
3.1 KiB
Plaintext
103 lines
3.1 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: csi_plugin Stanza - Job Specification
|
|
sidebar_title: csi_plugin
|
|
description: >-
|
|
The "csi_plugin" stanza allows the task to specify it provides a
|
|
Container Storage Interface plugin to the cluster.
|
|
---
|
|
|
|
# `csi_plugin` Stanza
|
|
|
|
<Placement groups={['job', 'group', 'task', 'volume']} />
|
|
|
|
The "csi_plugin" stanza allows the task to specify it provides a
|
|
Container Storage Interface plugin to the cluster. Nomad will
|
|
automatically register the plugin so that it can be used by other jobs
|
|
to claim [volumes][csi_volumes].
|
|
|
|
```hcl
|
|
csi_plugin {
|
|
id = "csi-hostpath"
|
|
type = "monolith"
|
|
mount_dir = "/csi"
|
|
}
|
|
```
|
|
|
|
## `csi_plugin` Parameters
|
|
|
|
- `id` `(string: <required>)` - This is the ID for the plugin. Some
|
|
plugins will require both controller and node plugin types (see
|
|
below); you need to use the same ID for both so that Nomad knows the
|
|
belong to the same plugin.
|
|
|
|
- `type` `(string: <required>)` - One of `node`, `controller`, or
|
|
`monolith`. Each plugin supports one or more types. Each Nomad
|
|
client node where you want to mount a volume will need a `node`
|
|
plugin instance. Some plugins will also require one or more
|
|
`controller` plugin instances to communicate with the storage
|
|
provider's APIs. Some plugins can serve as both `controller` and
|
|
`node` at the same time, and these are called `monolith`
|
|
plugins. Refer to your CSI plugin's documentation.
|
|
|
|
- `mount_dir` `(string: <required>)` - The directory path inside the
|
|
container where the plugin will expect a Unix domain socket for
|
|
bidirectional communication with Nomad.
|
|
|
|
|
|
~> **Note:** Plugins running as `node` or `monolith` require root
|
|
privileges (or `CAP_SYS_ADMIN` on Linux) to mount volumes on the
|
|
host. With the Docker task driver, you can use the `privileged = true`
|
|
configuration, but no other default task drivers currently have this
|
|
option.
|
|
|
|
~> **Note:** During node drains, jobs that claim volumes should be
|
|
moved before the `node` or `monolith` plugin for those
|
|
volumes. Because [`system`][system] jobs are moved last during node drains, you
|
|
should run `node` or `monolith` plugins as `system` jobs.
|
|
|
|
## `csi_plugin` Examples
|
|
|
|
```hcl
|
|
job "plugin-efs" {
|
|
datacenters = ["dc1"]
|
|
|
|
# you can run node plugins as service jobs as well, but running
|
|
# as a system job ensures all nodes in the DC have a copy.
|
|
type = "system"
|
|
|
|
group "nodes" {
|
|
task "plugin" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "amazon/aws-efs-csi-driver:latest"
|
|
|
|
args = [
|
|
"node",
|
|
"--endpoint=unix://csi/csi.sock",
|
|
"--logtostderr",
|
|
"--v=5",
|
|
]
|
|
|
|
# all CSI node plugins will need to run as privileged tasks
|
|
# so they can mount volumes to the host. controller plugins
|
|
# do not need to be privileged.
|
|
privileged = true
|
|
}
|
|
|
|
csi_plugin {
|
|
id = "aws-efs0"
|
|
type = "node"
|
|
mount_dir = "/csi" # this path /csi matches the --endpoint
|
|
# argument for the container
|
|
}
|
|
}
|
|
}
|
|
}
|
|
```
|
|
|
|
[csi]: https://github.com/container-storage-interface/spec
|
|
[csi_volumes]: /docs/job-specification/volume
|
|
[system]: /docs/schedulers/#system
|