You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+10-10
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
# CSI Proxy
2
2
3
-
CSI Proxy (which might be more aptly named "csi-node-proxy") is a binary that exposes a set of gRPC APIs around local storage operations for nodes in Windows. A container, such as CSI node plugins, can mount the named pipes depending on operations it wants to exercise on the host and
3
+
CSI Proxy (which might be more aptly named "csi-node-proxy") is a binary that exposes a set of gRPC APIs (over named pipes) around local storage operations for nodes in Windows. A container, such as CSI node plugins, can mount the named pipes depending on operations it wants to exercise on the host and
4
4
invoke the APIs. This allows a storage plugin to run as if were a CSI plugin on linux which have the ability to perform "privileged" actions on the windows host OS.
5
5
6
6
```
@@ -11,11 +11,12 @@ invoke the APIs. This allows a storage plugin to run as if were a CSI plugin on
@@ -31,9 +32,9 @@ invoke the APIs. This allows a storage plugin to run as if were a CSI plugin on
31
32
```
32
33
In the above diagram, there are 3 communication channels being utilized for CSI proxy:
33
34
34
-
-`csi.sock` : This lives at /var/lib/kubelet/plugins/csi-plugin/csi.sock, and is used for the host OS to communicate with the CSI node plugin
35
-
-`csi-plugin-reg.sock` : This lives here, /var/lib/kubelet/plugins_registry/csi-plugin-reg.sock, and is used for the kubelet itself to get metadata as needed from the csi plugin
36
-
-`/pipe` : /pipe/csi-proxy-api-group-v-... : This pipe lives at \pipe\csi-proxy-api-group-v-..., upon receipt of specific requests from the Node plugin, it carries out actions on the node plugins behalf. Since it doesn't execute arbitrary commands on the host, its more secure then simply being a black-box proxy to run host commands.
35
+
-`csi.sock` : This lives at c:/var/lib/kubelet/plugins/csi-plugin/csi.sock, and is used for the host OS to communicate with the CSI node plugin
36
+
-`csi-plugin-reg.sock` : This lives here, c:/var/lib/kubelet/plugins_registry/csi-plugin-reg.sock, and is used for the kubelet itself to get metadata as needed from the csi plugin .
37
+
-`\\.\pipe\csi-proxy` : This will live in a pipe, i.e. at \\.\pipe/csi-proxy-api-group-v-... : upon receipt of specific requests from the Node plugin, it carries out actions on the node plugins behalf. Since it doesn't execute arbitrary commands on the host, its more secure then simply being a black-box proxy to run host commands.
37
38
38
39
Each named pipe will support a specific version of an API (e.g. v1alpha1, v2beta1)
39
40
that targets a specific area of storage (e.g. disk, volume, file, SMB, iSCSI).
@@ -43,7 +44,6 @@ that targets a specific area of storage (e.g. disk, volume, file, SMB, iSCSI).
43
44
CSI drivers are recommended to be deployed as containers. Node plugin containers need to run with privileges to perform storage related operations. However, Windows does not support privileged containers currently. With CSIProxy, the node plugins can now be deployed as unprivileged pods that use the proxy to perform privileged storage operations on the node. Kubernetes administrators will need to install and maintain csi-proxy.exe on all Windows nodes in a manner similar to kubelet.exe.
0 commit comments