From 15d011de26aa9b12f96d9d3c3aeb7ce825451c19 Mon Sep 17 00:00:00 2001 From: Vicente Cheng Date: Thu, 11 Jul 2024 11:03:28 +0800 Subject: [PATCH] charts: initial commit for csi-driver-lvm Signed-off-by: Vicente Cheng --- charts/harvester-csi-driver-lvm/Chart.yaml | 27 +++ .../templates/_helpers.tpl | 39 +++++ .../templates/common.yaml | 12 ++ .../templates/controller.yaml | 79 +++++++++ .../templates/csi.yaml | 164 ++++++++++++++++++ .../templates/rbac.yaml | 49 ++++++ charts/harvester-csi-driver-lvm/values.yaml | 88 ++++++++++ 7 files changed, 458 insertions(+) create mode 100644 charts/harvester-csi-driver-lvm/Chart.yaml create mode 100644 charts/harvester-csi-driver-lvm/templates/_helpers.tpl create mode 100644 charts/harvester-csi-driver-lvm/templates/common.yaml create mode 100644 charts/harvester-csi-driver-lvm/templates/controller.yaml create mode 100644 charts/harvester-csi-driver-lvm/templates/csi.yaml create mode 100644 charts/harvester-csi-driver-lvm/templates/rbac.yaml create mode 100644 charts/harvester-csi-driver-lvm/values.yaml diff --git a/charts/harvester-csi-driver-lvm/Chart.yaml b/charts/harvester-csi-driver-lvm/Chart.yaml new file mode 100644 index 000000000..49ab1f83 --- /dev/null +++ b/charts/harvester-csi-driver-lvm/Chart.yaml @@ -0,0 +1,27 @@ +apiVersion: v2 +name: harvester-csi-driver-lvm +description: A Helm chart for Harvester LVM CSI Driver + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.0.0-dev + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: v0.1.0 + +maintainers: + - name: harvester diff --git a/charts/harvester-csi-driver-lvm/templates/_helpers.tpl b/charts/harvester-csi-driver-lvm/templates/_helpers.tpl new file mode 100644 index 000000000..84898a17 --- /dev/null +++ b/charts/harvester-csi-driver-lvm/templates/_helpers.tpl @@ -0,0 +1,39 @@ +{{- define "externalImages.csiAttacher" -}} +{{- if .Values.customCSISidecars.enabled -}} +{{- print .Values.customCSISidecars.attacher -}} +{{- else -}} +{{- print "registry.k8s.io/sig-storage/csi-attacher:v4.4.2" -}} +{{- end -}} +{{- end -}} + +{{- define "externalImages.csiProvisioner" -}} +{{- if .Values.customCSISidecars.enabled -}} +{{- print .Values.customCSISidecars.provisioner -}} +{{- else -}} +{{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.6.2" -}} +{{- end -}} +{{- end -}} + +{{- define "externalImages.csiLivenessprobe" -}} +{{- if .Values.customCSISidecars.enabled -}} +{{- print .Values.customCSISidecars.livenessprobe -}} +{{- else -}} +{{- print "registry.k8s.io/sig-storage/livenessprobe:v2.12.0" -}} +{{- end -}} +{{- end -}} + +{{- define "externalImages.csiResizer" -}} +{{- if .Values.customCSISidecars.enabled -}} +{{- print .Values.customCSISidecars.resizer -}} +{{- else -}} +{{- print "registry.k8s.io/sig-storage/csi-resizer:v1.9.2" -}} +{{- end -}} +{{- end -}} + +{{- define "externalImages.csiNodeDriverRegistrar" -}} +{{- if .Values.customCSISidecars.enabled -}} +{{- print .Values.customCSISidecars.registrar -}} +{{- else -}} +{{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.2" -}} +{{- end -}} +{{- end -}} diff --git a/charts/harvester-csi-driver-lvm/templates/common.yaml b/charts/harvester-csi-driver-lvm/templates/common.yaml new file mode 100644 index 000000000..a6eb745f --- /dev/null +++ b/charts/harvester-csi-driver-lvm/templates/common.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: {{ .Values.lvm.driverName }} + annotations: + lvm.driver.harvesterhci.io/version: {{ .Chart.AppVersion }} +spec: + volumeLifecycleModes: + - Persistent + podInfoOnMount: true + attachRequired: false diff --git a/charts/harvester-csi-driver-lvm/templates/controller.yaml b/charts/harvester-csi-driver-lvm/templates/controller.yaml new file mode 100644 index 000000000..8b4c2233 --- /dev/null +++ b/charts/harvester-csi-driver-lvm/templates/controller.yaml @@ -0,0 +1,79 @@ +--- +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: harvester-csi-driver-lvm-controller + labels: + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + serviceName: harvester-csi-driver-lvm-controller + replicas: 1 + selector: + matchLabels: + app: harvester-csi-driver-lvm-controller + template: + metadata: + labels: + app: harvester-csi-driver-lvm-controller + spec: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - harvester-csi-driver-lvm-plugin + topologyKey: kubernetes.io/hostname +{{- if .Values.nodeSelector.provisioner }} + nodeSelector: +{{ toYaml .Values.nodeSelector.provisioner | indent 8 }} +{{- end }} +{{- if .Values.tolerations.provisioner }} + tolerations: +{{ toYaml .Values.tolerations.provisioner | indent 8 }} +{{- end }} + serviceAccountName: harvester-csi-driver-lvm + containers: + - name: csi-attacher + image: {{ template "externalImages.csiAttacher" . }} + imagePullPolicy: IfNotPresent + args: + - --v=5 + - --csi-address=/csi/csi.sock + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - name: csi-provisioner + image: {{ template "externalImages.csiProvisioner" . }} + imagePullPolicy: IfNotPresent + args: + - -v=5 + - --csi-address=/csi/csi.sock + - --feature-gates=Topology=true + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + - name: csi-resizer + image: {{ template "externalImages.csiResizer" . }} + imagePullPolicy: IfNotPresent + args: + - -v=5 + - -csi-address=/csi/csi.sock + securityContext: + privileged: true + volumeMounts: + - mountPath: /csi + name: socket-dir + volumes: + - hostPath: + path: {{ .Values.kubernetes.kubeletPath }}/plugins/{{ .Values.lvm.driverName }} + type: DirectoryOrCreate + name: socket-dir +--- diff --git a/charts/harvester-csi-driver-lvm/templates/csi.yaml b/charts/harvester-csi-driver-lvm/templates/csi.yaml new file mode 100644 index 000000000..b1b838cc --- /dev/null +++ b/charts/harvester-csi-driver-lvm/templates/csi.yaml @@ -0,0 +1,164 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: harvester-csi-driver-lvm-plugin + labels: + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: harvester-csi-driver-lvm-plugin + template: + metadata: + labels: + app: harvester-csi-driver-lvm-plugin + spec: + serviceAccountName: harvester-csi-driver-lvm +{{- if .Values.tolerations.plugin }} + tolerations: +{{ toYaml .Values.tolerations.plugin | indent 8 }} +{{- end }} +{{- if .Values.nodeSelector.plugin }} + nodeSelector: +{{ toYaml .Values.nodeSelector.plugin | indent 8 }} +{{- end }} + containers: + - name: node-driver-registrar + args: + - --v=5 + - --csi-address=/csi/csi.sock + - --kubelet-registration-path={{ .Values.kubernetes.kubeletPath }}/plugins/{{ .Values.lvm.driverName }}/csi.sock + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: {{ template "externalImages.csiNodeDriverRegistrar" . }} + imagePullPolicy: IfNotPresent + resources: {} + securityContext: + privileged: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: /registration + name: registration-dir + - name: harvester-csi-driver-lvm-plugin + args: + - --drivername={{ .Values.lvm.driverName }} + - --endpoint=unix:///csi/csi.sock + - --hostwritepath={{ .Values.lvm.hostWritePath }} + - --nodeid=$(KUBE_NODE_NAME) + - --namespace={{ .Release.Namespace }} + - --provisionerimage={{ .Values.provisionerImage.repository }}:{{ .Values.provisionerImage.tag }} + - --pullpolicy={{ .Values.provisionerImage.pullPolicy }} + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + image: "{{ .Values.pluginImage.repository }}:{{ .Values.pluginImage.tag }}" + imagePullPolicy: {{ .Values.pluginImage.pullPolicy }} + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + ports: + - containerPort: 9898 + name: healthz + protocol: TCP + resources: {} + securityContext: + privileged: true + terminationMessagePath: /termination.log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /csi + name: socket-dir + - mountPath: {{ .Values.kubernetes.kubeletPath }}/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: {{ .Values.kubernetes.kubeletPath }}/plugins + mountPropagation: Bidirectional + name: plugins-dir + - mountPath: /dev + name: dev-dir + mountPropagation: Bidirectional + - mountPath: /lib/modules + name: mod-dir + - mountPath: /etc/lvm/backup + name: lvmbackup + mountPropagation: Bidirectional + - mountPath: /etc/lvm/cache + name: lvmcache + mountPropagation: Bidirectional + - mountPath: /run/lock/lvm + name: lvmlock + mountPropagation: Bidirectional + - name: liveness-probe + args: + - --csi-address=/csi/csi.sock + - --health-port=9898 + image: {{ template "externalImages.csiLivenessprobe" . }} + imagePullPolicy: IfNotPresent + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /csi + name: socket-dir + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + volumes: + - hostPath: + path: {{ .Values.kubernetes.kubeletPath }}/plugins/{{ .Values.lvm.driverName }} + type: DirectoryOrCreate + name: socket-dir + - hostPath: + path: {{ .Values.kubernetes.kubeletPath }}/pods + type: DirectoryOrCreate + name: mountpoint-dir + - hostPath: + path: {{ .Values.kubernetes.kubeletPath }}/plugins_registry + type: Directory + name: registration-dir + - hostPath: + path: {{ .Values.kubernetes.kubeletPath }}/plugins + type: Directory + name: plugins-dir + - hostPath: + path: /dev + type: Directory + name: dev-dir + - hostPath: + path: /lib/modules + name: mod-dir + - hostPath: + path: {{ .Values.lvm.hostWritePath }}/backup + type: DirectoryOrCreate + name: lvmbackup + - hostPath: + path: {{ .Values.lvm.hostWritePath }}/cache + type: DirectoryOrCreate + name: lvmcache + - hostPath: + path: {{ .Values.lvm.hostWritePath }}/lock + type: DirectoryOrCreate + name: lvmlock +--- diff --git a/charts/harvester-csi-driver-lvm/templates/rbac.yaml b/charts/harvester-csi-driver-lvm/templates/rbac.yaml new file mode 100644 index 000000000..024d0105 --- /dev/null +++ b/charts/harvester-csi-driver-lvm/templates/rbac.yaml @@ -0,0 +1,49 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: harvester-csi-driver-lvm +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: harvester-csi-driver-lvm +rules: + - apiGroups: [""] + resources: ["persistentvolumes", "persistentvolumeclaims", "persistentvolumeclaims/status"] + verbs: ["*"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["list", "get", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list", "get", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: harvester-csi-driver-lvm +subjects: + - kind: ServiceAccount + name: harvester-csi-driver-lvm + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: harvester-csi-driver-lvm + apiGroup: rbac.authorization.k8s.io +--- \ No newline at end of file diff --git a/charts/harvester-csi-driver-lvm/values.yaml b/charts/harvester-csi-driver-lvm/values.yaml new file mode 100644 index 000000000..eee20a85 --- /dev/null +++ b/charts/harvester-csi-driver-lvm/values.yaml @@ -0,0 +1,88 @@ +# Default values for harvester-lvm-csi-driver. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +pluginImage: + repository: rancher/harvester-lvm-csi-plugin + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "main-head" + +provisionerImage: + repository: rancher/harvester-lvm-provisioner + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "main-head" + +lvm: + # You will want to change this for read-only filesystems + # For example, in Talos OS, set this to "/var/etc/lvm" + hostWritePath: /etc/lvm + + driverName: lvm.driver.harvesterhci.io + +rbac: + create: true + +kubernetes: + kubeletPath: /var/lib/kubelet + +storageClasses: + linear: + enabled: true + additionalAnnotations: [] + # this might be used to mark one of the StorageClasses as default: + # storageclass.kubernetes.io/is-default-class: "true" + reclaimPolicy: Delete + striped: + enabled: true + additionalAnnotations: [] + reclaimPolicy: Delete + mirror: + enabled: true + additionalAnnotations: [] + reclaimPolicy: Delete + +customCSISidecars: + enabled: false + + ## uncomment and set these if enabled=true + + # attacher: k8s.gcr.io/sig-storage/csi-attacher:v3.5.0 + # livenessprobe: k8s.gcr.io/sig-storage/livenessprobe:v2.7.0 + # provisioner: k8s.gcr.io/sig-storage/csi-provisioner:v3.2.1 + # registrar: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.1 + # resizer: k8s.gcr.io/sig-storage/csi-resizer:v1.6.0 + +nodeSelector: + # The plugin daemonset will run on all nodes if it has a toleration, + # so it is not necessary to set a nodeSelector for it + + # plugin: + # node-role.kubernetes.io/master: "" + # Key name may need to be updated to 'node-role.kubernetes.io/control-plane' + # in the future + + # The provisioner has an affinity for nodes with a plugin pod, + # but since that's a daemonset, we allow more fine-grained node selection + + provisioner: + # node-role.kubernetes.io/master: "" + # Key name may need to be updated to 'node-role.kubernetes.io/control-plane' + # in the future + +tolerations: + plugin: + # - key: node-role.kubernetes.io/master + # operator: Exists + # effect: NoSchedule + # - key: node-role.kubernetes.io/control-plane + # operator: Exists + # effect: NoSchedule + provisioner: + # - key: node-role.kubernetes.io/master + # operator: Exists + # effect: NoSchedule + # - key: node-role.kubernetes.io/control-plane + # operator: Exists + # effect: NoSchedule