From dfa40fe7bcc7b23a0a91ae1d02b132b2592da8dd Mon Sep 17 00:00:00 2001 From: Mayank Shah Date: Thu, 29 Oct 2020 14:26:24 +0530 Subject: [PATCH] Add Helm chart for NFS driver Signed-off-by: Mayank Shah --- charts/csi-driver-nfs/.helmignore | 22 ++++ charts/csi-driver-nfs/Chart.yaml | 5 + charts/csi-driver-nfs/templates/NOTES.txt | 5 + charts/csi-driver-nfs/templates/_helpers.tpl | 11 ++ .../templates/csi-nfs-controller.yaml | 111 ++++++++++++++++++ .../templates/csi-nfs-driverinfo.yaml | 9 ++ .../templates/csi-nfs-node.yaml | 79 +++++++++++++ .../templates/rbac-csi-nfs-controller.yaml | 54 +++++++++ charts/csi-driver-nfs/values.yaml | 26 ++++ 9 files changed, 322 insertions(+) create mode 100644 charts/csi-driver-nfs/.helmignore create mode 100644 charts/csi-driver-nfs/Chart.yaml create mode 100644 charts/csi-driver-nfs/templates/NOTES.txt create mode 100644 charts/csi-driver-nfs/templates/_helpers.tpl create mode 100644 charts/csi-driver-nfs/templates/csi-nfs-controller.yaml create mode 100644 charts/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml create mode 100644 charts/csi-driver-nfs/templates/csi-nfs-node.yaml create mode 100644 charts/csi-driver-nfs/templates/rbac-csi-nfs-controller.yaml create mode 100644 charts/csi-driver-nfs/values.yaml diff --git a/charts/csi-driver-nfs/.helmignore b/charts/csi-driver-nfs/.helmignore new file mode 100644 index 000000000..50af03172 --- /dev/null +++ b/charts/csi-driver-nfs/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/csi-driver-nfs/Chart.yaml b/charts/csi-driver-nfs/Chart.yaml new file mode 100644 index 000000000..d9914e662 --- /dev/null +++ b/charts/csi-driver-nfs/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: csi-driver-nfs +version: 0.1.0 diff --git a/charts/csi-driver-nfs/templates/NOTES.txt b/charts/csi-driver-nfs/templates/NOTES.txt new file mode 100644 index 000000000..19e9a2ea4 --- /dev/null +++ b/charts/csi-driver-nfs/templates/NOTES.txt @@ -0,0 +1,5 @@ + The CSI NFS Driver is getting deployed to your cluster. + +To check CSI NFS Driver pods status, please run: + + kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch \ No newline at end of file diff --git a/charts/csi-driver-nfs/templates/_helpers.tpl b/charts/csi-driver-nfs/templates/_helpers.tpl new file mode 100644 index 000000000..9e730b703 --- /dev/null +++ b/charts/csi-driver-nfs/templates/_helpers.tpl @@ -0,0 +1,11 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* labels for helm resources */}} +{{- define "nfs.labels" -}} +labels: + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + revision: "{{ .Release.Revision }}" + chart: "{{ .Chart.Name }}" + chartVersion: "{{ .Chart.Version }}" +{{- end -}} \ No newline at end of file diff --git a/charts/csi-driver-nfs/templates/csi-nfs-controller.yaml b/charts/csi-driver-nfs/templates/csi-nfs-controller.yaml new file mode 100644 index 000000000..28eccdb6c --- /dev/null +++ b/charts/csi-driver-nfs/templates/csi-nfs-controller.yaml @@ -0,0 +1,111 @@ +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: csi-nfs-controller + namespace: {{ .Release.Namespace }} +{{ include "nfs.labels" . | indent 2 }} +spec: + replicas: {{ .Values.controller.replicas }} + selector: + matchLabels: + app: csi-nfs-controller + template: + metadata: +{{ include "nfs.labels" . | indent 6 }} + app: csi-nfs-controller + spec: + serviceAccountName: csi-nfs-controller-sa + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Equal" + value: "true" + effect: "NoSchedule" + containers: + - name: csi-provisioner + image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}" + args: + - "-v=5" + - "--csi-address=$(ADDRESS)" + - "--enable-leader-election" + - "--leader-election-type=leases" + env: + - name: ADDRESS + value: /csi/csi.sock + imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }} + volumeMounts: + - mountPath: /csi + name: socket-dir + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: liveness-probe + image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}" + args: + - --csi-address=/csi/csi.sock + - --connection-timeout=3s + - --health-port=29642 + - --v=5 + imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + - name: nfs + image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + imagePullPolicy: {{ .Values.image.nfs.pullPolicy }} + args: + - "-v=5" + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /plugin + - name: pods-mount-dir + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + - mountPath: /csi + name: socket-dir + resources: + limits: + cpu: 200m + memory: 200Mi + requests: + cpu: 10m + memory: 20Mi + volumes: + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi-nfsplugin + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: socket-dir + emptyDir: {} diff --git a/charts/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml b/charts/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml new file mode 100644 index 000000000..7b7c0e5b3 --- /dev/null +++ b/charts/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml @@ -0,0 +1,9 @@ +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: nfs.csi.k8s.io +spec: + attachRequired: false + volumeLifecycleModes: + - Persistent + podInfoOnMount: true diff --git a/charts/csi-driver-nfs/templates/csi-nfs-node.yaml b/charts/csi-driver-nfs/templates/csi-nfs-node.yaml new file mode 100644 index 000000000..213de437c --- /dev/null +++ b/charts/csi-driver-nfs/templates/csi-nfs-node.yaml @@ -0,0 +1,79 @@ +# This YAML file contains driver-registrar & csi driver nodeplugin API objects +# that are necessary to run CSI nodeplugin for nfs +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: csi-nfs-node + namespace: {{ .Release.Namespace }} +{{ include "nfs.labels" . | indent 2 }} +spec: + selector: + matchLabels: + app: csi-nfs-node + template: + metadata: +{{ include "nfs.labels" . | indent 6 }} + app: csi-nfs-node + spec: + hostNetwork: true # original nfs connection would be broken without hostNetwork setting + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: node-driver-registrar + image: "{{ .Values.image.nodeDriverRegistrar.repository }}:{{ .Values.image.nodeDriverRegistrar.tag }}" + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/csi-nfsplugin /registration/csi-nfsplugin-reg.sock"] + args: + - --v=5 + - --csi-address=/plugin/csi.sock + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-nfsplugin/csi.sock + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + imagePullPolicy: {{ .Values.image.nodeDriverRegistrar.pullPolicy }} + volumeMounts: + - name: plugin-dir + mountPath: /plugin + - name: registration-dir + mountPath: /registration + - name: nfs + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}" + args : + - "-v=5" + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix://plugin/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: plugin-dir + mountPath: /plugin + - name: pods-mount-dir + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + volumes: + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi-nfsplugin + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + name: registration-dir diff --git a/charts/csi-driver-nfs/templates/rbac-csi-nfs-controller.yaml b/charts/csi-driver-nfs/templates/rbac-csi-nfs-controller.yaml new file mode 100644 index 000000000..814981819 --- /dev/null +++ b/charts/csi-driver-nfs/templates/rbac-csi-nfs-controller.yaml @@ -0,0 +1,54 @@ +{{- if .Values.serviceAccount.create -}} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csi-nfs-controller-sa + namespace: {{ .Release.Namespace }} +{{ include "nfs.labels" . | indent 2 }} +--- +{{- end -}} + +{{- if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: nfs-external-provisioner-role +{{ include "nfs.labels" . | indent 2 }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: nfs-csi-provisioner-binding +{{ include "nfs.labels" . | indent 2 }} +subjects: + - kind: ServiceAccount + name: csi-nfs-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: nfs-external-provisioner-role + apiGroup: rbac.authorization.k8s.io +{{- end -}} \ No newline at end of file diff --git a/charts/csi-driver-nfs/values.yaml b/charts/csi-driver-nfs/values.yaml new file mode 100644 index 000000000..6c5ac2ace --- /dev/null +++ b/charts/csi-driver-nfs/values.yaml @@ -0,0 +1,26 @@ +image: + nfs: + repository: quay.io/k8scsi/nfsplugin + tag: v2.0.0 + pullPolicy: ifNotPresent + csiProvisioner: + repository: mcr.microsoft.com/oss/kubernetes-csi/csi-provisioner + tag: v1.4.0 + pullPolicy: ifNotPresent + livenessProbe: + repository: mcr.microsoft.com/oss/kubernetes-csi/livenessprobe + tag: v1.1.0 + pullPolicy: ifNotPresent + nodeDriverRegistrar: + repository: mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar + tag: v1.2.0 + pullPolicy: IfNotPresent + +serviceAccount: + create: true + +rbac: + create: true + +controller: + replicas: 2