Update the helm chart for csi 1.0

Signed-off-by: Kevin Fox <Kevin.Fox@pnnl.gov>
2024-11-22 06:10:22 +00:00 · 2019-01-18 17:06:32 -08:00 · 2019-01-18 17:06:32 -08:00 · 2774109bf6
commit 2774109bf6
parent af008471ab
8 changed files with 104 additions and 12 deletions
--- a/deploy/rbd/helm/Chart.yaml
+++ b/deploy/rbd/helm/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v1
-appVersion: "0.3.0"
+appVersion: "1.0.0"
 description: Container Storage Interface (CSI) driver, provisioner, and attacher for Ceph RBD
 name: ceph-csi-rbd
-version: 0.1.0
+version: 0.2.0
 keywords:
 - ceph
 - rbd
--- a/deploy/rbd/helm/templates/attacher-statefulset.yaml
+++ b/deploy/rbd/helm/templates/attacher-statefulset.yaml
@ -11,6 +11,11 @@ metadata:
 spec:
  serviceName: {{ include "ceph-csi-rbd.attacher.fullname" . }}
  replicas: {{ .Values.attacher.replicas }}
+  selector:
+    matchLabels:
+      app: {{ include "ceph-csi-rbd.name" . }}
+      component: {{ .Values.attacher.name }}
+      release: {{ .Release.Name }}
  template:
    metadata:
      labels:
--- a/deploy/rbd/helm/templates/nodeplugin-daemonset.yaml
+++ b/deploy/rbd/helm/templates/nodeplugin-daemonset.yaml
@ -65,7 +65,8 @@ spec:
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--v=5"
            - "--drivername=csi-rbdplugin"
-            - "--containerized=true"            
+            - "--containerized=true"
+            - "--metadatastorage=k8s_configmap"
          env:
            - name: HOST_ROOTFS
              value: "/rootfs"
@ -82,6 +83,9 @@ spec:
            - name: pods-mount-dir
              mountPath: /var/lib/kubelet/pods
              mountPropagation: "Bidirectional"
+            - name: plugin-mount-dir
+              mountPath: {{ .Values.volumeDevicesDir }}
+              mountPropagation: "Bidirectional"
            - mountPath: /dev
              name: host-dev
            - mountPath: /rootfs
@ -98,9 +102,13 @@ spec:
          hostPath:
            path: {{ .Values.socketDir }}
            type: DirectoryOrCreate
+        - name: plugin-mount-dir
+          hostPath:
+            path: {{ .Values.volumeDevicesDir }}
+            type: DirectoryOrCreate
        - name: registration-dir
          hostPath:
-            path: /var/lib/kubelet/plugins/
+            path: {{ .Values.registrationDir }}
            type: Directory
        - name: pods-mount-dir
          hostPath:
--- a/deploy/rbd/helm/templates/provisioner-clusterrole.yaml
+++ b/deploy/rbd/helm/templates/provisioner-clusterrole.yaml
@ -25,4 +25,7 @@ rules:
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["endpoints"]
+    verbs: ["get", "create", "update"]
 {{- end -}}
--- a/deploy/rbd/helm/templates/provisioner-role.yaml
+++ b/deploy/rbd/helm/templates/provisioner-role.yaml
@ -0,0 +1,16 @@
+{{- if .Values.rbac.create -}}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+{{- end -}}
--- a/deploy/rbd/helm/templates/provisioner-rolebinding.yaml
+++ b/deploy/rbd/helm/templates/provisioner-rolebinding.yaml
@ -0,0 +1,21 @@
+{{- if .Values.rbac.create -}}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.provisioner.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "ceph-csi-rbd.serviceAccountName.provisioner" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+  namespace: {{ .Release.Namespace }}
+{{- end -}}
--- a/deploy/rbd/helm/templates/provisioner-statefulset.yaml
+++ b/deploy/rbd/helm/templates/provisioner-statefulset.yaml
@ -11,6 +11,11 @@ metadata:
 spec:
  serviceName: {{ include "ceph-csi-rbd.provisioner.fullname" . }}
  replicas: {{ .Values.provisioner.replicas }}
+  selector:
+    matchLabels:
+      app: {{ include "ceph-csi-rbd.name" . }}
+      component: {{ .Values.provisioner.name }}
+      release: {{ .Release.Name }}
  template:
    metadata:
      labels:
@ -25,7 +30,6 @@ spec:
        - name: csi-provisioner
          image: "{{ .Values.provisioner.image.repository }}:{{ .Values.provisioner.image.tag }}"
          args:
-            - "--provisioner=csi-rbdplugin"
            - "--csi-address=$(ADDRESS)"
            - "--v=5"
          env:
@ -37,11 +41,44 @@ spec:
              mountPath: {{ .Values.socketDir }}
          resources:
 {{ toYaml .Values.provisioner.resources | indent 12 }}
+        - name: csi-rbdplugin
+          securityContext:
+            privileged: true
+            capabilities:
+              add: ["SYS_ADMIN"]
+            allowPrivilegeEscalation: true
+          image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
+          args :
+            - "--nodeid=$(NODE_ID)"
+            - "--endpoint=$(CSI_ENDPOINT)"
+            - "--v=5"
+            - "--drivername=csi-rbdplugin"
+            - "--containerized=true"
+            - "--metadatastorage=k8s_configmap"
+          env:
+            - name: HOST_ROOTFS
+              value: "/rootfs"
+            - name: NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: CSI_ENDPOINT
+              value: "unix:/{{ .Values.socketDir }}/{{ .Values.socketFile }}"
+          imagePullPolicy: {{ .Values.nodeplugin.plugin.image.imagePullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: {{ .Values.socketDir }}
+            - name: host-rootfs
+              mountPath: "/rootfs"
+          resources:
+{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
      volumes:
        - name: socket-dir
+          emptyDir: {}
+#FIXME this seems way too much. Why is it needed at all for this?
+        - name: host-rootfs
          hostPath:
-            path: {{ .Values.socketDir }}
-            type: DirectoryOrCreate
+            path: /            
    {{- if .Values.provisioner.affinity -}}
      affinity:
 {{ toYaml .Values.provisioner.affinity . | indent 8 }}
--- a/deploy/rbd/helm/values.yaml
+++ b/deploy/rbd/helm/values.yaml
@ -12,8 +12,10 @@ serviceAccounts:
    create: true
    name:

-socketDir: /var/lib/kubelet/plugins/csi-rbdplugin
+socketDir: /var/lib/kubelet/plugins_registry/csi-rbdplugin
 socketFile: csi.sock
+registrationDir: /var/lib/kubelet/plugins_registry
+volumeDevicesDir: /var/lib/kubelet/plugins/kubernetes.io/csi/volumeDevices

 attacher:
  name: attacher
@ -22,7 +24,7 @@ attacher:

  image:
    repository: quay.io/k8scsi/csi-attacher
-    tag: v0.3.0
+    tag: v1.0.0
    pullPolicy: IfNotPresent

  resources: {}
@ -39,7 +41,7 @@ nodeplugin:
  registrar:
    image:
      repository: quay.io/k8scsi/driver-registrar
-      tag: v0.3.0
+      tag: canary
      pullPolicy: IfNotPresent
    
    resources: {}
@ -47,7 +49,7 @@ nodeplugin:
  plugin:
    image:
      repository: quay.io/cephcsi/rbdplugin
-      tag: v0.3.0
+      tag: v1.0.0
      pullPolicy: IfNotPresent
    
    resources: {}
@ -65,7 +67,7 @@ provisioner:

  image:
    repository: quay.io/k8scsi/csi-provisioner
-    tag: v0.3.0
+    tag: canary
    pullPolicy: IfNotPresent

  resources: {}