diff --git a/deploy/cephfs/helm/.helmignore b/deploy/cephfs/helm/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/deploy/cephfs/helm/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/deploy/cephfs/helm/Chart.yaml b/deploy/cephfs/helm/Chart.yaml new file mode 100644 index 000000000..d3e94d26d --- /dev/null +++ b/deploy/cephfs/helm/Chart.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +appVersion: "1.0.0" +description: "Container Storage Interface (CSI) driver, +provisioner, and attacher for Ceph cephfs" +name: ceph-csi-cephfs +version: 0.4.0 +keywords: + - ceph + - cephfs + - ceph-csi +home: https://github.com/ceph/ceph-csi +sources: + - https://github.com/ceph/ceph-csi/tree/csi-v1.0/deploy/cephfs/helm diff --git a/deploy/cephfs/helm/README.md b/deploy/cephfs/helm/README.md new file mode 100644 index 000000000..3fa72d336 --- /dev/null +++ b/deploy/cephfs/helm/README.md @@ -0,0 +1,23 @@ +# ceph-csi-cephfs + +The ceph-csi-cephfs chart adds cephfs volume support to your cluster. + +## Install Chart + +To install the Chart into your Kubernetes cluster + +```bash +helm install --name "ceph-csi-cephfs" ceph-csi/ceph-csi-cephfs +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "ceph-csi-cephfs" +``` + +If you want to delete your Chart, use this command + +```bash +helm delete --purge "ceph-csi-cephfs" +``` diff --git a/deploy/cephfs/helm/templates/NOTES.txt b/deploy/cephfs/helm/templates/NOTES.txt new file mode 100644 index 000000000..3af9f2b57 --- /dev/null +++ b/deploy/cephfs/helm/templates/NOTES.txt @@ -0,0 +1,2 @@ +Examples on how to configure a storage class and start using the driver are here: +https://github.com/ceph/ceph-csi/tree/csi-v1.0/examples/cephfs diff --git a/deploy/cephfs/helm/templates/_helpers.tpl b/deploy/cephfs/helm/templates/_helpers.tpl new file mode 100644 index 000000000..e604150ae --- /dev/null +++ b/deploy/cephfs/helm/templates/_helpers.tpl @@ -0,0 +1,119 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "ceph-csi-cephfs.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ceph-csi-cephfs.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ceph-csi-cephfs.attacher.fullname" -}} +{{- if .Values.attacher.fullnameOverride -}} +{{- .Values.attacher.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.attacher.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.attacher.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ceph-csi-cephfs.nodeplugin.fullname" -}} +{{- if .Values.nodeplugin.fullnameOverride -}} +{{- .Values.nodeplugin.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.nodeplugin.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeplugin.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ceph-csi-cephfs.provisioner.fullname" -}} +{{- if .Values.provisioner.fullnameOverride -}} +{{- .Values.provisioner.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.provisioner.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.provisioner.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ceph-csi-cephfs.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ceph-csi-cephfs.serviceAccountName.attacher" -}} +{{- if .Values.serviceAccounts.attacher.create -}} + {{ default (include "ceph-csi-cephfs.attacher.fullname" .) .Values.serviceAccounts.attacher.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.attacher.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ceph-csi-cephfs.serviceAccountName.nodeplugin" -}} +{{- if .Values.serviceAccounts.nodeplugin.create -}} + {{ default (include "ceph-csi-cephfs.nodeplugin.fullname" .) .Values.serviceAccounts.nodeplugin.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.nodeplugin.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ceph-csi-cephfs.serviceAccountName.provisioner" -}} +{{- if .Values.serviceAccounts.provisioner.create -}} + {{ default (include "ceph-csi-cephfs.provisioner.fullname" .) .Values.serviceAccounts.provisioner.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.provisioner.name }} +{{- end -}} +{{- end -}} diff --git a/deploy/cephfs/helm/templates/attacher-clusterrole.yaml b/deploy/cephfs/helm/templates/attacher-clusterrole.yaml new file mode 100644 index 000000000..2f70448e2 --- /dev/null +++ b/deploy/cephfs/helm/templates/attacher-clusterrole.yaml @@ -0,0 +1,25 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.attacher.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.attacher.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] +{{- end -}} diff --git a/deploy/cephfs/helm/templates/attacher-clusterrolebinding.yaml b/deploy/cephfs/helm/templates/attacher-clusterrolebinding.yaml new file mode 100644 index 000000000..832e23dec --- /dev/null +++ b/deploy/cephfs/helm/templates/attacher-clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.attacher.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.attacher.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ include "ceph-csi-cephfs.serviceAccountName.attacher" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "ceph-csi-cephfs.attacher.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/deploy/cephfs/helm/templates/attacher-service.yaml b/deploy/cephfs/helm/templates/attacher-service.yaml new file mode 100644 index 000000000..379830d53 --- /dev/null +++ b/deploy/cephfs/helm/templates/attacher-service.yaml @@ -0,0 +1,18 @@ +kind: Service +apiVersion: v1 +metadata: + name: {{ include "ceph-csi-cephfs.attacher.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.attacher.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + app: {{ include "ceph-csi-cephfs.name" . }} + component: {{ .Values.attacher.name }} + release: {{ .Release.Name }} + ports: + - name: dummy + port: 12345 diff --git a/deploy/cephfs/helm/templates/attacher-serviceaccount.yaml b/deploy/cephfs/helm/templates/attacher-serviceaccount.yaml new file mode 100644 index 000000000..dbb70ccc2 --- /dev/null +++ b/deploy/cephfs/helm/templates/attacher-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccounts.attacher.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ceph-csi-cephfs.serviceAccountName.attacher" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.attacher.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end -}} diff --git a/deploy/cephfs/helm/templates/attacher-statefulset.yaml b/deploy/cephfs/helm/templates/attacher-statefulset.yaml new file mode 100644 index 000000000..88514d062 --- /dev/null +++ b/deploy/cephfs/helm/templates/attacher-statefulset.yaml @@ -0,0 +1,60 @@ +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: {{ include "ceph-csi-cephfs.attacher.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.attacher.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + serviceName: {{ include "ceph-csi-cephfs.attacher.fullname" . }} + replicas: {{ .Values.attacher.replicas }} + selector: + matchLabels: + app: {{ include "ceph-csi-cephfs.name" . }} + component: {{ .Values.attacher.name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.attacher.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + serviceAccountName: {{ include "ceph-csi-cephfs.serviceAccountName.attacher" . }} + containers: + - name: csi-cephfsplugin-attacher + image: "{{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag }}" + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}" + imagePullPolicy: {{ .Values.attacher.image.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: {{ .Values.socketDir }} + resources: +{{ toYaml .Values.attacher.resources | indent 12 }} + volumes: + - name: socket-dir + hostPath: + path: {{ .Values.socketDir }} + type: DirectoryOrCreate + {{- if .Values.attacher.affinity -}} + affinity: +{{ toYaml .Values.attacher.affinity . | indent 8 }} + {{- end -}} + {{- if .Values.attacher.nodeSelector -}} + nodeSelector: +{{ toYaml .Values.attacher.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.attacher.tolerations -}} + tolerations: +{{ toYaml .Values.attacher.tolerations | indent 8 }} + {{- end -}} diff --git a/deploy/cephfs/helm/templates/nodeplugin-clusterrole.yaml b/deploy/cephfs/helm/templates/nodeplugin-clusterrole.yaml new file mode 100644 index 000000000..290dd3f33 --- /dev/null +++ b/deploy/cephfs/helm/templates/nodeplugin-clusterrole.yaml @@ -0,0 +1,28 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "update"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list"] +{{- end -}} diff --git a/deploy/cephfs/helm/templates/nodeplugin-clusterrolebinding.yaml b/deploy/cephfs/helm/templates/nodeplugin-clusterrolebinding.yaml new file mode 100644 index 000000000..24e21351c --- /dev/null +++ b/deploy/cephfs/helm/templates/nodeplugin-clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ include "ceph-csi-cephfs.serviceAccountName.nodeplugin" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/deploy/cephfs/helm/templates/nodeplugin-daemonset.yaml b/deploy/cephfs/helm/templates/nodeplugin-daemonset.yaml new file mode 100644 index 000000000..20ac11933 --- /dev/null +++ b/deploy/cephfs/helm/templates/nodeplugin-daemonset.yaml @@ -0,0 +1,139 @@ +kind: DaemonSet +apiVersion: apps/v1beta2 +metadata: + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ include "ceph-csi-cephfs.name" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + serviceAccountName: {{ include "ceph-csi-cephfs.serviceAccountName.nodeplugin" . }} + hostNetwork: true + hostPID: true + # to use e.g. Rook orchestrated cluster, and mons' FQDN is + # resolved through k8s service, set dns policy to cluster first + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver-registrar + image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}" + args: + - "--v=5" + - "--csi-address=/csi/{{ .Values.socketFile }}" + - "--kubelet-registration-path={{ .Values.socketDir }}/{{ .Values.socketFile }}" + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/csi-cephfsplugin /registration/csi-cephfsplugin-reg.sock"] + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + imagePullPolicy: {{ .Values.nodeplugin.registrar.image.imagePullPolicy }} + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: +{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }} + - name: csi-cephfsplugin + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" + args : + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + - "--v=5" + - "--drivername=csi-cephfsplugin" + - "--metadatastorage=k8s_configmap" + env: + - name: HOST_ROOTFS + value: "/rootfs" + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: "unix:/{{ .Values.socketDir }}/{{ .Values.socketFile }}" + imagePullPolicy: {{ .Values.nodeplugin.plugin.image.imagePullPolicy }} + volumeMounts: + - name: plugin-dir + mountPath: {{ .Values.socketDir }} + - name: pods-mount-dir + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + - name: plugin-mount-dir + mountPath: {{ .Values.volumeDevicesDir }} + mountPropagation: "Bidirectional" + - mountPath: /dev + name: host-dev + - mountPath: /rootfs + name: host-rootfs + - mountPath: /sys + name: host-sys + - mountPath: /lib/modules + name: lib-modules + readOnly: true + resources: +{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} + volumes: + - name: plugin-dir + hostPath: + path: {{ .Values.socketDir }} + type: DirectoryOrCreate + - name: plugin-mount-dir + hostPath: + path: {{ .Values.volumeDevicesDir }} + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: {{ .Values.registrationDir }} + type: Directory + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: host-dev + hostPath: + path: /dev + - name: host-rootfs + hostPath: + path: / + - name: host-sys + hostPath: + path: /sys + - name: lib-modules + hostPath: + path: /lib/modules + {{- if .Values.nodeplugin.affinity -}} + affinity: +{{ toYaml .Values.nodeplugin.affinity . | indent 8 }} + {{- end -}} + {{- if .Values.nodeplugin.nodeSelector -}} + nodeSelector: +{{ toYaml .Values.nodeplugin.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.nodeplugin.tolerations -}} + tolerations: +{{ toYaml .Values.nodeplugin.tolerations | indent 8 }} + {{- end -}} diff --git a/deploy/cephfs/helm/templates/nodeplugin-serviceaccount.yaml b/deploy/cephfs/helm/templates/nodeplugin-serviceaccount.yaml new file mode 100644 index 000000000..88bd8f1bc --- /dev/null +++ b/deploy/cephfs/helm/templates/nodeplugin-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccounts.nodeplugin.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ceph-csi-cephfs.serviceAccountName.nodeplugin" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end -}} diff --git a/deploy/cephfs/helm/templates/provisioner-clusterrole.yaml b/deploy/cephfs/helm/templates/provisioner-clusterrole.yaml new file mode 100644 index 000000000..590521ab2 --- /dev/null +++ b/deploy/cephfs/helm/templates/provisioner-clusterrole.yaml @@ -0,0 +1,31 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "create", "delete"] +{{- end -}} diff --git a/deploy/cephfs/helm/templates/provisioner-clusterrolebinding.yaml b/deploy/cephfs/helm/templates/provisioner-clusterrolebinding.yaml new file mode 100644 index 000000000..82d5d1316 --- /dev/null +++ b/deploy/cephfs/helm/templates/provisioner-clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ include "ceph-csi-cephfs.serviceAccountName.provisioner" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/deploy/cephfs/helm/templates/provisioner-service.yaml b/deploy/cephfs/helm/templates/provisioner-service.yaml new file mode 100644 index 000000000..93d62ffb7 --- /dev/null +++ b/deploy/cephfs/helm/templates/provisioner-service.yaml @@ -0,0 +1,18 @@ +kind: Service +apiVersion: v1 +metadata: + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + app: {{ include "ceph-csi-cephfs.name" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + ports: + - name: dummy + port: 12345 diff --git a/deploy/cephfs/helm/templates/provisioner-serviceaccount.yaml b/deploy/cephfs/helm/templates/provisioner-serviceaccount.yaml new file mode 100644 index 000000000..2c1d9f74f --- /dev/null +++ b/deploy/cephfs/helm/templates/provisioner-serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccounts.provisioner.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ceph-csi-cephfs.serviceAccountName.provisioner" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end -}} diff --git a/deploy/cephfs/helm/templates/provisioner-statefulset.yaml b/deploy/cephfs/helm/templates/provisioner-statefulset.yaml new file mode 100644 index 000000000..2f5c48c8a --- /dev/null +++ b/deploy/cephfs/helm/templates/provisioner-statefulset.yaml @@ -0,0 +1,92 @@ +kind: StatefulSet +apiVersion: apps/v1beta1 +metadata: + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + serviceName: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + replicas: {{ .Values.provisioner.replicas }} + selector: + matchLabels: + app: {{ include "ceph-csi-cephfs.name" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + serviceAccountName: {{ include "ceph-csi-cephfs.serviceAccountName.provisioner" . }} + containers: + - name: csi-provisioner + image: "{{ .Values.provisioner.image.repository }}:{{ .Values.provisioner.image.tag }}" + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: "{{ .Values.socketDir }}/{{ .Values.socketFile }}" + imagePullPolicy: {{ .Values.provisioner.image.pullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: {{ .Values.socketDir }} + resources: +{{ toYaml .Values.provisioner.resources | indent 12 }} + - name: csi-cephfsplugin + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}" + args : + - "--nodeid=$(NODE_ID)" + - "--endpoint=$(CSI_ENDPOINT)" + - "--v=5" + - "--drivername=csi-cephfsplugin" + - "--metadatastorage=k8s_configmap" + env: + - name: HOST_ROOTFS + value: "/rootfs" + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: "unix:/{{ .Values.socketDir }}/{{ .Values.socketFile }}" + imagePullPolicy: {{ .Values.nodeplugin.plugin.image.imagePullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: {{ .Values.socketDir }} + - name: host-rootfs + mountPath: "/rootfs" + resources: +{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} + volumes: + - name: socket-dir + emptyDir: {} +#FIXME this seems way too much. Why is it needed at all for this? + - name: host-rootfs + hostPath: + path: / + {{- if .Values.provisioner.affinity -}} + affinity: +{{ toYaml .Values.provisioner.affinity . | indent 8 }} + {{- end -}} + {{- if .Values.provisioner.nodeSelector -}} + nodeSelector: +{{ toYaml .Values.provisioner.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.provisioner.tolerations -}} + tolerations: +{{ toYaml .Values.provisioner.tolerations | indent 8 }} + {{- end -}} diff --git a/deploy/cephfs/helm/values.yaml b/deploy/cephfs/helm/values.yaml new file mode 100644 index 000000000..f662c8849 --- /dev/null +++ b/deploy/cephfs/helm/values.yaml @@ -0,0 +1,80 @@ +--- +rbac: + create: true + +serviceAccounts: + attacher: + create: true + name: + nodeplugin: + create: true + name: + provisioner: + create: true + name: + +socketDir: /var/lib/kubelet/plugins/csi-cephfsplugin +socketFile: csi.sock +registrationDir: /var/lib/kubelet/plugins_registry +volumeDevicesDir: /var/lib/kubelet/plugins/kubernetes.io/csi/volumeDevices + +attacher: + name: attacher + + replicaCount: 1 + + image: + repository: quay.io/k8scsi/csi-attacher + tag: v1.0.1 + pullPolicy: IfNotPresent + + resources: {} + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +nodeplugin: + name: nodeplugin + + registrar: + image: + repository: quay.io/k8scsi/csi-node-driver-registrar + tag: v1.0.2 + pullPolicy: IfNotPresent + + resources: {} + + plugin: + image: + repository: quay.io/cephcsi/cephfsplugin + tag: v1.0.0 + pullPolicy: IfNotPresent + + resources: {} + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +provisioner: + name: provisioner + + replicaCount: 1 + + image: + repository: quay.io/k8scsi/csi-provisioner + tag: v1.0.1 + pullPolicy: IfNotPresent + + resources: {} + + nodeSelector: {} + + tolerations: [] + + affinity: {}