mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-09 16:00:22 +00:00
Update Helm charts to support topology
- Added requires chart variables - Updated templates with required additions based on the variables - Re-added older nodeplugin cluster role/rolebinding as needed Signed-off-by: ShyamsundarR <srangana@redhat.com>
This commit is contained in:
parent
5c4abf8347
commit
d7ea523540
19
charts/ceph-csi-cephfs/templates/nodeplugin-clusterrole.yaml
Normal file
19
charts/ceph-csi-cephfs/templates/nodeplugin-clusterrole.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
{{- if .Values.topology.enabled }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}
|
||||
labels:
|
||||
app: {{ include "ceph-csi-cephfs.name" . }}
|
||||
chart: {{ include "ceph-csi-cephfs.chart" . }}
|
||||
component: {{ .Values.nodeplugin.name }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
aggregationRule:
|
||||
clusterRoleSelectors:
|
||||
- matchLabels:
|
||||
rbac.cephfs.csi.ceph.com/aggregate-to-{{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}: "true"
|
||||
rules: []
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -0,0 +1,22 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
{{- if .Values.topology.enabled }}
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}
|
||||
labels:
|
||||
app: {{ include "ceph-csi-cephfs.name" . }}
|
||||
chart: {{ include "ceph-csi-cephfs.chart" . }}
|
||||
component: {{ .Values.nodeplugin.name }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "ceph-csi-cephfs.serviceAccountName.nodeplugin" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -83,6 +83,9 @@ spec:
|
||||
- "--v=5"
|
||||
- "--drivername=$(DRIVER_NAME)"
|
||||
- "--metadatastorage=k8s_configmap"
|
||||
{{- if .Values.topology.enabled }}
|
||||
- "--domainlabels={{ .Values.topology.domainLabels | join "," }}"
|
||||
{{- end }}
|
||||
env:
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
|
@ -0,0 +1,19 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
{{- if .Values.topology.enabled }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}-rules
|
||||
labels:
|
||||
app: {{ include "ceph-csi-cephfs.name" . }}
|
||||
chart: {{ include "ceph-csi-cephfs.chart" . }}
|
||||
component: {{ .Values.nodeplugin.name }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
rbac.cephfs.csi.ceph.com/aggregate-to-{{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}: "true"
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get"]
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -37,6 +37,9 @@ spec:
|
||||
- "--enable-leader-election=true"
|
||||
- "--leader-election-type=leases"
|
||||
- "--retry-interval-start=500ms"
|
||||
{{- if .Values.topology.enabled }}
|
||||
- "--feature-gates=Topology=true"
|
||||
{{- end }}
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
|
||||
|
@ -38,4 +38,12 @@ rules:
|
||||
verbs: ["update", "patch"]
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- if .Values.topology.enabled }}
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get", "list", watch"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["csinodes"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
@ -165,6 +165,18 @@ provisioner:
|
||||
podSecurityPolicy:
|
||||
enabled: false
|
||||
|
||||
topology:
|
||||
# Specifies whether topology based provisioning support should
|
||||
# be exposed by CSI
|
||||
enabled: false
|
||||
# domainLabels define which node labels to use as domains
|
||||
# for CSI nodeplugins to advertise their domains
|
||||
# NOTE: the value here serves as an example and needs to be
|
||||
# updated with node labels that define domains of interest
|
||||
domainLabels:
|
||||
- failure-domain/region
|
||||
- failure-domain/zone
|
||||
|
||||
#########################################################
|
||||
# Variables for 'internal' use please use with caution! #
|
||||
#########################################################
|
||||
|
19
charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml
Normal file
19
charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
{{- if .Values.topology.enabled }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
|
||||
labels:
|
||||
app: {{ include "ceph-csi-rbd.name" . }}
|
||||
chart: {{ include "ceph-csi-rbd.chart" . }}
|
||||
component: {{ .Values.nodeplugin.name }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
aggregationRule:
|
||||
clusterRoleSelectors:
|
||||
- matchLabels:
|
||||
rbac.rbd.csi.ceph.com/aggregate-to-{{ include "ceph-csi-rbd.nodeplugin.fullname" . }}: "true"
|
||||
rules: []
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -0,0 +1,22 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
{{- if .Values.topology.enabled }}
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
|
||||
labels:
|
||||
app: {{ include "ceph-csi-rbd.name" . }}
|
||||
chart: {{ include "ceph-csi-rbd.chart" . }}
|
||||
component: {{ .Values.nodeplugin.name }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -80,6 +80,9 @@ spec:
|
||||
- "--endpoint=$(CSI_ENDPOINT)"
|
||||
- "--v=5"
|
||||
- "--drivername=$(DRIVER_NAME)"
|
||||
{{- if .Values.topology.enabled }}
|
||||
- "--domainlabels={{ .Values.topology.domainLabels | join "," }}"
|
||||
{{- end }}
|
||||
env:
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
|
@ -0,0 +1,19 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
{{- if .Values.topology.enabled }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}-rules
|
||||
labels:
|
||||
app: {{ include "ceph-csi-rbd.name" . }}
|
||||
chart: {{ include "ceph-csi-rbd.chart" . }}
|
||||
component: {{ .Values.nodeplugin.name }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
rbac.rbd.csi.ceph.com/aggregate-to-{{ include "ceph-csi-rbd.nodeplugin.fullname" . }}: "true"
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get"]
|
||||
{{- end }}
|
||||
{{- end -}}
|
@ -37,6 +37,9 @@ spec:
|
||||
- "--enable-leader-election=true"
|
||||
- "--leader-election-type=leases"
|
||||
- "--retry-interval-start=500ms"
|
||||
{{- if .Values.topology.enabled }}
|
||||
- "--feature-gates=Topology=true"
|
||||
{{- end }}
|
||||
env:
|
||||
- name: ADDRESS
|
||||
value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
|
||||
|
@ -53,5 +53,13 @@ rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["persistentvolumeclaims/status"]
|
||||
verbs: ["update", "patch"]
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- if .Values.topology.enabled }}
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get", "list", watch"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["csinodes"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
@ -182,6 +182,18 @@ provisioner:
|
||||
podSecurityPolicy:
|
||||
enabled: false
|
||||
|
||||
topology:
|
||||
# Specifies whether topology based provisioning support should
|
||||
# be exposed by CSI
|
||||
enabled: false
|
||||
# domainLabels define which node labels to use as domains
|
||||
# for CSI nodeplugins to advertise their domains
|
||||
# NOTE: the value here serves as an example and needs to be
|
||||
# updated with node labels that define domains of interest
|
||||
domainLabels:
|
||||
- failure-domain/region
|
||||
- failure-domain/zone
|
||||
|
||||
#########################################################
|
||||
# Variables for 'internal' use please use with caution! #
|
||||
#########################################################
|
||||
|
Loading…
Reference in New Issue
Block a user