Update Helm charts to support topology

- Added requires chart variables - Updated templates with required additions based on the variables - Re-added older nodeplugin cluster role/rolebinding as needed Signed-off-by: ShyamsundarR <srangana@redhat.com>
2024-11-22 14:20:19 +00:00 · 2020-03-18 13:38:40 -04:00 · 2020-03-18 13:38:40 -04:00 · d7ea523540
commit d7ea523540
parent 5c4abf8347
14 changed files with 173 additions and 1 deletions
--- a/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrole.yaml
+++ b/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrole.yaml
@ -0,0 +1,19 @@
+{{- if .Values.rbac.create -}}
+{{- if .Values.topology.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-cephfs.name" . }}
+    chart: {{ include "ceph-csi-cephfs.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+aggregationRule:
+  clusterRoleSelectors:
+    - matchLabels:
+        rbac.cephfs.csi.ceph.com/aggregate-to-{{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}: "true"
+rules: []
+{{- end }}
+{{- end -}}
--- a/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrolebinding.yaml
+++ b/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrolebinding.yaml
@ -0,0 +1,22 @@
+{{- if .Values.rbac.create -}}
+{{- if .Values.topology.enabled }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-cephfs.name" . }}
+    chart: {{ include "ceph-csi-cephfs.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "ceph-csi-cephfs.serviceAccountName.nodeplugin" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end -}}
--- a/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml
+++ b/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml
@ -83,6 +83,9 @@ spec:
            - "--v=5"
            - "--drivername=$(DRIVER_NAME)"
            - "--metadatastorage=k8s_configmap"
+{{- if .Values.topology.enabled }}
+            - "--domainlabels={{ .Values.topology.domainLabels | join "," }}"
+{{- end }}
          env:
            - name: POD_IP
              valueFrom:
--- a/charts/ceph-csi-cephfs/templates/nodeplugin-rules-clusterrole.yaml
+++ b/charts/ceph-csi-cephfs/templates/nodeplugin-rules-clusterrole.yaml
@ -0,0 +1,19 @@
+{{- if .Values.rbac.create -}}
+{{- if .Values.topology.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}-rules
+  labels:
+    app: {{ include "ceph-csi-cephfs.name" . }}
+    chart: {{ include "ceph-csi-cephfs.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    rbac.cephfs.csi.ceph.com/aggregate-to-{{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}: "true"
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get"]
+{{- end }}
+{{- end -}}
--- a/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml
+++ b/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml
@ -37,6 +37,9 @@ spec:
            - "--enable-leader-election=true"
            - "--leader-election-type=leases"
            - "--retry-interval-start=500ms"
+{{- if .Values.topology.enabled }}
+            - "--feature-gates=Topology=true"
+{{- end }}
          env:
            - name: ADDRESS
              value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
--- a/charts/ceph-csi-cephfs/templates/provisioner-rules-clusterrole.yaml
+++ b/charts/ceph-csi-cephfs/templates/provisioner-rules-clusterrole.yaml
@ -38,4 +38,12 @@ rules:
    verbs: ["update", "patch"]
 {{- end -}}
 {{- end -}}
+{{- if .Values.topology.enabled }}
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+{{- end }}
 {{- end -}}
--- a/charts/ceph-csi-cephfs/values.yaml
+++ b/charts/ceph-csi-cephfs/values.yaml
@ -165,6 +165,18 @@ provisioner:
  podSecurityPolicy:
    enabled: false

+topology:
+  # Specifies whether topology based provisioning support should
+  # be exposed by CSI
+  enabled: false
+  # domainLabels define which node labels to use as domains
+  # for CSI nodeplugins to advertise their domains
+  # NOTE: the value here serves as an example and needs to be
+  # updated with node labels that define domains of interest
+  domainLabels:
+    - failure-domain/region
+    - failure-domain/zone
+
 #########################################################
 # Variables for 'internal' use please use with caution! #
 #########################################################
--- a/charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml
@ -0,0 +1,19 @@
+{{- if .Values.rbac.create -}}
+{{- if .Values.topology.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+aggregationRule:
+  clusterRoleSelectors:
+    - matchLabels:
+        rbac.rbd.csi.ceph.com/aggregate-to-{{ include "ceph-csi-rbd.nodeplugin.fullname" . }}: "true"
+rules: []
+{{- end }}
+{{- end -}}
--- a/charts/ceph-csi-rbd/templates/nodeplugin-clusterrolebinding.yaml
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-clusterrolebinding.yaml
@ -0,0 +1,22 @@
+{{- if .Values.rbac.create -}}
+{{- if .Values.topology.enabled }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end -}}
--- a/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
@ -80,6 +80,9 @@ spec:
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--v=5"
            - "--drivername=$(DRIVER_NAME)"
+{{- if .Values.topology.enabled }}
+            - "--domainlabels={{ .Values.topology.domainLabels | join "," }}"
+{{- end }}
          env:
            - name: POD_IP
              valueFrom:
--- a/charts/ceph-csi-rbd/templates/nodeplugin-rules-clusterrole.yaml
+++ b/charts/ceph-csi-rbd/templates/nodeplugin-rules-clusterrole.yaml
@ -0,0 +1,19 @@
+{{- if .Values.rbac.create -}}
+{{- if .Values.topology.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}-rules
+  labels:
+    app: {{ include "ceph-csi-rbd.name" . }}
+    chart: {{ include "ceph-csi-rbd.chart" . }}
+    component: {{ .Values.nodeplugin.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    rbac.rbd.csi.ceph.com/aggregate-to-{{ include "ceph-csi-rbd.nodeplugin.fullname" . }}: "true"
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get"]
+{{- end }}
+{{- end -}}
--- a/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml
+++ b/charts/ceph-csi-rbd/templates/provisioner-deployment.yaml
@ -37,6 +37,9 @@ spec:
            - "--enable-leader-election=true"
            - "--leader-election-type=leases"
            - "--retry-interval-start=500ms"
+{{- if .Values.topology.enabled }}
+            - "--feature-gates=Topology=true"
+{{- end }}
          env:
            - name: ADDRESS
              value: "unix:///csi/{{ .Values.provisionerSocketFile }}"
--- a/charts/ceph-csi-rbd/templates/provisioner-rules-clusterrole.yaml
+++ b/charts/ceph-csi-rbd/templates/provisioner-rules-clusterrole.yaml
@ -53,5 +53,13 @@ rules:
  - apiGroups: [""]
    resources: ["persistentvolumeclaims/status"]
    verbs: ["update", "patch"]
-{{- end -}}
+{{- end }}
+{{- if .Values.topology.enabled }}
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+{{- end }}
 {{- end -}}
--- a/charts/ceph-csi-rbd/values.yaml
+++ b/charts/ceph-csi-rbd/values.yaml
@ -182,6 +182,18 @@ provisioner:
  podSecurityPolicy:
    enabled: false

+topology:
+  # Specifies whether topology based provisioning support should
+  # be exposed by CSI
+  enabled: false
+  # domainLabels define which node labels to use as domains
+  # for CSI nodeplugins to advertise their domains
+  # NOTE: the value here serves as an example and needs to be
+  # updated with node labels that define domains of interest
+  domainLabels:
+    - failure-domain/region
+    - failure-domain/zone
+
 #########################################################
 # Variables for 'internal' use please use with caution! #
 #########################################################