diff --git a/.github/workflows/test-chart.yml b/.github/workflows/test-chart.yml index a18029c58..b8e2e1dcd 100644 --- a/.github/workflows/test-chart.yml +++ b/.github/workflows/test-chart.yml @@ -7,8 +7,8 @@ permissions: contents: read jobs: - test-operator: - name: operator chart + test-helm: + name: helm charts runs-on: ubuntu-latest steps: - name: Clone the code @@ -35,25 +35,55 @@ jobs: run: | make docker-build - - name: Install Helm + - name: Install helm run: | curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - - name: Verify Helm installation + - name: Verify helm installation run: helm version - - name: Lint Helm Chart + - name: Lint operator helm chart run: | helm lint ./deploy/charts/ceph-csi-operator - - name: Install Helm chart for project + - name: Install operator helm chart run: | - helm install my-release ./deploy/charts/ceph-csi-operator --create-namespace --namespace ceph-csi-operator-system + helm install csi-operator ./deploy/charts/ceph-csi-operator --create-namespace --namespace ceph-csi-operator-system - - name: Check Helm release status + - name: Check operator helm release status run: | - helm status my-release --namespace ceph-csi-operator-system + helm status csi-operator --namespace ceph-csi-operator-system - name: Check operator is running run: | for i in {1..180}; do kubectl get pods -l app.kubernetes.io/name=ceph-csi-operator -n ceph-csi-operator-system -o jsonpath='{.items[0].status.phase}' | grep -q "Running" && exit 0 || sleep 1; done; echo "Pod not running after 3 minutes"; exit 1 + + - name: Patch operator to watch csi driver namespace + run: | + kubectl patch deployment csi-operator-ceph-csi-operator-controller-manager -nceph-csi-operator-system --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/env/2/value", "value": "csi-driver"}]' + + - name: Lint csi driver helm chart + run: | + helm lint ./deploy/charts/ceph-csi-drivers + + - name: Install csi driver helm chart + run: | + helm install csi-driver ./deploy/charts/ceph-csi-drivers --create-namespace --namespace csi-driver + + - name: Check csi driver helm release status + run: | + helm status csi-driver --namespace csi-driver + + - name: Check csi pods are running + run: | + for i in {1..180}; do + if [ $(kubectl get pods -n csi-driver --field-selector=status.phase=Running --no-headers | wc -l) -eq 6 ]; then + exit 0; + fi + sleep 1; + done; + kubectl get pods,deployment,daemonset,replicaset -oyaml -n csi-driver + kubectl get pods,deployment,daemonset,replicaset -n csi-driver + kubectl logs -l app.kubernetes.io/instance=ceph-csi-operator -nceph-csi-operator-system + echo "Pod(s) not running after 3 minutes"; + exit 1; diff --git a/deploy/charts/ceph-csi-drivers/.helmignore b/deploy/charts/ceph-csi-drivers/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/deploy/charts/ceph-csi-drivers/Chart.yaml b/deploy/charts/ceph-csi-drivers/Chart.yaml new file mode 100644 index 000000000..80278b00f --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: ceph-csi-drivers +description: A Helm chart for Ceph CSI drivers +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.2.0 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.2.0" diff --git a/deploy/charts/ceph-csi-drivers/templates/_helpers.tpl b/deploy/charts/ceph-csi-drivers/templates/_helpers.tpl new file mode 100644 index 000000000..935ea47e1 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/_helpers.tpl @@ -0,0 +1,67 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "ceph-csi-drivers.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ceph-csi-drivers.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ceph-csi-drivers.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "ceph-csi-drivers.labels" -}} +helm.sh/chart: {{ include "ceph-csi-drivers.chart" . }} +{{ include "ceph-csi-drivers.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "ceph-csi-drivers.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ceph-csi-drivers.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ceph-csi-drivers.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "ceph-csi-drivers.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* Helper function to normalize the driver name */}} +{{- define "normalizeDriverName" -}} +{{- . | lower | replace "." "-" -}} +{{- end -}} diff --git a/deploy/charts/ceph-csi-drivers/templates/cephConnection.yaml b/deploy/charts/ceph-csi-drivers/templates/cephConnection.yaml new file mode 100644 index 000000000..8990f5cf9 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/cephConnection.yaml @@ -0,0 +1,21 @@ +{{- $root := . -}} +{{- range $cephConnection := .Values.cephConnections -}} +{{- if $cephConnection.name -}} +apiVersion: csi.ceph.io/v1alpha1 +kind: CephConnection +metadata: + name: {{ $cephConnection.name }} + namespace: {{ $root.Release.Namespace }} +spec: + monitors: + {{- range $cephConnection.monitors }} + - {{ . }} + {{- end }} + rbdMirrorDaemonCount: {{ $cephConnection.rbdMirrorDaemonCount }} + readAffinity: + crushLocationLabels: + {{- range $cephConnection.crushLocationLabels }} + - {{ . }} + {{- end }} +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/cephfs-ctrlplugin-cr-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/cephfs-ctrlplugin-cr-rbac.yaml new file mode 100644 index 000000000..88ab1b4bc --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/cephfs-ctrlplugin-cr-rbac.yaml @@ -0,0 +1,170 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "cephfs.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $normalizedDriverName }}-ctrlplugin-cr +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + - patch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents/status + verbs: + - update + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/cephfs-ctrlplugin-crb-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/cephfs-ctrlplugin-crb-rbac.yaml new file mode 100644 index 000000000..28b2ae872 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/cephfs-ctrlplugin-crb-rbac.yaml @@ -0,0 +1,18 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "cephfs.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $normalizedDriverName }}-ctrlplugin-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $normalizedDriverName }}-ctrlplugin-cr +subjects: +- kind: ServiceAccount + name: {{ $normalizedDriverName }}-ctrlplugin-sa + namespace: {{ $root.Release.Namespace }} +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/cephfs-ctrlplugin-r-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/cephfs-ctrlplugin-r-rbac.yaml new file mode 100644 index 000000000..0c270e52a --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/cephfs-ctrlplugin-r-rbac.yaml @@ -0,0 +1,58 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "cephfs.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $normalizedDriverName }}-ctrlplugin-r +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - get + - watch + - list + - create + - update + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - apps + resources: + - deployments/finalizers + - daemonsets/finalizers + verbs: + - update +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/cephfs-ctrlplugin-rb-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/cephfs-ctrlplugin-rb-rbac.yaml new file mode 100644 index 000000000..2710ee41c --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/cephfs-ctrlplugin-rb-rbac.yaml @@ -0,0 +1,18 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "cephfs.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $normalizedDriverName }}-ctrlplugin-rb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ $normalizedDriverName }}-ctrlplugin-r +subjects: +- kind: ServiceAccount + name: {{ $normalizedDriverName }}-ctrlplugin-sa + namespace: {{ $root.Release.Namespace }} +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/cephfs-nodeplugin-cr-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/cephfs-nodeplugin-cr-rbac.yaml new file mode 100644 index 000000000..9b87cb5c0 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/cephfs-nodeplugin-cr-rbac.yaml @@ -0,0 +1,41 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "cephfs.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $normalizedDriverName }}-nodeplugin-cr +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/cephfs-nodeplugin-crb-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/cephfs-nodeplugin-crb-rbac.yaml new file mode 100644 index 000000000..7b404e154 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/cephfs-nodeplugin-crb-rbac.yaml @@ -0,0 +1,18 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "cephfs.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $normalizedDriverName }}-nodeplugin-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $normalizedDriverName }}-nodeplugin-cr +subjects: +- kind: ServiceAccount + name: {{ $normalizedDriverName }}-nodeplugin-sa + namespace: {{ $root.Release.Namespace }} +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/clientProfiles.yaml b/deploy/charts/ceph-csi-drivers/templates/clientProfiles.yaml new file mode 100644 index 000000000..ba7fc042e --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/clientProfiles.yaml @@ -0,0 +1,35 @@ +{{- $root := . -}} +{{- range $clientProfile := .Values.clientProfiles -}} +{{- if $clientProfile.name -}} +apiVersion: csi.ceph.io/v1alpha1 +kind: ClientProfile +metadata: + name: {{ $clientProfile.name }} + namespace: {{ $root.Release.Namespace }} +spec: + cephConnectionRef: + name: {{ $clientProfile.cephConnection.name }} + {{- if $clientProfile.cephFs }} + cephFs: + {{- if $clientProfile.cephFs.fuseMountOptions }} + fuseMountOptions: + {{ range $key, $value := $clientProfile.cephFs.fuseMountOptions }} + {{ $key }}: {{ $value }} + {{ end }} + {{- end }} + {{- if $clientProfile.cephFs.kernelMountOptions }} + kernelMountOptions: + {{ range $key, $value := $clientProfile.cephFs.kernelMountOptions }} + {{ $key }}: {{ $value }} + {{ end }} + {{- end }} + subVolumeGroup: {{ $clientProfile.cephFs.subVolumeGroup }} + {{- end }} + {{- if $clientProfile.rbd }} + rbd: + {{- if $clientProfile.rbd.radosNamespace }} + radosNamespace: {{ $clientProfile.rbd.radosNamespace }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/driver.yaml b/deploy/charts/ceph-csi-drivers/templates/driver.yaml new file mode 100644 index 000000000..d0168e23f --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/driver.yaml @@ -0,0 +1,121 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +--- +apiVersion: csi.ceph.io/v1alpha1 +kind: Driver +metadata: + name: {{ $driver.name }} + namespace: {{ $root.Release.Namespace }} +spec: + {{- if $driver.log }} + log: + verbosity: {{ $driver.log.verbosity }} + {{- if $driver.log.rotation }} + rotation: + maxFiles: {{ $driver.log.rotation.maxFiles }} + maxLogSize: {{ $driver.log.rotation.maxLogSize }} + periodicity: {{ $driver.log.rotation.periodicity }} + logHostPath: {{ $driver.log.rotation.logHostPath }} + {{- end }} + {{- end }} + {{- if $driver.imageSet }} + {{- if $driver.imageSet.name }} + imageSet: + name: {{ $driver.imageSet.name }} + {{- end }} + {{- end }} + clusterName: {{ $driver.clusterName }} + enableMetadata: {{ $driver.enableMetadata }} + grpcTimeout: {{ $driver.grpcTimeout }} + snapshotPolicy: {{ $driver.snapshotPolicy }} + generateOMapInfo: {{ $driver.generateOMapInfo }} + fsGroupPolicy: {{ $driver.fsGroupPolicy }} + {{- if $driver.encryption }} + {{- if $driver.encryption.configMapRef.name }} + encryption: + configMapRef: + name: {{ $driver.encryption.configMapRef.name }} + {{- end }} + {{- end }} + attachRequired: {{ $driver.attachRequired }} + deployCsiAddons: {{ $driver.deployCsiAddons }} + cephFsClientType: {{ $driver.cephFsClientType }} + kernelMountOptions: + {{- if $driver.kernelMountOptions }} + {{- toYaml $driver.kernelMountOptions | nindent 4 }} + {{- else }} + {} # Empty map if not defined + {{- end }} + fuseMountOptions: + {{- if $driver.fuseMountOptions }} + {{- toYaml $driver.fuseMountOptions | nindent 4 }} + {{- else }} + {} # Empty map if not defined + {{- end }} + # Node Plugin Configuration + nodePlugin: + serviceAccountName: {{ $normalizedDriverName }}-nodeplugin-sa + {{- if $driver.nodePlugin }} + updateStrategy: {{ $driver.nodePlugin.updateStrategy | toYaml | nindent 8 }} + {{- if $driver.nodePlugin.resources }} + resources: + registrar: {{ $driver.nodePlugin.resources.registrar | toYaml | nindent 4 }} + liveness: {{ $driver.nodePlugin.resources.liveness | toYaml | nindent 4 }} + addons: {{ $driver.nodePlugin.resources.addons | toYaml | nindent 4 }} + logRotator: {{ $driver.nodePlugin.resources.logRotator | toYaml | nindent 4 }} + plugin: {{ $driver.nodePlugin.resources.plugin | toYaml | nindent 4 }} + {{- end }} + kubeletDirPath: {{ $driver.nodePlugin.kubeletDirPath }} + EnableSeLinuxHostMount: {{ $driver.nodePlugin.enableSeLinuxHostMount }} + priorityClassName: {{ $driver.nodePlugin.priorityClassName }} + labels: {{ $driver.nodePlugin.labels | toYaml | nindent 8 }} + annotations: {{ $driver.nodePlugin.annotations | toYaml | nindent 8 }} + affinity: {{ $driver.nodePlugin.affinity | toYaml | nindent 8 }} + tolerations: {{ $driver.nodePlugin.tolerations | toYaml | nindent 8 }} + imagePullPolicy: {{ $driver.nodePlugin.imagePullPolicy }} + {{- if $driver.nodePlugin.topology }} + topology: + domainLabels: + {{ $driver.nodePlugin.topology.domainLabels | toYaml | nindent 8 }} + {{- end }} + volumes: + {{- if $driver.nodePlugin.volumes }} + {{- toYaml $driver.nodePlugin.volumes | nindent 4 }} + {{- else }} + [] # Empty list if no volumes are defined + {{- end }} + {{- end }} + # Controller Plugin Configuration + controllerPlugin: + serviceAccountName: {{ $normalizedDriverName }}-ctrlplugin-sa + {{- if $driver.controllerPlugin }} + hostNetwork: {{ $driver.controllerPlugin.hostNetwork | default false }} + deploymentStrategy: {{ $driver.controllerPlugin.deploymentStrategy | toYaml | nindent 8 }} + replicas: {{ $driver.controllerPlugin.replicas | default 2 }} + {{- if $driver.controllerPlugin.resources }} + resources: + attacher: {{ $driver.controllerPlugin.resources.attacher | toYaml | nindent 8 }} + snapshotter: {{ $driver.controllerPlugin.resources.snapshotter | toYaml | nindent 8 }} + resizer: {{ $driver.controllerPlugin.resources.resizer | toYaml | nindent 8 }} + provisioner: {{ $driver.controllerPlugin.resources.provisioner | toYaml | nindent 8 }} + omapGenerator: {{ $driver.controllerPlugin.resources.omapGenerator | toYaml | nindent 8 }} + liveness: {{ $driver.controllerPlugin.resources.liveness | toYaml | nindent 8 }} + addons: {{ $driver.controllerPlugin.resources.addons | toYaml | nindent 8 }} + logRotator: {{ $driver.controllerPlugin.resources.logRotator | toYaml | nindent 8 }} + plugin: {{ $driver.controllerPlugin.resources.plugin | toYaml | nindent 8 }} + {{- end }} + privileged: {{ $driver.controllerPlugin.privileged | default false }} + priorityClassName: {{ $driver.controllerPlugin.priorityClassName }} + affinity: {{ $driver.controllerPlugin.affinity | toYaml | nindent 8 }} + tolerations: + {{- toYaml $driver.controllerPlugin.tolerations | nindent 8 }} + volumes: + {{- if $driver.controllerPlugin.volumes }} + {{- toYaml $driver.controllerPlugin.volumes | nindent 4 }} + {{- else }} + [] + {{- end }} + imagePullPolicy: {{ $driver.controllerPlugin.imagePullPolicy }} + {{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/nfs-ctrlplugin-cr-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/nfs-ctrlplugin-cr-rbac.yaml new file mode 100644 index 000000000..45b09c2f2 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/nfs-ctrlplugin-cr-rbac.yaml @@ -0,0 +1,138 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "nfs.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $normalizedDriverName }}-ctrlplugin-cr +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - update + - delete + - patch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/nfs-ctrlplugin-crb-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/nfs-ctrlplugin-crb-rbac.yaml new file mode 100644 index 000000000..e5f01d256 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/nfs-ctrlplugin-crb-rbac.yaml @@ -0,0 +1,18 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "nfs.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $normalizedDriverName }}-ctrlplugin-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $normalizedDriverName }}-ctrlplugin-cr +subjects: +- kind: ServiceAccount + name: {{ $normalizedDriverName }}-ctrlplugin-sa + namespace: {{ $root.Release.Namespace }} +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/nfs-nodeplugin-cr-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/nfs-nodeplugin-cr-rbac.yaml new file mode 100644 index 000000000..01434b48a --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/nfs-nodeplugin-cr-rbac.yaml @@ -0,0 +1,17 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "nfs.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $normalizedDriverName }}-nodeplugin-cr +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/nfs-nodeplugin-crb-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/nfs-nodeplugin-crb-rbac.yaml new file mode 100644 index 000000000..f84ae3e03 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/nfs-nodeplugin-crb-rbac.yaml @@ -0,0 +1,18 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "nfs.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $normalizedDriverName }}-nodeplugin-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $normalizedDriverName }}-nodeplugin-cr +subjects: +- kind: ServiceAccount + name: {{ $normalizedDriverName }}-nodeplugin-sa + namespace: {{ $root.Release.Namespace }} +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/operatorConfig.yaml b/deploy/charts/ceph-csi-drivers/templates/operatorConfig.yaml new file mode 100644 index 000000000..897394e50 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/operatorConfig.yaml @@ -0,0 +1,124 @@ +{{- $root := . -}} +{{- $config := .Values.operatorConfig -}} +{{- if $config.create }} +--- +apiVersion: csi.ceph.io/v1alpha1 +kind: OperatorConfig +metadata: + name: {{ $config.name }} + namespace: {{ $config.namespace }} +spec: + {{ if $config.log }} + log: + verbosity: {{ $config.log.verbosity }} + {{- end }} + driverSpecDefaults: + {{- if $config.driverSpecDefaults.log }} + log: + verbosity: {{ $config.driverSpecDefaults.log.verbosity }} + {{- if $config.driverSpecDefaults.log.rotation }} + rotation: + maxFiles: {{ $config.driverSpecDefaults.log.rotation.maxFiles }} + maxLogSize: {{ $config.driverSpecDefaults.log.rotation.maxLogSize }} + periodicity: {{ $config.driverSpecDefaults.log.rotation.periodicity }} + logHostPath: {{ $config.driverSpecDefaults.log.rotation.logHostPath }} + {{- end }} + {{- end }} + {{- if $config.driverSpecDefaults.imageSet }} + {{- if $config.driverSpecDefaults.imageSet.name }} + imageSet: + name: {{ $config.driverSpecDefaults.imageSet.name }} + {{- end }} + {{- end }} + clusterName: {{ $config.driverSpecDefaults.clusterName }} + enableMetadata: {{ $config.driverSpecDefaults.enableMetadata }} + grpcTimeout: {{ $config.driverSpecDefaults.grpcTimeout }} + snapshotPolicy: {{ $config.driverSpecDefaults.snapshotPolicy }} + generateOMapInfo: {{ $config.driverSpecDefaults.generateOMapInfo }} + fsGroupPolicy: {{ $config.driverSpecDefaultsfsGroupPolicy }} + {{- if $config.driverSpecDefaults.encryption }} + {{- if $config.driverSpecDefaults.encryption.configMapRef.name }} + encryption: + configMapRef: + name: {{ $config.driverSpecDefaults.encryption.configMapRef.name }} + {{- end }} + {{- end }} + attachRequired: {{ $config.driverSpecDefaults.attachRequired }} + deployCsiAddons: {{ $config.driverSpecDefaults.deployCsiAddons }} + cephFsClientType: {{ $config.driverSpecDefaults.cephFsClientType }} + kernelMountOptions: + {{- if $config.driverSpecDefaults.kernelMountOptions }} + {{- toYaml $config.driverSpecDefaults.kernelMountOptions | nindent 4 }} + {{- else }} + {} # Empty map if not defined + {{- end }} + fuseMountOptions: + {{- if $config.driverSpecDefaults.fuseMountOptions }} + {{- toYaml $config.driverSpecDefaults.fuseMountOptions | nindent 4 }} + {{- else }} + {} # Empty map if not defined + {{- end }} + # Node Plugin Configuration + nodePlugin: + {{- if $config.driverSpecDefaults.nodePlugin }} + updateStrategy: {{ $config.driverSpecDefaults.nodePlugin.updateStrategy | toYaml | nindent 8 }} + {{- if $config.driverSpecDefaults.nodePlugin.resources }} + resources: + registrar: {{ $config.driverSpecDefaults.nodePlugin.resources.registrar | toYaml | nindent 4 }} + liveness: {{ $config.driverSpecDefaults.nodePlugin.resources.liveness | toYaml | nindent 4 }} + addons: {{ $config.driverSpecDefaults.nodePlugin.resources.addons | toYaml | nindent 4 }} + logRotator: {{ $config.driverSpecDefaults.nodePlugin.resources.logRotator | toYaml | nindent 4 }} + plugin: {{ $config.driverSpecDefaults.nodePlugin.resources.plugin | toYaml | nindent 4 }} + {{- end }} + kubeletDirPath: {{ $config.driverSpecDefaults.nodePlugin.kubeletDirPath }} + EnableSeLinuxHostMount: {{ $config.driverSpecDefaults.nodePlugin.enableSeLinuxHostMount }} + priorityClassName: {{ $config.driverSpecDefaults.nodePlugin.priorityClassName }} + labels: {{ $config.driverSpecDefaults.nodePlugin.labels | toYaml | nindent 8 }} + annotations: {{ $config.driverSpecDefaults.nodePlugin.annotations | toYaml | nindent 8 }} + affinity: {{ $config.driverSpecDefaults.nodePlugin.affinity | toYaml | nindent 8 }} + tolerations: {{ $config.driverSpecDefaults.nodePlugin.tolerations | toYaml | nindent 8 }} + imagePullPolicy: {{ $config.driverSpecDefaults.nodePlugin.imagePullPolicy }} + {{- if $config.driverSpecDefaults.nodePlugin.topology }} + topology: + domainLabels: + {{ $config.driverSpecDefaults.nodePlugin.topology.domainLabels | toYaml | nindent 8 }} + {{- end }} + volumes: + {{- if $config.driverSpecDefaults.nodePlugin.volumes }} + {{- toYaml $config.driverSpecDefaults.nodePlugin.volumes | nindent 4 }} + {{- else }} + [] # Empty list if no volumes are defined + {{- end }} + {{- end }} + # Controller Plugin Configuration + controllerPlugin: + {{- if $config.driverSpecDefaults.controllerPlugin }} + hostNetwork: {{ $config.driverSpecDefaults.controllerPlugin.hostNetwork | default false }} + deploymentStrategy: {{ $config.driverSpecDefaults.controllerPlugin.deploymentStrategy | toYaml | nindent 8 }} + replicas: {{ $config.driverSpecDefaults.controllerPlugin.replicas | default 2 }} + {{- if $config.driverSpecDefaults.controllerPlugin.resources }} + resources: + attacher: {{ $config.driverSpecDefaults.controllerPlugin.resources.attacher | toYaml | nindent 8 }} + snapshotter: {{ $config.driverSpecDefaults.controllerPlugin.resources.snapshotter | toYaml | nindent 8 }} + resizer: {{ $config.driverSpecDefaults.controllerPlugin.resources.resizer | toYaml | nindent 8 }} + provisioner: {{ $config.driverSpecDefaults.controllerPlugin.resources.provisioner | toYaml | nindent 8 }} + omapGenerator: {{ $config.driverSpecDefaults.controllerPlugin.resources.omapGenerator | toYaml | nindent 8 }} + liveness: {{ $config.driverSpecDefaults.controllerPlugin.resources.liveness | toYaml | nindent 8 }} + addons: {{ $config.driverSpecDefaults.controllerPlugin.resources.addons | toYaml | nindent 8 }} + logRotator: {{ $config.driverSpecDefaults.controllerPlugin.resources.logRotator | toYaml | nindent 8 }} + plugin: {{ $config.driverSpecDefaults.controllerPlugin.resources.plugin | toYaml | nindent 8 }} + {{- end }} + privileged: {{ $config.driverSpecDefaults.controllerPlugin.privileged | default false }} + priorityClassName: {{ $config.driverSpecDefaults.controllerPlugin.priorityClassName }} + affinity: {{ $config.driverSpecDefaults.controllerPlugin.affinity | toYaml | nindent 8 }} + tolerations: + {{- toYaml $config.driverSpecDefaults.controllerPlugin.tolerations | nindent 8 }} + volumes: + {{- if $config.driverSpecDefaults.controllerPlugin.volumes }} + {{- toYaml $config.driverSpecDefaults.controllerPlugin.volumes | nindent 4 }} + {{- else }} + [] + {{- end }} + imagePullPolicy: {{ $config.driverSpecDefaults.controllerPlugin.imagePullPolicy }} + {{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/rbd-ctrlplugin-cr-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/rbd-ctrlplugin-cr-rbac.yaml new file mode 100644 index 000000000..9843cb143 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/rbd-ctrlplugin-cr-rbac.yaml @@ -0,0 +1,187 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "rbd.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $normalizedDriverName }}-ctrlplugin-cr +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - patch +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - patch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - watch + - patch + - update +- apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents/status + verbs: + - update + - patch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotclasses + verbs: + - get + - list + - watch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents + verbs: + - get + - list + - watch + - update + - patch +- apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents/status + verbs: + - update + - patch +- apiGroups: + - replication.storage.openshift.io + resources: + - volumegroupreplicationcontents + verbs: + - get + - list + - watch +- apiGroups: + - replication.storage.openshift.io + resources: + - volumegroupreplicationclasses + verbs: + - get + - list + - watch +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/rbd-ctrlplugin-crb-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/rbd-ctrlplugin-crb-rbac.yaml new file mode 100644 index 000000000..8f4cb30cf --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/rbd-ctrlplugin-crb-rbac.yaml @@ -0,0 +1,18 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "rbd.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $normalizedDriverName }}-ctrlplugin-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $normalizedDriverName }}-ctrlplugin-cr +subjects: +- kind: ServiceAccount + name: {{ $normalizedDriverName }}-ctrlplugin-sa + namespace: {{ $root.Release.Namespace }} +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/rbd-ctrlplugin-r-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/rbd-ctrlplugin-r-rbac.yaml new file mode 100644 index 000000000..a0dd999e8 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/rbd-ctrlplugin-r-rbac.yaml @@ -0,0 +1,58 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "rbd.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $normalizedDriverName }}-ctrlplugin-r +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - get + - watch + - list + - create + - update + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - apps + resources: + - deployments/finalizers + - daemonsets/finalizers + verbs: + - update +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/rbd-ctrlplugin-rb-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/rbd-ctrlplugin-rb-rbac.yaml new file mode 100644 index 000000000..99f307061 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/rbd-ctrlplugin-rb-rbac.yaml @@ -0,0 +1,18 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "rbd.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $normalizedDriverName }}-ctrlplugin-rb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ $normalizedDriverName }}-ctrlplugin-r +subjects: +- kind: ServiceAccount + name: {{ $normalizedDriverName }}-ctrlplugin-sa + namespace: {{ $root.Release.Namespace }} +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/rbd-nodeplugin-cr-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/rbd-nodeplugin-cr-rbac.yaml new file mode 100644 index 000000000..4e87ad367 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/rbd-nodeplugin-cr-rbac.yaml @@ -0,0 +1,56 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "rbd.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ $normalizedDriverName }}-nodeplugin-cr +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/rbd-nodeplugin-crb-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/rbd-nodeplugin-crb-rbac.yaml new file mode 100644 index 000000000..451b073e2 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/rbd-nodeplugin-crb-rbac.yaml @@ -0,0 +1,18 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "rbd.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ $normalizedDriverName }}-nodeplugin-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $normalizedDriverName }}-nodeplugin-cr +subjects: +- kind: ServiceAccount + name: {{ $normalizedDriverName }}-nodeplugin-sa + namespace: {{ $root.Release.Namespace }} +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/rbd-nodeplugin-r-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/rbd-nodeplugin-r-rbac.yaml new file mode 100644 index 000000000..b0962b76f --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/rbd-nodeplugin-r-rbac.yaml @@ -0,0 +1,47 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "rbd.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $normalizedDriverName }}-nodeplugin-r +rules: +- apiGroups: + - csiaddons.openshift.io + resources: + - csiaddonsnodes + verbs: + - get + - watch + - list + - create + - update + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + verbs: + - get +- apiGroups: + - apps + resources: + - deployments/finalizers + - daemonsets/finalizers + verbs: + - update +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/rbd-nodeplugin-rb-rbac.yaml b/deploy/charts/ceph-csi-drivers/templates/rbd-nodeplugin-rb-rbac.yaml new file mode 100644 index 000000000..1a968a516 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/rbd-nodeplugin-rb-rbac.yaml @@ -0,0 +1,18 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- if hasSuffix "rbd.csi.ceph.com" $driver.name }} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $normalizedDriverName }}-nodeplugin-rb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ $normalizedDriverName }}-nodeplugin-r +subjects: +- kind: ServiceAccount + name: {{ $normalizedDriverName }}-nodeplugin-sa + namespace: {{ $root.Release.Namespace }} +{{- end }} +{{- end }} diff --git a/deploy/charts/ceph-csi-drivers/templates/serviceaccount.yaml b/deploy/charts/ceph-csi-drivers/templates/serviceaccount.yaml new file mode 100644 index 000000000..10b3e4ea3 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- $root := . -}} +{{- range $driver := .Values.drivers -}} +{{- $normalizedDriverName := include "normalizeDriverName" $driver.name }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $normalizedDriverName }}-ctrlplugin-sa + namespace: {{ $root.Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $normalizedDriverName }}-nodeplugin-sa + namespace: {{ $root.Release.Namespace }} +{{- end}} diff --git a/deploy/charts/ceph-csi-drivers/values.yaml b/deploy/charts/ceph-csi-drivers/values.yaml new file mode 100644 index 000000000..5df5e8851 --- /dev/null +++ b/deploy/charts/ceph-csi-drivers/values.yaml @@ -0,0 +1,475 @@ +# Configuration for Ceph Connections +cephConnections: + - + # Name for the Ceph connection + name: "" + + # Ceph monitors (key-value pairs, typically IP addresses of the Ceph monitors) + monitors: {} + + # Number of RBD mirror daemons (default is 1) + rbdMirrorDaemonCount: 1 + + # Labels to be used for CRUSH location selection + crushLocationLabels: {} + +# Configuration for Client Profiles +clientProfiles: + - + # Name of the client profile + name: "" + + cephConnection: + # Reference to the Ceph connection for this profile + name: "" + + cephFs: + # Mount options for CephFS with FUSE + fuseMountOptions: {} + + # Mount options for CephFS with the kernel + kernelMountOptions: {} + + # Sub-volume group for the CephFS client + subVolumeGroup: "" + + rbd: + # Namespace for RADOS block devices + radosNamespace: "" + +# Operator configuration section +operatorConfig: + # Name of the operator config + name: ceph-csi-operator-config + + # Namespace for the operator configuration + namespace: "" + + # Flag to indicate if the config should be created + create: true + + driverSpecDefaults: + log: + # Log verbosity level (0-5) + verbosity: 0 + + rotation: + # Maximum number of log files to keep + maxFiles: 7 + + # Maximum size of each log file + maxLogSize: "10Gi" + + # Periodicity for log rotation (options: hourly, daily, weekly, monthly) + periodicity: "daily" + + # Default log directory path + logHostPath: "" + + imageSet: + # ConfigMap reference to the image set for the driver + name: "" + + # Cluster name identifier + clusterName: "" + + # Flag to enable metadata + enableMetadata: false + + # gRPC timeout in seconds + grpcTimeout: 30 + + # Snapshot policy (options: none, volumeGroupSnapshot, volumeSnapshot) + snapshotPolicy: "none" + + # Flag to generate OMap info + generateOMapInfo: false + + # File system group policy (e.g., "None", "ReadWriteOnceWithFSType") + fsGroupPolicy: "File" + + encryption: + configMapRef: + # Name of the ConfigMap for encryption settings + name: "" + + # Flag indicating whether attachment is required + attachRequired: true + + # Flag to deploy CSI Addons + deployCsiAddons: false + + # CephFS client type (options: autodetect, kernel) + cephFsClientType: "kernel" + + # Kernel mount options + kernelMountOptions: {} + + # FUSE mount options + fuseMountOptions: {} + + # Node Plugin Configuration + nodePlugin: + # Pod's priority class name + priorityClassName: "" + + # Custom labels for the pod + labels: {} + + # Custom annotations for the pod + annotations: {} + + # Affinity settings for the pod + affinity: {} + + # List of tolerations for the pod + tolerations: [] + + # List of volumes attached to the pod + volumes: [] + + # Image pull policy (default is "IfNotPresent") + imagePullPolicy: "IfNotPresent" + + # Controller Plugin Configuration + controllerPlugin: + # Flag to use host network for the controller plugin + hostNetwork: false + + # Number of replicas for the controller plugin + replicas: 1 + + # Resource requirements for controller plugin containers + resources: {} + + # Deployment strategy for the controller plugin + deploymentStrategy: {} + + # Flag to indicate if the container should be privileged + privileged: false + + # List of tolerations for the controller plugin + tolerations: [] + +# Drivers configuration +drivers: + - + # Driver name for RBD + name: "rbd.csi.ceph.com" + + log: + # Log verbosity level (0-5) + verbosity: 0 + + rotation: + # Maximum number of log files to keep + maxFiles: 7 + + # Maximum size of each log file + maxLogSize: "10Gi" + + # Periodicity for log rotation (options: hourly, daily, weekly, monthly) + periodicity: "daily" + + # Default log directory path + logHostPath: "" + + imageSet: + # ConfigMap reference to the image set for the driver + name: "" + + # Cluster name identifier + clusterName: "" + + # Flag to enable metadata + enableMetadata: false + + # gRPC timeout in seconds + grpcTimeout: 30 + + # Snapshot policy (options: none, volumeGroupSnapshot, volumeSnapshot) + snapshotPolicy: "none" + + # Flag to generate OMap info + generateOMapInfo: false + + # File system group policy (e.g., "None", "ReadWriteOnceWithFSType") + fsGroupPolicy: "File" + + encryption: + configMapRef: + # Name of the ConfigMap for encryption settings + name: "" + + # Flag indicating whether attachment is required + attachRequired: true + + # Flag to deploy CSI Addons + deployCsiAddons: false + + # CephFS client type (options: autodetect, kernel) + cephFsClientType: "kernel" + + # Kernel mount options + kernelMountOptions: {} + + # FUSE mount options + fuseMountOptions: {} + + # Node Plugin Configuration + nodePlugin: + # Pod's priority class name + priorityClassName: "" + + # Custom labels for the pod + labels: {} + + # Custom annotations for the pod + annotations: {} + + # Affinity settings for the pod + affinity: {} + + # List of tolerations for the pod + tolerations: [] + + # List of volumes attached to the pod + volumes: [] + + # Image pull policy (default is "IfNotPresent") + imagePullPolicy: "IfNotPresent" + + # Controller Plugin Configuration + controllerPlugin: + # Flag to use host network for the controller plugin + hostNetwork: false + + # Number of replicas for the controller plugin + replicas: 1 + + # Resource requirements for controller plugin containers + resources: {} + + # Deployment strategy for the controller plugin + deploymentStrategy: {} + + # Flag to indicate if the container should be privileged + privileged: false + + # List of tolerations for the controller plugin + tolerations: [] + + - + # Driver name for CephFS + name: "cephfs.csi.ceph.com" + + log: + # Log verbosity level (0-5) + verbosity: 0 + + rotation: + # Maximum number of log files to keep + maxFiles: 7 + + # Maximum size of each log file + maxLogSize: "10Gi" + + # Periodicity for log rotation (options: hourly, daily, weekly, monthly) + periodicity: "daily" + + # Default log directory path + logHostPath: "" + + imageSet: + # ConfigMap reference to the image set for the driver + name: "" + + # Cluster name identifier + clusterName: "" + + # Flag to enable metadata + enableMetadata: false + + # gRPC timeout in seconds + grpcTimeout: 30 + + # Snapshot policy (options: none, volumeGroupSnapshot, volumeSnapshot) + snapshotPolicy: "volumeSnapshot" + + # Flag to generate OMap info + generateOMapInfo: false + + # File system group policy (e.g., "None", "ReadWriteOnceWithFSType") + fsGroupPolicy: "None" + + encryption: + configMapRef: + # Name of the ConfigMap for encryption settings + name: "" + + # Flag indicating whether attachment is required + attachRequired: true + + # Flag to deploy CSI Addons + deployCsiAddons: false + + # CephFS client type (options: autodetect, kernel) + cephFsClientType: "kernel" + + # Kernel mount options + kernelMountOptions: {} + + # FUSE mount options + fuseMountOptions: {} + + # Node Plugin Configuration + nodePlugin: + # Pod's priority class name + priorityClassName: "" + + # Custom labels for the pod + labels: {} + + # Custom annotations for the pod + annotations: {} + + # Affinity settings for the pod + affinity: {} + + # List of tolerations for the pod + tolerations: [] + + # List of volumes attached to the pod + volumes: [] + + # Image pull policy (default is "IfNotPresent") + imagePullPolicy: "IfNotPresent" + + # Controller Plugin Configuration + controllerPlugin: + # Flag to use host network for the controller plugin + hostNetwork: false + + # Number of replicas for the controller plugin + replicas: 1 + + # Resource requirements for controller plugin containers + resources: {} + + # Deployment strategy for the controller plugin + deploymentStrategy: {} + + # Flag to indicate if the container should be privileged + privileged: false + + # List of tolerations for the controller plugin + tolerations: [] + + - + # Driver name for NFS + name: "nfs.csi.ceph.com" + + log: + # Log verbosity level (0-5) + verbosity: 0 + + rotation: + # Maximum number of log files to keep + maxFiles: 7 + + # Maximum size of each log file + maxLogSize: "10Gi" + + # Periodicity for log rotation (options: hourly, daily, weekly, monthly) + periodicity: "daily" + + # Default log directory path + logHostPath: "" + + imageSet: + # ConfigMap reference to the image set for the driver + name: "" + + # Cluster name identifier + clusterName: "" + + # Flag to enable metadata + enableMetadata: false + + # gRPC timeout in seconds + grpcTimeout: 30 + + # Snapshot policy (options: none, volumeGroupSnapshot, volumeSnapshot) + snapshotPolicy: "volumeSnapshot" + + # Flag to generate OMap info + generateOMapInfo: false + + # File system group policy (e.g., "None", "ReadWriteOnceWithFSType") + fsGroupPolicy: "None" + + encryption: + configMapRef: + # Name of the ConfigMap for encryption settings + name: "" + + # Flag indicating whether attachment is required + attachRequired: true + + # Flag to deploy CSI Addons + deployCsiAddons: false + + # CephFS client type (options: autodetect, kernel) + cephFsClientType: "kernel" + + # Kernel mount options + kernelMountOptions: {} + + # FUSE mount options + fuseMountOptions: {} + + # Node Plugin Configuration + nodePlugin: + # Service account name for the pod + serviceAccountName: "" + + # Pod's priority class name + priorityClassName: "" + + # Custom labels for the pod + labels: {} + + # Custom annotations for the pod + annotations: {} + + # Affinity settings for the pod + affinity: {} + + # List of tolerations for the pod + tolerations: [] + + # List of volumes attached to the pod + volumes: [] + + # Image pull policy (default is "IfNotPresent") + imagePullPolicy: "IfNotPresent" + + # Controller Plugin Configuration + controllerPlugin: + # Flag to use host network for the controller plugin + hostNetwork: false + + # Number of replicas for the controller plugin + replicas: 1 + + # Resource requirements for controller plugin containers + resources: {} + + # Deployment strategy for the controller plugin + deploymentStrategy: {} + + # Flag to indicate if the container should be privileged + privileged: false + + # List of tolerations for the controller plugin + tolerations: []