From 413586217e80f1166bf7e6cec87c48ac36b4dc01 Mon Sep 17 00:00:00 2001 From: Guillaume BERNARD Date: Tue, 24 Sep 2024 16:28:08 +0000 Subject: [PATCH 1/3] allow helm chart to accept different extraArgs for nodePlugin and controllerPlugin + documentation --- .../controllerplugin-deployment.yaml | 5 +++++ .../templates/nodeplugin-daemonset.yaml | 5 +++++ charts/cinder-csi-plugin/values.yaml | 2 ++ docs/cinder-csi-plugin/multi-region-clouds.md | 21 +++++++++++++++++++ 4 files changed, 33 insertions(+) diff --git a/charts/cinder-csi-plugin/templates/controllerplugin-deployment.yaml b/charts/cinder-csi-plugin/templates/controllerplugin-deployment.yaml index 4cc161fb1c..31b36883a1 100644 --- a/charts/cinder-csi-plugin/templates/controllerplugin-deployment.yaml +++ b/charts/cinder-csi-plugin/templates/controllerplugin-deployment.yaml @@ -183,6 +183,11 @@ spec: {{- tpl . $ | trim | nindent 12 }} {{- end }} {{- end }} + {{- if .Values.csi.plugin.controllerPlugin.extraArgs }} + {{- with .Values.csi.plugin.controllerPlugin.extraArgs }} + {{- tpl . $ | trim | nindent 12 }} + {{- end }} + {{- end }} env: - name: CSI_ENDPOINT value: unix://csi/csi.sock diff --git a/charts/cinder-csi-plugin/templates/nodeplugin-daemonset.yaml b/charts/cinder-csi-plugin/templates/nodeplugin-daemonset.yaml index a9f259a1e3..7c6bc73e34 100644 --- a/charts/cinder-csi-plugin/templates/nodeplugin-daemonset.yaml +++ b/charts/cinder-csi-plugin/templates/nodeplugin-daemonset.yaml @@ -96,6 +96,11 @@ spec: {{- tpl . $ | trim | nindent 12 }} {{- end }} {{- end }} + {{- if .Values.csi.plugin.nodePlugin.extraArgs }} + {{- with .Values.csi.plugin.nodePlugin.extraArgs }} + {{- tpl . $ | trim | nindent 12 }} + {{- end }} + {{- end }} env: - name: CSI_ENDPOINT value: unix://csi/csi.sock diff --git a/charts/cinder-csi-plugin/values.yaml b/charts/cinder-csi-plugin/values.yaml index c84a83cd5f..c177b15982 100644 --- a/charts/cinder-csi-plugin/values.yaml +++ b/charts/cinder-csi-plugin/values.yaml @@ -92,6 +92,7 @@ csi: tolerations: - operator: Exists kubeletDir: /var/lib/kubelet + extraArgs: {} # Allow for specifying internal IP addresses for multiple hostnames # hostAliases: # - ip: "10.0.0.1" @@ -130,6 +131,7 @@ csi: affinity: {} nodeSelector: {} tolerations: [] + extraArgs: {} # Allow for specifying internal IP addresses for multiple hostnames # hostAliases: # - ip: "10.0.0.1" diff --git a/docs/cinder-csi-plugin/multi-region-clouds.md b/docs/cinder-csi-plugin/multi-region-clouds.md index 7ad6a9b80b..ee1d3c24e6 100644 --- a/docs/cinder-csi-plugin/multi-region-clouds.md +++ b/docs/cinder-csi-plugin/multi-region-clouds.md @@ -318,3 +318,24 @@ spec: ... ``` +### When using the cinder-csi-plugin helmchart + +When runing the cinder-csi-plugin with multi-region, you need to specify different `extraArgs` on the `cinder-csi-plugin` containers of the deployment and the daemonset. + +When using the helmchart, you need to set the different `extraArgs` on `plugin.nodePlugin.extraArgs` and `plugin.controllerPlugin.extraArgs`. + +If you set the extraArgs in `plugin.extraArgs`, the same `extraArgs` will end up on both the `cinder-csi-plugin` container of both the deployment and the daemonset. + +You will still need to manually create your additionnal daemonsets for your additionnal regions. + +```yaml + nodePlugin: + extraArgs: |- + - --cloud-name=region-one + - --additional-topology + - topology.kubernetes.io/region=region-one + controllerPlugin: + extraArgs: |- + - --cloud-name=region-one + - --cloud-name=region-two +``` From cd1254ba0d70a13062284edb0e46fd0be8b14840 Mon Sep 17 00:00:00 2001 From: Guillaume BERNARD Date: Mon, 30 Sep 2024 12:55:42 +0000 Subject: [PATCH 2/3] add extraRbac for resizer and snapshotter --- .../templates/controllerplugin-rbac.yaml | 18 ++++------ charts/cinder-csi-plugin/values.yaml | 14 ++++++++ docs/cinder-csi-plugin/multi-region-clouds.md | 33 ++++++++++++++----- 3 files changed, 44 insertions(+), 21 deletions(-) diff --git a/charts/cinder-csi-plugin/templates/controllerplugin-rbac.yaml b/charts/cinder-csi-plugin/templates/controllerplugin-rbac.yaml index 7aa55d4aad..3d3c242249 100644 --- a/charts/cinder-csi-plugin/templates/controllerplugin-rbac.yaml +++ b/charts/cinder-csi-plugin/templates/controllerplugin-rbac.yaml @@ -97,13 +97,6 @@ rules: - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - # Secret permission is optional. - # Enable it if your driver needs secret. - # For example, `csi.storage.k8s.io/snapshotter-secret-name` is set in VolumeSnapshotClass. - # See https://kubernetes-csi.github.io/docs/secrets-and-credentials.html for more details. - # - apiGroups: [""] - # resources: ["secrets"] - # verbs: ["get", "list"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] verbs: ["get", "list", "watch"] @@ -116,6 +109,9 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] + {{- with .Values.csi.snapshotter.extraRbac }} + {{- toYaml . | nindent 2 }} + {{- end }} --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -135,11 +131,6 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-resizer-role rules: - # The following rule should be uncommented for plugins that require secrets - # for provisioning. - # - apiGroups: [""] - # resources: ["secrets"] - # verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "patch"] @@ -158,6 +149,9 @@ rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] + {{- with .Values.csi.resizer.extraRbac }} + {{- toYaml . | nindent 2 }} + {{- end }} --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/charts/cinder-csi-plugin/values.yaml b/charts/cinder-csi-plugin/values.yaml index c177b15982..af892c520d 100644 --- a/charts/cinder-csi-plugin/values.yaml +++ b/charts/cinder-csi-plugin/values.yaml @@ -30,6 +30,14 @@ csi: resources: {} extraArgs: {} extraEnv: [] + # Secret permission is optional. + # Enable it if your driver needs secret. + # For example, `csi.storage.k8s.io/snapshotter-secret-name` is set in VolumeSnapshotClass. + # See https://kubernetes-csi.github.io/docs/secrets-and-credentials.html for more details. + extraRbac: {} + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list"] resizer: image: repository: registry.k8s.io/sig-storage/csi-resizer @@ -38,6 +46,12 @@ csi: resources: {} extraArgs: {} extraEnv: [] + # The following rule should be uncommented for plugins that require secrets + # for provisioning. + extraRbac: {} + # - apiGroups: [""] + # resources: ["secrets"] + # verbs: ["get", "list", "watch"] livenessprobe: image: repository: registry.k8s.io/sig-storage/livenessprobe diff --git a/docs/cinder-csi-plugin/multi-region-clouds.md b/docs/cinder-csi-plugin/multi-region-clouds.md index ee1d3c24e6..96bb06ac69 100644 --- a/docs/cinder-csi-plugin/multi-region-clouds.md +++ b/docs/cinder-csi-plugin/multi-region-clouds.md @@ -329,13 +329,28 @@ If you set the extraArgs in `plugin.extraArgs`, the same `extraArgs` will end up You will still need to manually create your additionnal daemonsets for your additionnal regions. ```yaml - nodePlugin: - extraArgs: |- - - --cloud-name=region-one - - --additional-topology - - topology.kubernetes.io/region=region-one - controllerPlugin: - extraArgs: |- - - --cloud-name=region-one - - --cloud-name=region-two +nodePlugin: + extraArgs: |- + - --cloud-name=region-one + - --additional-topology + - topology.kubernetes.io/region=region-one +controllerPlugin: + extraArgs: |- + - --cloud-name=region-one + - --cloud-name=region-two ``` + +In addition, if you use the `resizer` and the `snapshotter`, you will need them to be able to read the secrets you defined in the storage class' annotations in order to determine which cloud to address. You will need to add some `extraRbac` in YAML format, like this: + +```yaml +snapshotter: + extraRbac: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] +resizer: + extraRbac: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] +``` \ No newline at end of file From b9be0f413a034578985a6ab27fa91e0dd2688cd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?p=C3=BDrus?= Date: Wed, 21 May 2025 22:17:00 +0200 Subject: [PATCH 3/3] code review --- charts/cinder-csi-plugin/Chart.yaml | 2 +- docs/cinder-csi-plugin/multi-region-clouds.md | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/cinder-csi-plugin/Chart.yaml b/charts/cinder-csi-plugin/Chart.yaml index 384f16918c..097bd5b839 100644 --- a/charts/cinder-csi-plugin/Chart.yaml +++ b/charts/cinder-csi-plugin/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: v1.32.0 description: Cinder CSI Chart for OpenStack name: openstack-cinder-csi -version: 2.33.0-alpha.0 +version: 2.33.0-alpha.1 home: https://github.com/kubernetes/cloud-provider-openstack icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png maintainers: diff --git a/docs/cinder-csi-plugin/multi-region-clouds.md b/docs/cinder-csi-plugin/multi-region-clouds.md index 96bb06ac69..d6ab083ef2 100644 --- a/docs/cinder-csi-plugin/multi-region-clouds.md +++ b/docs/cinder-csi-plugin/multi-region-clouds.md @@ -318,15 +318,15 @@ spec: ... ``` -### When using the cinder-csi-plugin helmchart +### When Using the cinder-csi-plugin Helm Chart -When runing the cinder-csi-plugin with multi-region, you need to specify different `extraArgs` on the `cinder-csi-plugin` containers of the deployment and the daemonset. +When running the `cinder-csi-plugin` in a multi-region setup, you need to specify different `extraArgs` for the `cinder-csi-plugin` containers in both the Deployment and the DaemonSet. -When using the helmchart, you need to set the different `extraArgs` on `plugin.nodePlugin.extraArgs` and `plugin.controllerPlugin.extraArgs`. +When using the Helm chart, set the different `extraArgs` using `plugin.nodePlugin.extraArgs` and `plugin.controllerPlugin.extraArgs`. -If you set the extraArgs in `plugin.extraArgs`, the same `extraArgs` will end up on both the `cinder-csi-plugin` container of both the deployment and the daemonset. +If you set the `extraArgs` in `plugin.extraArgs`, the same arguments will be applied to both the Deployment and the DaemonSet `cinder-csi-plugin` containers. -You will still need to manually create your additionnal daemonsets for your additionnal regions. +You will still need to manually create additional DaemonSets for your extra regions. ```yaml nodePlugin: @@ -340,7 +340,7 @@ controllerPlugin: - --cloud-name=region-two ``` -In addition, if you use the `resizer` and the `snapshotter`, you will need them to be able to read the secrets you defined in the storage class' annotations in order to determine which cloud to address. You will need to add some `extraRbac` in YAML format, like this: +In addition, if you use the `resizer` and the `snapshotter`, you will need them to be able to read the secrets you defined in the storage class' annotations in order to determine which cloud to address. You will need to add some `extraRbac` in YAML format, like this: ```yaml snapshotter: @@ -353,4 +353,4 @@ resizer: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list", "watch"] -``` \ No newline at end of file +```