Merge pull request #637 from sassoftware/pr-pskd-807

saschjmil · web-flow · commit 80a98bfc98b8 · 2025-05-14T13:03:17.000-04:00
feat!: replace nfs-subdir-external-provisioner with csi-driver-nfs
diff --git a/README.md b/README.md
@@ -38,7 +38,7 @@ This project contains Ansible code that creates a baseline cluster in an existin
 
 - Prepare Kubernetes cluster
   - Deploy [ingress-nginx](https://kubernetes.github.io/ingress-nginx)
-  - Deploy [nfs-subdir-external-provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner) for PVs
+  - Deploy [csi-driver-nfs](https://github.com/kubernetes-csi/csi-driver-nfs) for PVs
   - Deploy [cert-manager](https://github.com/jetstack/cert-manager) for TLS
   - Deploy [metrics-server](https://github.com/bitnami/charts/tree/master/bitnami/metrics-server/) (AWS only)
   - Deploy [aws-ebs-csi-driver](https://github.com/kubernetes-sigs/aws-ebs-csi-driver) (AWS only)
diff --git a/docs/CONFIG-VARS.md b/docs/CONFIG-VARS.md
@@ -90,22 +90,22 @@ Viya4-deployment uses the jump server to interact with the RWX filestore, which
 
 ### Storage for AWS
 
-When `V4_CFG_MANAGE_STORAGE` is set to `true`, viya4-deployment uses the [EBS CSI driver](#ebs-csi-driver) to create two elastic block storage based storage classes with the default names of `io2-vol-mq` and `io2-vol-pg`. The volume type for both storage classes defaults to `io2`. For EKS clusters, RabbitMQ makes PVC requests to create block storage persistent volumes using the `io2-vol-mq` storage class while Crunchy Postgres makes PVC requests to create block storage persistent volumes using the `io2-vol-pg` storage class. Viya4-deployment also creates the `sas` storage class using the nfs-subdir-external-provisioner Helm chart. If a jump server is used, viya4-deployment uses that server to create the folders for the `astores`, `bin`, `data` and `homes` RWX Filestore NFS paths that are outlined below in the [RWX Filestore](#rwx-filestore) section.
+When `V4_CFG_MANAGE_STORAGE` is set to `true`, viya4-deployment uses the [EBS CSI driver](#ebs-csi-driver) to create two elastic block storage based storage classes with the default names of `io2-vol-mq` and `io2-vol-pg`. The volume type for both storage classes defaults to `io2`. For EKS clusters, RabbitMQ makes PVC requests to create block storage persistent volumes using the `io2-vol-mq` storage class while Crunchy Postgres makes PVC requests to create block storage persistent volumes using the `io2-vol-pg` storage class. Viya4-deployment also creates the `sas` storage class using the csi-driver-nfs Helm chart. If a jump server is used, viya4-deployment uses that server to create the folders for the `astores`, `bin`, `data` and `homes` RWX Filestore NFS paths that are outlined below in the [RWX Filestore](#rwx-filestore) section.
 
 ### Storage for Azure
 
 By default, viya4-deployment uses the [Azure managed disks CSI driver](#azure-managed-disk-csi-driver) to create two elastic block storage based storage classes with the default names of `managed-csi-premium-v2-mq` and `managed-csi-premium-v2-pg`. The disk SKU for both storage classes defaults to `PremiumV2_LRS`. For AKS clusters, RabbitMQ makes PVC requests to create block storage persistent volumes using the `managed-csi-premium-v2-mq` storage class while Crunchy Postgres makes PVC requests to create block storage persistent volumes using the `managed-csi-premium-v2-pg` storage class. To use a different StorageClass for RabbitMQ, set the `V4_CFG_RABBITMQ_STORAGECLASS` property to the name of the StorageClass to use. To use a different StorageClass for Crunchy Postgres, set the `V4_CFG_CRUNCHY_STORAGECLASS` property to the name of the StorageClass to use.
 
 **NOTE**: The Azure managed disk CSI Driver can only be included at AKS cluster creation time. It is included in all AKS clusters by default, and any AKS clusters created with viya4-iac-azure will have the driver installed. If you did not use the viya4-iac-azure project to create your AKS cluster, ensure that you have enabled the Azure disk CSI driver prior to using this project or disable the creation of the StorageClasses.
 
-viya4-deployment also creates the `sas` storage class using the nfs-subdir-external-provisioner Helm chart. If a jump server is used, viya4-deployment uses that server to create the folders for the `astores`, `bin`, `data` and `homes` RWX Filestore NFS paths that are outlined below in the [RWX Filestore](#rwx-filestore) section.
+viya4-deployment also creates the `sas` storage class using the csi-driver-nfs Helm chart. If a jump server is used, viya4-deployment uses that server to create the folders for the `astores`, `bin`, `data` and `homes` RWX Filestore NFS paths that are outlined below in the [RWX Filestore](#rwx-filestore) section.
 
 ### Storage for Google Cloud
-When `V4_CFG_MANAGE_STORAGE` is set to `true`, viya4-deployment creates the `sas` and `pg-storage` storage classes using the nfs-subdir-external-provisioner Helm chart. If a jump server is used, viya4-deployment uses that server to create the folders for the `astores`, `bin`, `data` and `homes` RWX Filestore NFS paths that are outlined below in the [RWX Filestore](#rwx-filestore) section.
+When `V4_CFG_MANAGE_STORAGE` is set to `true`, viya4-deployment creates the `sas` and `pg-storage` storage classes using the csi-driver-nfs Helm chart. If a jump server is used, viya4-deployment uses that server to create the folders for the `astores`, `bin`, `data` and `homes` RWX Filestore NFS paths that are outlined below in the [RWX Filestore](#rwx-filestore) section.
 
 ### NFS Storage
 
-When `V4_CFG_MANAGE_STORAGE` is set to `true`, viya4-deployment creates NFS-based storage classes using the nfs-subdir-external-provisioner Helm chart.
+When `V4_CFG_MANAGE_STORAGE` is set to `true`, viya4-deployment creates NFS-based storage classes using the csi-driver-nfs Helm chart.
 
 When `V4_CFG_MANAGE_STORAGE` is set to `false`, viya4-deployment does not create the `sas` or `pg-storage` storage classes for you. In addition, viya4-deployment does not create or manage the RWX Filestore NFS paths. Before you run the SAS Viya deployment, you must set the values for `V4_CFG_RWX_FILESTORE_DATA_PATH` and `V4_CFG_RWX_FILESTORE_HOMES_PATH` to specify existing NFS folder locations. The viya4-deployment user can create the required NFS folders from the jump server before starting the deployment. Recommended attribute settings for each folder are as follows:
 - **filemode**: `0777`
@@ -431,24 +431,24 @@ Kubernetes Metrics Server installation is currently only applicable for AWS EKS
 
 ### NFS Client
 
-The NFS client is currently supported by the newer nfs-subdir-external-provisioner.
+The NFS client is currently supported by the csi-driver-nfs.
 
 | Name | Description | Type | Default | Required | Notes | Tasks |
 | :--- | ---: | ---: | ---: | ---: | ---: | ---: |
-| NFS_CLIENT_NAMESPACE | nfs-subdir-external-provisioner Helm installation namespace | string | nfs-client | false | | baseline |
-| NFS_CLIENT_CHART_URL | nfs-subdir-external-provisioner Helm chart URL | string | Go [here](https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/) for more information. | false | | baseline |
-| NFS_CLIENT_CHART_NAME | nfs-subdir-external-provisioner Helm chart name | string | nfs-subdir-external-provisioner | false | | baseline |
-| NFS_CLIENT_CHART_VERSION | nfs-subdir-external-provisioner Helm chart version | string | 4.0.18| false | | baseline |
-| NFS_CLIENT_CONFIG | nfs-subdir-external-provisioner Helm values | string | See [this file](../roles/baseline/defaults/main.yml) for more information. | false | | baseline |
+| CSI_DRIVER_NFS_NAMESPACE | csi-driver-nfs Helm installation namespace | string | kube-system | false | | baseline |
+| CSI_DRIVER_NFS_CHART_URL | csi-driver-nfs Helm chart URL | string | Go [here](https://github.com/kubernetes-csi/csi-driver-nfs/) for more information. | false | | baseline |
+| CSI_DRIVER_NFS_CHART_NAME | csi-driver-nfs Helm chart name | string | csi-driver-nfs | false | | baseline |
+| CSI_DRIVER_NFS_CHART_VERSION | csi-driver-nfs Helm chart version | string | 4.11.0 | false | | baseline |
+| CSI_DRIVER_NFS_CONFIG | csi-driver-nfs Helm values | string | See [this file](../roles/baseline/defaults/main.yml) for more information. | false | | baseline |
 
 ### Postgres NFS Client
 
-The Postgres NFS client is currently supported by the nfs-subdir-external-provisioner. It creates the storage class used by 2022.10 and later internal postgres instances.
+The Postgres NFS client is currently supported by the csi-driver-nfs. It creates the storage class used by 2022.10 and later internal postgres instances.
 
 | Name | Description | Type | Default | Required | Notes | Tasks |
 | :--- | ---: | ---: | ---: | ---: | ---: | ---: |
-| PG_NFS_CLIENT_NAMESPACE | nfs-subdir-external-provisioner Helm installation namespace | string | nfs-client | false | | baseline |
-| PG_NFS_CLIENT_CHART_URL | nfs-subdir-external-provisioner Helm chart URL | string | Go [here](https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/) for more information. | false | | baseline |
-| PG_NFS_CLIENT_CHART_NAME | nfs-subdir-external-provisioner Helm chart name | string | nfs-subdir-external-provisioner | false | | baseline |
-| PG_NFS_CLIENT_CHART_VERSION | nfs-subdir-external-provisioner Helm chart version | string | 4.0.18| false | | baseline |
-| PG_NFS_CLIENT_CONFIG | nfs-subdir-external-provisioner Helm values | string | See [this file](../roles/baseline/defaults/main.yml) for more information. | false | | baseline |
+| CSI_DRIVER_NFS_PG_NAMESPACE | csi-driver-nfs Helm installation namespace | string | nfs-client | false | | baseline |
+| CSI_DRIVER_NFS_PG_CHART_URL | csi-driver-nfs Helm chart URL | string | Go [here](https://github.com/kubernetes-csi/csi-driver-nfs/) for more information. | false | | baseline |
+| CSI_DRIVER_NFS_PG_CHART_NAME | csi-driver-nfs Helm chart name | string | csi-driver-nfs | false | | baseline |
+| CSI_DRIVER_NFS_PG_CHART_VERSION | csi-driver-nfs Helm chart version | string | 4.11.0 | false | | baseline |
+| CSI_DRIVER_NFS_PG_CONFIG | csi-driver-nfs Helm values | string | See [this file](../roles/baseline/defaults/main.yml) for more information. | false | | baseline |
diff --git a/roles/baseline/defaults/main.yml b/roles/baseline/defaults/main.yml
@@ -1,4 +1,4 @@
-# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2025, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 ---
@@ -8,6 +8,7 @@ V4_CFG_INGRESS_TYPE: ingress
 V4_CFG_INGRESS_MODE: public
 V4_CFG_MANAGE_STORAGE: true
 V4_CFG_AWS_LB_SUBNETS: ""
+STORAGE_TYPE_BACKEND: ""
 
 ## Cert-manager
 CERT_MANAGER_NAME: cert-manager
@@ -111,27 +112,35 @@ INGRESS_NGINX_ANNOTATIONS_RISK_LEVEL:
     config:
       annotations-risk-level: "Critical"
 
-## Nfs-subdir-external-provisioner
-NFS_CLIENT_NAME: nfs-subdir-external-provisioner-sas
-NFS_CLIENT_NAMESPACE: nfs-client
-NFS_CLIENT_CHART_NAME: nfs-subdir-external-provisioner
-NFS_CLIENT_CHART_URL: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
-NFS_CLIENT_CHART_VERSION: 4.0.18
-NFS_CLIENT_CONFIG:
-  nfs:
-    server: "{{ V4_CFG_RWX_FILESTORE_ENDPOINT }}"
-    path: "{{ V4_CFG_RWX_FILESTORE_PATH | replace('/$', '') }}/pvs"
+## Csi-driver-provisioner
+CSI_DRIVER_NFS_NAME: csi-driver-nfs-sas
+CSI_DRIVER_NFS_NAMESPACE: kube-system
+CSI_DRIVER_NFS_CHART_NAME: csi-driver-nfs
+CSI_DRIVER_NFS_CHART_URL: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
+CSI_DRIVER_NFS_CHART_VERSION: 4.11.0
+CSI_DRIVER_NFS_CONFIG:
+  driver:
+    mountPermissions: "0777"
+  storageClass:
+    create: true
+    name: sas
+    annotations:
+    reclaimPolicy: Delete
+    volumeBindingMode: Immediate
+    parameters:
+      server: "{{ V4_CFG_RWX_FILESTORE_ENDPOINT }}"
+      share: "{{ '/ontap' if STORAGE_TYPE_BACKEND == 'ontap' else ('/pvs' if PROVIDER != 'azure' else (V4_CFG_RWX_FILESTORE_PATH | replace('/$', '') ~ '/pvs')) }}"
+      subDir: ${pvc.metadata.namespace}/${pvc.metadata.name}/${pv.metadata.name}
+      mountPermissions: "0777"
     mountOptions:
+      - vers=4.1
       - noatime
       - nodiratime
       - rsize=262144
       - wsize=262144
-  storageClass:
-    archiveOnDelete: "false"
-    name: sas
 # EFS best practice NFS mount options for the aws provider
-NFS_EFS_CLIENT_CONFIG:
-  nfs:
+CSI_DRIVER_NFS_EFS_CONFIG:
+  storageClass:
     mountOptions:
       - noresvport
       - rsize=1048576
@@ -142,24 +151,41 @@ NFS_EFS_CLIENT_CONFIG:
       - _netdev
 
 ## pg-storage storage class config
-PG_NFS_CLIENT_NAME: nfs-subdir-external-provisioner-pg-storage
-PG_NFS_CLIENT_NAMESPACE: nfs-client
-PG_NFS_CLIENT_CHART_NAME: nfs-subdir-external-provisioner
-PG_NFS_CLIENT_CHART_URL: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
-PG_NFS_CLIENT_CHART_VERSION: 4.0.18
-PG_NFS_CLIENT_CONFIG:
-  nfs:
-    server: "{{ V4_CFG_RWX_FILESTORE_ENDPOINT }}"
-    path: "{{ V4_CFG_RWX_FILESTORE_PATH | replace('/$', '') }}/pvs"
+CSI_DRIVER_NFS_PG_NAME: csi-driver-nfs-pg-storage
+CSI_DRIVER_NFS_PG_NAMESPACE: nfs-client
+CSI_DRIVER_NFS_PG_CHART_NAME: csi-driver-nfs
+CSI_DRIVER_NFS_PG_CHART_URL: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
+CSI_DRIVER_NFS_PG_CHART_VERSION: 4.11.0
+CSI_DRIVER_NFS_PG_CONFIG:
+  driver:
+    mountPermissions: "0777"
+  storageClass:
+    reclaimPolicy: Retain
+    volumeBindingMode: Immediate
+    create: true
+    name: pg-storage
+    annotations:
+    parameters:
+      server: "{{ V4_CFG_RWX_FILESTORE_ENDPOINT }}"
+      share: "{{ '/ontap' if STORAGE_TYPE_BACKEND == 'ontap' else ('/pvs' if PROVIDER != 'azure' else (V4_CFG_RWX_FILESTORE_PATH | replace('/$', '') ~ '/pvs')) }}"
+      subDir: ${pvc.metadata.namespace}/${pvc.metadata.name}/${pv.metadata.name}
+      mountPermissions: "0777"
     mountOptions:
       - noatime
       - nodiratime
       - rsize=262144
       - wsize=262144
+# EFS best practice NFS mount options for the aws provider
+CSI_DRIVER_NFS_PG_EFS_CONFIG:
   storageClass:
-    archiveOnDelete: "false"
-    reclaimPolicy: Retain
-    name: pg-storage
+    mountOptions:
+      - noresvport
+      - rsize=1048576
+      - wsize=1048576
+      - soft
+      - timeo=600
+      - retrans=2
+      - _netdev
 
 ## Contour - Ingress
 CONTOUR_NAME: contour
diff --git a/roles/baseline/tasks/main.yaml b/roles/baseline/tasks/main.yaml
@@ -1,11 +1,11 @@
-# Copyright © 2020-2024, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
+# Copyright © 2020-2025, SAS Institute Inc., Cary, NC, USA. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 
 ---
-- name: Include nfs-subdir-external-provisioner
+- name: Include nfs.csi.k8s.io
   include_tasks:
-    file: nfs-subdir-external-provisioner.yaml
+    file: nfs-csi-provisioner.yaml
   when:
     - V4_CFG_RWX_FILESTORE_ENDPOINT is defined
     - V4_CFG_RWX_FILESTORE_PATH is defined
diff --git a/roles/baseline/tasks/nfs-csi-provisioner.yaml b/roles/baseline/tasks/nfs-csi-provisioner.yaml
diff --git a/roles/baseline/tasks/nfs-subdir-external-provisioner.yaml b/roles/baseline/tasks/nfs-subdir-external-provisioner.yaml
