Merge pull request #91 from Leaseweb/add-csi-charts

Adding CloudStack CSI Charts

Author: FarnazBGH

.github/workflows/chart-lints.yaml

@@ -0,0 +1,35 @@
+name: Lint Charts
+on:
+  pull_request:
+    paths:
+      - 'charts/**'
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      
+      - name: Set up Helm
+        uses: azure/[email protected]
+        with:
+          version: v3.14.1
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+          check-latest: true
+
+      # see example https://github.com/helm/chart-testing-action
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi

.github/workflows/charts-release.yaml

@@ -0,0 +1,34 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - 'charts/**' 
+
+jobs:
+  release:
+    permissions:
+      contents: write
+      
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+
+      - name: Run chart-releaser
+        uses: helm/[email protected]
+        with:
+          version: v1.6.0 
+          charts_dir: charts
+        env:
+          CR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CR_GENERATE_RELEASE_NOTES: true

.github/workflows/pr-check.yaml

@@ -12,7 +12,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.53.2
+          version: v1.56.2
           args: --timeout=5m
 
   build:

.gitignore

@@ -2,3 +2,5 @@
 /test/e2e/e2e.test
 /test/e2e/ginkgo
 cloud-config
+/vendor
+

.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/Chart.yaml

@@ -0,0 +1,11 @@
+apiVersion: v2
+name: cloudstack-csi
+description: A Helm chart for Kubernetes
+type: application
+version: 1.0.0
+appVersion: 0.3.0
+sources:
+  - https://github.com/Leaseweb/cloudstack-csi-driver
+keywords:
+  - csi
+  - cloudStack

charts/templates/_helpers.tpl

@@ -0,0 +1,103 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "csi.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "csi.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "csi.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "csi.labels" -}}
+app.kubernetes.io/name: {{ include "csi.name" . }}
+helm.sh/chart: {{ include "csi.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "csi.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "csi.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create unified labels for csi components
+*/}}
+{{- define "csi.common.matchLabels" -}}
+app: {{ template "csi.name" . }}
+release: {{ .Release.Name }}
+{{- end -}}
+
+{{- define "csi.common.metaLabels" -}}
+chart: {{ template "csi.chart" . }}
+heritage: {{ .Release.Service }}
+{{- if .Values.extraLabels }}
+{{ toYaml .Values.extraLabels -}}
+{{- end }}
+{{- end -}}
+
+{{- define "csi.controller.matchLabels" -}}
+component: controller
+{{ include "csi.common.matchLabels" . }}
+{{- end -}}
+
+{{- define "csi.controller.labels" -}}
+{{ include "csi.controller.matchLabels" . }}
+{{ include "csi.common.metaLabels" . }}
+{{- end -}}
+
+{{- define "csi.node.matchLabels" -}}
+component: node
+{{ include "csi.common.matchLabels" . }}
+{{- end -}}
+
+{{- define "csi.node.labels" -}}
+{{ include "csi.node.matchLabels" . }}
+{{ include "csi.common.metaLabels" . }}
+{{- end -}}
+
+{{/*
+Create cloud-config makro.
+*/}}
+{{- define "cloudConfig" -}}
+[Global]
+{{- range $key, $value := .Values.cloudConfigData.global }}
+{{ $key }} = {{ $value | quote }}
+{{- end }}
+{{- end -}}

charts/templates/csi-clusterrole.yaml

@@ -0,0 +1,108 @@
+{{ if .Values.rbac.create }}
+# This YAML file contains Cluster Role objects,
+# which are necessary to run cloudstack-csi-controller
+{{ $enableLeaderElection := gt (int .Values.controller.replicaCount) 1 }}
+---
+# external Attacher
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-attacher-role
+  annotations:
+    {{- with .Values.commonAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments/status"]
+    verbs: ["patch"]
+  {{- if $enableLeaderElection}}
+  # leader election
+  - apiGroups: [coordination.k8s.io]
+    resources: [leases]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  {{- end}}
+---
+# external Provisioner
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-provisioner-role
+  annotations:
+    {{- with .Values.commonAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["get", "list"]
+  {{- if $enableLeaderElection}}
+  # leader election
+  - apiGroups: [coordination.k8s.io]
+    resources: [leases]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  {{- end}}
+---
+# external Resizer
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-resizer-role
+rules:
+  # The following rule should be uncommented for plugins that require secrets
+  # for provisioning.
+  # - apiGroups: [""]
+  #   resources: ["secrets"]
+  #   verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  {{- if $enableLeaderElection}}
+  # leader election
+  - apiGroups: [coordination.k8s.io]
+    resources: [leases]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  {{- end}}
+{{- end}}

charts/templates/csi-clusterrolebinding.yaml

@@ -0,0 +1,55 @@
+{{ if .Values.rbac.create }}
+# This YAML file contains Cluster Role Binding objects,
+# which are necessary to run cloudstack-csi-controller
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-attacher-binding
+  annotations:
+    {{- with .Values.commonAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-attacher-role
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-provisioner-binding
+  annotations:
+    {{- with .Values.commonAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-resizer-binding
+  annotations:
+    {{- with .Values.commonAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-resizer-role
+  apiGroup: rbac.authorization.k8s.io
+{{- end}}