diff --git a/cmd/tke-installer/app/installer/application.go b/cmd/tke-installer/app/installer/application.go index 13cc5ba85..f113d5ecf 100644 --- a/cmd/tke-installer/app/installer/application.go +++ b/cmd/tke-installer/app/installer/application.go @@ -306,6 +306,60 @@ func (t *TKE) preprocessPlatformApps(ctx context.Context) error { } values["namespace"] = platformApp.HelmInstallOptions.Namespace } + if strings.EqualFold(platformApp.HelmInstallOptions.ReleaseName, constants.CephFSChartReleaseName) { + platformApp.ConditionFunc = func() (bool, error) { + provisionerOk, err := apiclient.CheckDeployment(ctx, t.globalClient, platformApp.HelmInstallOptions.Namespace, "ceph-csi-cephfs-provisioner") + if err != nil { + return false, nil + } + nodepluginOk, err := apiclient.CheckDaemonset(ctx, t.globalClient, platformApp.HelmInstallOptions.Namespace, "ceph-csi-cephfs-nodeplugin") + if err != nil { + return false, nil + } + return provisionerOk && nodepluginOk, nil + } + platformApp.LocalChartPath = constants.ChartDirName + "ceph-csi-cephfs/" + + if err := t.mergePlatformAppValues(platformApp); err != nil { + return err + } + values := platformApp.HelmInstallOptions.Values + if values["csiConfig"] == nil { + return fmt.Errorf("ceph-csi-cephfs platformAPP csiConfig nil") + } + // TODO: little confused in preprocess step + if values["secret"] == nil || len(values["secret"].(map[string]interface{})["adminID"].(string)) == 0 || len(values["secret"].(map[string]interface{})["adminKey"].(string)) == 0 { + return fmt.Errorf("ceph-csi-cephfs platformAPP secret adminID | adminKey nil") + } + // TODO: little confused in preprocess step + if values["storageClass"] == nil || len(values["storageClass"].(map[string]interface{})["clusterID"].(string)) == 0 || len(values["storageClass"].(map[string]interface{})["fsName"].(string)) == 0 { + return fmt.Errorf("ceph-csi-cephfs platformAPP storageClass clusterID| fsName nil") + } + + values["images"] = map[string]interface{}{ + "enable": true, + "nodeplugin": map[string]interface{}{ + "registrar": images.Get().CsiNodeDriverRegistrar.FullName(), + "plugin": images.Get().CephCsi.FullName(), + }, + "provisioner": map[string]interface{}{ + "provisioner": images.Get().CsiProvisioner.FullName(), + "attacher": images.Get().CsiAttacher.FullName(), + "resizer": images.Get().CsiResizer.FullName(), + "snapshotter": images.Get().CsiSnapshotter.FullName(), + }, + } + if values["storageClass"] == nil { + values["storageClass"] = map[string]interface{}{ + "replicaCount": t.Config.Replicas, + "name": constants.CephFSStorageClassName, + } + } else { + values["storageClass"].(map[string]interface{})["replicaCount"] = t.Config.Replicas + values["storageClass"].(map[string]interface{})["name"] = constants.CephFSStorageClassName + } + values["namespace"] = platformApp.HelmInstallOptions.Namespace + } if strings.EqualFold(platformApp.HelmInstallOptions.ReleaseName, constants.NFSChartReleaseName) { platformApp.ConditionFunc = func() (bool, error) { provisionerOk, err := apiclient.CheckDeployment(ctx, t.globalClient, platformApp.HelmInstallOptions.Namespace, "nfs-subdir-external-provisioner") diff --git a/cmd/tke-installer/app/installer/constants/constants.go b/cmd/tke-installer/app/installer/constants/constants.go index 4a03b2d2d..268a7c861 100644 --- a/cmd/tke-installer/app/installer/constants/constants.go +++ b/cmd/tke-installer/app/installer/constants/constants.go @@ -108,6 +108,8 @@ const ( const ( CephRBDStorageClassName = "csi-rbd-sc" CephRBDChartReleaseName = "ceph-csi-rbd" + CephFSStorageClassName = "csi-cephfs-sc" + CephFSChartReleaseName = "ceph-csi-cephfs" NFSStorageClassName = "nfs-sc" NFSChartReleaseName = "nfs-subdir-external-provisioner" ) diff --git a/cmd/tke-installer/app/installer/images/images.go b/cmd/tke-installer/app/installer/images/images.go index d6cf97a63..34c2c48b4 100644 --- a/cmd/tke-installer/app/installer/images/images.go +++ b/cmd/tke-installer/app/installer/images/images.go @@ -130,7 +130,7 @@ var baseComponents = BaseComponents{ CsiAttacher: containerregistry.Image{Name: "csi-attacher", Tag: "v3.4.0"}, CsiResizer: containerregistry.Image{Name: "csi-resizer", Tag: "v1.4.0"}, CsiSnapshotter: containerregistry.Image{Name: "csi-snapshotter", Tag: "v4.2.0"}, - CephCsi: containerregistry.Image{Name: "cephcsi", Tag: "v3.6.0"}, + CephCsi: containerregistry.Image{Name: "cephcsi", Tag: "v3.6.1-csp2.8.3.1216"}, } var components = Components{baseComponents, exComponents} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/.helmignore b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/Chart.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/Chart.yaml new file mode 100644 index 000000000..9238c26e9 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/Chart.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +appVersion: canary +description: "Container Storage Interface (CSI) driver, +provisioner, snapshotter and attacher for Ceph cephfs" +name: ceph-csi-cephfs +version: 3-canary +keywords: + - ceph + - cephfs + - ceph-csi +home: https://github.com/ceph/ceph-csi +sources: + - https://github.com/ceph/ceph-csi/tree/devel/charts/ceph-csi-cephfs +icon: https://raw.githubusercontent.com/ceph/ceph-csi/devel/assets/ceph-logo.png diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/README.md b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/README.md new file mode 100644 index 000000000..181a019f1 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/README.md @@ -0,0 +1,170 @@ +# ceph-csi-cephfs + +The ceph-csi-cephfs chart adds cephFS volume support to your cluster. + +## Install from release repo + +Add chart repository to install helm charts from it + +```console +helm repo add ceph-csi https://ceph.github.io/csi-charts +``` + +## Install from local Chart + +we need to enter into the directory where all charts are present + +```console +cd charts +``` + +**Note:** charts directory is present in root of the ceph-csi project + +### Install Chart + +To install the Chart into your Kubernetes cluster + +- For helm 2.x + + ```bash + helm install --namespace "ceph-csi-cephfs" --name "ceph-csi-cephfs" ceph-csi/ceph-csi-cephfs + ``` + +- For helm 3.x + + Create the namespace where Helm should install the components with + + ```bash + kubectl create namespace ceph-csi-cephfs + ``` + + Run the installation + + ```bash + helm install --namespace "ceph-csi-cephfs" "ceph-csi-cephfs" ceph-csi/ceph-csi-cephfs + ``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "ceph-csi-cephfs" +``` + +### Delete Chart + +If you want to delete your Chart, use this command + +- For helm 2.x + + ```bash + helm delete --purge "ceph-csi-cephfs" + ``` + +- For helm 3.x + + ```bash + helm uninstall "ceph-csi-cephfs" --namespace "ceph-csi-cephfs" + ``` + +If you want to delete the namespace, use this command + +```bash +kubectl delete namespace ceph-csi-cephfs +``` + +### Configuration + +The following table lists the configurable parameters of the ceph-csi-cephfs +charts and their default values. + +| Parameter | Description | Default | +| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | +| `rbac.create` | Specifies whether RBAC resources should be created | `true` | +| `serviceAccounts.nodeplugin.create` | Specifies whether a nodeplugin ServiceAccount should be created | `true` | +| `serviceAccounts.nodeplugin.name` | The name of the nodeplugin ServiceAccount to use. If not set and create is true, a name is generated using the fullname | "" | +| `serviceAccounts.provisioner.create` | Specifies whether a provisioner ServiceAccount should be created | `true` | +| `serviceAccounts.provisioner.name` | The name of the provisioner ServiceAccount of provisioner to use. If not set and create is true, a name is generated using the fullname | "" | +| `csiConfig` | Configuration for the CSI to connect to the cluster | [] | +| `logLevel` | Set logging level for csi containers. Supported values from 0 to 5. 0 for general useful logs, 5 for trace level verbosity. | `5` | +| `nodeplugin.name` | Specifies the nodeplugin name | `nodeplugin` | +| `nodeplugin.updateStrategy` | Specifies the update Strategy. If you are using ceph-fuse client set this value to OnDelete | `RollingUpdate` | +| `nodeplugin.priorityClassName` | Set user created priorityclassName for csi plugin pods. default is system-node-critical which is highest priority | `system-node-critical` | +| `nodeplugin.profiling.enabled` | Specifies whether profiling should be enabled | `false` | +| `nodeplugin.registrar.image.repository` | Node-Registrar image repository URL | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` | +| `nodeplugin.registrar.image.tag` | Image tag | `v2.2.0` | +| `nodeplugin.registrar.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `nodeplugin.plugin.image.repository` | Nodeplugin image repository URL | `quay.io/cephcsi/cephcsi` | +| `nodeplugin.plugin.image.tag` | Image tag | `canary` | +| `nodeplugin.plugin.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `nodeplugin.nodeSelector` | Kubernetes `nodeSelector` to add to the Daemonset | `{}` | +| `nodeplugin.tolerations` | List of Kubernetes `tolerations` to add to the Daemonset | `{}` | +| `nodeplugin.forcecephkernelclient` | Set to true to enable Ceph Kernel clients on kernel < 4.17 which support quotas | `true` | +| `nodeplugin.podSecurityPolicy.enabled` | If true, create & use [Pod Security Policy resources](https://kubernetes.io/docs/concepts/policy/pod-security-policy/). | `false` | +| `provisioner.name` | Specifies the name of provisioner | `provisioner` | +| `provisioner.replicaCount` | Specifies the replicaCount | `3` | +| `provisioner.timeout` | GRPC timeout for waiting for creation or deletion of a volume | `60s` | +| `provisioner.priorityClassName` | Set user created priorityclassName for csi provisioner pods. Default is `system-cluster-critical` which is less priority than `system-node-critical` | `system-cluster-critical` | +| `provisioner.profiling.enabled` | Specifies whether profiling should be enabled | `false` | +| `provisioner.provisioner.image.repository` | Specifies the csi-provisioner image repository URL | `k8s.gcr.io/sig-storage/csi-provisioner` | +| `provisioner.provisioner.image.tag` | Specifies image tag | `v2.2.2` | +| `provisioner.provisioner.image.pullPolicy` | Specifies pull policy | `IfNotPresent` | +| `provisioner.attacher.image.repository` | Specifies the csi-attacher image repository URL | `k8s.gcr.io/sig-storage/csi-attacher` | +| `provisioner.attacher.image.tag` | Specifies image tag | `v3.2.1` | +| `provisioner.attacher.image.pullPolicy` | Specifies pull policy | `IfNotPresent` | +| `provisioner.attacher.name` | Specifies the name of csi-attacher sidecar | `attacher` | +| `provisioner.attacher.enabled` | Specifies whether attacher sidecar is enabled | `true` | +| `provisioner.resizer.image.repository` | Specifies the csi-resizer image repository URL | `k8s.gcr.io/sig-storage/csi-resizer` | +| `provisioner.resizer.image.tag` | Specifies image tag | `v1.2.0` | +| `provisioner.resizer.image.pullPolicy` | Specifies pull policy | `IfNotPresent` | +| `provisioner.resizer.name` | Specifies the name of csi-resizer sidecar | `resizer` | +| `provisioner.resizer.enabled` | Specifies whether resizer sidecar is enabled | `true` | +| `provisioner.snapshotter.image.repository` | Specifies the csi-snapshotter image repository URL | `k8s.gcr.io/sig-storage/csi-snapshotter` | +| `provisioner.snapshotter.image.tag` | Specifies image tag | `v4.1.1` | +| `provisioner.snapshotter.image.pullPolicy` | Specifies pull policy | `IfNotPresent` | +| `provisioner.nodeSelector` | Specifies the node selector for provisioner deployment | `{}` | +| `provisioner.tolerations` | Specifies the tolerations for provisioner deployment | `{}` | +| `provisioner.affinity` | Specifies the affinity for provisioner deployment | `{}` | +| `provisioner.podSecurityPolicy.enabled` | Specifies whether podSecurityPolicy is enabled | `false` | +| `topology.enabled` | Specifies whether topology based provisioning support should be exposed by CSI | `false` | +| `topology.domainLabels` | DomainLabels define which node labels to use as domains for CSI nodeplugins to advertise their domains | `{}` | +| `provisionerSocketFile` | The filename of the provisioner socket | `csi-provisioner.sock` | +| `pluginSocketFile` | The filename of the plugin socket | `csi.sock` | +| `kubeletDir` | Kubelet working directory | `/var/lib/kubelet` | +| `driverName` | Name of the csi-driver | `cephfs.csi.ceph.com` | +| `configMapName` | Name of the configmap which contains cluster configuration | `ceph-csi-config` | +| `externallyManagedConfigmap` | Specifies the use of an externally provided configmap | `false` | +| `cephConfConfigMapName` | Name of the configmap which contains ceph.conf configuration | `ceph-config` | +| `storageClass.create` | Specifies whether the StorageClass should be created | `false` | +| `storageClass.name` | Specifies the cephFS StorageClass name | `csi-cephfs-sc` | +| `storageClass.annotations` | Specifies the annotations for the cephFS storageClass | `[]` | +| `storageClass.clusterID` | String representing a Ceph cluster to provision storage from | `` | +| `storageClass.fsName` | CephFS filesystem name into which the volume shall be created | `myfs` | +| `storageClass.pool` | Ceph pool into which volume data shall be stored | `""` | +| `storageClass.fuseMountOptions` | Comma separated string of Ceph-fuse mount options | `""` | +| `storageclass.kernelMountOptions` | Comma separated string of CephFS kernel mount options | `""` | +| `storageClass.mounter` | The driver can use either ceph-fuse (fuse) or ceph kernelclient (kernel) | `""` | +| `storageClass.volumeNamePrefix` | Prefix to use for naming subvolumes | `""` | +| `storageClass.provisionerSecret` | The secrets have to contain user and/or Ceph admin credentials. | `csi-cephfs-secret` | +| `storageClass.provisionerSecretNamespace` | Specifies the provisioner secret namespace | `""` | +| `storageClass.controllerExpandSecret` | Specifies the controller expand secret name | `csi-cephfs-secret` | +| `storageClass.controllerExpandSecretNamespace` | Specifies the controller expand secret namespace | `""` | +| `storageClass.nodeStageSecret` | Specifies the node stage secret name | `csi-cephfs-secret` | +| `storageClass.nodeStageSecretNamespace` | Specifies the node stage secret namespace | `""` | +| `storageClass.reclaimPolicy` | Specifies the reclaim policy of the StorageClass | `Delete` | +| `storageClass.allowVolumeExpansion` | Specifies whether volume expansion should be allowed | `true` | +| `storageClass.mountOptions` | Specifies the mount options | `[]` | +| `secret.create` | Specifies whether the secret should be created | `false` | +| `secret.name` | Specifies the cephFS secret name | `csi-cephfs-secret` | +| `secret.adminID` | Specifies the admin ID of the cephFS secret | `` | +| `secret.adminKey` | Specifies the key that corresponds to the adminID | `<Ceph auth key corresponding to ID above>` | +| `selinuxMount` | Mount the host /etc/selinux inside pods to support selinux-enabled filesystems | `true` | + +### Command Line + +You can pass the settings with helm command line parameters. +Specify each parameter using the --set key=value argument to helm install. +For Example: + +```bash +helm install --set configMapName=ceph-csi-config --set provisioner.podSecurityPolicy.enabled=true +``` diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/NOTES.txt b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/NOTES.txt new file mode 100644 index 000000000..c0c8c552b --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/NOTES.txt @@ -0,0 +1,2 @@ +Examples on how to configure a storage class and start using the driver are here: +https://github.com/ceph/ceph-csi/tree/devel/examples/cephfs diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/_helpers.tpl b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/_helpers.tpl new file mode 100644 index 000000000..635cca67b --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/_helpers.tpl @@ -0,0 +1,90 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "ceph-csi-cephfs.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ceph-csi-cephfs.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ceph-csi-cephfs.nodeplugin.fullname" -}} +{{- if .Values.nodeplugin.fullnameOverride -}} +{{- .Values.nodeplugin.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.nodeplugin.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeplugin.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ceph-csi-cephfs.provisioner.fullname" -}} +{{- if .Values.provisioner.fullnameOverride -}} +{{- .Values.provisioner.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name .Values.provisioner.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name .Values.provisioner.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ceph-csi-cephfs.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ceph-csi-cephfs.serviceAccountName.nodeplugin" -}} +{{- if .Values.serviceAccounts.nodeplugin.create -}} + {{ default (include "ceph-csi-cephfs.nodeplugin.fullname" .) .Values.serviceAccounts.nodeplugin.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.nodeplugin.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ceph-csi-cephfs.serviceAccountName.provisioner" -}} +{{- if .Values.serviceAccounts.provisioner.create -}} + {{ default (include "ceph-csi-cephfs.provisioner.fullname" .) .Values.serviceAccounts.provisioner.name }} +{{- else -}} + {{ default "default" .Values.serviceAccounts.provisioner.name }} +{{- end -}} +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/ceph-conf.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/ceph-conf.yaml new file mode 100644 index 000000000..3c8f8a47b --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/ceph-conf.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.cephConfConfigMapName | quote }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + ceph.conf: | +{{ tpl .Values.cephconf . | indent 4 }} + keyring: "" diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/csidriver-crd.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/csidriver-crd.yaml new file mode 100644 index 000000000..92c3d916a --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/csidriver-crd.yaml @@ -0,0 +1,11 @@ +{{ if semverCompare ">=1.18.0-beta.1" .Capabilities.KubeVersion.Version }} +apiVersion: storage.k8s.io/v1 +{{ else }} +apiVersion: storage.k8s.io/v1beta1 +{{ end }} +kind: CSIDriver +metadata: + name: {{ .Values.driverName }} +spec: + attachRequired: true + podInfoOnMount: false diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/csiplugin-configmap.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/csiplugin-configmap.yaml new file mode 100644 index 000000000..1f59b66ce --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/csiplugin-configmap.yaml @@ -0,0 +1,16 @@ +{{- if not .Values.externallyManagedConfigmap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.configMapName | quote }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + config.json: |- +{{ toJson .Values.csiConfig | indent 4 -}} +{{- end }} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrole.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrole.yaml new file mode 100644 index 000000000..f5bb71ef9 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrole.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create -}} +{{- if .Values.topology.enabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get"] +{{- end }} +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrolebinding.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrolebinding.yaml new file mode 100644 index 000000000..f394bab87 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-clusterrolebinding.yaml @@ -0,0 +1,22 @@ +{{- if .Values.rbac.create -}} +{{- if .Values.topology.enabled }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ include "ceph-csi-cephfs.serviceAccountName.nodeplugin" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml new file mode 100644 index 000000000..b9a4278a4 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml @@ -0,0 +1,239 @@ +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ include "ceph-csi-cephfs.name" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + updateStrategy: + type: {{ .Values.nodeplugin.updateStrategy }} + template: + metadata: + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + serviceAccountName: {{ include "ceph-csi-cephfs.serviceAccountName.nodeplugin" . }} +{{- if .Values.nodeplugin.priorityClassName }} + priorityClassName: {{ .Values.nodeplugin.priorityClassName }} +{{- end }} + hostNetwork: true + # to use e.g. Rook orchestrated cluster, and mons' FQDN is + # resolved through k8s service, set dns policy to cluster first + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver-registrar + # This is necessary only for systems with SELinux, where + # non-privileged sidecar containers cannot access unix domain socket + # created by privileged CSI driver container. + securityContext: + privileged: true +{{- if .Values.images.enable }} + image: "{{ .Values.images.nodeplugin.registrar }}" +{{- else }} + image: "{{ .Values.nodeplugin.registrar.image.repository }}" +{{- end }} + imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }} + args: + - "--v={{ .Values.logLevel }}" + - "--csi-address=/csi/{{ .Values.pluginSocketFile }}" + - "--kubelet-registration-path={{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/{{ .Values.pluginSocketFile }}" + env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + resources: +{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }} + - name: csi-cephfsplugin +{{- if .Values.images.enable }} + image: "{{ .Values.images.nodeplugin.plugin }}" +{{- else }} + image: "{{ .Values.nodeplugin.plugin.image.repository }}" +{{- end }} + imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} + args: + - "--nodeid=$(NODE_ID)" + - "--type=cephfs" + - "--nodeserver=true" + - "--pidlimit=-1" +{{- if .Values.nodeplugin.forcecephkernelclient }} + - "--forcecephkernelclient={{ .Values.nodeplugin.forcecephkernelclient }}" +{{- end }} + - "--endpoint=$(CSI_ENDPOINT)" + - "--v={{ .Values.logLevel }}" + - "--drivername=$(DRIVER_NAME)" +{{- if .Values.topology.enabled }} + - "--domainlabels={{ .Values.topology.domainLabels | join "," }}" +{{- end }} +{{- if .Values.nodeplugin.profiling.enabled }} + - "--enableprofiling={{ .Values.nodeplugin.profiling.enabled }}" +{{- end }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: DRIVER_NAME + value: {{ .Values.driverName }} + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: "unix:///csi/{{ .Values.pluginSocketFile }}" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: mountpoint-dir + mountPath: {{ .Values.kubeletDir }}/pods + mountPropagation: Bidirectional + - name: plugin-dir + mountPath: {{ .Values.kubeletDir }}/plugins + mountPropagation: "Bidirectional" + - mountPath: /dev + name: host-dev + - mountPath: /run/mount + name: host-mount + - mountPath: /sys + name: host-sys +{{- if .Values.selinuxMount }} + - mountPath: /etc/selinux + name: etc-selinux + readOnly: true +{{- end }} + - mountPath: /lib/modules + name: lib-modules + readOnly: true + - name: ceph-config + mountPath: /etc/ceph/ + - name: ceph-csi-config + mountPath: /etc/ceph-csi-config/ + - name: keys-tmp-dir + mountPath: /tmp/csi/keys + - name: ceph-csi-mountinfo + mountPath: /csi/mountinfo + resources: +{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} +{{- if .Values.nodeplugin.httpMetrics.enabled }} + - name: liveness-prometheus + securityContext: + privileged: true + {{- if .Values.images.enable }} + image: "{{ .Values.images.nodeplugin.plugin }}" + {{- else }} + image: "{{ .Values.nodeplugin.plugin.image.repository }}" + {{- end }} + imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} + args: + - "--type=liveness" + - "--endpoint=$(CSI_ENDPOINT)" + - "--metricsport={{ .Values.nodeplugin.httpMetrics.containerPort }}" + - "--metricspath=/metrics" + - "--polltime=60s" + - "--timeout=3s" + env: + - name: CSI_ENDPOINT + value: "unix:///csi/{{ .Values.pluginSocketFile }}" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + ports: + - containerPort: {{ .Values.nodeplugin.httpMetrics.containerPort }} + name: metrics + protocol: TCP + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: +{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} +{{- end }} + volumes: + - name: socket-dir + hostPath: + path: "{{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}" + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: {{ .Values.kubeletDir }}/plugins_registry + type: Directory + - name: mountpoint-dir + hostPath: + path: {{ .Values.kubeletDir }}/pods + type: DirectoryOrCreate + - name: plugin-dir + hostPath: + path: {{ .Values.kubeletDir }}/plugins + type: Directory + - name: host-sys + hostPath: + path: /sys +{{- if .Values.selinuxMount }} + - name: etc-selinux + hostPath: + path: /etc/selinux +{{- end }} + - name: host-mount + hostPath: + path: /run/mount + - name: lib-modules + hostPath: + path: /lib/modules + - name: host-dev + hostPath: + path: /dev + - name: ceph-config + configMap: + name: {{ .Values.cephConfConfigMapName | quote }} + - name: ceph-csi-config + configMap: + name: {{ .Values.configMapName | quote }} +{{- if .Values.configMapKey }} + items: + - key: {{ .Values.configMapKey | quote }} + path: config.json +{{- end }} + - name: keys-tmp-dir + emptyDir: { + medium: "Memory" + } + - name: ceph-csi-mountinfo + hostPath: + path: {{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/mountinfo + type: DirectoryOrCreate +{{- if .Values.nodeplugin.affinity }} + affinity: +{{ toYaml .Values.nodeplugin.affinity | indent 8 -}} +{{- end -}} +{{- if .Values.nodeplugin.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeplugin.nodeSelector | indent 8 -}} +{{- end -}} +{{- if .Values.nodeplugin.tolerations }} + tolerations: +{{ toYaml .Values.nodeplugin.tolerations | indent 8 -}} +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-http-service.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-http-service.yaml new file mode 100644 index 000000000..95fee84f2 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-http-service.yaml @@ -0,0 +1,41 @@ +{{- if .Values.nodeplugin.httpMetrics.service.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.nodeplugin.httpMetrics.service.annotations }} + annotations: +{{ toYaml .Values.nodeplugin.httpMetrics.service.annotations | indent 4 }} +{{- end }} + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}-http-metrics + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.fullname" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.nodeplugin.httpMetrics.service.clusterIP }} + clusterIP: "{{ .Values.nodeplugin.httpMetrics.service.clusterIP }}" +{{- end }} +{{- if .Values.nodeplugin.httpMetrics.service.externalIPs }} + externalIPs: +{{ toYaml .Values.nodeplugin.httpMetrics.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.nodeplugin.httpMetrics.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.nodeplugin.httpMetrics.service.loadBalancerIP }}" +{{- end }} +{{- if .Values.nodeplugin.httpMetrics.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.nodeplugin.httpMetrics.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + - name: http-metrics + port: {{ .Values.nodeplugin.httpMetrics.service.servicePort }} + targetPort: {{ .Values.nodeplugin.httpMetrics.containerPort }} + selector: + app: {{ include "ceph-csi-cephfs.name" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + type: "{{ .Values.nodeplugin.httpMetrics.service.type }}" +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-psp.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-psp.yaml new file mode 100644 index 000000000..197a865c8 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.nodeplugin.podSecurityPolicy.enabled -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.fullname" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + allowPrivilegeEscalation: true + allowedCapabilities: + - 'SYS_ADMIN' + fsGroup: + rule: RunAsAny + privileged: true + hostNetwork: true + hostPorts: + - min: {{ .Values.nodeplugin.httpMetrics.containerPort }} + max: {{ .Values.nodeplugin.httpMetrics.containerPort }} + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'hostPath' + allowedHostPaths: + - pathPrefix: '/dev' + readOnly: false + - pathPrefix: '/run/mount' + readOnly: false + - pathPrefix: '/sys' + readOnly: false +{{- if .Values.selinuxMount }} + - pathPrefix: '/etc/selinux' + readOnly: true +{{- end }} + - pathPrefix: '/lib/modules' + readOnly: true + - pathPrefix: '{{ .Values.kubeletDir }}' + readOnly: false +{{- end }} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-role.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-role.yaml new file mode 100644 index 000000000..4b211d7fc --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-role.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.rbac.create .Values.nodeplugin.podSecurityPolicy.enabled -}} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.fullname" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: ['{{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}'] +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-rolebinding.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-rolebinding.yaml new file mode 100644 index 000000000..19b3b6d8b --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.rbac.create .Values.nodeplugin.podSecurityPolicy.enabled -}} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.fullname" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ include "ceph-csi-cephfs.serviceAccountName.nodeplugin" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-serviceaccount.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-serviceaccount.yaml new file mode 100644 index 000000000..5dedaf4b0 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/nodeplugin-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccounts.nodeplugin.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ceph-csi-cephfs.serviceAccountName.nodeplugin" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.nodeplugin.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-clusterrole.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-clusterrole.yaml new file mode 100644 index 000000000..280e300e6 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-clusterrole.yaml @@ -0,0 +1,64 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete","patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] +{{- if .Values.provisioner.attacher.enabled }} + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] +{{- end -}} +{{- if .Values.provisioner.resizer.enabled }} + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] +{{- end -}} +{{- if .Values.topology.enabled }} + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] +{{- end }} +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-clusterrolebinding.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-clusterrolebinding.yaml new file mode 100644 index 000000000..82d5d1316 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ include "ceph-csi-cephfs.serviceAccountName.provisioner" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml new file mode 100644 index 000000000..434cf5778 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-deployment.yaml @@ -0,0 +1,267 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.provisioner.replicaCount }} + strategy: + type: {{ .Values.provisioner.strategy.type }} +{{- if eq .Values.provisioner.strategy.type "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.provisioner.strategy.rollingUpdate.maxUnavailable }} +{{- end }} + selector: + matchLabels: + app: {{ include "ceph-csi-cephfs.name" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: +{{- if gt (int .Values.provisioner.replicaCount) 1 }} + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ include "ceph-csi-cephfs.name" . }} + - key: component + operator: In + values: + - {{ .Values.provisioner.name }} + topologyKey: "kubernetes.io/hostname" +{{- end }} + serviceAccountName: {{ include "ceph-csi-cephfs.serviceAccountName.provisioner" . }} +{{- if .Values.provisioner.priorityClassName }} + priorityClassName: {{ .Values.provisioner.priorityClassName }} +{{- end }} + containers: + - name: csi-provisioner +{{- if .Values.images.enable }} + image: "{{ .Values.images.provisioner.provisioner }}" +{{- else }} + image: "{{ .Values.provisioner.provisioner.image.repository }}" +{{- end }} + imagePullPolicy: {{ .Values.provisioner.provisioner.image.pullPolicy }} + args: + - "--csi-address=$(ADDRESS)" + - "--v={{ .Values.logLevel }}" + - "--timeout={{ .Values.provisioner.timeout }}" + - "--leader-election=true" + - "--retry-interval-start=500ms" + - "--extra-create-metadata=true" +{{- if .Values.topology.enabled }} + - "--feature-gates=Topology=true" +{{- end }} + env: + - name: ADDRESS + value: "unix:///csi/{{ .Values.provisionerSocketFile }}" + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: +{{ toYaml .Values.provisioner.provisioner.resources | indent 12 }} + - name: csi-snapshotter +{{- if .Values.images.enable }} + image: {{ .Values.images.provisioner.snapshotter }} +{{- else }} + image: {{ .Values.provisioner.snapshotter.image.repository }} +{{- end }} + imagePullPolicy: {{ .Values.provisioner.snapshotter.image.pullPolicy }} + args: + - "--csi-address=$(ADDRESS)" + - "--v={{ .Values.logLevel }}" + - "--timeout={{ .Values.provisioner.timeout }}" + - "--leader-election=true" + env: + - name: ADDRESS + value: "unix:///csi/{{ .Values.provisionerSocketFile }}" + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: +{{ toYaml .Values.provisioner.snapshotter.resources | indent 12 }} +{{- if .Values.provisioner.attacher.enabled }} + - name: csi-attacher + {{- if .Values.images.enable }} + image: "{{ .Values.images.provisioner.attacher }}" + {{- else }} + image: "{{ .Values.provisioner.attacher.image.repository }}" + {{- end }} + imagePullPolicy: {{ .Values.provisioner.attacher.image.pullPolicy }} + args: + - "--v={{ .Values.logLevel }}" + - "--csi-address=$(ADDRESS)" + - "--leader-election=true" + - "--retry-interval-start=500ms" + env: + - name: ADDRESS + value: "unix:///csi/{{ .Values.provisionerSocketFile }}" + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: +{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} +{{- end }} +{{- if .Values.provisioner.resizer.enabled }} + - name: csi-resizer + {{- if .Values.images.enable }} + image: "{{ .Values.images.provisioner.resizer }}" + {{- else }} + image: "{{ .Values.provisioner.resizer.image.repository }}" + {{- end }} + imagePullPolicy: {{ .Values.provisioner.resizer.image.pullPolicy }} + args: + - "--v={{ .Values.logLevel }}" + - "--csi-address=$(ADDRESS)" + - "--timeout={{ .Values.provisioner.timeout }}" + - "--leader-election" + - "--retry-interval-start=500ms" + - "--handle-volume-inuse-error=false" + env: + - name: ADDRESS + value: "unix:///csi/{{ .Values.provisionerSocketFile }}" + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: +{{ toYaml .Values.provisioner.resizer.resources | indent 12 }} +{{- end }} + - name: csi-cephfsplugin +{{- if .Values.images.enable }} + image: "{{ .Values.images.nodeplugin.plugin }}" +{{- else }} + image: "{{ .Values.nodeplugin.plugin.image.repository }}" +{{- end }} + imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} + args: + - "--nodeid=$(NODE_ID)" + - "--type=cephfs" + - "--controllerserver=true" + - "--pidlimit=-1" + - "--endpoint=$(CSI_ENDPOINT)" + - "--v={{ .Values.logLevel }}" + - "--drivername=$(DRIVER_NAME)" +{{- if .Values.provisioner.profiling.enabled }} + - "--enableprofiling={{ .Values.provisioner.profiling.enabled }}" +{{- end }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: DRIVER_NAME + value: {{ .Values.driverName }} + - name: NODE_ID + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: "unix:///csi/{{ .Values.provisionerSocketFile }}" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: host-sys + mountPath: /sys + - name: lib-modules + mountPath: /lib/modules + readOnly: true + - name: host-dev + mountPath: /dev + - name: ceph-config + mountPath: /etc/ceph/ + - name: ceph-csi-config + mountPath: /etc/ceph-csi-config/ + - name: keys-tmp-dir + mountPath: /tmp/csi/keys + resources: +{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} +{{- if .Values.provisioner.httpMetrics.enabled }} + - name: liveness-prometheus + {{- if .Values.images.enable }} + image: "{{ .Values.images.nodeplugin.plugin }}" + {{- else }} + image: "{{ .Values.nodeplugin.plugin.image.repository }}" + {{- end }} + imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }} + args: + - "--type=liveness" + - "--endpoint=$(CSI_ENDPOINT)" + - "--metricsport={{ .Values.provisioner.httpMetrics.containerPort }}" + - "--metricspath=/metrics" + - "--polltime=60s" + - "--timeout=3s" + env: + - name: CSI_ENDPOINT + value: "unix:///csi/{{ .Values.provisionerSocketFile }}" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + ports: + - containerPort: {{ .Values.provisioner.httpMetrics.containerPort }} + name: metrics + protocol: TCP + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: +{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }} +{{- end }} + volumes: + - name: socket-dir + emptyDir: { + medium: "Memory" + } + - name: host-sys + hostPath: + path: /sys + - name: lib-modules + hostPath: + path: /lib/modules + - name: host-dev + hostPath: + path: /dev + - name: ceph-config + configMap: + name: {{ .Values.cephConfConfigMapName | quote }} + - name: ceph-csi-config + configMap: + name: {{ .Values.configMapName | quote }} +{{- if .Values.configMapKey }} + items: + - key: {{ .Values.configMapKey | quote }} + path: config.json +{{- end }} + - name: keys-tmp-dir + emptyDir: { + medium: "Memory" + } +{{- if .Values.provisioner.affinity }} + affinity: +{{ toYaml .Values.provisioner.affinity | indent 8 -}} +{{- end -}} +{{- if .Values.provisioner.nodeSelector }} + nodeSelector: +{{ toYaml .Values.provisioner.nodeSelector | indent 8 -}} +{{- end -}} +{{- if .Values.provisioner.tolerations }} + tolerations: +{{ toYaml .Values.provisioner.tolerations | indent 8 -}} +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-http-service.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-http-service.yaml new file mode 100644 index 000000000..548324242 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-http-service.yaml @@ -0,0 +1,41 @@ +{{- if .Values.provisioner.httpMetrics.service.enabled -}} +apiVersion: v1 +kind: Service +metadata: +{{- if .Values.provisioner.httpMetrics.service.annotations }} + annotations: +{{ toYaml .Values.provisioner.httpMetrics.service.annotations | indent 4 }} +{{- end }} + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }}-http-metrics + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.fullname" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.provisioner.httpMetrics.service.clusterIP }} + clusterIP: "{{ .Values.provisioner.httpMetrics.service.clusterIP }}" +{{- end }} +{{- if .Values.provisioner.httpMetrics.service.externalIPs }} + externalIPs: +{{ toYaml .Values.provisioner.httpMetrics.service.externalIPs | indent 4 }} +{{- end }} +{{- if .Values.provisioner.httpMetrics.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.provisioner.httpMetrics.service.loadBalancerIP }}" +{{- end }} +{{- if .Values.provisioner.httpMetrics.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.provisioner.httpMetrics.service.loadBalancerSourceRanges | indent 4 }} +{{- end }} + ports: + - name: http-metrics + port: {{ .Values.provisioner.httpMetrics.service.servicePort }} + targetPort: {{ .Values.provisioner.httpMetrics.containerPort }} + selector: + app: {{ include "ceph-csi-cephfs.name" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + type: "{{ .Values.provisioner.httpMetrics.service.type }}" +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-psp.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-psp.yaml new file mode 100644 index 000000000..fceecd01d --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-psp.yaml @@ -0,0 +1,34 @@ +{{- if .Values.provisioner.podSecurityPolicy.enabled -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + fsGroup: + rule: RunAsAny + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'hostPath' + allowedHostPaths: + - pathPrefix: '/dev' + readOnly: false + - pathPrefix: '/sys' + readOnly: false + - pathPrefix: '/lib/modules' + readOnly: true +{{- end }} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-role.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-role.yaml new file mode 100644 index 000000000..983bc60ee --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-role.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.create -}} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +{{- if .Values.provisioner.podSecurityPolicy.enabled }} + - apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: ['{{ include "ceph-csi-cephfs.provisioner.fullname" . }}'] +{{- end -}} +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-rolebinding.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-rolebinding.yaml new file mode 100644 index 000000000..66fb72580 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.create -}} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +subjects: + - kind: ServiceAccount + name: {{ include "ceph-csi-cephfs.serviceAccountName.provisioner" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "ceph-csi-cephfs.provisioner.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-serviceaccount.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-serviceaccount.yaml new file mode 100644 index 000000000..c4ba5c188 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/provisioner-serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccounts.provisioner.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ceph-csi-cephfs.serviceAccountName.provisioner" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + component: {{ .Values.provisioner.name }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/secret.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/secret.yaml new file mode 100644 index 000000000..7063543b7 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.secret.create -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.secret.name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +stringData: + adminID: {{ .Values.secret.adminID }} + adminKey: {{ .Values.secret.adminKey }} +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/storageclass.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/storageclass.yaml new file mode 100644 index 000000000..4041dec6b --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/templates/storageclass.yaml @@ -0,0 +1,60 @@ +{{- if .Values.storageClass.create -}} +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ .Values.storageClass.name }} +{{- if .Values.storageClass.annotations }} + annotations: +{{ toYaml .Values.storageClass.annotations | indent 4 }} +{{- end }} + labels: + app: {{ include "ceph-csi-cephfs.name" . }} + chart: {{ include "ceph-csi-cephfs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +provisioner: {{ .Values.driverName }} +parameters: + clusterID: {{ .Values.storageClass.clusterID }} + fsName: {{ .Values.storageClass.fsName }} +{{- if .Values.storageClass.pool }} + pool: {{ .Values.storageClass.pool }} +{{- end }} +{{- if .Values.storageClass.fuseMountOptions }} + fuseMountOptions: "{{ .Values.storageClass.fuseMountOptions }}" +{{- end }} +{{- if .Values.storageClass.kernelMountOptions }} + kernelMountOptions: "{{ .Values.storageClass.kernelMountOptions }}" +{{- end }} +{{- if .Values.storageClass.mounter }} + mounter: "{{ .Values.storageClass.mounter }}" +{{- end }} +{{- if .Values.storageClass.volumeNamePrefix }} + volumeNamePrefix: "{{ .Values.storageClass.volumeNamePrefix }}" +{{- end }} + csi.storage.k8s.io/provisioner-secret-name: {{ .Values.storageClass.provisionerSecret }} +{{- if .Values.storageClass.provisionerSecretNamespace }} + csi.storage.k8s.io/provisioner-secret-namespace: {{ .Values.storageClass.provisionerSecretNamespace }} +{{ else }} + csi.storage.k8s.io/provisioner-secret-namespace: {{ .Release.Namespace }} +{{- end }} + csi.storage.k8s.io/controller-expand-secret-name: {{ .Values.storageClass.controllerExpandSecret }} +{{- if .Values.storageClass.controllerExpandSecretNamespace }} + csi.storage.k8s.io/controller-expand-secret-namespace: {{ .Values.storageClass.controllerExpandSecretNamespace }} +{{ else }} + csi.storage.k8s.io/controller-expand-secret-namespace: {{ .Release.Namespace }} +{{- end }} + csi.storage.k8s.io/node-stage-secret-name: {{ .Values.storageClass.nodeStageSecret }} +{{- if .Values.storageClass.nodeStageSecretNamespace }} + csi.storage.k8s.io/node-stage-secret-namespace: {{ .Values.storageClass.nodeStageSecretNamespace }} +{{ else }} + csi.storage.k8s.io/node-stage-secret-namespace: {{ .Release.Namespace }} +{{- end }} +reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }} +allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }} +{{- if .Values.storageClass.mountOptions }} +mountOptions: + {{- range .Values.storageClass.mountOptions }} + - {{ . }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/values.yaml b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/values.yaml new file mode 100644 index 000000000..d7a640ed3 --- /dev/null +++ b/cmd/tke-installer/app/installer/manifests/charts/ceph-csi-cephfs/values.yaml @@ -0,0 +1,332 @@ +--- +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccounts: + nodeplugin: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname + name: + provisioner: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname + name: + +# Configuration for the CSI to connect to the cluster +# Ref: https://github.com/ceph/ceph-csi/blob/devel/examples/README.md +# Example: +# csiConfig: +# - clusterID: "<cluster-id>" +# monitors: +# - "<MONValue1>" +# - "<MONValue2>" +# cephFS: +# subvolumeGroup: "csi" +csiConfig: [] + +# Set logging level for csi containers. +# Supported values from 0 to 5. 0 for general useful logs, +# 5 for trace level verbosity. +logLevel: 5 + +nodeplugin: + name: nodeplugin + # if you are using ceph-fuse client set this value to OnDelete + updateStrategy: RollingUpdate + + # set user created priorityclassName for csi plugin pods. default is + # system-node-critical which is highest priority + priorityClassName: system-node-critical + + httpMetrics: + # Metrics only available for cephcsi/cephcsi => 1.2.0 + # Specifies whether http metrics should be exposed + enabled: true + # The port of the container to expose the metrics + containerPort: 8081 + + service: + # Specifies whether a service should be created for the metrics + enabled: true + # The port to use for the service + servicePort: 8080 + type: ClusterIP + + # Annotations for the service + # Example: + # annotations: + # prometheus.io/scrape: "true" + # prometheus.io/port: "9080" + annotations: {} + + clusterIP: "" + + ## List of IP addresses at which the stats-exporter service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + profiling: + enabled: false + + registrar: + image: + repository: tkestack/csi-node-driver-registrar:v2.4.0 + pullPolicy: IfNotPresent + resources: {} + + plugin: + image: + repository: tkestack/cephcsi:v3.6.0 + pullPolicy: IfNotPresent + resources: {} + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + # Set to true to enable Ceph Kernel clients + # on kernel < 4.17 which support quotas + # forcecephkernelclient: true + + # If true, create & use Pod Security Policy resources + # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + podSecurityPolicy: + enabled: false + +provisioner: + name: provisioner + replicaCount: 3 + strategy: + # RollingUpdate strategy replaces old pods with new ones gradually, + # without incurring downtime. + type: RollingUpdate + rollingUpdate: + # maxUnavailable is the maximum number of pods that can be + # unavailable during the update process. + maxUnavailable: 50% + # Timeout for waiting for creation or deletion of a volume + timeout: 60s + + # set user created priorityclassName for csi provisioner pods. default is + # system-cluster-critical which is less priority than system-node-critical + priorityClassName: system-cluster-critical + + httpMetrics: + # Metrics only available for cephcsi/cephcsi => 1.2.0 + # Specifies whether http metrics should be exposed + enabled: true + # The port of the container to expose the metrics + containerPort: 8081 + + service: + # Specifies whether a service should be created for the metrics + enabled: true + # The port to use for the service + servicePort: 8080 + type: ClusterIP + + # Annotations for the service + # Example: + # annotations: + # prometheus.io/scrape: "true" + # prometheus.io/port: "9080" + annotations: {} + + clusterIP: "" + + ## List of IP addresses at which the stats-exporter service is available + ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips + ## + externalIPs: [] + + loadBalancerIP: "" + loadBalancerSourceRanges: [] + + profiling: + enabled: false + + provisioner: + image: + repository: tkestack/csi-provisioner:v3.1.0 + pullPolicy: IfNotPresent + resources: {} + + attacher: + name: attacher + enabled: true + image: + repository: tkestack/csi-attacher:v3.4.0 + pullPolicy: IfNotPresent + resources: {} + + resizer: + name: resizer + enabled: true + image: + repository: tkestack/csi-resizer:v1.4.0 + pullPolicy: IfNotPresent + resources: {} + + snapshotter: + image: + repository: tkestack/csi-snapshotter:v4.2.0 + pullPolicy: IfNotPresent + resources: {} + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + # If true, create & use Pod Security Policy resources + # https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + podSecurityPolicy: + enabled: false + +# Mount the host /etc/selinux inside pods to support +# selinux-enabled filesystems +selinuxMount: true + +topology: + # Specifies whether topology based provisioning support should + # be exposed by CSI + enabled: false + # domainLabels define which node labels to use as domains + # for CSI nodeplugins to advertise their domains + # NOTE: the value here serves as an example and needs to be + # updated with node labels that define domains of interest + domainLabels: + - failure-domain/region + - failure-domain/zone + +storageClass: + # Specifies whether the Storage class should be created + create: true + name: csi-cephfs-sc + # Annotations for the storage class + # Example: + # annotations: + # storageclass.kubernetes.io/is-default-class: "true" + annotations: {} + + # String representing a Ceph cluster to provision storage from. + # Should be unique across all Ceph clusters in use for provisioning, + # cannot be greater than 36 bytes in length, and should remain immutable for + # the lifetime of the StorageClass in use. + clusterID: <cluster-ID> + # (required) CephFS filesystem name into which the volume shall be created + # eg: fsName: myfs + fsName: "" + # (optional) Ceph pool into which volume data shall be stored + # pool: <cephfs-data-pool> + # For eg: + # pool: "replicapool" + pool: "" + # (optional) Comma separated string of Ceph-fuse mount options. + # For eg: + # fuseMountOptions: debug + fuseMountOptions: "" + # (optional) Comma separated string of Cephfs kernel mount options. + # Check man mount.ceph for mount options. For eg: + # kernelMountOptions: readdir_max_bytes=1048576,norbytes + kernelMountOptions: "" + # (optional) The driver can use either ceph-fuse (fuse) or + # ceph kernelclient (kernel). + # If omitted, default volume mounter will be used - this is + # determined by probing for ceph-fuse and mount.ceph + # mounter: kernel + mounter: "" + # (optional) Prefix to use for naming subvolumes. + # If omitted, defaults to "csi-vol-". + # volumeNamePrefix: "foo-bar-" + volumeNamePrefix: "" + # The secrets have to contain user and/or Ceph admin credentials. + provisionerSecret: csi-cephfs-secret + # If the Namespaces are not specified, the secrets are assumed to + # be in the Release namespace. + provisionerSecretNamespace: "" + controllerExpandSecret: csi-cephfs-secret + controllerExpandSecretNamespace: "" + nodeStageSecret: csi-cephfs-secret + nodeStageSecretNamespace: "" + reclaimPolicy: Delete + allowVolumeExpansion: true + mountOptions: [] + # Mount Options + # Example: + # mountOptions: + # - discard + +secret: + # Specifies whether the secret should be created + create: true + name: csi-cephfs-secret + # Key values correspond to a user name and its key, as defined in the + # ceph cluster. User ID should have required access to the 'pool' + # specified in the storage class + adminID: <plaintext ID> + adminKey: <Ceph auth key corresponding to ID above> + +# This is a sample configmap that helps define a Ceph configuration as required +# by the CSI plugins. +# Sample ceph.conf available at +# https://github.com/ceph/ceph/blob/master/src/sample.ceph.conf Detailed +# documentation is available at +# https://docs.ceph.com/en/latest/rados/configuration/ceph-conf/ +cephconf: | + [global] + auth_cluster_required = cephx + auth_service_required = cephx + auth_client_required = cephx + client_reconnect_stale = false + + # Workaround for http://tracker.ceph.com/issues/23446 + fuse_set_user_groups = false + + # ceph-fuse which uses libfuse2 by default has write buffer size of 2KiB + # adding 'fuse_big_writes = true' option by default to override this limit + # see https://github.com/ceph/ceph-csi/issues/1928 + fuse_big_writes = true + +######################################################### +# Variables for 'internal' use please use with caution! # +######################################################### + +# The filename of the provisioner socket +provisionerSocketFile: csi-provisioner.sock +# The filename of the plugin socket +pluginSocketFile: csi.sock +# kubelet working directory,can be set using `--root-dir` when starting kubelet. +kubeletDir: /var/lib/kubelet +# Name of the csi-driver +driverName: cephfs.csi.ceph.com +# Name of the configmap used for state +configMapName: ceph-csi-config +# Key to use in the Configmap if not config.json +# configMapKey: +# Use an externally provided configmap +externallyManagedConfigmap: false +# Name of the configmap used for ceph.conf +cephConfConfigMapName: ceph-config +images: + enable: false + nodeplugin: + registrar: + plugin: + provisioner: + provisioner: + attacher: + resizer: + snapshotter: