cscott/openebs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Conan Scott
2025-12-09 19:34:54 +11:00
commit a4d98eea50
894 changed files with 131646 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
charts/rawfile-localpv/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,122 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "rawfile-localpv.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "rawfile-localpv.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "rawfile-localpv.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "rawfile-localpv.labels" -}}
helm.sh/chart: {{ include "rawfile-localpv.chart" . }}
{{ include "rawfile-localpv.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "rawfile-localpv.selectorLabels" -}}
app.kubernetes.io/name: {{ include "rawfile-localpv.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "rawfile-localpv.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "rawfile-localpv.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Some helpers to handle image global information
*/}}
{{- define "rawfile-localpv.controller-image-tag" -}}
{{- $imageTag := .Values.controller.image.tag | default .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}
{{- printf "%s" $imageTag }}
{{- end }}
{{- define "rawfile-localpv.controller-image-repository" -}}
{{- printf "%s" .Values.controller.image.repository | default .Values.image.repository }}
{{- end }}
{{- define "rawfile-localpv.controller-image" -}}
{{- $imageRegistry := .Values.image.registry | default .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" $imageRegistry (include "rawfile-localpv.controller-image-repository" .) (include "rawfile-localpv.controller-image-tag" .) }}
{{- end }}
{{- define "rawfile-localpv.controller-pull-policy" -}}
{{- printf "%s" (.Values.controller.image.pullPolicy | default .Values.image.pullPolicy | default .Values.global.imagePullPolicy) }}
{{- end }}
{{- define "rawfile-localpv.controller-resources" -}}
{{- toYaml (.Values.controller.resources) }}
{{- end }}
{{- define "rawfile-localpv.node-image-tag" -}}
{{- $imageTag := .Values.node.image.tag | default .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}
{{- printf "%s" $imageTag }}
{{- end }}
{{- define "rawfile-localpv.node-image-registry" -}}
{{- printf "%s" .Values.image.registry | default .Values.global.imageRegistry }}
{{- end }}
{{- define "rawfile-localpv.node-image-repository" -}}
{{- printf "%s" .Values.node.image.repository | default .Values.image.repository }}
{{- end }}
{{- define "rawfile-localpv.node-image" -}}
{{- $imageRegistry := .Values.image.registry | default .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" $imageRegistry (include "rawfile-localpv.node-image-repository" .) (include "rawfile-localpv.node-image-tag" .) }}
{{- end }}
{{- define "rawfile-localpv.node-pull-policy" -}}
{{- printf "%s" (.Values.node.image.pullPolicy | default .Values.image.pullPolicy | default .Values.global.imagePullPolicy) }}
{{- end }}
{{- define "rawfile-localpv.node-resources" -}}
{{- toYaml (.Values.node.resources) }}
{{- end }}
{{- define "rawfile-localpv.node-kubelet-path" -}}
{{- printf "%s/" (.Values.node.kubeletPath | trimSuffix "/") -}}
{{- end }}
{{- define "rawfile-localpv.metadata-dir-path" -}}
{{- tpl .Values.node.metadataDirPath . }}
{{- end }}

13
charts/rawfile-localpv/templates/controller/service.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-controller
labels:
{{- include "rawfile-localpv.labels" . | nindent 4 }}
component: controller
spec:
type: ClusterIP
selector:
{{- include "rawfile-localpv.selectorLabels" . | nindent 4 }}
component: controller
clusterIP: None

99
charts/rawfile-localpv/templates/controller/statefulset.yaml Normal file
View File

@@ -0,0 +1,99 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-controller
spec:
replicas: 1
serviceName: {{ include "rawfile-localpv.fullname" . }}
selector:
matchLabels: &selectorLabels
{{- include "rawfile-localpv.selectorLabels" . | nindent 6 }}
component: controller
template:
metadata:
labels: *selectorLabels
spec:
serviceAccount: {{ include "rawfile-localpv.fullname" . }}-driver
priorityClassName: {{ .Values.controller.priorityClassName }}
tolerations:
{{- .Values.controller.tolerations | toYaml | nindent 8 }}
volumes:
- name: socket-dir
emptyDir: {}
containers:
- name: csi-driver
image: "{{ include "rawfile-localpv.controller-image" . }}"
imagePullPolicy: "{{ include "rawfile-localpv.controller-pull-policy" . }}"
args:
- csi-driver
- --enable-metrics=false
env:
- name: PROVISIONER_NAME
value: "{{ .Values.provisionerName }}"
- name: CSI_DRIVER__ENDPOINT
value: unix:///csi/csi.sock
- name: CSI_DRIVER__NODE_ID
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: NAMESPACE
value: {{ .Release.Namespace }}
- name: LOG_LEVEL
value: {{ .Values.logLevel }}
- name: LOG_FORMAT
value: {{ .Values.logFormat }}
- name: CSI_DRIVER__PLUGIN_TYPE
value: controller
{{- if .Values.reservedCapacity }}
- name: RESERVED_CAPACITY
value: {{ .Values.reservedCapacity | toString | quote }}
{{- end }}
{{- if .Values.capacityOverride }}
- name: CAPACITY_OVERRIDE
value: {{ .Values.capacityOverride | toString | quote }}
{{- end }}
- name: CSI_DRIVER__GRPC_WORKERS
value: {{ .Values.controller.grpcWorkers | toString | quote }}
- name: GA_ENABLED
value: "{{ .Values.global.analytics.enabled }}"
{{- if .Values.global.analytics.gaId }}
- name: GA_ID
value: {{ .Values.global.analytics.gaId | quote }}
{{- end }}
{{- if .Values.global.analytics.gaKey }}
- name: GA_KEY
value: {{ .Values.global.analytics.gaKey | quote }}
{{- end }}
- name: CSI_DRIVER__INTERNAL_PORT
value: {{ .Values.node.internalGRPC.port | toString | quote }}
- name: CSI_DRIVER__NODE_DS
value: {{ include "rawfile-localpv.fullname" . }}-node
{{- if .Values.auth.enabled }}
- name: CSI_DRIVER__INTERNAL_SIGNATURE
valueFrom:
secretKeyRef:
name: {{ include "rawfile-localpv.fullname" . }}-secrets
key: internal-signature
{{- end }}
volumeMounts:
- name: socket-dir
mountPath: /csi
ports:
- name: csi-probe
containerPort: 9808
resources:
{{- include "rawfile-localpv.controller-resources" . | nindent 12 }}
- name: external-resizer
image: {{ printf "%s/%s:%s" (.Values.controller.externalResizer.image.registry | default .Values.global.k8sImageRegistry) .Values.controller.externalResizer.image.repository .Values.controller.externalResizer.image.tag }}
imagePullPolicy: IfNotPresent
args:
- "--csi-address=$(ADDRESS)"
- "--handle-volume-inuse-error=false"
- "--timeout=30s"
env:
- name: ADDRESS
value: /csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /csi

11
charts/rawfile-localpv/templates/driver.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: {{ .Values.provisionerName }}
spec:
attachRequired: false
podInfoOnMount: true
fsGroupPolicy: File
storageCapacity: true
volumeLifecycleModes:
- Persistent

220
charts/rawfile-localpv/templates/node-plugin/daemonset.yaml Normal file
View File

@@ -0,0 +1,220 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-node
spec:
updateStrategy:
rollingUpdate:
maxUnavailable: "100%"
selector:
matchLabels: &selectorLabels
{{- include "rawfile-localpv.selectorLabels" . | nindent 6 }}
component: node
template:
metadata:
labels: *selectorLabels
spec:
serviceAccount: {{ include "rawfile-localpv.fullname" . }}-driver
priorityClassName: {{ .Values.node.priorityClassName }}
tolerations:
{{- .Values.node.tolerations | toYaml | nindent 8 }}
volumes:
- name: registration-dir
hostPath:
path: {{ include "rawfile-localpv.node-kubelet-path" . }}plugins_registry
type: Directory
- name: socket-dir
hostPath:
path: {{ include "rawfile-localpv.node-kubelet-path" . }}plugins/rawfile-localpv
type: DirectoryOrCreate
- name: mountpoint-dir
hostPath:
path: {{ include "rawfile-localpv.node-kubelet-path" . }}
type: DirectoryOrCreate
- name: data-dir
hostPath:
path: {{ .Values.node.dataDirPath }}
type: DirectoryOrCreate
- name: metadata-dir
hostPath:
path: {{ include "rawfile-localpv.metadata-dir-path" . }}
type: DirectoryOrCreate
- name: device
hostPath:
path: /dev
type: Directory
containers:
- name: csi-driver
image: "{{ include "rawfile-localpv.node-image" . }}"
imagePullPolicy: "{{ include "rawfile-localpv.node-pull-policy" . }}"
securityContext:
privileged: true
env:
- name: PROVISIONER_NAME
value: "{{ .Values.provisionerName }}"
- name: CSI_DRIVER__ENDPOINT
value: unix:///csi/csi.sock
- name: CSI_DRIVER__NODE_ID
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: CSI_DRIVER__ENABLE_METRICS
value: {{ .Values.metrics.enabled | toString | quote }}
- name: CSI_DRIVER__METRICS_PORT
value: {{ .Values.metrics.port | toString | quote }}
- name: CSI_DRIVER__METADATA_DIR
value: {{ include "rawfile-localpv.metadata-dir-path" . }}
- name: NAMESPACE
value: {{ .Release.Namespace }}
- name: LOG_LEVEL
value: {{ .Values.logLevel }}
- name: LOG_FORMAT
value: {{ .Values.logFormat }}
- name: CSI_DRIVER__PLUGIN_TYPE
value: node
{{- if .Values.reservedCapacity }}
- name: RESERVED_CAPACITY
value: {{ .Values.reservedCapacity | toString | quote }}
{{- end }}
{{- if .Values.capacityOverride }}
- name: CAPACITY_OVERRIDE
value: {{ .Values.capacityOverride | toString | quote }}
{{- end }}
- name: CSI_DRIVER__GRPC_WORKERS
value: {{ .Values.node.grpcWorkers | toString | quote }}
- name: GA_ENABLED
value: "{{ .Values.global.analytics.enabled }}"
{{- if .Values.global.analytics.gaId }}
- name: GA_ID
value: {{ .Values.global.analytics.gaId | quote }}
{{- end }}
{{- if .Values.global.analytics.gaKey }}
- name: GA_KEY
value: {{ .Values.global.analytics.gaKey | quote }}
{{- end }}
- name: CSI_DRIVER__INTERNAL_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: CSI_DRIVER__INTERNAL_PORT
value: {{ .Values.node.internalGRPC.port | toString | quote }}
- name: CSI_DRIVER__INTERNAL_GRPC_WORKERS
value: {{ .Values.node.internalGRPC.workers | toString | quote }}
- name: CSI_DRIVER__NODE_DS
value: {{ include "rawfile-localpv.fullname" . }}-node
{{- if .Values.auth.enabled }}
- name: CSI_DRIVER__INTERNAL_SIGNATURE
valueFrom:
secretKeyRef:
name: {{ include "rawfile-localpv.fullname" . }}-secrets
key: internal-signature
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.metrics.port }}
- name: csi-probe
containerPort: 9808
volumeMounts:
- name: socket-dir
mountPath: /csi
- name: mountpoint-dir
mountPath: {{ include "rawfile-localpv.node-kubelet-path" . }}
mountPropagation: "Bidirectional"
- name: data-dir
mountPath: /data
- name: metadata-dir
mountPath: {{ include "rawfile-localpv.metadata-dir-path" . }}
- name: device
mountPath: /dev
resources:
{{- include "rawfile-localpv.controller-resources" . | nindent 12 }}
- name: node-driver-registrar
image: {{ printf "%s/%s:%s" (.Values.node.driverRegistrar.image.registry | default .Values.global.k8sImageRegistry) .Values.node.driverRegistrar.image.repository .Values.node.driverRegistrar.image.tag }}
imagePullPolicy: IfNotPresent
args:
- --csi-address=$(ADDRESS)
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --health-port=9809
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: {{ include "rawfile-localpv.node-kubelet-path" . }}plugins/rawfile-localpv/csi.sock
ports:
- containerPort: 9809
name: healthz
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 5
timeoutSeconds: 5
volumeMounts:
- name: socket-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
resources:
limits:
cpu: 500m
memory: 100Mi
requests:
cpu: 10m
memory: 100Mi
- name: external-provisioner
image: {{ printf "%s/%s:%s" (.Values.node.externalProvisioner.image.registry | default .Values.global.k8sImageRegistry) .Values.node.externalProvisioner.image.repository .Values.node.externalProvisioner.image.tag }}
imagePullPolicy: IfNotPresent
args:
- "--csi-address=$(ADDRESS)"
- "--feature-gates=Topology=true"
- "--strict-topology"
- "--immediate-topology=false"
- "--timeout=120s"
- "--enable-capacity=true"
- "--capacity-for-immediate-binding=true"
- "--capacity-ownerref-level=1" # DaemonSet
- "--node-deployment=true"
- "--extra-create-metadata=true"
env:
- name: ADDRESS
value: /csi/csi.sock
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: socket-dir
mountPath: /csi
- name: external-snapshotter
image: {{ printf "%s/%s:%s" (.Values.node.externalSnapshotter.image.registry | default .Values.global.k8sImageRegistry) .Values.node.externalSnapshotter.image.repository .Values.node.externalSnapshotter.image.tag }}
imagePullPolicy: IfNotPresent
args:
- "--csi-address=$(ADDRESS)"
- "--node-deployment=true"
- "--extra-create-metadata=true"
env:
- name: ADDRESS
value: /csi/csi.sock
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: socket-dir
mountPath: /csi
- name: snapshot-controller
args:
- "--v=2"
- "--enable-distributed-snapshotting=true"
image: {{ printf "%s/%s:%s" (.Values.node.snapshotController.image.registry | default .Values.global.k8sImageRegistry) .Values.node.snapshotController.image.repository .Values.node.snapshotController.image.tag }}
imagePullPolicy: IfNotPresent

20
charts/rawfile-localpv/templates/node-plugin/service.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-node
labels:
{{- include "rawfile-localpv.labels" . | nindent 4 }}
component: node
spec:
type: ClusterIP
ports:
- name: metrics
port: {{ .Values.metrics.port }}
targetPort: metrics
protocol: TCP
- name: internal
port: {{ .Values.node.internalGRPC.port }}
protocol: TCP
selector:
{{- include "rawfile-localpv.selectorLabels" . | nindent 4 }}
component: node

25
charts/rawfile-localpv/templates/node-plugin/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{- if .Values.metrics.enabled }}
{{- if .Values.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-node
labels:
{{- include "rawfile-localpv.labels" . | nindent 4 }}
spec:
endpoints:
- port: metrics
path: /metrics
{{- with .Values.metrics.serviceMonitor.interval }}
interval: {{ . }}
{{- end }}
jobLabel: "helm.sh/chart"
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "rawfile-localpv.selectorLabels" . | nindent 6 }}
component: node
{{- end }}
{{- end }}

191
charts/rawfile-localpv/templates/rbac.yaml Normal file
View File

@@ -0,0 +1,191 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-driver
imagePullSecrets:
{{- toYaml .Values.imagePullSecrets | nindent 2 }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-provisioner
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["get", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csistoragecapacities"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["pods", "pods/log"]
verbs: ["get"]
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-provisioner
subjects:
- kind: ServiceAccount
name: {{ include "rawfile-localpv.fullname" . }}-driver
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "rawfile-localpv.fullname" . }}-provisioner
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-broker
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-broker
subjects:
- kind: ServiceAccount
name: {{ include "rawfile-localpv.fullname" . }}-driver
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "rawfile-localpv.fullname" . }}-broker
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-resizer
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["patch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-resizer
subjects:
- kind: ServiceAccount
name: {{ include "rawfile-localpv.fullname" . }}-driver
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "rawfile-localpv.fullname" . }}-resizer
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-snapshotter
rules:
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update", "patch", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-snapshotter
subjects:
- kind: ServiceAccount
name: {{ include "rawfile-localpv.fullname" . }}-driver
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "rawfile-localpv.fullname" . }}-snapshotter
apiGroup: rbac.authorization.k8s.io
---
{{- if .Values.global.analytics.enabled }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-analytics
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create", "get", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "rawfile-localpv.fullname" . }}-analytics
subjects:
- kind: ServiceAccount
name: {{ include "rawfile-localpv.fullname" . }}-driver
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "rawfile-localpv.fullname" . }}-analytics
apiGroup: rbac.authorization.k8s.io
---
{{- end }}

19
charts/rawfile-localpv/templates/secret.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- $secret_name := printf "%s-secrets" (include "rawfile-localpv.fullname" .) }}
apiVersion: v1
kind: Secret
metadata:
labels:
{{- include "rawfile-localpv.labels" . | nindent 4 }}
name: {{ $secret_name }}
type: Opaque
data:
{{- $old_sec := lookup "v1" "Secret" .Release.Namespace $secret_name }}
{{- if not .Values.auth.token }}
{{- if or (not $old_sec) (not $old_sec.data) }}
internal-signature: {{ randAlphaNum 32 | b64enc }}
{{- else }}
internal-signature: {{ index $old_sec.data "internal-signature" }}
{{- end }}
{{- else }}
internal-signature: {{ .Values.auth.token }}
{{- end }}

16
charts/rawfile-localpv/templates/snapshotclass.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- $vals := .Values }}
{{- range $class := .Values.snapshotClasses }}
{{- if $class.enabled }}
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
name: {{ $class.name }}
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-weight": "-5"
{{- if $class.isDefault }}snapshot.storage.kubernetes.io/is-default-class: "true"{{ end }}
driver: {{ $vals.provisionerName }}
deletionPolicy: {{ $class.deletionPolicy }}
---
{{- end }}
{{- end }}

26
charts/rawfile-localpv/templates/storageclass.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{- $vals := .Values }}
{{- range $class := .Values.storageClasses }}
{{- if $class.enabled }}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: {{ $class.name }}
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-weight": "-5"
{{- if $class.isDefault }}storageclass.kubernetes.io/is-default-class: "true"{{ end }}
provisioner: {{ $vals.provisionerName }}
reclaimPolicy: {{ $class.reclaimPolicy }}
volumeBindingMode: {{ $class.volumeBindingMode }}
allowVolumeExpansion: {{ $class.allowVolumeExpansion }}
mountOptions:
{{- toYaml ($class.mountOptions | default (list)) | nindent 2 }}
parameters:
csi.storage.k8s.io/fstype: {{ $class.fsType | default "ext4" }}
thinProvision: {{ $class.thinProvision | default "false" | toString | quote }}
formatOptions: {{ ($class.formatOptions | default (list)) | join " " | quote }}
copyOnWrite: {{ $class.copyOnWrite | default "false" | toString | quote }}
freezeFs: {{ $class.freezeFs | default "false" | toString | quote }}
---
{{- end }}
{{- end }}