mirror of https://git.rancher.io/charts
make charts
parent
0dec447724
commit
7665e0fe0e
Binary file not shown.
|
@ -0,0 +1,19 @@
|
||||||
|
annotations:
|
||||||
|
catalog.cattle.io/certified: rancher
|
||||||
|
catalog.cattle.io/display-name: vSphere CSI
|
||||||
|
catalog.cattle.io/namespace: kube-system
|
||||||
|
catalog.cattle.io/os: linux
|
||||||
|
catalog.cattle.io/release-name: vsphere-csi
|
||||||
|
apiVersion: v1
|
||||||
|
appVersion: 2.2.0
|
||||||
|
description: vSphere Cloud Storage Interface (CSI)
|
||||||
|
icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg
|
||||||
|
keywords:
|
||||||
|
- infrastructure
|
||||||
|
maintainers:
|
||||||
|
- email: caleb@rancher.com
|
||||||
|
name: Rancher
|
||||||
|
name: rancher-vsphere-csi
|
||||||
|
sources:
|
||||||
|
- https://github.com/kubernetes-sigs/vsphere-csi-driver
|
||||||
|
version: 100.0.1
|
|
@ -0,0 +1,73 @@
|
||||||
|
# vSphere Container Storage Interface (CSI)
|
||||||
|
|
||||||
|
[vSphere Container Storage Interface (CSI)](https://github.com/kubernetes-sigs/vsphere-csi-driver/tree/release-2.1/manifests/v2.1.0/vsphere-7.0u1/) is a specification designed to enable persistent storage volume management on Container Orchestrators (COs) such as Kubernetes. The specification allows storage systems to integrate with containerized workloads running on Kubernetes. Using CSI, storage providers, such as VMware, can write and deploy plugins for storage systems in Kubernetes without a need to modify any core Kubernetes code.
|
||||||
|
|
||||||
|
CSI allows volume plugins to be installed on Kubernetes clusters as extensions. Once a CSI compatible volume driver is deployed on a Kubernetes cluster, users can use the CSI to provision, attach, mount, and format the volumes exposed by the CSI driver.
|
||||||
|
|
||||||
|
The CSI driver for vSphere is `csi.vsphere.vmware.com`.
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
- vSphere 6.7 U3+
|
||||||
|
- Kubernetes v1.14+
|
||||||
|
- Out-of-tree vSphere Cloud Provider Interface (CPI)
|
||||||
|
- A Secret on your Kubernetes cluster that contains vSphere CSI configuration and credentials
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
|
||||||
|
This chart requires a Secret in your Kubernetes cluster that contains the CSI configuration and credentials to connect to the vCenter. You can have the chart generate it for you, or create it yourself and provide the name of the Secret during installation.
|
||||||
|
|
||||||
|
<span style="color:orange">Warning</span>: When the option to generate the Secret is enabled, the credentials are visible in the API to authorized users. If you create the Secret yourself they will not be visible.
|
||||||
|
|
||||||
|
You can create a Secret in one of the following ways:
|
||||||
|
|
||||||
|
### <B>Option 1</b>: Create a Secret using the Rancher UI
|
||||||
|
|
||||||
|
Go to your cluster's project (Same project you will be installing the chart) > Resources > Secrets > Add Secret.
|
||||||
|
```yaml
|
||||||
|
# Example of data required in the Secret
|
||||||
|
# The csi-vsphere.conf key name is required, otherwise the installation will fail
|
||||||
|
csi-vsphere.conf: |
|
||||||
|
[Global]
|
||||||
|
cluster-id = "<cluster-id>"
|
||||||
|
user = "<username>"
|
||||||
|
password = "<password>"
|
||||||
|
port = "<port>"
|
||||||
|
insecure-flag = "<insecure-flag>"
|
||||||
|
|
||||||
|
[VirtualCenter "<host>"]
|
||||||
|
datacenters = "<dc-1>, <dc-2>, ..."
|
||||||
|
```
|
||||||
|
More information on CSI vSphere configuration [here](https://vsphere-csi-driver.sigs.k8s.io/driver-deployment/installation.html#create_k8s_secret).
|
||||||
|
|
||||||
|
### <B>Option 2</b>: Create a Secret using kubectl
|
||||||
|
|
||||||
|
Replace placeholders with actual values, and execute the following:
|
||||||
|
```bash
|
||||||
|
# The csi-vsphere.conf key name is required, otherwise the installation will fail
|
||||||
|
cat <<EOF | kubectl apply -f -
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
type: Opaque
|
||||||
|
metadata:
|
||||||
|
name: <secret-name>
|
||||||
|
namespace: <charts-namespace>
|
||||||
|
stringData:
|
||||||
|
csi-vsphere.conf: |
|
||||||
|
[Global]
|
||||||
|
cluster-id = "<cluster-id>"
|
||||||
|
user = "<username>"
|
||||||
|
password = "<password>"
|
||||||
|
port = "<port>"
|
||||||
|
insecure-flag = "<insecure-flag>"
|
||||||
|
|
||||||
|
[VirtualCenter "<host>"]
|
||||||
|
datacenters = "<dc-1>, <dc-2>, ..."
|
||||||
|
EOF
|
||||||
|
```
|
||||||
|
|
||||||
|
More information on managing Secrets using kubectl [here](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/).
|
||||||
|
|
||||||
|
## Migration
|
||||||
|
|
||||||
|
The CSI migration feature is only available for vSphere 7.0 U1.
|
|
@ -0,0 +1,14 @@
|
||||||
|
# vSphere Container Storage Interface (CSI)
|
||||||
|
|
||||||
|
[vSphere Container Storage Interface (CSI)](https://github.com/kubernetes-sigs/vsphere-csi-driver) is a specification designed to enable persistent storage volume management on Container Orchestrators (COs) such as Kubernetes. The specification allows storage systems to integrate with containerized workloads running on Kubernetes. Using CSI, storage providers, such as VMware, can write and deploy plugins for storage systems in Kubernetes without a need to modify any core Kubernetes code.
|
||||||
|
|
||||||
|
CSI allows volume plugins to be installed on Kubernetes clusters as extensions. Once a CSI compatible volume driver is deployed on a Kubernetes cluster, users can use the CSI to provision, attach, mount, and format the volumes exposed by the CSI driver.
|
||||||
|
|
||||||
|
The CSI driver for vSphere is `csi.vsphere.vmware.com`.
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
- vSphere 6.7 U3+
|
||||||
|
- Kubernetes v1.14+
|
||||||
|
- Out-of-tree vSphere Cloud Provider Interface (CPI)
|
||||||
|
- A Secret on your Kubernetes cluster that contains vSphere CSI configuration and credentials (Refer to `README` or `Detailed Descriptions`)
|
|
@ -0,0 +1,104 @@
|
||||||
|
questions:
|
||||||
|
- variable: vCenter.configSecret.generate
|
||||||
|
label: Generate CSI vSphere Config Secret
|
||||||
|
description: Generates a Secret that contains a CSI vSphere config and credentials (If the option to generate it is enabled, credentials will be visible in the API to authorized users)
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
required: true
|
||||||
|
group: Configuration
|
||||||
|
show_subquestion_if: true
|
||||||
|
subquestions:
|
||||||
|
- variable: vCenter.host
|
||||||
|
label: vCenter Host
|
||||||
|
description: IP address or FQDN of the vCenter
|
||||||
|
type: string
|
||||||
|
group: Configuration
|
||||||
|
|
||||||
|
- variable: vCenter.datacenters
|
||||||
|
description: Comma-separated list of paths to data centers. E.g "<dc1-path>, <dc2-path>, ..."
|
||||||
|
label: Data Centers
|
||||||
|
type: string
|
||||||
|
group: Configuration
|
||||||
|
|
||||||
|
- variable: vCenter.username
|
||||||
|
label: Username
|
||||||
|
description: Username for vCenter
|
||||||
|
type: string
|
||||||
|
group: Configuration
|
||||||
|
|
||||||
|
- variable: vCenter.password
|
||||||
|
label: Password
|
||||||
|
description: Password for vCenter
|
||||||
|
type: password
|
||||||
|
group: Configuration
|
||||||
|
|
||||||
|
- variable: vCenter.configSecret.name
|
||||||
|
label: CSI vSphere Config Secret Name
|
||||||
|
description: Name of the Secret that contains a CSI vSphere config and credentials (Will not be visible in the API. More info in the README)
|
||||||
|
type: string
|
||||||
|
group: Configuration
|
||||||
|
show_if: "vCenter.configSecret.generate=false"
|
||||||
|
|
||||||
|
- variable: csiMigration.enabled
|
||||||
|
label: Enable CSI Migration
|
||||||
|
description: Enable migration of volumes provisioned by in-tree vSphere provider to CSI (Available for vSphere 7.0 U1+ only)
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
group: Features
|
||||||
|
|
||||||
|
- variable: csiAuthCheck.enabled
|
||||||
|
label: Enable authorization checks on operations involving datastores
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
group: Features
|
||||||
|
|
||||||
|
- variable: onlineVolumeExtend.enabled
|
||||||
|
label: Enable Online Volume Extend
|
||||||
|
description: Enable expansion of PVCs that are in use by a Pod or mounted in a Node (Available for vSphere 7.0 U2+ only)
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
group: Features
|
||||||
|
|
||||||
|
- variable: csiController.csiResizer.enabled
|
||||||
|
label: Enable CSI Volume Resizer
|
||||||
|
description: This feature is available for vSphere 7.0 U1+ only
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
group: Storage
|
||||||
|
|
||||||
|
- variable: storageClass.enabled
|
||||||
|
default: true
|
||||||
|
label: Create Storage Class
|
||||||
|
description: Create a storageClass with the vSphere CSI provisioner
|
||||||
|
type: boolean
|
||||||
|
required: true
|
||||||
|
show_subquestion_if: true
|
||||||
|
group: Storage
|
||||||
|
subquestions:
|
||||||
|
- variable: storageClass.name
|
||||||
|
label: Storage Class Name
|
||||||
|
default: "vsphere-csi-sc"
|
||||||
|
type: string
|
||||||
|
|
||||||
|
- variable: storageClass.isDefault
|
||||||
|
label: Default Storage Class
|
||||||
|
description: Set the Storage Class as the default
|
||||||
|
default: true
|
||||||
|
type: boolean
|
||||||
|
|
||||||
|
- variable: storageClass.storagePolicyName
|
||||||
|
label: Storage Policy Name
|
||||||
|
description: Name of the Storage Policy created in vCenter
|
||||||
|
type: string
|
||||||
|
|
||||||
|
- variable: storageClass.datastoreURL
|
||||||
|
label: Data Store URL
|
||||||
|
description: URL of the data store to use for new volumes (If unspecified, any data store that matches the request will be selected).
|
||||||
|
type: string
|
||||||
|
|
||||||
|
- variable: csiNode.prefixPath
|
||||||
|
label: Prefix Path for `/var/lib/kubelet`
|
||||||
|
description: For some operating systems including RancherOS, RKE prefixes `/var/lib/kubelet` with `/opt/rke`. Add the prefix path of the location of /var/lib/kubelet
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
group: Node Configuration
|
|
@ -0,0 +1,7 @@
|
||||||
|
{{- define "system_default_registry" -}}
|
||||||
|
{{- if .Values.global.cattle.systemDefaultRegistry -}}
|
||||||
|
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- "" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,240 @@
|
||||||
|
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
|
||||||
|
kind: Deployment
|
||||||
|
apiVersion: apps/v1
|
||||||
|
metadata:
|
||||||
|
name: vsphere-csi-controller
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: vsphere-csi-controller
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: vsphere-csi-controller
|
||||||
|
role: vsphere-csi
|
||||||
|
spec:
|
||||||
|
{{- if .Values.csiController.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{- with .Values.csiController.nodeSelector }}
|
||||||
|
{{- toYaml . | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
affinity:
|
||||||
|
nodeAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
nodeSelectorTerms:
|
||||||
|
- matchExpressions:
|
||||||
|
# RKE node selector label
|
||||||
|
- key: node-role.kubernetes.io/controlplane
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- "true"
|
||||||
|
- matchExpressions:
|
||||||
|
# RKE2 node selector label
|
||||||
|
- key: node-role.kubernetes.io/control-plane
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- "true"
|
||||||
|
{{- end }}
|
||||||
|
serviceAccountName: vsphere-csi-controller
|
||||||
|
tolerations:
|
||||||
|
# Rancher specific change: These tolerations are intentionally different from upstream to avoid lessening the scope to only NoSchedule with a specific key
|
||||||
|
# - key: node-role.kubernetes.io/master
|
||||||
|
# operator: Exists
|
||||||
|
# effect: NoSchedule
|
||||||
|
- operator: "Exists"
|
||||||
|
effect: NoSchedule
|
||||||
|
- operator: "Exists"
|
||||||
|
effect: NoExecute
|
||||||
|
# uncomment below toleration if you need an aggressive pod eviction in case when
|
||||||
|
# node becomes not-ready or unreachable. Default is 300 seconds if not specified.
|
||||||
|
#- key: node.kubernetes.io/not-ready
|
||||||
|
# operator: Exists
|
||||||
|
# effect: NoExecute
|
||||||
|
# tolerationSeconds: 30
|
||||||
|
#- key: node.kubernetes.io/unreachable
|
||||||
|
# operator: Exists
|
||||||
|
# effect: NoExecute
|
||||||
|
# tolerationSeconds: 30
|
||||||
|
dnsPolicy: "Default"
|
||||||
|
containers:
|
||||||
|
- name: csi-attacher
|
||||||
|
image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiAttacher.repository }}:{{ .Values.csiController.image.csiAttacher.tag }}"
|
||||||
|
args:
|
||||||
|
- "--v=4"
|
||||||
|
- "--timeout=300s"
|
||||||
|
- "--csi-address=$(ADDRESS)"
|
||||||
|
- "--leader-election"
|
||||||
|
env:
|
||||||
|
- name: ADDRESS
|
||||||
|
value: /csi/csi.sock
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /csi
|
||||||
|
name: socket-dir
|
||||||
|
{{- if .Values.csiController.csiResizer.enabled }}
|
||||||
|
- name: csi-resizer
|
||||||
|
image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiResizer.repository }}:{{ .Values.csiController.image.csiResizer.tag }}"
|
||||||
|
args:
|
||||||
|
- "--v=4"
|
||||||
|
- "--timeout=300s"
|
||||||
|
- "--handle-volume-inuse-error=false"
|
||||||
|
- "--csi-address=$(ADDRESS)"
|
||||||
|
- "--kube-api-qps=100"
|
||||||
|
- "--kube-api-burst=100"
|
||||||
|
- "--leader-election"
|
||||||
|
env:
|
||||||
|
- name: ADDRESS
|
||||||
|
value: /csi/csi.sock
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /csi
|
||||||
|
name: socket-dir
|
||||||
|
{{- end }}
|
||||||
|
- name: vsphere-csi-controller
|
||||||
|
image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.repository }}:{{ .Values.csiController.image.tag }}"
|
||||||
|
args:
|
||||||
|
- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
|
||||||
|
- "--fss-namespace=$(CSI_NAMESPACE)"
|
||||||
|
imagePullPolicy: "Always"
|
||||||
|
env:
|
||||||
|
- name: CSI_ENDPOINT
|
||||||
|
value: unix:///csi/csi.sock
|
||||||
|
- name: X_CSI_MODE
|
||||||
|
value: "controller"
|
||||||
|
- name: VSPHERE_CSI_CONFIG
|
||||||
|
value: "/etc/cloud/csi-vsphere.conf"
|
||||||
|
- name: LOGGER_LEVEL
|
||||||
|
value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
|
||||||
|
- name: INCLUSTER_CLIENT_QPS
|
||||||
|
value: "100"
|
||||||
|
- name: INCLUSTER_CLIENT_BURST
|
||||||
|
value: "100"
|
||||||
|
- name: CSI_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
- name: X_CSI_SERIAL_VOL_ACCESS_TIMEOUT
|
||||||
|
value: 3m
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /etc/cloud
|
||||||
|
name: vsphere-config-volume
|
||||||
|
readOnly: true
|
||||||
|
- mountPath: /csi
|
||||||
|
name: socket-dir
|
||||||
|
ports:
|
||||||
|
- name: healthz
|
||||||
|
containerPort: 9808
|
||||||
|
protocol: TCP
|
||||||
|
- name: prometheus
|
||||||
|
containerPort: 2112
|
||||||
|
protocol: TCP
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: healthz
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
timeoutSeconds: 3
|
||||||
|
periodSeconds: 5
|
||||||
|
failureThreshold: 3
|
||||||
|
- name: liveness-probe
|
||||||
|
image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.livenessProbe.repository }}:{{ .Values.csiController.image.livenessProbe.tag }}"
|
||||||
|
args:
|
||||||
|
- "--v=4"
|
||||||
|
- "--csi-address=/csi/csi.sock"
|
||||||
|
volumeMounts:
|
||||||
|
- name: socket-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- name: vsphere-syncer
|
||||||
|
image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.vsphereSyncer.repository }}:{{ .Values.csiController.image.vsphereSyncer.tag }}"
|
||||||
|
args:
|
||||||
|
- "--leader-election"
|
||||||
|
- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
|
||||||
|
- "--fss-namespace=$(CSI_NAMESPACE)"
|
||||||
|
imagePullPolicy: "Always"
|
||||||
|
ports:
|
||||||
|
- containerPort: 2113
|
||||||
|
name: prometheus
|
||||||
|
protocol: TCP
|
||||||
|
env:
|
||||||
|
- name: FULL_SYNC_INTERVAL_MINUTES
|
||||||
|
value: "30"
|
||||||
|
- name: VSPHERE_CSI_CONFIG
|
||||||
|
value: "/etc/cloud/csi-vsphere.conf"
|
||||||
|
- name: LOGGER_LEVEL
|
||||||
|
value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
|
||||||
|
- name: INCLUSTER_CLIENT_QPS
|
||||||
|
value: "100"
|
||||||
|
- name: INCLUSTER_CLIENT_BURST
|
||||||
|
value: "100"
|
||||||
|
- name: CSI_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /etc/cloud
|
||||||
|
name: vsphere-config-volume
|
||||||
|
readOnly: true
|
||||||
|
- name: csi-provisioner
|
||||||
|
image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiProvisioner.repository }}:{{ .Values.csiController.image.csiProvisioner.tag }}"
|
||||||
|
args:
|
||||||
|
- "--v=4"
|
||||||
|
- "--timeout=300s"
|
||||||
|
- "--csi-address=$(ADDRESS)"
|
||||||
|
- "--kube-api-qps=100"
|
||||||
|
- "--kube-api-burst=100"
|
||||||
|
- "--leader-election"
|
||||||
|
- "--default-fstype=ext4"
|
||||||
|
# needed only for topology aware setup
|
||||||
|
#- "--feature-gates=Topology=true"
|
||||||
|
#- "--strict-topology"
|
||||||
|
env:
|
||||||
|
- name: ADDRESS
|
||||||
|
value: /csi/csi.sock
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /csi
|
||||||
|
name: socket-dir
|
||||||
|
volumes:
|
||||||
|
- name: vsphere-config-volume
|
||||||
|
secret:
|
||||||
|
secretName: {{ .Values.vCenter.configSecret.name }}
|
||||||
|
- name: socket-dir
|
||||||
|
emptyDir: {}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
data:
|
||||||
|
"csi-migration": {{ .Values.csiMigration.enabled | quote }}
|
||||||
|
"csi-auth-check": {{ .Values.csiAuthCheck.enabled | quote }}
|
||||||
|
"online-volume-extend": {{ .Values.onlineVolumeExtend.enabled | quote }}
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: internal-feature-states.csi.vsphere.vmware.com
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1 # For k8s 1.17 use storage.k8s.io/v1beta1
|
||||||
|
kind: CSIDriver
|
||||||
|
metadata:
|
||||||
|
name: csi.vsphere.vmware.com
|
||||||
|
spec:
|
||||||
|
attachRequired: true
|
||||||
|
podInfoOnMount: false
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: vsphere-csi-controller
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: vsphere-csi-controller
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- name: ctlr
|
||||||
|
port: 2112
|
||||||
|
targetPort: 2112
|
||||||
|
protocol: TCP
|
||||||
|
- name: syncer
|
||||||
|
port: 2113
|
||||||
|
targetPort: 2113
|
||||||
|
protocol: TCP
|
||||||
|
selector:
|
||||||
|
app: vsphere-csi-controller
|
|
@ -0,0 +1,55 @@
|
||||||
|
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
|
||||||
|
kind: ServiceAccount
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: vsphere-csi-controller
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
---
|
||||||
|
kind: ClusterRole
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: vsphere-csi-controller-role
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes", "persistentvolumeclaims", "pods", "configmaps"]
|
||||||
|
verbs: ["get", "list", "watch"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["persistentvolumeclaims/status"]
|
||||||
|
verbs: ["patch"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["persistentvolumes"]
|
||||||
|
verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["events"]
|
||||||
|
verbs: ["get", "list", "watch", "create", "update", "patch"]
|
||||||
|
- apiGroups: ["coordination.k8s.io"]
|
||||||
|
resources: ["leases"]
|
||||||
|
verbs: ["get", "watch", "list", "delete", "update", "create"]
|
||||||
|
- apiGroups: ["storage.k8s.io"]
|
||||||
|
resources: ["storageclasses", "csinodes"]
|
||||||
|
verbs: ["get", "list", "watch"]
|
||||||
|
- apiGroups: ["storage.k8s.io"]
|
||||||
|
resources: ["volumeattachments"]
|
||||||
|
verbs: ["get", "list", "watch", "patch"]
|
||||||
|
- apiGroups: ["cns.vmware.com"]
|
||||||
|
resources: ["cnsvspherevolumemigrations"]
|
||||||
|
verbs: ["create", "get", "list", "watch", "update", "delete"]
|
||||||
|
- apiGroups: ["apiextensions.k8s.io"]
|
||||||
|
resources: ["customresourcedefinitions"]
|
||||||
|
verbs: ["get", "create", "update"]
|
||||||
|
- apiGroups: ["storage.k8s.io"]
|
||||||
|
resources: ["volumeattachments/status"]
|
||||||
|
verbs: ["patch"]
|
||||||
|
---
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: vsphere-csi-controller-binding
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: vsphere-csi-controller
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: vsphere-csi-controller-role
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
|
@ -0,0 +1,152 @@
|
||||||
|
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
|
||||||
|
kind: DaemonSet
|
||||||
|
apiVersion: apps/v1
|
||||||
|
metadata:
|
||||||
|
name: vsphere-csi-node
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: vsphere-csi-node
|
||||||
|
updateStrategy:
|
||||||
|
type: "RollingUpdate"
|
||||||
|
rollingUpdate:
|
||||||
|
maxUnavailable: 1
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: vsphere-csi-node
|
||||||
|
role: vsphere-csi
|
||||||
|
spec:
|
||||||
|
serviceAccountName: vsphere-csi-node
|
||||||
|
dnsPolicy: "Default"
|
||||||
|
containers:
|
||||||
|
- name: node-driver-registrar
|
||||||
|
image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.nodeDriverRegistrar.repository }}:{{ .Values.csiNode.image.nodeDriverRegistrar.tag }}"
|
||||||
|
args:
|
||||||
|
- "--v=5"
|
||||||
|
- "--csi-address=$(ADDRESS)"
|
||||||
|
- "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
|
||||||
|
- "--health-port=9809"
|
||||||
|
env:
|
||||||
|
- name: ADDRESS
|
||||||
|
value: /csi/csi.sock
|
||||||
|
- name: DRIVER_REG_SOCK_PATH
|
||||||
|
value: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins/csi.vsphere.vmware.com/csi.sock
|
||||||
|
volumeMounts:
|
||||||
|
- name: plugin-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- name: registration-dir
|
||||||
|
mountPath: /registration
|
||||||
|
ports:
|
||||||
|
- containerPort: 9809
|
||||||
|
name: healthz
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: healthz
|
||||||
|
initialDelaySeconds: 5
|
||||||
|
timeoutSeconds: 5
|
||||||
|
- name: vsphere-csi-node
|
||||||
|
image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.repository }}:{{ .Values.csiNode.image.tag }}"
|
||||||
|
args:
|
||||||
|
- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
|
||||||
|
- "--fss-namespace=$(CSI_NAMESPACE)"
|
||||||
|
imagePullPolicy: "Always"
|
||||||
|
env:
|
||||||
|
- name: NODE_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
- name: CSI_ENDPOINT
|
||||||
|
value: unix:///csi/csi.sock
|
||||||
|
- name: X_CSI_MODE
|
||||||
|
value: "node"
|
||||||
|
- name: X_CSI_SPEC_REQ_VALIDATION
|
||||||
|
value: "false"
|
||||||
|
# needed only for topology aware setups
|
||||||
|
#- name: VSPHERE_CSI_CONFIG
|
||||||
|
# value: "/etc/cloud/csi-vsphere.conf" # here csi-vsphere.conf is the name of the file used for creating secret using "--from-file" flag
|
||||||
|
- name: X_CSI_DEBUG
|
||||||
|
value: "true"
|
||||||
|
- name: LOGGER_LEVEL
|
||||||
|
value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
|
||||||
|
- name: CSI_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
capabilities:
|
||||||
|
add: ["SYS_ADMIN"]
|
||||||
|
allowPrivilegeEscalation: true
|
||||||
|
volumeMounts:
|
||||||
|
# needed only for topology aware setups
|
||||||
|
#- name: vsphere-config-volume
|
||||||
|
# mountPath: /etc/cloud
|
||||||
|
# readOnly: true
|
||||||
|
- name: plugin-dir
|
||||||
|
mountPath: /csi
|
||||||
|
- name: pods-mount-dir
|
||||||
|
mountPath: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet
|
||||||
|
# needed so that any mounts setup inside this container are
|
||||||
|
# propagated back to the host machine.
|
||||||
|
mountPropagation: "Bidirectional"
|
||||||
|
- name: device-dir
|
||||||
|
mountPath: /dev
|
||||||
|
- name: blocks-dir
|
||||||
|
mountPath: /sys/block
|
||||||
|
- name: sys-devices-dir
|
||||||
|
mountPath: /sys/devices
|
||||||
|
ports:
|
||||||
|
- containerPort: 9808
|
||||||
|
name: healthz
|
||||||
|
livenessProbe:
|
||||||
|
httpGet:
|
||||||
|
path: /healthz
|
||||||
|
port: healthz
|
||||||
|
initialDelaySeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
periodSeconds: 5
|
||||||
|
failureThreshold: 3
|
||||||
|
- name: liveness-probe
|
||||||
|
image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.livenessProbe.repository }}:{{ .Values.csiNode.image.livenessProbe.tag }}"
|
||||||
|
args:
|
||||||
|
- "--v=4"
|
||||||
|
- "--csi-address=/csi/csi.sock"
|
||||||
|
volumeMounts:
|
||||||
|
- name: plugin-dir
|
||||||
|
mountPath: /csi
|
||||||
|
volumes:
|
||||||
|
# needed only for topology aware setups
|
||||||
|
#- name: vsphere-config-volume
|
||||||
|
# secret:
|
||||||
|
# secretName: vsphere-config-secret
|
||||||
|
- name: registration-dir
|
||||||
|
hostPath:
|
||||||
|
path: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins_registry
|
||||||
|
type: Directory
|
||||||
|
- name: plugin-dir
|
||||||
|
hostPath:
|
||||||
|
path: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins/csi.vsphere.vmware.com
|
||||||
|
type: DirectoryOrCreate
|
||||||
|
- name: pods-mount-dir
|
||||||
|
hostPath:
|
||||||
|
path: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet
|
||||||
|
type: Directory
|
||||||
|
- name: device-dir
|
||||||
|
hostPath:
|
||||||
|
path: /dev
|
||||||
|
- name: blocks-dir
|
||||||
|
hostPath:
|
||||||
|
path: /sys/block
|
||||||
|
type: Directory
|
||||||
|
- name: sys-devices-dir
|
||||||
|
hostPath:
|
||||||
|
path: /sys/devices
|
||||||
|
type: Directory
|
||||||
|
tolerations:
|
||||||
|
- effect: NoExecute
|
||||||
|
operator: Exists
|
||||||
|
- effect: NoSchedule
|
||||||
|
operator: Exists
|
|
@ -0,0 +1,29 @@
|
||||||
|
kind: ServiceAccount
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: vsphere-csi-node
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
---
|
||||||
|
kind: Role
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: vsphere-csi-node-role
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["configmaps"]
|
||||||
|
verbs: ["get", "list", "watch"]
|
||||||
|
---
|
||||||
|
kind: RoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: vsphere-csi-node-binding
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: vsphere-csi-node
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
roleRef:
|
||||||
|
kind: Role
|
||||||
|
name: vsphere-csi-node-role
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
|
@ -0,0 +1,9 @@
|
||||||
|
{{- if .Values.vCenter.configSecret.generate -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ .Values.vCenter.configSecret.name }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
data:
|
||||||
|
csi-vsphere.conf: {{ tpl .Values.vCenter.configSecret.configTemplate . | b64enc | quote }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{- if .Values.storageClass.enabled -}}
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: {{ .Values.storageClass.name | quote }}
|
||||||
|
annotations:
|
||||||
|
storageclass.kubernetes.io/is-default-class: {{ .Values.storageClass.isDefault | quote }}
|
||||||
|
provisioner: csi.vsphere.vmware.com
|
||||||
|
parameters:
|
||||||
|
{{- if .Values.storageClass.datastoreURL }}
|
||||||
|
datastoreURL: {{ .Values.storageClass.datastoreURL | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.storageClass.storagePolicyName }}
|
||||||
|
storagepolicyname: {{ .Values.storageClass.storagePolicyName | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,75 @@
|
||||||
|
vCenter:
|
||||||
|
host: ""
|
||||||
|
port: 443
|
||||||
|
insecureFlag: "1"
|
||||||
|
clusterId: ""
|
||||||
|
datacenters: ""
|
||||||
|
username: ""
|
||||||
|
password: ""
|
||||||
|
configSecret:
|
||||||
|
name: "vsphere-config-secret"
|
||||||
|
generate: true
|
||||||
|
configTemplate: |
|
||||||
|
[Global]
|
||||||
|
cluster-id = {{ required ".Values.vCenter.clusterId must be provided" (default .Values.vCenter.clusterId .Values.global.cattle.clusterId) | quote }}
|
||||||
|
user = {{ .Values.vCenter.username | quote }}
|
||||||
|
password = {{ .Values.vCenter.password | quote }}
|
||||||
|
port = {{ .Values.vCenter.port | quote }}
|
||||||
|
insecure-flag = {{ .Values.vCenter.insecureFlag | quote }}
|
||||||
|
|
||||||
|
[VirtualCenter {{ .Values.vCenter.host | quote }}]
|
||||||
|
datacenters = {{ .Values.vCenter.datacenters | quote }}
|
||||||
|
|
||||||
|
csiController:
|
||||||
|
csiResizer:
|
||||||
|
enabled: false
|
||||||
|
image:
|
||||||
|
repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver
|
||||||
|
tag: v2.2.1
|
||||||
|
csiAttacher:
|
||||||
|
repository: rancher/mirrored-k8scsi-csi-attacher
|
||||||
|
tag: v3.1.0
|
||||||
|
csiResizer:
|
||||||
|
repository: rancher/mirrored-k8scsi-csi-resizer
|
||||||
|
tag: v1.1.0
|
||||||
|
livenessProbe:
|
||||||
|
repository: rancher/mirrored-k8scsi-livenessprobe
|
||||||
|
tag: v2.2.0
|
||||||
|
vsphereSyncer:
|
||||||
|
repository: rancher/mirrored-cloud-provider-vsphere-csi-release-syncer
|
||||||
|
tag: v2.2.1
|
||||||
|
csiProvisioner:
|
||||||
|
repository: rancher/mirrored-k8scsi-csi-provisioner
|
||||||
|
tag: v2.1.0
|
||||||
|
nodeSelector: {}
|
||||||
|
|
||||||
|
# Internal features
|
||||||
|
csiMigration:
|
||||||
|
enabled: false
|
||||||
|
csiAuthCheck:
|
||||||
|
enabled: false
|
||||||
|
onlineVolumeExtend:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
csiNode:
|
||||||
|
prefixPath: ""
|
||||||
|
image:
|
||||||
|
repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver
|
||||||
|
tag: v2.2.1
|
||||||
|
nodeDriverRegistrar:
|
||||||
|
repository: rancher/mirrored-k8scsi-csi-node-driver-registrar
|
||||||
|
tag: v2.1.0
|
||||||
|
livenessProbe:
|
||||||
|
repository: rancher/mirrored-k8scsi-livenessprobe
|
||||||
|
tag: v2.2.0
|
||||||
|
|
||||||
|
storageClass:
|
||||||
|
enabled: true
|
||||||
|
name: "vsphere-csi-sc"
|
||||||
|
isDefault: true
|
||||||
|
storagePolicyName: ""
|
||||||
|
datastoreURL: ""
|
||||||
|
|
||||||
|
global:
|
||||||
|
cattle:
|
||||||
|
systemDefaultRegistry: ""
|
23
index.yaml
23
index.yaml
|
@ -3827,6 +3827,29 @@ entries:
|
||||||
- assets/rancher-vsphere-cpi/rancher-vsphere-cpi-1.0.000.tgz
|
- assets/rancher-vsphere-cpi/rancher-vsphere-cpi-1.0.000.tgz
|
||||||
version: 1.0.000
|
version: 1.0.000
|
||||||
rancher-vsphere-csi:
|
rancher-vsphere-csi:
|
||||||
|
- annotations:
|
||||||
|
catalog.cattle.io/certified: rancher
|
||||||
|
catalog.cattle.io/display-name: vSphere CSI
|
||||||
|
catalog.cattle.io/namespace: kube-system
|
||||||
|
catalog.cattle.io/os: linux
|
||||||
|
catalog.cattle.io/release-name: vsphere-csi
|
||||||
|
apiVersion: v1
|
||||||
|
appVersion: 2.2.0
|
||||||
|
created: "2021-09-15T12:38:09.360322-07:00"
|
||||||
|
description: vSphere Cloud Storage Interface (CSI)
|
||||||
|
digest: 7d13eabcb38b08cac48e1eaa6fdd41bc01ed9f5bb16a85501caedb9ed8c96b4e
|
||||||
|
icon: https://charts.rancher.io/assets/logos/vsphere-csi.svg
|
||||||
|
keywords:
|
||||||
|
- infrastructure
|
||||||
|
maintainers:
|
||||||
|
- email: caleb@rancher.com
|
||||||
|
name: Rancher
|
||||||
|
name: rancher-vsphere-csi
|
||||||
|
sources:
|
||||||
|
- https://github.com/kubernetes-sigs/vsphere-csi-driver
|
||||||
|
urls:
|
||||||
|
- assets/rancher-vsphere-csi/rancher-vsphere-csi-100.0.1.tgz
|
||||||
|
version: 100.0.1
|
||||||
- annotations:
|
- annotations:
|
||||||
catalog.cattle.io/certified: rancher
|
catalog.cattle.io/certified: rancher
|
||||||
catalog.cattle.io/display-name: vSphere CSI
|
catalog.cattle.io/display-name: vSphere CSI
|
||||||
|
|
Loading…
Reference in New Issue