andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

(dev-v2.6-archive) Merge pull request #1551 from PennyScissors/devv26 

[dev-v2.6] Forward port vSphere CPI and CSI

(partially cherry picked from commit 94adfbd6ce)
pull/1680/head
Steven Crespo 2021-10-15 11:19:06 -07:00 committed by Arvind Iyengar
parent dbbf7d5657
commit 9348bc4746
No known key found for this signature in database
GPG Key ID: A8DD9BFD6C811498
28 changed files with 932 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/rancher-vsphere-cpi/charts/Chart.yaml
View File

@ -1,7 +1,10 @@
apiVersion: v1
name: rancher-vsphere-cpi
version: 1.0.0
appVersion: 1.0.0
version: 1.0.1
# appVersion represents the upstream branch for the k8s version this chart was updated to. Since our chart is made to
# support multiple k8s versions, appVersion is used for reference to know what's the latest k8s version this chart supports.
appVersion: 1.21.0
kubeVersion: 1.18 - 1.21
description: vSphere Cloud Provider Interface (CPI)
sources:
- https://github.com/kubernetes/cloud-provider-vsphere

30
packages/rancher-vsphere-cpi/charts/templates/_helpers.tpl
View File

@ -5,3 +5,33 @@
{{- "" -}}
{{- end -}}
{{- end -}}
{{- /* Return the image override if one is defined in the chart values. */ -}}
{{- define "get_image_override" -}}
{{- if hasKey .Values.cloudControllerManager.image "override" -}}
{{- if and (hasKey .Values.cloudControllerManager.image.override "repository") (hasKey .Values.cloudControllerManager.image.override "tag") -}}
{{- printf "%s:%s" .Values.cloudControllerManager.image.override.repository .Values.cloudControllerManager.image.override.tag -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- /* Return the image's repository and tag corresponding to the cluster's kubernetes version. */ -}}
{{- define "get_image" -}}
{{- $kubeVersion := printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor -}}
{{- if hasKey .Values.cloudControllerManager.image $kubeVersion -}}
{{- $imageForKubeVersion := get .Values.cloudControllerManager.image $kubeVersion -}}
{{- printf "%s:%s" $imageForKubeVersion.repository $imageForKubeVersion.tag -}}
{{- else -}}
{{- $supportedVersions := include "get_supported_k8s_versions" . -}}
{{- required (printf "unsupported Kubernetes version: %s (supported versions: %s)" $kubeVersion $supportedVersions) "" -}}
{{- end -}}
{{- end -}}
{{- /* Return string of a comma separated list of the k8s version lines the chart supports in the `major.minor.x` format. */ -}}
{{- define "get_supported_k8s_versions" -}}
{{- $versions := list -}}
{{- range $k, $v := .Values.cloudControllerManager.image -}}
{{- $versions = append $versions (printf "%s.x" $k) -}}
{{- end -}}
{{- join ", " $versions -}}
{{- end -}}

19
packages/rancher-vsphere-cpi/charts/templates/configmap.yaml Normal file
View File

@ -0,0 +1,19 @@
# Source: https://github.com/kubernetes/cloud-provider-vsphere
apiVersion: v1
kind: ConfigMap
metadata:
name: vsphere-cloud-config
labels:
vsphere-cpi-infra: config
component: {{ .Chart.Name }}-cloud-controller-manager
namespace: {{ .Release.Namespace }}
data:
vsphere.conf: |
[Global]
secret-name = {{ .Values.vCenter.credentialsSecret.name | quote }}
secret-namespace = {{ .Release.Namespace | quote }}
port = {{ .Values.vCenter.port | quote }}
insecure-flag = {{ .Values.vCenter.insecureFlag | quote }}
[VirtualCenter {{ .Values.vCenter.host | quote }}]
datacenters = {{ .Values.vCenter.datacenters | quote }}

96
packages/rancher-vsphere-cpi/charts/templates/daemonset.yaml Normal file
View File

@ -0,0 +1,96 @@
# Source: https://github.com/kubernetes/cloud-provider-vsphere
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ .Chart.Name }}-cloud-controller-manager
labels:
component: {{ .Chart.Name }}-cloud-controller-manager
tier: control-plane
namespace: {{ .Release.Namespace }}
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
spec:
selector:
matchLabels:
name: {{ .Chart.Name }}-cloud-controller-manager
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
name: {{ .Chart.Name }}-cloud-controller-manager
component: {{ .Chart.Name }}-cloud-controller-manager
tier: control-plane
spec:
{{- if .Values.cloudControllerManager.nodeSelector }}
nodeSelector:
{{- with .Values.cloudControllerManager.nodeSelector }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
# RKE node selector label
- key: node-role.kubernetes.io/controlplane
operator: In
values:
- "true"
- matchExpressions:
# RKE2 node selector label
- key: node-role.kubernetes.io/control-plane
operator: In
values:
- "true"
{{- end }}
{{- if .Values.cloudControllerManager.tolerations }}
tolerations:
{{- with .Values.cloudControllerManager.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else }}
tolerations:
- key: node.cloudprovider.kubernetes.io/uninitialized
value: "true"
effect: NoSchedule
- key: node-role.kubernetes.io/master
effect: NoSchedule
operator: Exists
- key: node.kubernetes.io/not-ready
effect: NoSchedule
operator: Exists
# Rancher specific change: These tolerations are added to account for RKE1 and RKE2 taints
- key: node-role.kubernetes.io/controlplane
effect: NoSchedule
value: "true"
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
value: "true"
- key: node-role.kubernetes.io/etcd
effect: NoSchedule
value: "true"
{{- end }}
securityContext:
runAsUser: 1001
serviceAccountName: {{ .Chart.Name }}-cloud-controller-manager
containers:
- name: {{ .Chart.Name }}-cloud-controller-manager
image: "{{ template "system_default_registry" . }}{{ default (include "get_image" . ) (include "get_image_override" . ) }}"
args:
- --cloud-provider=vsphere
- --v=2
- --cloud-config=/etc/cloud/vsphere.conf
volumeMounts:
- mountPath: /etc/cloud
name: vsphere-config-volume
readOnly: true
resources:
requests:
cpu: 200m
hostNetwork: true
volumes:
- name: vsphere-config-volume
configMap:
name: vsphere-cloud-config

44
packages/rancher-vsphere-cpi/charts/templates/role-binding.yaml Normal file
View File

@ -0,0 +1,44 @@
{{- if .Values.cloudControllerManager.rbac.enabled -}}
# Source: https://github.com/kubernetes/cloud-provider-vsphere
apiVersion: v1
kind: List
metadata: {}
items:
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: servicecatalog.k8s.io:apiserver-authentication-reader
labels:
vsphere-cpi-infra: role-binding
component: {{ .Chart.Name }}-cloud-controller-manager
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: {{ .Chart.Name }}-cloud-controller-manager
namespace: {{ .Release.Namespace }}
- apiGroup: ""
kind: User
name: {{ .Chart.Name }}-cloud-controller-manager
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system:{{ .Chart.Name }}-cloud-controller-manager
labels:
vsphere-cpi-infra: cluster-role-binding
component: {{ .Chart.Name }}-cloud-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:{{ .Chart.Name }}-cloud-controller-manager
subjects:
- kind: ServiceAccount
name: {{ .Chart.Name }}-cloud-controller-manager
namespace: {{ .Release.Namespace }}
- kind: User
name: {{ .Chart.Name }}-cloud-controller-manager
{{- end -}}

93
packages/rancher-vsphere-cpi/charts/templates/role.yaml Normal file
View File

@ -0,0 +1,93 @@
{{- if .Values.cloudControllerManager.rbac.enabled -}}
# Source: https://github.com/kubernetes/cloud-provider-vsphere
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: system:{{ .Chart.Name }}-cloud-controller-manager
labels:
vsphere-cpi-infra: role
component: {{ .Chart.Name }}-cloud-controller-manager
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- "*"
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- create
- get
- list
- watch
- update
{{- end -}}

14
packages/rancher-vsphere-cpi/charts/templates/secret.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if .Values.vCenter.credentialsSecret.generate -}}
# Source: https://github.com/kubernetes/cloud-provider-vsphere
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.vCenter.credentialsSecret.name }}
labels:
vsphere-cpi-infra: secret
component: {{ .Chart.Name }}-cloud-controller-manager
namespace: {{ .Release.Namespace }}
data:
{{ .Values.vCenter.host }}.username: {{ .Values.vCenter.username | b64enc | quote }}
{{ .Values.vCenter.host }}.password: {{ .Values.vCenter.password | b64enc | quote }}
{{- end -}}

11
packages/rancher-vsphere-cpi/charts/templates/service-account.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if .Values.cloudControllerManager.rbac.enabled -}}
# Source: https://github.com/kubernetes/cloud-provider-vsphere
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Chart.Name }}-cloud-controller-manager
labels:
vsphere-cpi-infra: service-account
component: {{ .Chart.Name }}-cloud-controller-manager
namespace: {{ .Release.Namespace }}
{{- end -}}

16
packages/rancher-vsphere-cpi/charts/templates/service.yaml Normal file
View File

@ -0,0 +1,16 @@
# Source: https://github.com/kubernetes/cloud-provider-vsphere
apiVersion: v1
kind: Service
metadata:
labels:
component: {{ .Chart.Name }}-cloud-controller-manager
name: {{ .Chart.Name }}-cloud-controller-manager
namespace: {{ .Release.Namespace }}
spec:
type: NodePort
ports:
- port: 43001
protocol: TCP
targetPort: 43001
selector:
component: {{ .Chart.Name }}-cloud-controller-manager

15
packages/rancher-vsphere-cpi/charts/values.yaml
View File

@ -11,9 +11,20 @@ vCenter:
cloudControllerManager:
image:
repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
tag: v1.2.1
"1.21":
repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
tag: v1.21.0
"1.20":
repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
tag: v1.20.0
"1.19":
repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
tag: v1.19.0
"1.18":
repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
tag: v1.18.0
nodeSelector: {}
tolerations: {}
rbac:
enabled: true

2
packages/rancher-vsphere-cpi/package.yaml
View File

@ -1,2 +1,2 @@
url: local
version: 100.0.0
version: 100.0.1

5
packages/rancher-vsphere-csi/charts/Chart.yaml
View File

@ -1,7 +1,8 @@
apiVersion: v1
name: rancher-vsphere-csi
version: 2.2.0
appVersion: 2.2.0
version: 2.3.0
appVersion: 2.3.0
kubeVersion: 1.19 - 1.21
description: vSphere Cloud Storage Interface (CSI)
sources:
- https://github.com/kubernetes-sigs/vsphere-csi-driver

48
packages/rancher-vsphere-csi/charts/questions.yaml
View File

@ -5,38 +5,34 @@ questions:
type: boolean
default: true
required: true
group: Configuration
group: vCenter Configuration
show_subquestion_if: true
subquestions:
- variable: vCenter.host
label: vCenter Host
description: IP address or FQDN of the vCenter
type: string
group: Configuration
- variable: vCenter.datacenters
description: Comma-separated list of paths to data centers. E.g "<dc1-path>, <dc2-path>, ..."
label: Data Centers
type: string
group: Configuration
- variable: vCenter.username
label: Username
description: Username for vCenter
type: string
group: Configuration
- variable: vCenter.password
label: Password
description: Password for vCenter
type: password
group: Configuration
- variable: vCenter.configSecret.name
label: CSI vSphere Config Secret Name
description: Name of the Secret that contains a CSI vSphere config and credentials (Will not be visible in the API. More info in the README)
type: string
group: Configuration
group: vCenter Configuration
show_if: "vCenter.configSecret.generate=false"
- variable: csiMigration.enabled
@ -44,20 +40,48 @@ questions:
description: Enable migration of volumes provisioned by in-tree vSphere provider to CSI (Available for vSphere 7.0 U1+ only)
type: boolean
default: false
group: Features
group: Driver Configuration
- variable: csiAuthCheck.enabled
label: Enable authorization checks on operations involving datastores
type: boolean
default: false
group: Features
group: Driver Configuration
- variable: onlineVolumeExtend.enabled
label: Enable Online Volume Extend
description: Enable expansion of PVCs that are in use by a Pod or mounted in a Node (Available for vSphere 7.0 U2+ only)
type: boolean
default: false
group: Features
group: Driver Configuration
- variable: triggerCsiFullsync.enabled
label: Enable CSI Full Sync
description: Keeps CNS up to date with Kubernetes volume metadata information (such as PVs, PVCs, pods, and so on)
type: boolean
default: false
group: Driver Configuration
- variable: asyncQueryVolume.enabled
label: Enable Async Query Volume
description: Improves retrieval of volume information
type: boolean
default: false
group: Driver Configuration
- variable: improvedCsiIdempotency.enabled
label: Enable Improved CSI Idempotency
description: Enhances driver to ensure volume operations are idempotent
type: boolean
default: false
group: Driver Configuration
- variable: improvedVolumeTopology.enabled
label: Enable Improved Volume Topology
description: Allows using the topology feature without the need to mount vSphere credentials in the CSI node daemonset
type: boolean
default: false
group: Driver Configuration
- variable: csiController.csiResizer.enabled
label: Enable CSI Volume Resizer
@ -86,6 +110,12 @@ questions:
default: true
type: boolean
- variable: storageClass.allowVolumeExpansion
label: Allow Volume Expansion
description: Allows resizing the volume by editing the corresponding PVC object (Available for vSphere 7.0+ only)
default: false
type: boolean
- variable: storageClass.storagePolicyName
label: Storage Policy Name
description: Name of the Storage Policy created in vCenter

14
packages/rancher-vsphere-csi/charts/templates/configmap.yaml Normal file
View File

@ -0,0 +1,14 @@
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
apiVersion: v1
data:
"csi-migration": {{ .Values.csiMigration.enabled | quote }}
"csi-auth-check": {{ .Values.csiAuthCheck.enabled | quote }}
"online-volume-extend": {{ .Values.onlineVolumeExtend.enabled | quote }}
"trigger-csi-fullsync": {{ .Values.triggerCsiFullsync.enabled | quote }}
"async-query-volume": {{ .Values.asyncQueryVolume.enabled | quote }}
"improved-csi-idempotency": {{ .Values.improvedCsiIdempotency.enabled | quote }}
"improved-volume-topology": {{ .Values.improvedVolumeTopology.enabled | quote }}
kind: ConfigMap
metadata:
name: internal-feature-states.csi.vsphere.vmware.com
namespace: {{ .Release.Namespace }}

208
packages/rancher-vsphere-csi/charts/templates/controller/deployment.yaml Normal file
View File

@ -0,0 +1,208 @@
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
kind: Deployment
apiVersion: apps/v1
metadata:
name: vsphere-csi-controller
namespace: {{ .Release.Namespace }}
spec:
replicas: 1
selector:
matchLabels:
app: vsphere-csi-controller
template:
metadata:
labels:
app: vsphere-csi-controller
role: vsphere-csi
spec:
serviceAccountName: vsphere-csi-controller
{{- if .Values.csiController.nodeSelector }}
nodeSelector:
{{- with .Values.csiController.nodeSelector }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
# RKE node selector label
- key: node-role.kubernetes.io/controlplane
operator: In
values:
- "true"
- matchExpressions:
# RKE2 node selector label
- key: node-role.kubernetes.io/control-plane
operator: In
values:
- "true"
{{- end }}
{{- if .Values.csiController.tolerations }}
tolerations:
{{- with .Values.csiController.tolerations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else }}
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
# Rancher specific change: These tolerations are added to account for RKE1 and RKE2 taints
- key: node-role.kubernetes.io/controlplane
effect: NoSchedule
value: "true"
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
value: "true"
- key: node-role.kubernetes.io/etcd
effect: NoSchedule
value: "true"
{{- end }}
dnsPolicy: "Default"
containers:
- name: csi-attacher
image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiAttacher.repository }}:{{ .Values.csiController.image.csiAttacher.tag }}"
args:
- "--v=4"
- "--timeout=300s"
- "--csi-address=$(ADDRESS)"
- "--leader-election"
- "--kube-api-qps=100"
- "--kube-api-burst=100"
env:
- name: ADDRESS
value: /csi/csi.sock
volumeMounts:
- mountPath: /csi
name: socket-dir
{{- if .Values.csiController.csiResizer.enabled }}
- name: csi-resizer
image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiResizer.repository }}:{{ .Values.csiController.image.csiResizer.tag }}"
args:
- "--v=4"
- "--timeout=300s"
- "--handle-volume-inuse-error=false"
- "--csi-address=$(ADDRESS)"
- "--kube-api-qps=100"
- "--kube-api-burst=100"
- "--leader-election"
env:
- name: ADDRESS
value: /csi/csi.sock
volumeMounts:
- mountPath: /csi
name: socket-dir
{{- end }}
- name: vsphere-csi-controller
image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.repository }}:{{ .Values.csiController.image.tag }}"
args:
- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
- "--fss-namespace=$(CSI_NAMESPACE)"
imagePullPolicy: "Always"
env:
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
- name: X_CSI_MODE
value: "controller"
- name: X_CSI_SPEC_DISABLE_LEN_CHECK
value: "true"
- name: X_CSI_SERIAL_VOL_ACCESS_TIMEOUT
value: 3m
- name: VSPHERE_CSI_CONFIG
value: "/etc/cloud/csi-vsphere.conf"
- name: LOGGER_LEVEL
value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
- name: INCLUSTER_CLIENT_QPS
value: "100"
- name: INCLUSTER_CLIENT_BURST
value: "100"
- name: CSI_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- mountPath: /etc/cloud
name: vsphere-config-volume
readOnly: true
- mountPath: /csi
name: socket-dir
ports:
- name: healthz
containerPort: 9808
protocol: TCP
- name: prometheus
containerPort: 2112
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 5
failureThreshold: 3
- name: liveness-probe
image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.livenessProbe.repository }}:{{ .Values.csiController.image.livenessProbe.tag }}"
args:
- "--v=4"
- "--csi-address=/csi/csi.sock"
volumeMounts:
- name: socket-dir
mountPath: /csi
- name: vsphere-syncer
image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.vsphereSyncer.repository }}:{{ .Values.csiController.image.vsphereSyncer.tag }}"
args:
- "--leader-election"
- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
- "--fss-namespace=$(CSI_NAMESPACE)"
imagePullPolicy: "Always"
ports:
- containerPort: 2113
name: prometheus
protocol: TCP
env:
- name: FULL_SYNC_INTERVAL_MINUTES
value: "30"
- name: VSPHERE_CSI_CONFIG
value: "/etc/cloud/csi-vsphere.conf"
- name: LOGGER_LEVEL
value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
- name: INCLUSTER_CLIENT_QPS
value: "100"
- name: INCLUSTER_CLIENT_BURST
value: "100"
- name: CSI_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- mountPath: /etc/cloud
name: vsphere-config-volume
readOnly: true
- name: csi-provisioner
image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiProvisioner.repository }}:{{ .Values.csiController.image.csiProvisioner.tag }}"
args:
- "--v=4"
- "--timeout=300s"
- "--csi-address=$(ADDRESS)"
- "--kube-api-qps=100"
- "--kube-api-burst=100"
- "--leader-election"
- "--default-fstype=ext4"
# needed only for topology aware setup
#- "--feature-gates=Topology=true"
#- "--strict-topology"
env:
- name: ADDRESS
value: /csi/csi.sock
volumeMounts:
- mountPath: /csi
name: socket-dir
volumes:
- name: vsphere-config-volume
secret:
secretName: {{ .Values.vCenter.configSecret.name }}
- name: socket-dir
emptyDir: {}

13
packages/rancher-vsphere-csi/charts/templates/controller/role-binding.yaml Normal file
View File

@ -0,0 +1,13 @@
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: vsphere-csi-controller-binding
subjects:
- kind: ServiceAccount
name: vsphere-csi-controller
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: vsphere-csi-controller-role
apiGroup: rbac.authorization.k8s.io

39
packages/rancher-vsphere-csi/charts/templates/controller/role.yaml Normal file
View File

@ -0,0 +1,39 @@
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: vsphere-csi-controller-role
rules:
- apiGroups: [""]
resources: ["nodes", "persistentvolumeclaims", "pods", "configmaps"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["patch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses", "csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "patch"]
- apiGroups: ["cns.vmware.com"]
resources: ["triggercsifullsyncs"]
verbs: ["create", "get", "update", "watch", "list"]
- apiGroups: ["cns.vmware.com"]
resources: ["cnsvspherevolumemigrations"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "create", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]

6
packages/rancher-vsphere-csi/charts/templates/controller/service-account.yaml Normal file
View File

@ -0,0 +1,6 @@
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
kind: ServiceAccount
apiVersion: v1
metadata:
name: vsphere-csi-controller
namespace: {{ .Release.Namespace }}

20
packages/rancher-vsphere-csi/charts/templates/controller/service.yaml Normal file
View File

@ -0,0 +1,20 @@
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
apiVersion: v1
kind: Service
metadata:
name: vsphere-csi-controller
namespace: {{ .Release.Namespace }}
labels:
app: vsphere-csi-controller
spec:
ports:
- name: ctlr
port: 2112
targetPort: 2112
protocol: TCP
- name: syncer
port: 2113
targetPort: 2113
protocol: TCP
selector:
app: vsphere-csi-controller

8
packages/rancher-vsphere-csi/charts/templates/csi-driver.yaml Normal file
View File

@ -0,0 +1,8 @@
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
apiVersion: storage.k8s.io/v1 # For k8s 1.17 use storage.k8s.io/v1beta1
kind: CSIDriver
metadata:
name: csi.vsphere.vmware.com
spec:
attachRequired: true
podInfoOnMount: false

156
packages/rancher-vsphere-csi/charts/templates/node/daemonset.yaml Normal file
View File

@ -0,0 +1,156 @@
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: vsphere-csi-node
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app: vsphere-csi-node
updateStrategy:
type: "RollingUpdate"
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
app: vsphere-csi-node
role: vsphere-csi
spec:
serviceAccountName: vsphere-csi-node
hostNetwork: true
dnsPolicy: "ClusterFirstWithHostNet"
containers:
- name: node-driver-registrar
image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.nodeDriverRegistrar.repository }}:{{ .Values.csiNode.image.nodeDriverRegistrar.tag }}"
args:
- "--v=5"
- "--csi-address=$(ADDRESS)"
- "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
- "--health-port=9809"
env:
- name: ADDRESS
value: /csi/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins/csi.vsphere.vmware.com/csi.sock
volumeMounts:
- name: plugin-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
ports:
- containerPort: 9809
name: healthz
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 5
timeoutSeconds: 5
- name: vsphere-csi-node
image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.repository }}:{{ .Values.csiNode.image.tag }}"
args:
- "--fss-name=internal-feature-states.csi.vsphere.vmware.com"
- "--fss-namespace=$(CSI_NAMESPACE)"
imagePullPolicy: "Always"
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
- name: MAX_VOLUMES_PER_NODE
value: "0" # Maximum number of volumes that controller can publish to the node. If value is not set or zero Kubernetes decide how many volumes can be published by the controller to the node.
- name: X_CSI_MODE
value: "node"
- name: X_CSI_SPEC_REQ_VALIDATION
value: "false"
- name: X_CSI_SPEC_DISABLE_LEN_CHECK
value: "true"
# needed only for topology aware setups
#- name: VSPHERE_CSI_CONFIG
# value: "/etc/cloud/csi-vsphere.conf" # here csi-vsphere.conf is the name of the file used for creating secret using "--from-file" flag
- name: LOGGER_LEVEL
value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION
- name: CSI_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
volumeMounts:
# needed only for topology aware setups
#- name: vsphere-config-volume
# mountPath: /etc/cloud
# readOnly: true
- name: plugin-dir
mountPath: /csi
- name: pods-mount-dir
mountPath: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet
# needed so that any mounts setup inside this container are
# propagated back to the host machine.
mountPropagation: "Bidirectional"
- name: device-dir
mountPath: /dev
- name: blocks-dir
mountPath: /sys/block
- name: sys-devices-dir
mountPath: /sys/devices
ports:
- name: healthz
containerPort: 9808
protocol: TCP
livenessProbe:
httpGet:
path: /healthz
port: healthz
initialDelaySeconds: 10
timeoutSeconds: 5
periodSeconds: 5
failureThreshold: 3
- name: liveness-probe
image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.livenessProbe.repository }}:{{ .Values.csiNode.image.livenessProbe.tag }}"
args:
- "--v=4"
- "--csi-address=/csi/csi.sock"
volumeMounts:
- name: plugin-dir
mountPath: /csi
volumes:
# needed only for topology aware setups
#- name: vsphere-config-volume
# secret:
# secretName: vsphere-config-secret
- name: registration-dir
hostPath:
path: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins_registry
type: Directory
- name: plugin-dir
hostPath:
path: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins/csi.vsphere.vmware.com
type: DirectoryOrCreate
- name: pods-mount-dir
hostPath:
path: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet
type: Directory
- name: device-dir
hostPath:
path: /dev
- name: blocks-dir
hostPath:
path: /sys/block
type: Directory
- name: sys-devices-dir
hostPath:
path: /sys/devices
type: Directory
tolerations:
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists

14
packages/rancher-vsphere-csi/charts/templates/node/role-binding.yaml Normal file
View File

@ -0,0 +1,14 @@
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: vsphere-csi-node-binding
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: vsphere-csi-node
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: vsphere-csi-node-role
apiGroup: rbac.authorization.k8s.io

10
packages/rancher-vsphere-csi/charts/templates/node/role.yaml Normal file
View File

@ -0,0 +1,10 @@
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: vsphere-csi-node-role
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "watch"]

6
packages/rancher-vsphere-csi/charts/templates/node/service-account.yaml Normal file
View File

@ -0,0 +1,6 @@
# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver
kind: ServiceAccount
apiVersion: v1
metadata:
name: vsphere-csi-node
namespace: {{ .Release.Namespace }}

9
packages/rancher-vsphere-csi/charts/templates/secret.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- if .Values.vCenter.configSecret.generate -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.vCenter.configSecret.name }}
namespace: {{ .Release.Namespace }}
data:
csi-vsphere.conf: {{ tpl .Values.vCenter.configSecret.configTemplate . | b64enc | quote }}
{{- end -}}

17
packages/rancher-vsphere-csi/charts/templates/storageclass.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- if .Values.storageClass.enabled -}}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: {{ .Values.storageClass.name | quote }}
annotations:
storageclass.kubernetes.io/is-default-class: {{ .Values.storageClass.isDefault | quote }}
provisioner: csi.vsphere.vmware.com
allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }}
parameters:
{{- if .Values.storageClass.datastoreURL }}
datastoreURL: {{ .Values.storageClass.datastoreURL | quote }}
{{- end }}
{{- if .Values.storageClass.storagePolicyName }}
storagepolicyname: {{ .Values.storageClass.storagePolicyName | quote }}
{{- end }}
{{- end -}}

34
packages/rancher-vsphere-csi/charts/values.yaml
View File

@ -25,10 +25,10 @@ csiController:
enabled: false
image:
repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver
tag: v2.2.1
tag: v2.3.0
csiAttacher:
repository: rancher/mirrored-k8scsi-csi-attacher
tag: v3.1.0
repository: rancher/mirrored-sig-storage-csi-attacher
tag: v3.2.0
csiResizer:
repository: rancher/mirrored-k8scsi-csi-resizer
tag: v1.1.0
@ -37,11 +37,22 @@ csiController:
tag: v2.2.0
vsphereSyncer:
repository: rancher/mirrored-cloud-provider-vsphere-csi-release-syncer
tag: v2.2.1
tag: v2.3.0
csiProvisioner:
repository: rancher/mirrored-k8scsi-csi-provisioner
tag: v2.1.0
repository: rancher/mirrored-sig-storage-csi-provisioner
tag: v2.2.0
nodeSelector: {}
# Uncomment below toleration if you need an aggressive pod eviction in case when
# node becomes not-ready or unreachable. Default is 300 seconds if not specified.
# tolerations:
# - key: node.kubernetes.io/not-ready
# operator: Exists
# effect: NoExecute
# tolerationSeconds: 30
# - key: node.kubernetes.io/unreachable
# operator: Exists
# effect: NoExecute
# tolerationSeconds: 30
# Internal features
csiMigration:
@ -50,12 +61,20 @@ csiAuthCheck:
enabled: false
onlineVolumeExtend:
enabled: false
triggerCsiFullsync:
enabled: false
asyncQueryVolume:
enabled: false
improvedCsiIdempotency:
enabled: false
improvedVolumeTopology:
enabled: false
csiNode:
prefixPath: ""
image:
repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver
tag: v2.2.1
tag: v2.3.0
nodeDriverRegistrar:
repository: rancher/mirrored-k8scsi-csi-node-driver-registrar
tag: v2.1.0
@ -65,6 +84,7 @@ csiNode:
storageClass:
enabled: true
allowVolumeExpansion: false
name: "vsphere-csi-sc"
isDefault: true
storagePolicyName: ""

2
packages/rancher-vsphere-csi/package.yaml
View File

@ -1,2 +1,2 @@
url: local
version: 100.0.0
version: 100.0.1