diff --git a/packages/rancher-vsphere-cpi/charts/Chart.yaml b/packages/rancher-vsphere-cpi/charts/Chart.yaml index 46869160d..1ecdbdf35 100644 --- a/packages/rancher-vsphere-cpi/charts/Chart.yaml +++ b/packages/rancher-vsphere-cpi/charts/Chart.yaml @@ -1,7 +1,10 @@ apiVersion: v1 name: rancher-vsphere-cpi -version: 1.0.0 -appVersion: 1.0.0 +version: 1.0.1 +# appVersion represents the upstream branch for the k8s version this chart was updated to. Since our chart is made to +# support multiple k8s versions, appVersion is used for reference to know what's the latest k8s version this chart supports. +appVersion: 1.21.0 +kubeVersion: 1.18 - 1.21 description: vSphere Cloud Provider Interface (CPI) sources: - https://github.com/kubernetes/cloud-provider-vsphere diff --git a/packages/rancher-vsphere-cpi/charts/templates/_helpers.tpl b/packages/rancher-vsphere-cpi/charts/templates/_helpers.tpl index 7a6c36abe..b23e85502 100644 --- a/packages/rancher-vsphere-cpi/charts/templates/_helpers.tpl +++ b/packages/rancher-vsphere-cpi/charts/templates/_helpers.tpl @@ -5,3 +5,33 @@ {{- "" -}} {{- end -}} {{- end -}} + +{{- /* Return the image override if one is defined in the chart values. */ -}} +{{- define "get_image_override" -}} +{{- if hasKey .Values.cloudControllerManager.image "override" -}} +{{- if and (hasKey .Values.cloudControllerManager.image.override "repository") (hasKey .Values.cloudControllerManager.image.override "tag") -}} +{{- printf "%s:%s" .Values.cloudControllerManager.image.override.repository .Values.cloudControllerManager.image.override.tag -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- /* Return the image's repository and tag corresponding to the cluster's kubernetes version. */ -}} +{{- define "get_image" -}} +{{- $kubeVersion := printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor -}} +{{- if hasKey .Values.cloudControllerManager.image $kubeVersion -}} +{{- $imageForKubeVersion := get .Values.cloudControllerManager.image $kubeVersion -}} +{{- printf "%s:%s" $imageForKubeVersion.repository $imageForKubeVersion.tag -}} +{{- else -}} +{{- $supportedVersions := include "get_supported_k8s_versions" . -}} +{{- required (printf "unsupported Kubernetes version: %s (supported versions: %s)" $kubeVersion $supportedVersions) "" -}} +{{- end -}} +{{- end -}} + +{{- /* Return string of a comma separated list of the k8s version lines the chart supports in the `major.minor.x` format. */ -}} +{{- define "get_supported_k8s_versions" -}} +{{- $versions := list -}} +{{- range $k, $v := .Values.cloudControllerManager.image -}} +{{- $versions = append $versions (printf "%s.x" $k) -}} +{{- end -}} +{{- join ", " $versions -}} +{{- end -}} diff --git a/packages/rancher-vsphere-cpi/charts/templates/configmap.yaml b/packages/rancher-vsphere-cpi/charts/templates/configmap.yaml new file mode 100644 index 000000000..10238783f --- /dev/null +++ b/packages/rancher-vsphere-cpi/charts/templates/configmap.yaml @@ -0,0 +1,19 @@ +# Source: https://github.com/kubernetes/cloud-provider-vsphere +apiVersion: v1 +kind: ConfigMap +metadata: + name: vsphere-cloud-config + labels: + vsphere-cpi-infra: config + component: {{ .Chart.Name }}-cloud-controller-manager + namespace: {{ .Release.Namespace }} +data: + vsphere.conf: | + [Global] + secret-name = {{ .Values.vCenter.credentialsSecret.name | quote }} + secret-namespace = {{ .Release.Namespace | quote }} + port = {{ .Values.vCenter.port | quote }} + insecure-flag = {{ .Values.vCenter.insecureFlag | quote }} + + [VirtualCenter {{ .Values.vCenter.host | quote }}] + datacenters = {{ .Values.vCenter.datacenters | quote }} diff --git a/packages/rancher-vsphere-cpi/charts/templates/daemonset.yaml b/packages/rancher-vsphere-cpi/charts/templates/daemonset.yaml new file mode 100644 index 000000000..944982883 --- /dev/null +++ b/packages/rancher-vsphere-cpi/charts/templates/daemonset.yaml @@ -0,0 +1,96 @@ +# Source: https://github.com/kubernetes/cloud-provider-vsphere +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ .Chart.Name }}-cloud-controller-manager + labels: + component: {{ .Chart.Name }}-cloud-controller-manager + tier: control-plane + namespace: {{ .Release.Namespace }} + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" +spec: + selector: + matchLabels: + name: {{ .Chart.Name }}-cloud-controller-manager + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + name: {{ .Chart.Name }}-cloud-controller-manager + component: {{ .Chart.Name }}-cloud-controller-manager + tier: control-plane + spec: + {{- if .Values.cloudControllerManager.nodeSelector }} + nodeSelector: + {{- with .Values.cloudControllerManager.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # RKE node selector label + - key: node-role.kubernetes.io/controlplane + operator: In + values: + - "true" + - matchExpressions: + # RKE2 node selector label + - key: node-role.kubernetes.io/control-plane + operator: In + values: + - "true" + {{- end }} + {{- if .Values.cloudControllerManager.tolerations }} + tolerations: + {{- with .Values.cloudControllerManager.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else }} + tolerations: + - key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + operator: Exists + - key: node.kubernetes.io/not-ready + effect: NoSchedule + operator: Exists + # Rancher specific change: These tolerations are added to account for RKE1 and RKE2 taints + - key: node-role.kubernetes.io/controlplane + effect: NoSchedule + value: "true" + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + value: "true" + - key: node-role.kubernetes.io/etcd + effect: NoSchedule + value: "true" + {{- end }} + securityContext: + runAsUser: 1001 + serviceAccountName: {{ .Chart.Name }}-cloud-controller-manager + containers: + - name: {{ .Chart.Name }}-cloud-controller-manager + image: "{{ template "system_default_registry" . }}{{ default (include "get_image" . ) (include "get_image_override" . ) }}" + args: + - --cloud-provider=vsphere + - --v=2 + - --cloud-config=/etc/cloud/vsphere.conf + volumeMounts: + - mountPath: /etc/cloud + name: vsphere-config-volume + readOnly: true + resources: + requests: + cpu: 200m + hostNetwork: true + volumes: + - name: vsphere-config-volume + configMap: + name: vsphere-cloud-config diff --git a/packages/rancher-vsphere-cpi/charts/templates/role-binding.yaml b/packages/rancher-vsphere-cpi/charts/templates/role-binding.yaml new file mode 100644 index 000000000..ef930c5e1 --- /dev/null +++ b/packages/rancher-vsphere-cpi/charts/templates/role-binding.yaml @@ -0,0 +1,44 @@ +{{- if .Values.cloudControllerManager.rbac.enabled -}} +# Source: https://github.com/kubernetes/cloud-provider-vsphere +apiVersion: v1 +kind: List +metadata: {} +items: +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: servicecatalog.k8s.io:apiserver-authentication-reader + labels: + vsphere-cpi-infra: role-binding + component: {{ .Chart.Name }}-cloud-controller-manager + namespace: {{ .Release.Namespace }} + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader + subjects: + - apiGroup: "" + kind: ServiceAccount + name: {{ .Chart.Name }}-cloud-controller-manager + namespace: {{ .Release.Namespace }} + - apiGroup: "" + kind: User + name: {{ .Chart.Name }}-cloud-controller-manager +- apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: system:{{ .Chart.Name }}-cloud-controller-manager + labels: + vsphere-cpi-infra: cluster-role-binding + component: {{ .Chart.Name }}-cloud-controller-manager + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:{{ .Chart.Name }}-cloud-controller-manager + subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-cloud-controller-manager + namespace: {{ .Release.Namespace }} + - kind: User + name: {{ .Chart.Name }}-cloud-controller-manager +{{- end -}} diff --git a/packages/rancher-vsphere-cpi/charts/templates/role.yaml b/packages/rancher-vsphere-cpi/charts/templates/role.yaml new file mode 100644 index 000000000..073c8a7e9 --- /dev/null +++ b/packages/rancher-vsphere-cpi/charts/templates/role.yaml @@ -0,0 +1,93 @@ +{{- if .Values.cloudControllerManager.rbac.enabled -}} +# Source: https://github.com/kubernetes/cloud-provider-vsphere +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:{{ .Chart.Name }}-cloud-controller-manager + labels: + vsphere-cpi-infra: role + component: {{ .Chart.Name }}-cloud-controller-manager +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - "*" +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +- apiGroups: + - "" + resources: + - services + verbs: + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - list + - watch + - update +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - list + - watch + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - create + - get + - list + - watch + - update +{{- end -}} diff --git a/packages/rancher-vsphere-cpi/charts/templates/secret.yaml b/packages/rancher-vsphere-cpi/charts/templates/secret.yaml new file mode 100644 index 000000000..5ab05b9c0 --- /dev/null +++ b/packages/rancher-vsphere-cpi/charts/templates/secret.yaml @@ -0,0 +1,14 @@ +{{- if .Values.vCenter.credentialsSecret.generate -}} +# Source: https://github.com/kubernetes/cloud-provider-vsphere +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.vCenter.credentialsSecret.name }} + labels: + vsphere-cpi-infra: secret + component: {{ .Chart.Name }}-cloud-controller-manager + namespace: {{ .Release.Namespace }} +data: + {{ .Values.vCenter.host }}.username: {{ .Values.vCenter.username | b64enc | quote }} + {{ .Values.vCenter.host }}.password: {{ .Values.vCenter.password | b64enc | quote }} +{{- end -}} diff --git a/packages/rancher-vsphere-cpi/charts/templates/service-account.yaml b/packages/rancher-vsphere-cpi/charts/templates/service-account.yaml new file mode 100644 index 000000000..1216ac6b2 --- /dev/null +++ b/packages/rancher-vsphere-cpi/charts/templates/service-account.yaml @@ -0,0 +1,11 @@ +{{- if .Values.cloudControllerManager.rbac.enabled -}} +# Source: https://github.com/kubernetes/cloud-provider-vsphere +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-cloud-controller-manager + labels: + vsphere-cpi-infra: service-account + component: {{ .Chart.Name }}-cloud-controller-manager + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/packages/rancher-vsphere-cpi/charts/templates/service.yaml b/packages/rancher-vsphere-cpi/charts/templates/service.yaml new file mode 100644 index 000000000..155322f2e --- /dev/null +++ b/packages/rancher-vsphere-cpi/charts/templates/service.yaml @@ -0,0 +1,16 @@ +# Source: https://github.com/kubernetes/cloud-provider-vsphere +apiVersion: v1 +kind: Service +metadata: + labels: + component: {{ .Chart.Name }}-cloud-controller-manager + name: {{ .Chart.Name }}-cloud-controller-manager + namespace: {{ .Release.Namespace }} +spec: + type: NodePort + ports: + - port: 43001 + protocol: TCP + targetPort: 43001 + selector: + component: {{ .Chart.Name }}-cloud-controller-manager diff --git a/packages/rancher-vsphere-cpi/charts/values.yaml b/packages/rancher-vsphere-cpi/charts/values.yaml index 41e01f888..475181556 100644 --- a/packages/rancher-vsphere-cpi/charts/values.yaml +++ b/packages/rancher-vsphere-cpi/charts/values.yaml @@ -11,9 +11,20 @@ vCenter: cloudControllerManager: image: - repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager - tag: v1.2.1 + "1.21": + repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager + tag: v1.21.0 + "1.20": + repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager + tag: v1.20.0 + "1.19": + repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager + tag: v1.19.0 + "1.18": + repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager + tag: v1.18.0 nodeSelector: {} + tolerations: {} rbac: enabled: true diff --git a/packages/rancher-vsphere-cpi/package.yaml b/packages/rancher-vsphere-cpi/package.yaml index 3b5eacdf6..98913ea9a 100644 --- a/packages/rancher-vsphere-cpi/package.yaml +++ b/packages/rancher-vsphere-cpi/package.yaml @@ -1,2 +1,2 @@ url: local -version: 100.0.0 +version: 100.0.1 diff --git a/packages/rancher-vsphere-csi/charts/Chart.yaml b/packages/rancher-vsphere-csi/charts/Chart.yaml index 6438148fa..c37e90a4b 100644 --- a/packages/rancher-vsphere-csi/charts/Chart.yaml +++ b/packages/rancher-vsphere-csi/charts/Chart.yaml @@ -1,7 +1,8 @@ apiVersion: v1 name: rancher-vsphere-csi -version: 2.2.0 -appVersion: 2.2.0 +version: 2.3.0 +appVersion: 2.3.0 +kubeVersion: 1.19 - 1.21 description: vSphere Cloud Storage Interface (CSI) sources: - https://github.com/kubernetes-sigs/vsphere-csi-driver diff --git a/packages/rancher-vsphere-csi/charts/questions.yaml b/packages/rancher-vsphere-csi/charts/questions.yaml index f24f2bdd9..7582a7ff3 100644 --- a/packages/rancher-vsphere-csi/charts/questions.yaml +++ b/packages/rancher-vsphere-csi/charts/questions.yaml @@ -5,38 +5,34 @@ questions: type: boolean default: true required: true - group: Configuration + group: vCenter Configuration show_subquestion_if: true subquestions: - variable: vCenter.host label: vCenter Host description: IP address or FQDN of the vCenter type: string - group: Configuration - variable: vCenter.datacenters description: Comma-separated list of paths to data centers. E.g ", , ..." label: Data Centers type: string - group: Configuration - variable: vCenter.username label: Username description: Username for vCenter type: string - group: Configuration - variable: vCenter.password label: Password description: Password for vCenter type: password - group: Configuration - variable: vCenter.configSecret.name label: CSI vSphere Config Secret Name description: Name of the Secret that contains a CSI vSphere config and credentials (Will not be visible in the API. More info in the README) type: string - group: Configuration + group: vCenter Configuration show_if: "vCenter.configSecret.generate=false" - variable: csiMigration.enabled @@ -44,20 +40,48 @@ questions: description: Enable migration of volumes provisioned by in-tree vSphere provider to CSI (Available for vSphere 7.0 U1+ only) type: boolean default: false - group: Features + group: Driver Configuration - variable: csiAuthCheck.enabled label: Enable authorization checks on operations involving datastores type: boolean default: false - group: Features + group: Driver Configuration - variable: onlineVolumeExtend.enabled label: Enable Online Volume Extend description: Enable expansion of PVCs that are in use by a Pod or mounted in a Node (Available for vSphere 7.0 U2+ only) type: boolean default: false - group: Features + group: Driver Configuration + + - variable: triggerCsiFullsync.enabled + label: Enable CSI Full Sync + description: Keeps CNS up to date with Kubernetes volume metadata information (such as PVs, PVCs, pods, and so on) + type: boolean + default: false + group: Driver Configuration + + - variable: asyncQueryVolume.enabled + label: Enable Async Query Volume + description: Improves retrieval of volume information + type: boolean + default: false + group: Driver Configuration + + - variable: improvedCsiIdempotency.enabled + label: Enable Improved CSI Idempotency + description: Enhances driver to ensure volume operations are idempotent + type: boolean + default: false + group: Driver Configuration + + - variable: improvedVolumeTopology.enabled + label: Enable Improved Volume Topology + description: Allows using the topology feature without the need to mount vSphere credentials in the CSI node daemonset + type: boolean + default: false + group: Driver Configuration - variable: csiController.csiResizer.enabled label: Enable CSI Volume Resizer @@ -86,6 +110,12 @@ questions: default: true type: boolean + - variable: storageClass.allowVolumeExpansion + label: Allow Volume Expansion + description: Allows resizing the volume by editing the corresponding PVC object (Available for vSphere 7.0+ only) + default: false + type: boolean + - variable: storageClass.storagePolicyName label: Storage Policy Name description: Name of the Storage Policy created in vCenter diff --git a/packages/rancher-vsphere-csi/charts/templates/configmap.yaml b/packages/rancher-vsphere-csi/charts/templates/configmap.yaml new file mode 100644 index 000000000..b7f9207ac --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/configmap.yaml @@ -0,0 +1,14 @@ +# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver +apiVersion: v1 +data: + "csi-migration": {{ .Values.csiMigration.enabled | quote }} + "csi-auth-check": {{ .Values.csiAuthCheck.enabled | quote }} + "online-volume-extend": {{ .Values.onlineVolumeExtend.enabled | quote }} + "trigger-csi-fullsync": {{ .Values.triggerCsiFullsync.enabled | quote }} + "async-query-volume": {{ .Values.asyncQueryVolume.enabled | quote }} + "improved-csi-idempotency": {{ .Values.improvedCsiIdempotency.enabled | quote }} + "improved-volume-topology": {{ .Values.improvedVolumeTopology.enabled | quote }} +kind: ConfigMap +metadata: + name: internal-feature-states.csi.vsphere.vmware.com + namespace: {{ .Release.Namespace }} diff --git a/packages/rancher-vsphere-csi/charts/templates/controller/deployment.yaml b/packages/rancher-vsphere-csi/charts/templates/controller/deployment.yaml new file mode 100644 index 000000000..a20eadffd --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/controller/deployment.yaml @@ -0,0 +1,208 @@ +# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver +kind: Deployment +apiVersion: apps/v1 +metadata: + name: vsphere-csi-controller + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: vsphere-csi-controller + template: + metadata: + labels: + app: vsphere-csi-controller + role: vsphere-csi + spec: + serviceAccountName: vsphere-csi-controller + {{- if .Values.csiController.nodeSelector }} + nodeSelector: + {{- with .Values.csiController.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + # RKE node selector label + - key: node-role.kubernetes.io/controlplane + operator: In + values: + - "true" + - matchExpressions: + # RKE2 node selector label + - key: node-role.kubernetes.io/control-plane + operator: In + values: + - "true" + {{- end }} + {{- if .Values.csiController.tolerations }} + tolerations: + {{- with .Values.csiController.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- else }} + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + # Rancher specific change: These tolerations are added to account for RKE1 and RKE2 taints + - key: node-role.kubernetes.io/controlplane + effect: NoSchedule + value: "true" + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + value: "true" + - key: node-role.kubernetes.io/etcd + effect: NoSchedule + value: "true" + {{- end }} + dnsPolicy: "Default" + containers: + - name: csi-attacher + image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiAttacher.repository }}:{{ .Values.csiController.image.csiAttacher.tag }}" + args: + - "--v=4" + - "--timeout=300s" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--kube-api-qps=100" + - "--kube-api-burst=100" + env: + - name: ADDRESS + value: /csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir +{{- if .Values.csiController.csiResizer.enabled }} + - name: csi-resizer + image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiResizer.repository }}:{{ .Values.csiController.image.csiResizer.tag }}" + args: + - "--v=4" + - "--timeout=300s" + - "--handle-volume-inuse-error=false" + - "--csi-address=$(ADDRESS)" + - "--kube-api-qps=100" + - "--kube-api-burst=100" + - "--leader-election" + env: + - name: ADDRESS + value: /csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir +{{- end }} + - name: vsphere-csi-controller + image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.repository }}:{{ .Values.csiController.image.tag }}" + args: + - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" + - "--fss-namespace=$(CSI_NAMESPACE)" + imagePullPolicy: "Always" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: X_CSI_MODE + value: "controller" + - name: X_CSI_SPEC_DISABLE_LEN_CHECK + value: "true" + - name: X_CSI_SERIAL_VOL_ACCESS_TIMEOUT + value: 3m + - name: VSPHERE_CSI_CONFIG + value: "/etc/cloud/csi-vsphere.conf" + - name: LOGGER_LEVEL + value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION + - name: INCLUSTER_CLIENT_QPS + value: "100" + - name: INCLUSTER_CLIENT_BURST + value: "100" + - name: CSI_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - mountPath: /etc/cloud + name: vsphere-config-volume + readOnly: true + - mountPath: /csi + name: socket-dir + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + - name: prometheus + containerPort: 2112 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 5 + failureThreshold: 3 + - name: liveness-probe + image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.livenessProbe.repository }}:{{ .Values.csiController.image.livenessProbe.tag }}" + args: + - "--v=4" + - "--csi-address=/csi/csi.sock" + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: vsphere-syncer + image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.vsphereSyncer.repository }}:{{ .Values.csiController.image.vsphereSyncer.tag }}" + args: + - "--leader-election" + - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" + - "--fss-namespace=$(CSI_NAMESPACE)" + imagePullPolicy: "Always" + ports: + - containerPort: 2113 + name: prometheus + protocol: TCP + env: + - name: FULL_SYNC_INTERVAL_MINUTES + value: "30" + - name: VSPHERE_CSI_CONFIG + value: "/etc/cloud/csi-vsphere.conf" + - name: LOGGER_LEVEL + value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION + - name: INCLUSTER_CLIENT_QPS + value: "100" + - name: INCLUSTER_CLIENT_BURST + value: "100" + - name: CSI_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - mountPath: /etc/cloud + name: vsphere-config-volume + readOnly: true + - name: csi-provisioner + image: "{{ template "system_default_registry" . }}{{ .Values.csiController.image.csiProvisioner.repository }}:{{ .Values.csiController.image.csiProvisioner.tag }}" + args: + - "--v=4" + - "--timeout=300s" + - "--csi-address=$(ADDRESS)" + - "--kube-api-qps=100" + - "--kube-api-burst=100" + - "--leader-election" + - "--default-fstype=ext4" + # needed only for topology aware setup + #- "--feature-gates=Topology=true" + #- "--strict-topology" + env: + - name: ADDRESS + value: /csi/csi.sock + volumeMounts: + - mountPath: /csi + name: socket-dir + volumes: + - name: vsphere-config-volume + secret: + secretName: {{ .Values.vCenter.configSecret.name }} + - name: socket-dir + emptyDir: {} diff --git a/packages/rancher-vsphere-csi/charts/templates/controller/role-binding.yaml b/packages/rancher-vsphere-csi/charts/templates/controller/role-binding.yaml new file mode 100644 index 000000000..ee87bc2b8 --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/controller/role-binding.yaml @@ -0,0 +1,13 @@ +# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: vsphere-csi-controller-binding +subjects: + - kind: ServiceAccount + name: vsphere-csi-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: vsphere-csi-controller-role + apiGroup: rbac.authorization.k8s.io diff --git a/packages/rancher-vsphere-csi/charts/templates/controller/role.yaml b/packages/rancher-vsphere-csi/charts/templates/controller/role.yaml new file mode 100644 index 000000000..ad1757d1a --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/controller/role.yaml @@ -0,0 +1,39 @@ +# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: vsphere-csi-controller-role +rules: + - apiGroups: [""] + resources: ["nodes", "persistentvolumeclaims", "pods", "configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "update", "delete", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["cns.vmware.com"] + resources: ["triggercsifullsyncs"] + verbs: ["create", "get", "update", "watch", "list"] + - apiGroups: ["cns.vmware.com"] + resources: ["cnsvspherevolumemigrations"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "create", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] diff --git a/packages/rancher-vsphere-csi/charts/templates/controller/service-account.yaml b/packages/rancher-vsphere-csi/charts/templates/controller/service-account.yaml new file mode 100644 index 000000000..076edfd72 --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/controller/service-account.yaml @@ -0,0 +1,6 @@ +# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver +kind: ServiceAccount +apiVersion: v1 +metadata: + name: vsphere-csi-controller + namespace: {{ .Release.Namespace }} diff --git a/packages/rancher-vsphere-csi/charts/templates/controller/service.yaml b/packages/rancher-vsphere-csi/charts/templates/controller/service.yaml new file mode 100644 index 000000000..fcd2edc5b --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/controller/service.yaml @@ -0,0 +1,20 @@ +# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver +apiVersion: v1 +kind: Service +metadata: + name: vsphere-csi-controller + namespace: {{ .Release.Namespace }} + labels: + app: vsphere-csi-controller +spec: + ports: + - name: ctlr + port: 2112 + targetPort: 2112 + protocol: TCP + - name: syncer + port: 2113 + targetPort: 2113 + protocol: TCP + selector: + app: vsphere-csi-controller diff --git a/packages/rancher-vsphere-csi/charts/templates/csi-driver.yaml b/packages/rancher-vsphere-csi/charts/templates/csi-driver.yaml new file mode 100644 index 000000000..9b6909e6a --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/csi-driver.yaml @@ -0,0 +1,8 @@ +# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver +apiVersion: storage.k8s.io/v1 # For k8s 1.17 use storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: csi.vsphere.vmware.com +spec: + attachRequired: true + podInfoOnMount: false diff --git a/packages/rancher-vsphere-csi/charts/templates/node/daemonset.yaml b/packages/rancher-vsphere-csi/charts/templates/node/daemonset.yaml new file mode 100644 index 000000000..ddec9e35c --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/node/daemonset.yaml @@ -0,0 +1,156 @@ +# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: vsphere-csi-node + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: vsphere-csi-node + updateStrategy: + type: "RollingUpdate" + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + app: vsphere-csi-node + role: vsphere-csi + spec: + serviceAccountName: vsphere-csi-node + hostNetwork: true + dnsPolicy: "ClusterFirstWithHostNet" + containers: + - name: node-driver-registrar + image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.nodeDriverRegistrar.repository }}:{{ .Values.csiNode.image.nodeDriverRegistrar.tag }}" + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + - "--health-port=9809" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins/csi.vsphere.vmware.com/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + ports: + - containerPort: 9809 + name: healthz + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 5 + timeoutSeconds: 5 + - name: vsphere-csi-node + image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.repository }}:{{ .Values.csiNode.image.tag }}" + args: + - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" + - "--fss-namespace=$(CSI_NAMESPACE)" + imagePullPolicy: "Always" + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: MAX_VOLUMES_PER_NODE + value: "0" # Maximum number of volumes that controller can publish to the node. If value is not set or zero Kubernetes decide how many volumes can be published by the controller to the node. + - name: X_CSI_MODE + value: "node" + - name: X_CSI_SPEC_REQ_VALIDATION + value: "false" + - name: X_CSI_SPEC_DISABLE_LEN_CHECK + value: "true" + # needed only for topology aware setups + #- name: VSPHERE_CSI_CONFIG + # value: "/etc/cloud/csi-vsphere.conf" # here csi-vsphere.conf is the name of the file used for creating secret using "--from-file" flag + - name: LOGGER_LEVEL + value: "PRODUCTION" # Options: DEVELOPMENT, PRODUCTION + - name: CSI_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + # needed only for topology aware setups + #- name: vsphere-config-volume + # mountPath: /etc/cloud + # readOnly: true + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: blocks-dir + mountPath: /sys/block + - name: sys-devices-dir + mountPath: /sys/devices + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 5 + periodSeconds: 5 + failureThreshold: 3 + - name: liveness-probe + image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.livenessProbe.repository }}:{{ .Values.csiNode.image.livenessProbe.tag }}" + args: + - "--v=4" + - "--csi-address=/csi/csi.sock" + volumeMounts: + - name: plugin-dir + mountPath: /csi + volumes: + # needed only for topology aware setups + #- name: vsphere-config-volume + # secret: + # secretName: vsphere-config-secret + - name: registration-dir + hostPath: + path: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins_registry + type: Directory + - name: plugin-dir + hostPath: + path: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins/csi.vsphere.vmware.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet + type: Directory + - name: device-dir + hostPath: + path: /dev + - name: blocks-dir + hostPath: + path: /sys/block + type: Directory + - name: sys-devices-dir + hostPath: + path: /sys/devices + type: Directory + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists diff --git a/packages/rancher-vsphere-csi/charts/templates/node/role-binding.yaml b/packages/rancher-vsphere-csi/charts/templates/node/role-binding.yaml new file mode 100644 index 000000000..5b829dd4e --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/node/role-binding.yaml @@ -0,0 +1,14 @@ +# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: vsphere-csi-node-binding + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: vsphere-csi-node + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: vsphere-csi-node-role + apiGroup: rbac.authorization.k8s.io diff --git a/packages/rancher-vsphere-csi/charts/templates/node/role.yaml b/packages/rancher-vsphere-csi/charts/templates/node/role.yaml new file mode 100644 index 000000000..dfb392ce7 --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/node/role.yaml @@ -0,0 +1,10 @@ +# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: vsphere-csi-node-role + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] diff --git a/packages/rancher-vsphere-csi/charts/templates/node/service-account.yaml b/packages/rancher-vsphere-csi/charts/templates/node/service-account.yaml new file mode 100644 index 000000000..24628888c --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/node/service-account.yaml @@ -0,0 +1,6 @@ +# Source: https://github.com/kubernetes-sigs/vsphere-csi-driver +kind: ServiceAccount +apiVersion: v1 +metadata: + name: vsphere-csi-node + namespace: {{ .Release.Namespace }} diff --git a/packages/rancher-vsphere-csi/charts/templates/secret.yaml b/packages/rancher-vsphere-csi/charts/templates/secret.yaml new file mode 100644 index 000000000..2a8c53025 --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/secret.yaml @@ -0,0 +1,9 @@ +{{- if .Values.vCenter.configSecret.generate -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.vCenter.configSecret.name }} + namespace: {{ .Release.Namespace }} +data: + csi-vsphere.conf: {{ tpl .Values.vCenter.configSecret.configTemplate . | b64enc | quote }} +{{- end -}} diff --git a/packages/rancher-vsphere-csi/charts/templates/storageclass.yaml b/packages/rancher-vsphere-csi/charts/templates/storageclass.yaml new file mode 100644 index 000000000..30dfbd46a --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/storageclass.yaml @@ -0,0 +1,17 @@ +{{- if .Values.storageClass.enabled -}} +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ .Values.storageClass.name | quote }} + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.storageClass.isDefault | quote }} +provisioner: csi.vsphere.vmware.com +allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }} +parameters: + {{- if .Values.storageClass.datastoreURL }} + datastoreURL: {{ .Values.storageClass.datastoreURL | quote }} + {{- end }} + {{- if .Values.storageClass.storagePolicyName }} + storagepolicyname: {{ .Values.storageClass.storagePolicyName | quote }} + {{- end }} +{{- end -}} diff --git a/packages/rancher-vsphere-csi/charts/values.yaml b/packages/rancher-vsphere-csi/charts/values.yaml index 77947dfa9..ae370c8ab 100644 --- a/packages/rancher-vsphere-csi/charts/values.yaml +++ b/packages/rancher-vsphere-csi/charts/values.yaml @@ -25,10 +25,10 @@ csiController: enabled: false image: repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver - tag: v2.2.1 + tag: v2.3.0 csiAttacher: - repository: rancher/mirrored-k8scsi-csi-attacher - tag: v3.1.0 + repository: rancher/mirrored-sig-storage-csi-attacher + tag: v3.2.0 csiResizer: repository: rancher/mirrored-k8scsi-csi-resizer tag: v1.1.0 @@ -37,11 +37,22 @@ csiController: tag: v2.2.0 vsphereSyncer: repository: rancher/mirrored-cloud-provider-vsphere-csi-release-syncer - tag: v2.2.1 + tag: v2.3.0 csiProvisioner: - repository: rancher/mirrored-k8scsi-csi-provisioner - tag: v2.1.0 + repository: rancher/mirrored-sig-storage-csi-provisioner + tag: v2.2.0 nodeSelector: {} + # Uncomment below toleration if you need an aggressive pod eviction in case when + # node becomes not-ready or unreachable. Default is 300 seconds if not specified. + # tolerations: + # - key: node.kubernetes.io/not-ready + # operator: Exists + # effect: NoExecute + # tolerationSeconds: 30 + # - key: node.kubernetes.io/unreachable + # operator: Exists + # effect: NoExecute + # tolerationSeconds: 30 # Internal features csiMigration: @@ -50,12 +61,20 @@ csiAuthCheck: enabled: false onlineVolumeExtend: enabled: false +triggerCsiFullsync: + enabled: false +asyncQueryVolume: + enabled: false +improvedCsiIdempotency: + enabled: false +improvedVolumeTopology: + enabled: false csiNode: prefixPath: "" image: repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver - tag: v2.2.1 + tag: v2.3.0 nodeDriverRegistrar: repository: rancher/mirrored-k8scsi-csi-node-driver-registrar tag: v2.1.0 @@ -65,6 +84,7 @@ csiNode: storageClass: enabled: true + allowVolumeExpansion: false name: "vsphere-csi-sc" isDefault: true storagePolicyName: "" diff --git a/packages/rancher-vsphere-csi/package.yaml b/packages/rancher-vsphere-csi/package.yaml index 3b5eacdf6..98913ea9a 100644 --- a/packages/rancher-vsphere-csi/package.yaml +++ b/packages/rancher-vsphere-csi/package.yaml @@ -1,2 +1,2 @@ url: local -version: 100.0.0 +version: 100.0.1