andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add cpi 1.0.1

pull/1623/head
Steven Crespo 2021-11-18 13:23:10 -08:00
parent 920af84f88
commit d9e29cb7b5
10 changed files with 389 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.1/Chart.yaml Executable file
View File

@ -0,0 +1,21 @@
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: vSphere CPI
catalog.cattle.io/namespace: kube-system
catalog.cattle.io/os: linux
catalog.cattle.io/rancher-version: '>= 2.5.0-0 <= 2.5.99-0'
catalog.cattle.io/release-name: vsphere-cpi
apiVersion: v1
appVersion: 1.0.0
description: vSphere Cloud Provider Interface (CPI)
icon: https://charts.rancher.io/assets/logos/vsphere-cpi.svg
keywords:
- infrastructure
kubeVersion: <= 1.17
maintainers:
- email: caleb@rancher.com
name: Rancher
name: rancher-vsphere-cpi
sources:
- https://github.com/kubernetes/cloud-provider-vsphere
version: 1.0.1

57
charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.1/README.md Executable file
View File

@ -0,0 +1,57 @@
# vSphere Cloud Provider Interface (CPI)
[vSphere Cloud Provider Interface (CPI)](https://github.com/kubernetes/cloud-provider-vsphere) is responsible for running all the platform specific control loops that were previously run in core Kubernetes components like the KCM and the kubelet, but have been moved out-of-tree to allow cloud and infrastructure providers to implement integrations that can be developed, built and released independent of Kubernetes core. The official documentation and tutorials can be found [here](https://vsphere-csi-driver.sigs.k8s.io/driver-deployment/prerequisites.html).
## Prerequisites
- vSphere 6.7 U3+
- Kubernetes v1.14+
- A Secret on your Kubernetes cluster that contains vSphere credentials (Refer to `README` or `Detailed Descriptions`)
## Installation
This chart requires a Secret in your Kubernetes cluster that contains the server URL and credentials to connect to the vCenter. You can have the chart generate it for you, or create it yourself and provide the name of the Secret during installation.
<span style="color:orange">Warning</span>: When the option to generate the Secret is enabled, the credentials are visible in the API to authorized users. If you create the Secret yourself they will not be visible.
You can create a Secret in one of the following ways:
### <B>Option 1</b>: Create a Secret using the Rancher UI
Go to your cluster's project (Same project you will be installing the chart) > Resources > Secrets > Add Secret.
```yaml
# Example of data required in the Secret
<host-1>.username: <username>
<host-1>.password: <password>
```
### <B>Option 2</b>: Create a Secret using kubectl
Replace placeholders with actual values, and execute the following:
```bash
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: <secret-name>
namespace: <charts-namespace>
data:
<host-1>.username: <base64encoded-username>
<host-1>.password: <base64encoded-password>
EOF
```
More information on managing Secrets using kubectl [here](https://kubernetes.io/docs/tasks/configmap-secret/managing-secret-using-kubectl/).
## Migration
If using this chart to migrate volumes provisioned by the in-tree provider to the out-of-tree CPI + CSI, you need to taint all nodes with the following:
```
node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule
```
To perform this operation on all nodes in your cluster, the following script has been provided for your convenience:
```bash
# Note: Since this script uses kubectl, ensure that you run `export KUBECONFIG=<path-to-kubeconfig-for-cluster>` before running this script
for node in $(kubectl get nodes | awk '{print $1}' | tail -n +2); do
kubectl taint node $node node.cloudprovider.kubernetes.io/uninitialized=true:NoSchedule
done
```

16
charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.1/app-readme.md Executable file
View File

@ -0,0 +1,16 @@
# vSphere Cloud Provider Interface (CPI)
[vSphere Cloud Provider Interface (CPI)](https://github.com/kubernetes/cloud-provider-vsphere) is responsible for running all the platform specific control loops that were previously run in core Kubernetes components like the KCM and the kubelet, but have been moved out-of-tree to allow cloud and infrastructure providers to implement integrations that can be developed, built and released independent of Kubernetes core. The official documentation and tutorials can be found [here](https://vsphere-csi-driver.sigs.k8s.io/driver-deployment/prerequisites.html).
## Support Matrix
| Rancher vSphere CPI | Minimum Kubernetes Release | Maximum Kubernetes Release |
| ------------------- | -------------------------- | -------------------------- |
| 1.0.1 | | 1.17.x |
| 1.0.000 | | 1.17.x |
## Prerequisites
- vSphere 6.7 U3+
- Kubernetes v1.14+
- A Secret on your Kubernetes cluster that contains vSphere credentials (Refer to `README` or `Detailed Descriptions`)

42
charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.1/questions.yaml Executable file
View File

@ -0,0 +1,42 @@
questions:
- variable: vCenter.host
label: vCenter Host
description: IP address or FQDN of the vCenter
type: string
required: true
group: Configuration
- variable: vCenter.datacenters
description: Comma-separated list of paths to data centers. E.g "<dc1-path>, <dc2-path>, ..."
label: Data Centers
type: string
required: true
group: Configuration
- variable: vCenter.credentialsSecret.generate
label: Generate Credential's Secret
description: Generates a secret with the vSphere credentials (If the option to generate it is enabled, credentials will be visible in the API to authorized users)
type: boolean
default: true
required: true
group: Configuration
show_subquestion_if: true
subquestions:
- variable: vCenter.username
label: Username
description: Username for vCenter
type: string
group: Configuration
- variable: vCenter.password
label: Password
description: Password for vCenter
type: password
group: Configuration
- variable: vCenter.credentialsSecret.name
label: Credential's Secret Name
description: Name of the secret with the vSphere credentials (Will not be visible in the API. More info in the README)
default: "vsphere-cpi-creds"
type: string
group: Configuration
show_if: "vCenter.credentialsSecret.generate=false"

7
charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.1/templates/_helpers.tpl Executable file
View File

@ -0,0 +1,7 @@
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

15
charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.1/templates/vsphere-cloud-config-cm.yaml Executable file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: cloud-config
namespace: {{ .Release.Namespace }}
data:
vsphere.conf: |
[Global]
secret-name = {{ .Values.vCenter.credentialsSecret.name | quote }}
secret-namespace = {{ .Release.Namespace | quote }}
port = {{ .Values.vCenter.port | quote }}
insecure-flag = {{ .Values.vCenter.insecureFlag | quote }}
[VirtualCenter {{ .Values.vCenter.host | quote }}]
datacenters = {{ .Values.vCenter.datacenters | quote }}

74
charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.1/templates/vsphere-cpi-ds.yaml Executable file
View File

@ -0,0 +1,74 @@
# Source: https://github.com/kubernetes/cloud-provider-vsphere/blob/master/releases/v1.19/vsphere-cloud-controller-manager.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
labels:
component: cloud-controller-manager
tier: control-plane
k8s-app: vsphere-cloud-controller-manager
name: vsphere-cloud-controller-manager
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
k8s-app: vsphere-cloud-controller-manager
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
k8s-app: vsphere-cloud-controller-manager
spec:
nodeSelector:
{{- if .Values.cloudControllerManager.nodeSelector }}
{{- with .Values.cloudControllerManager.nodeSelector }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else }}
node-role.kubernetes.io/controlplane: "true"
{{- end }}
securityContext:
runAsUser: 1001
tolerations:
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
serviceAccountName: cloud-controller-manager
containers:
- name: vsphere-cloud-controller-manager
image: "{{ template "system_default_registry" . }}{{ .Values.cloudControllerManager.image.repository }}:{{ .Values.cloudControllerManager.image.tag }}"
args:
- --v=2
- --cloud-provider=vsphere
- --cloud-config=/etc/cloud/vsphere.conf
volumeMounts:
- mountPath: /etc/cloud
name: vsphere-config-volume
readOnly: true
resources:
requests:
cpu: 200m
hostNetwork: true
volumes:
- name: vsphere-config-volume
configMap:
name: cloud-config
---
apiVersion: v1
kind: Service
metadata:
labels:
component: cloud-controller-manager
name: vsphere-cloud-controller-manager
namespace: {{ .Release.Namespace }}
spec:
type: NodePort
ports:
- port: 43001
protocol: TCP
targetPort: 43001
selector:
component: cloud-controller-manager

127
charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.1/templates/vsphere-cpi-rbac.yaml Executable file
View File

@ -0,0 +1,127 @@
# Source: https://github.com/kubernetes/cloud-provider-vsphere/blob/master/releases/v1.19/vsphere-cloud-controller-manager.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: cloud-controller-manager
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cloud-controller-manager
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- '*'
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: apiserver-authentication-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cloud-controller-manager
namespace: {{ .Release.Namespace }}
- apiGroup: ""
kind: User
name: cloud-controller-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cloud-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cloud-controller-manager
subjects:
- kind: ServiceAccount
name: cloud-controller-manager
namespace: {{ .Release.Namespace }}
- kind: User
name: cloud-controller-manager

10
charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.1/templates/vsphere-creds-secret.yaml Executable file
View File

@ -0,0 +1,10 @@
{{- if .Values.vCenter.credentialsSecret.generate -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.vCenter.credentialsSecret.name }}
namespace: {{ .Release.Namespace }}
data:
{{ .Values.vCenter.host }}.username: {{ .Values.vCenter.username | b64enc | quote }}
{{ .Values.vCenter.host }}.password: {{ .Values.vCenter.password | b64enc | quote }}
{{- end -}}

20
charts/rancher-vsphere-cpi/rancher-vsphere-cpi/1.0.1/values.yaml Executable file
View File

@ -0,0 +1,20 @@
vCenter:
host: ""
port: 443
insecureFlag: "1"
datacenters: ""
username: ""
password: ""
credentialsSecret:
name: "vsphere-cpi-creds"
generate: true
cloudControllerManager:
image:
repository: rancher/mirrored-cloud-provider-vsphere-cpi-release-manager
tag: v1.2.1
nodeSelector: {}
global:
cattle:
systemDefaultRegistry: ""