From 27dedef6f147990cce2d28820407509cf49677a6 Mon Sep 17 00:00:00 2001 From: actions Date: Fri, 25 Sep 2020 22:06:59 +0000 Subject: [PATCH] Generated changes --- .../hpe-csi-driver/hpe-csi-driver-1.3.000.tgz | Bin 0 -> 9098 bytes assets/index.yaml | 29 +- charts/hpe-csi-driver/Chart.yaml | 22 + charts/hpe-csi-driver/README.md | 110 +++++ charts/hpe-csi-driver/app-readme.md | 3 + .../hpe-csi-driver/crds/hpe-nodeinfo-crd.yaml | 54 +++ .../crds/hpe-replicated-device-info-crd.yaml | 57 +++ .../crds/hpe-volumeinfo-crd.yaml | 32 ++ charts/hpe-csi-driver/files/config.json | 128 ++++++ charts/hpe-csi-driver/questions.yml | 29 ++ charts/hpe-csi-driver/templates/NOTES.txt | 0 charts/hpe-csi-driver/templates/_helpers.tpl | 32 ++ .../templates/csi-driver-crd.yaml | 16 + .../templates/hpe-csi-controller.yaml | 171 ++++++++ .../templates/hpe-csi-node.yaml | 165 +++++++ .../templates/hpe-csi-rbac.yaml | 408 ++++++++++++++++++ .../templates/hpe-linux-config.yaml | 13 + .../hpe-csi-driver/templates/hpe-secret.yaml | 47 ++ .../hpe-csi-driver/templates/nimble-csp.yaml | 60 +++ .../templates/primera-3par-csp.yaml | 61 +++ charts/hpe-csi-driver/templates/sc.yaml | 38 ++ charts/hpe-csi-driver/values.yaml | 20 + index.yaml | 29 +- sha256sum/hpe-csi-driver/hpe-csi-driver.sum | 2 +- 24 files changed, 1523 insertions(+), 3 deletions(-) create mode 100644 assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz create mode 100644 charts/hpe-csi-driver/Chart.yaml create mode 100644 charts/hpe-csi-driver/README.md create mode 100644 charts/hpe-csi-driver/app-readme.md create mode 100644 charts/hpe-csi-driver/crds/hpe-nodeinfo-crd.yaml create mode 100644 charts/hpe-csi-driver/crds/hpe-replicated-device-info-crd.yaml create mode 100644 charts/hpe-csi-driver/crds/hpe-volumeinfo-crd.yaml create mode 100644 charts/hpe-csi-driver/files/config.json create mode 100644 charts/hpe-csi-driver/questions.yml create mode 100644 charts/hpe-csi-driver/templates/NOTES.txt create mode 100644 charts/hpe-csi-driver/templates/_helpers.tpl create mode 100644 charts/hpe-csi-driver/templates/csi-driver-crd.yaml create mode 100644 charts/hpe-csi-driver/templates/hpe-csi-controller.yaml create mode 100644 charts/hpe-csi-driver/templates/hpe-csi-node.yaml create mode 100644 charts/hpe-csi-driver/templates/hpe-csi-rbac.yaml create mode 100644 charts/hpe-csi-driver/templates/hpe-linux-config.yaml create mode 100644 charts/hpe-csi-driver/templates/hpe-secret.yaml create mode 100644 charts/hpe-csi-driver/templates/nimble-csp.yaml create mode 100644 charts/hpe-csi-driver/templates/primera-3par-csp.yaml create mode 100644 charts/hpe-csi-driver/templates/sc.yaml create mode 100644 charts/hpe-csi-driver/values.yaml diff --git a/assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz b/assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz new file mode 100644 index 0000000000000000000000000000000000000000..741533bf54b7b6dcde1ac1d2b3ae86af2929c941 GIT binary patch literal 9098 zcmV;5BX!&#iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKBvbK6GpX#U2h=%Vtgwem!e)a4Xwz4a7HiB)UMe3I?dmNz90 zfhIXC0E5g7D05@K&;Du-oCGhCqMSTUs$vQlbocc1H9glT#-=A|)8}-IymdMvT)Gny z2H$P2wA=0W@!_HVx7}`6|LwGo55MaiygWEKJU(i-558-64%?lV-$8qWG|ViCkc5BN zUK>}naetCRqKHW%DT_qc0q}?<0UNp=kupG+vX+Nj(g8)k3o+p`LS9>qV}L|pGa?~& zp)6GniRnk=g0iR!)tt>USGhO2Ci%TGwCCbP@-@~OcNkwEV`}MC`Q*~VM|EH$q-u}izJ~Da^X-@pTpKX?uhW1C;WXhCBl+&yX~Kto63N7A!qw~ZH%>@sO0EKeA)$d~Zq|;b zkK_Mso9O@;{)-VElMs18oZ1c%Ea4t%peX}{$9&gPuex2(8(Vo?>Z^9!d1{$`E}JVA z`#&Z@f?~rCV1fN_zdSsy+W-CIgJ=7{jj{u0I3P(N!F0Vgr>Rg_v*$WH@P0%EPyqz~ zb@KL2bHI2=q(mPEG|&~!&px#6iK!U)$5kMpG1clt}I{HN~34)&fpbLMy7+f;h<0vqae^XEg0U0yy zn18x(m%9gN2Ld*P0LK_)s5AoOO*|IHEK=6p3E1$Bs@4S>4VdHX?7+`V)rcf##vPGF zvXDsX0TrI0tuP5BjfosVOuReQGV8mvhlLlu;dK`VBoMgk_*5ufT{0g}S)`d7d1zlN zS__?W`ud~?Cy5+kB&nwXIvT6?+anTx5XigGXxKk{L^$55t&~6h zX#D_V8g@aT)W%#+Vtf@Uws<4#!Vj&lUmaD;IsY7!$k!pb3MzpO^lu%fyN<2b1Rn=9 zLTFT-i29}h&AgWOI<6UUUMhg@M-zRhn(xNQIrR~~faFQ!!SR9qNyF=8Frc5I(aeEi zd)@pu`w3eQ(Okm7uBnQy=AJP0D(WpQ(cvq3PS-(qiSmybWJ~V;m3O(70)=)ZV8yR?lVQWv2hnA2vPiuQeiE6#pH) z+^_immq#xTpZ)(fiZ#9h!!hzx7RJi0HU9Cc<8}_+wz4H8CVd)ENm01U6oe(AQi6q@D$>j;^ zrim}*W!0OQ`4`cEy^G$mB$8ca+t2}+)5_yjS_v>_K@#E{IzVsY1^AZvs1v76=&5Q# zsu8OC^E@75h@1o#y|SSNbNcn`Q}?_nGxa}xkq&o}KiCG$*Z?J1fH633!7?$p?VX=$~uL`*#F!XJN>gFXFN z>0@d*R9HkkBD&CV00ai;NygP1fRIRU^hSkd!aM*)$qb~a2H8&wl&TVxpv;3~3THvy zI{h>ySpP;orXHSnp0Re*fSQ8Xx^qn6%hgPvDlw;wQ#sKS7?))8amPJ$+Z96eVCP}Lj;4VXyGsizAC`El*wbigi6g$xQHWRHzc@KNyE?zV z-fc`*9KSj$Kb<9$&~ZBl4`ZH1C25E(k*^NgqJ|J9bjX`>#F6;oRp)q`tf|IhG_JPY zh=y%&>0KsWtuf)Pfc6!~TY`CaC`Bs{k|B*^&OT4nb5}jDc3CmMt&Eo)JXhYq7x+D4 zveM@!M$r+_RDap|K}|{1r@TUTs6OfuIa*A5t&R|>(?*LG>zxAQ>Fm=gFU_2pUCX35%Sy;xaxMMPpTVp5jGceaca>MJp6m&D|+BN2_0;GRrM zW^_B9-YWHaMd#)S!qK{dz){fuE-3`IZgfYqY1UEUZ(nU6l1os zC#$BM$H7!rLQP*{Y%-pj1;M>7nCHTpS!KrL*yk#^XA)Te zg=e2h79b~;oK_QXFhEas;gX$yMlX>?Q+|h&E=0^nH*cR((um0>N8%T~7mF2i#=CI- znTk?+EXRDUSmBE<9JJRYA&EE=Z$$b5u0zCAXUzXvW#Rmf?#T7l1235W+222US)Kpg zKR9}x|Jg=aW&Wo!^K;33Tx-rJo9!VODji>SvPX&Liqkx+P3%|%YfR}_2&O!2GDm^f z{xpup`q!Jo(ao~US~w1=ken=+=&Aj3I?=pt+DEy}0A+?kF{7!Xf>+&|cz$(r zb^goE^}Ex5-t4V_`^?u6}B?`ZQ{ZQDYAp zO;7!whtT8$Xcb9r6&7dAexq8c1M0?a>yOfGN6ik<>)5wo#AkcM#=oLSdp)k%lO6jH zpU*Pn|MSC7=Qo${&dzTxPu`x_5&ko0;dIyO<*HXWn0}*dRcT}1bOrsf85k&Akfi*NE?>) zB?Vb2FNyqo;H~Vxo9?cud7SRDnbnNb*C)N357*~c3mH;DH4k3zu5Z?xIX#mjWt%M?=F9SclGw<^0c-myUzk9aw-=WsR|Y_WfZg{};OD|4W-r(j zmd)A1`j43}n!4hW=^yL*Dm8Z?LiEuG!9b3P1QJcm=K=)EBnBD@>Z92Xkws%bI8H%| zIg81VNc5pkygRdr0(DRcA@N2uLbsMs`<>=u<0tAy*b z$F(1?H;I7KYZj7F3m`2s8=xT0n0Q!uhC)o{0jR#sx-N;#fW)8YyOXF@SF6yB#XwXO zY%Tk5eHYOv`P?+w!RCMlRk1FDWU(xr9uU#6AD~PkeGb8Z4&DEVLbPFuNc!gU=_)f* zu5;p?#hKLUF!#p7n_l8mYl0qvq8Ld}W0_^ER>8EX9P9$so(rO==NnFT&sX-flGQV{ zew~zhts>6_Sf|x2e!0KD|D6BdM$!3ylZL-8C7`Q^HZ8N~!lbE}$;Uedyf#IA#R4oL z)sjaNIbxjtS6hO7kJub?3hUaNT*2f?knYhUG5v+JBo=DOW=Coq)6>Smw`%xFj5#Ln5ZLH%p^&Vpeaa`A~IkJ;CD7JVuHwRbci(OIfE@qHb1^dCO7U98& z?7?^o@Rjm+%cvRi7xnQv!ep9Ywsh1=^Td*SO{|7y3 z-C3>QE)Oi~w*xNYqLuHo$@FPIz0m1G)=6{P|CnJwx`Su+7~sMFX4+D0#--0Qaa)xB z&0uc{No4W>BBs3g(mr%vNS7hXOyvfraLZAVpsJ^7G+@j3cD8SABRl9S+|o073w!W^ zbQiYUtt>Pa<%(=F4(IXha%Ne+b)#H1flFHCjYT()XW9!J@1Ammx4Ci2Mn@wHEa_h_ z9Dl?xx(;nVmR#CLKbW2w&T>vyZaT1kVh*Ha&0xfahNBOrZasYSAV>!H zjNidMl_ThVJQaJ;`zZF{`c$}^^}0$#c|?MAtMj9{+*RGiw#R5|xZbre%y$6m4b8r3 zr~Y_WsjzF`i1N2)is}_^m4wPNHbWUJz3Nn-u%2*^k<8oR>?i~Ff_ULV zM=nM*2EB_y87V3NBL&>IeYKvoS;W7YEb<1!nI_3&jQcby;;s`~jc&O#L7gKlPHPl} z_mQMlw|L3DFHb1n^99?qVYy+c@r8D$_*3~p#TiS&vm0F74L+rd+O)fUOgH#gUNDv9 z4aej=*%{MXAtM$w)APVH8=`+z&B|TU$EIDJwUnovQpXjX%WV;64qD)zVQB!>iX~fcIV*v{*SGc!uT@Xqq3ahRd%c_qkaa+ z+MBGiE!Fe3PnWj{7?#4^+vDW*%?+N$yHLFBYJqJ1gHpm0j z7Y5$0vjb*WwuMNFdn|9M*L{Vm1(Z_(@gEvC&&eajqjCfpu zud&yqo?3dUrFgIviQ~$KKGQ6}*`IXveeEjVE8is#FoU&*v$}?&)y=CF?~t!jmM*HC z`N?wb2Ots1GZa?xUG>sU-xySJc7blSUR?4=c7)nvTuxUlyfn3y3Sd+N)V?UeysRa& z@Ur5goHf)r<}^f34r0Q~I=#BQO@n$Cy1%f{J+%*eE)Op=<3H;&JP|*3{I`G9Ihcz7 z+Rx{IZl&m{Fnv*DFU`Ne&dyFbBeQr!m`h7jjJ=0i`zbj2wT?VZ&&Ar}{n-A|oJbIJ zCYi^AF1$bOO&#!AfoW&{Y;*H%j)fMleDhoZ`ePhLS^{6br0xO7l9r$?bNp!h?Oq@^ z@2Jm8J58BBtS_%NeOTYx$Bkt&o0n!zbgwMNrYt@KY}FH@W*!-|)-g2CN0ZbL@#hSK zX8L~{!#8yhzg`ru$p0VjzpUne+lMco{r@(~hWvkV#J6@3PzP)ykw69TV}t`$6pNep zC}G1ijqZn1a)L`0ZqVpV0JVz4`CSq&$f2RKz>z?|Rmqq^n z@MY!x_s-G5@$>k9DK z_+EH!$}P9hhT=DL0F1*6{9S!xjx^uR{v41%U}HC{4&UFw*RO_~_5TK<-}Tlk~!^QkTOW=h5XU!9+vy*+nBf0H=o`~S|t{y{bWe{gX0eE#QF$_~8l zooml{W<2A7arkFu$hGALZ$!9socAMyPjjpP_F^PuEV`|h@R+X*kB?*J3_L+^tccOb z$ItFahQTfbI7a1>gr>r}El?5Yfbmc$AFHjIkDzZ(=qn!^`H-)^&OTCv2uUOkl0bQ* zbUD3n9cO0;dK`5`BB(^+I8FEv3(1j$#l~7!3;%cp$|gEZc*}$=*6^v2oc0rA|CRj| zNvy_Z=sQigLQj$Op`S!D*@Nph=hu61ijjPGt?bs->+?4{@<}A>p@Y65Awo}@FiDP( zauo^1=t(+8V1ohmCo{i^qh96= zEQ0$H^+xdNG`p9Q^<8b% zw<{D4$RO5#I$xTz%e;3hl?tFQ&KJmTBdQ_s4I64h6}WIpBIqNqNa-fr(rCbL_u$sY zelk=)BqtuKANPbux0=1T$T{P;u3iZ`U^!gpOEoK0!g>*E(NBT^Oi&CjZp{r^3jW35 zlF1%Nfss^yUn)a-yX)4FU#zOJ&bZA-S3WcEfFzQIL{hILd#cg&`tZ)$+*u`tBQH?}<+mVUAtHX&hYot;Mq|oZr1Rl<<;=1h zvUJ;AIAixwz=)s2`b0pGFjl0{03V^9uC{{$wGUSG_0^A%Ml?*qJo!*CfU1{?@+}?; zp@M`$!e25Vk(GgB!|9+-B#P+`*KuxdZyhaXYBZAyco+VjF6{b;eca2IcKtnF%k>Za zvGe{O$(_DRiTFM>*9#R%mkdNw(=Vz;LOE7ti~A;T@Va-dBc2_&Fq*5KMB0Il^PZ(D zUFcSwQc!e}ws4zbw7h0o27 zMZ<@S0%1A}DGhx^oGI~^M)hy2Jcxm2KH4vC)`jK(!bw5>4ALKdxMUK4_@N7hSE`H6 zO{64HQV_9Xe<)F7W8|FrK1N2{tOFI6`5)pTCw|KN(~S3tevUcs_w*zR9ZdA2Gyo=_^oRt(Qy zx?r4*3gPNN)f*Q5>X9v+B5KtpQNr!>+dl07)RIx|WVF$re>v9B$avNa{=li{~&a}wwyV)W=Ir7T1_ zV!pBtAXtdt>AWvhPBvs5A?C!>6Me*dg!AH zyp$yYjHDXWDIPwu{>F*sV{u>*_KqS;e%#& z%>ZBfsC+2yIOqCM4e%!s38@EJ+Eb5p2X!F&6BCE28U${O>F`@P>0JQR8-dNuh8zdT zRR;-OS1*OWwIk?|#KMSwHvHFKQVr<{pX3P5@@f~Z6tMJ$!}W70S|aU`+h?AZIvb%! z27EfO&xiW&xHrP|mN+;oel-*2u4^YQw6={fh*jVunHmHQNJs-pxapWrHSG3SCr9CVQ?;rcF15^l0m2AG~~SC%I8y=KNIngA6dL9qwFCn!u}i19Q@p#w!!gY!=#tP;^Hxny|?Y zI|km#IerU7!Y3qAmG0;)ifJT0ymsL-sfm!we?m=v20x^IAN6k4FW2DCw z>PsyXT4JDg<-%L#xqOs_2FB>0zPo&Xb@9`O_ZOGHxS_v};je%)S*17B!$_dg2{S>f zsWa1VAlN|OD~BDJT7JRjoy5c&VfsDnyX{N^1R{KTb8&ipd40YP!4|}>R!++l_b)QR z@{O0u{11s^y?`df4bA~A+W&vBe_WaWIXv8dUjMn3vS9vawMm~@nqNpyZD+>ksk!>+ zDHZ+qxNo-pr^j_QJ?^i&5Ny%ft&POi2>zSD#f#QSRi!hl{f`4Ww7lPJJRLiaA1Z6|$FK(chyf zyfd16@qaE$EoIRhlr;@qNK5*Xa84$bciBWh4ag~u=t%}WFLs%pi@G!srKyGKPwR1| zA57PugDFC(2HMNAKdt^`U2uONFD)y-{@QyYVJSZy7q;1$!-y3crI)cp|FUXr8jX^X z(SLd@GLuN63!i>dwnj3JzBR1+VQ&9t`Tz7lO7xrd-us6~0}K4WUhGxg|J6AIMT+=e3c z6cuTnVb^o~r}40!yn5`XyiUg=nHcf?|C|Qb#YkM5lz~-?tan@wa>c%1+ z^>qv(Z<&uvkx@`VP#-OW7v^C$?aHw|n*~LgTj4aW z@8o8wjZ0L?8ur8?&vQ&j2lm|2l^UoofE)u=BkBe=FsQ;=jWA`W=6+@tU33e#|KC0SOpG)k-NCj$Uo9p@iqH6$stN#fU-@e=^8^ zo5K0*E*`H`?Elme#+$&gVE_5X*K0NQ z@|Oa~$f?vX?+K4+G%UU@7ywn{Er}8mfMT#r;%xJPO+m8=`i#kJQ-xk27C{T8*V2g1 z|9w|UV-ZWXFi+vIz>Dv*mG>kiB-Df$L-2L)5nFs^F1`vek~flu$P#V+J8c!xv&gqQ z9xB8g= zyzwzs_F@40N5?byW9+cyQcGEuHThA%J)b4}N5|U|mM97P#+=%Q3Wzb?>1AvTo!Y0> zN9ZWiYqxXgWq^fEIT<9qx*bt}HKGE%CAg=7U7o(xXp=~FYqoIE8|fnuLK@vz95*rY z8e$n@+jy@VTyKU=SP3SBHv>18@8b5FB6Dm{T~PG`lO`H3fi zNV}A>rb84{CDVt|>7!c=GcxS+CDS69-`syU4Df$9w$*MDBqTkcHqkT;(WgYB4&d~P zV}VldL)aV-Qqc3;o{_RG0mu*r6Ww~CEv9GJIf(?tNR}g8bFPx)6II8a96;nq?3rcT zuR80oNXQ$?ZWOW`87@$hrQ*Czut}&uB?R7X) z0y>{92TO%}8_*i-)tV{@HA0deez{3&sal=FU1T;&6t%bKEyfu6j4$IP?MWCbGQq%K z)OrJZd#%<9V59v&JWt-kFlT!NLFt4~RYe1`^N5YgCKelji$= 1.15 +- Most Kubernetes distributions are supported +- Recent Ubuntu, SLES, CentOS or RHEL compute nodes connected to their respective official package repositories +- Helm 3 (Version >= 3.2.0 required) + +Depending on which [Container Storage Provider](https://scod.hpedev.io/container_storage_provider/index.html) (CSP) is being used, other prerequisites and requirements may apply, such as storage platform OS and features. + +- [HPE Nimble Storage](https://scod.hpedev.io/container_storage_provider/hpe_nimble_storage/index.html) +- [HPE 3PAR and Primera](https://scod.hpedev.io/container_storage_provider/hpe_3par_primera/index.html) + +## Configuration and installation + +The following table lists the configurable parameters of the HPE-CSI chart and their default values. + +| Parameter | Description | Default | +|---------------------------|------------------------------------------------------------------------|--------------| +| logLevel | Log level. Can be one of `info`, `debug`, `trace`, `warn` and `error`. | info | +| imagePullPolicy | Image pull policy (`Always`, `IfNotPresent`, `Never`). | IfNotPresent | +| disableNodeConformance | Disable automatic installation of iSCSI/Multipath Packages. | false | +| iscsi.chapUser | Username for iSCSI CHAP authentication. | "" | +| iscsi.chapPassword | Password for iSCSI CHAP authentication. | "" | + +It's recommended to create a [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver) file from the corresponding release of the chart and edit it to fit the environment the chart is being deployed to. Download and edit [a sample file](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). + +These are the bare minimum required parameters for a successful deployment to an iSCSI environment if CHAP authentication is required. + +``` +iscsi: + chapUser: + chapPassword: +``` + +Tweak any additional parameters to suit the environment or as prescribed by HPE. + +### Installing the chart + +To install the chart with the name `hpe-csi`: + +Add HPE helm repo: + +``` +helm repo add hpe https://hpe-storage.github.io/co-deployments +helm repo update +``` + +Install the latest chart: + +``` +helm install hpe-csi hpe/hpe-csi-driver --namespace kube-system -f myvalues.yaml +``` + +**Note**: values.yaml is optional if no parameters are overridden from defaults. + +### Upgrading the Chart + +To upgrade the chart, specify the version you want to upgrade to as below. Please do NOT re-use a full blown `values.yaml` from prior versions to upgrade to later versions. Always use `values.yaml` from corresponding release from [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver) + +List the avaiable version of the plugin: + +``` +helm repo update +helm search repo hpe-csi-driver -l +``` + +Select the target version to upgrade as below: + +``` +helm upgrade hpe-csi hpe/hpe-csi-driver --namespace kube-system --version=x.x.x.x -f myvalues.yaml +``` + +### Uninstalling the Chart + +To uninstall the `hpe-csi` chart: + +``` +helm uninstall hpe-csi --namespace kube-system +``` + +**Note**: Due to a limitation in Helm, CRDs are not deleted as part of the chart uninstall. + +### Alternative install method + +In some cases it's more practical to provide the local configuration via the `helm` CLI directly. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. These will take precedence over entries in [values.yaml](https://github.com/hpe-storage/co-deployments/blob/master/helm/values/csi-driver). For example: + +``` +helm install hpe-csi hpe/hpe-csi-driver --namespace kube-system --set iscsi.chapUsername=admin \ +--set iscsi.chapPassword=xxxxxxxx +``` + +## Using persistent storage with Kubernetes + +Enable dynamic provisioning of persistent storage by creating a `StorageClass` API object that references a `Secret` which maps to a supported HPE primary storage backend. Refer to the [HPE CSI Driver for Kubernetes](https://scod.hpedev.io/csi_driver/using.html) documentation on [HPE Storage Container Orchestration Documentation](https://scod.hpedev.io/). Also, it's helpful to be familiar with [persistent storage concepts](https://kubernetes.io/docs/concepts/storage/volumes/) in Kubernetes prior to deploying stateful workloads. + +## Support + +The HPE CSI Driver for Kubernetes Helm chart is covered by your HPE support contract. Please file any issues, questions or feature requests [here](https://github.com/hpe-storage/co-deployments/issues) or contact HPE through the regular support channels. You may also join our Slack community to chat with HPE folks close to this project. We hang out in `#NimbleStorage`, `#3par-primera` and `#Kubernetes` at [hpedev.slack.com](https://hpedev.slack.com), sign up here: [slack.hpedev.io](https://slack.hpedev.io/). + +## Contributing + +We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [CONTRIBUTING.md](https://github.com/hpe-storage/co-deployments/blob/master/CONTRIBUTING.md) + +## License + +This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/hpe-storage/co-deployments/blob/master/LICENSE) for details. diff --git a/charts/hpe-csi-driver/app-readme.md b/charts/hpe-csi-driver/app-readme.md new file mode 100644 index 000000000..29ca912cb --- /dev/null +++ b/charts/hpe-csi-driver/app-readme.md @@ -0,0 +1,3 @@ +# HPE CSI Driver for Kubernetes + +The [HPE CSI Driver for Kubernetes](https://github.com/hpe-storage/csi-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. diff --git a/charts/hpe-csi-driver/crds/hpe-nodeinfo-crd.yaml b/charts/hpe-csi-driver/crds/hpe-nodeinfo-crd.yaml new file mode 100644 index 000000000..e63caf45c --- /dev/null +++ b/charts/hpe-csi-driver/crds/hpe-nodeinfo-crd.yaml @@ -0,0 +1,54 @@ +--- +############################################# +############ HPE Node Info CRD ############ +############################################# +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpenodeinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPENodeInfo + plural: hpenodeinfos + scope: Cluster + validation: + openAPIV3Schema: + properties: + hpeNodes: + description: List of HPE nodes configured for storage access. + items: + properties: + uuid: + description: The UUID of the node. + type: string + iqns: + description: List of IQNs configured on the node. + items: + type: string + type: array + chapUser: + description: The CHAP User Name + type: string + chapPassword: + description: The CHAP Password + type: string + networks: + description: List of networks configured on the node. + items: + type: string + type: array + wwpns: + description: List of WWPNs configured on the node. + items: + type: string + type: array + type: array + version: v1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] \ No newline at end of file diff --git a/charts/hpe-csi-driver/crds/hpe-replicated-device-info-crd.yaml b/charts/hpe-csi-driver/crds/hpe-replicated-device-info-crd.yaml new file mode 100644 index 000000000..846d76edd --- /dev/null +++ b/charts/hpe-csi-driver/crds/hpe-replicated-device-info-crd.yaml @@ -0,0 +1,57 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpereplicationdeviceinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPEReplicationDeviceInfo + plural: hpereplicationdeviceinfos + shortNames: + - hperdi + + scope: Cluster + validation: + openAPIV3Schema: + properties: + hpeReplicationDeviceInfos: + description: List of HPE Replicated Arrays configured for 3PAR/Primera arrays. + items: + properties: + targets: + description: Target Array Details + type: array + items: + properties: + targetName: + description: Target Name of the array + type: string + targetCpg: + description: Target CPG of the array + type: string + targetSnapCpg: + description: Target Snap CPG of the array + type: string + targetSecret: + description: Secret of the replicated array + type: string + targetMode: + description: Replication Mode + type: string + targetSecretNamespace: + description: Namespace of secret + type: string + required: + - targetName + - targetCpg + - targetSecret + - targetSecretNamespace + type: array + version: v1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/hpe-csi-driver/crds/hpe-volumeinfo-crd.yaml b/charts/hpe-csi-driver/crds/hpe-volumeinfo-crd.yaml new file mode 100644 index 000000000..417f4f4f3 --- /dev/null +++ b/charts/hpe-csi-driver/crds/hpe-volumeinfo-crd.yaml @@ -0,0 +1,32 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpevolumeinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPEVolumeInfo + plural: hpevolumeinfos + scope: Cluster + validation: + openAPIV3Schema: + properties: + hpeVolumes: + description: List of HPE volumes configured for 3PAR/Primera arrays. + items: + properties: + uuid: + description: The UUID of the volume. + type: string + record: + description: Metadata for the volume. + type: map[string]string + type: array + version: v1 +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/hpe-csi-driver/files/config.json b/charts/hpe-csi-driver/files/config.json new file mode 100644 index 000000000..d00650184 --- /dev/null +++ b/charts/hpe-csi-driver/files/config.json @@ -0,0 +1,128 @@ +[ + { + "category": "iscsi", + "severity": "warning", + "description": "Manual startup of iSCSI nodes on boot. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "startup", + "recommendation": "manual" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Replacement_timeout of 10 seconds is recommended for faster failover of I/O by multipath on path failures. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "replacement_timeout", + "recommendation": "10" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum login timeout of 15 seconds is recommended with iSCSI. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "login_timeout", + "recommendation": "15" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum timeout of 10 seconds is recommended with noop requests. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "noop_out_timeout", + "recommendation": "10" + }, + { + "category": "iscsi", + "severity": "info", + "description": "Minimum cmds_max of 512 is recommended for each session if handling multiple LUN's. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "cmds_max", + "recommendation": "512" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum queue_depth of 256 is recommended for each iSCSI session/path. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "queue_depth", + "recommendation": "256" + }, + { + "category": "iscsi", + "severity": "info", + "description": "Minimum number of sessions per iSCSI login is recommended to be 1 by default. If additional sessions are needed this can be set in /etc/iscsi/iscsid.conf. If NCM is running, please change min_session_per_array in /etc/ncm.conf and restart nlt service instead", + "parameter": "nr_sessions", + "recommendation": "1" + }, + { + "category": "multipath", + "severity": "critical", + "description": "product attribute recommended to be set to Server in /etc/multipath.conf", + "parameter": "product", + "recommendation": "\"Server\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "alua prioritizer is recommended. Can be set in /etc/multipath.conf", + "parameter": "prio", + "recommendation": "alua" + }, + { + "category": "multipath", + "severity": "critical", + "description": "scsi_dh_alua device handler is recommended. Can be set in /etc/multipath.conf", + "parameter": "hardware_handler", + "recommendation": "\"1 alua\"" + }, + { + "category": "multipath", + "severity": "warning", + "description": "immediate failback setting is recommended. Can be set in /etc/multipath.conf", + "parameter": "failback", + "recommendation": "immediate" + }, + { + "category": "multipath", + "severity": "critical", + "description": "immediately fail i/o on transient path failures to retry on other paths, value=1. Can be set in /etc/multipath.conf", + "parameter": "fast_io_fail_tmo", + "recommendation": "5" + }, + { + "category": "multipath", + "severity": "critical", + "description": "queueing is recommended for 150 seconds, with no_path_retry value of 30. Can be set in /etc/multipath.conf", + "parameter": "no_path_retry", + "recommendation": "30" + }, + { + "category": "multipath", + "severity": "warning", + "description": "service-time path selector is recommended. Can be set in /etc/multipath.conf", + "parameter": "path_selector", + "recommendation": "\"service-time 0\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "vendor attribute recommended to be set to Nimble in /etc/multipath.conf", + "parameter": "vendor", + "recommendation": "\"Nimble\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "group paths according to ALUA path priority of active/standby. Recommended to be set to group_by_prio in /etc/multipath.conf", + "parameter": "path_grouping_policy", + "recommendation": "group_by_prio" + }, + { + "category": "multipath", + "severity": "critical", + "description": "tur path checker is recommended. Can be set in /etc/multipath.conf", + "parameter": "path_checker", + "recommendation": "tur" + }, + { + "category": "multipath", + "severity": "critical", + "description": "infinite value is recommended for timeout in cases of device loss for FC. Can be set in /etc/multipath.conf", + "parameter": "dev_loss_tmo", + "recommendation": "infinity" + } +] \ No newline at end of file diff --git a/charts/hpe-csi-driver/questions.yml b/charts/hpe-csi-driver/questions.yml new file mode 100644 index 000000000..ac34ad76f --- /dev/null +++ b/charts/hpe-csi-driver/questions.yml @@ -0,0 +1,29 @@ +questions: +- variable: imagePullPolicy + label: "ImagePullPolicy" + default: "IfNotPresent" + type: enum + options: + - "IfNotPresent" + - "Always" + - "Never" + description: "ImagePullPolicy for all CSI driver images" + group: "HPE CSI Driver settings" +- variable: disableNodeConformance + label: "Disable automatic installation of iSCSI/Multipath Packages" + type: boolean + default: false + description: "Disable automatic installation of iSCSI/Multipath Packages" + group: "HPE CSI Driver settings" +- variable: iscsi.chapUser + label: "iSCSI CHAP Username" + type: string + required: true + description: "Specify username for iSCSI CHAP authentication" + group: "HPE iSCSI settings" +- variable: iscsi.chapPassword + label: "iSCSI CHAP Password" + type: password + required: true + description: "Specify password for iSCSI CHAP authentication" + group: "HPE iSCSI settings" diff --git a/charts/hpe-csi-driver/templates/NOTES.txt b/charts/hpe-csi-driver/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/charts/hpe-csi-driver/templates/_helpers.tpl b/charts/hpe-csi-driver/templates/_helpers.tpl new file mode 100644 index 000000000..165840d52 --- /dev/null +++ b/charts/hpe-csi-driver/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "hpe-csi-storage.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "hpe-csi-storage.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "hpe-csi-storage.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/hpe-csi-driver/templates/csi-driver-crd.yaml b/charts/hpe-csi-driver/templates/csi-driver-crd.yaml new file mode 100644 index 000000000..39fbe4292 --- /dev/null +++ b/charts/hpe-csi-driver/templates/csi-driver-crd.yaml @@ -0,0 +1,16 @@ +{{- if semverCompare ">=1.14.0" .Capabilities.KubeVersion.GitVersion }} +--- + +################# CSI Driver ########### +apiVersion: storage.k8s.io/v1beta1 +kind: CSIDriver +metadata: + name: csi.hpe.com +spec: + podInfoOnMount: true + {{- if semverCompare ">=1.16.0" .Capabilities.KubeVersion.GitVersion }} + volumeLifecycleModes: + - Persistent + - Ephemeral + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/templates/hpe-csi-controller.yaml b/charts/hpe-csi-driver/templates/hpe-csi-controller.yaml new file mode 100644 index 000000000..61705ec11 --- /dev/null +++ b/charts/hpe-csi-driver/templates/hpe-csi-controller.yaml @@ -0,0 +1,171 @@ +--- + +############################################# +############ Controller driver ############ +############################################# + +kind: Deployment +apiVersion: apps/v1 +metadata: + name: hpe-csi-controller + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + app: hpe-csi-controller + template: + metadata: + labels: + app: hpe-csi-controller + role: hpe-csi + spec: + serviceAccount: hpe-csi-controller-sa + {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} + priorityClassName: system-cluster-critical + {{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + containers: + - name: csi-provisioner + {{- if semverCompare "<=1.16.0" .Capabilities.KubeVersion.GitVersion }} + image: quay.io/k8scsi/csi-provisioner:v1.4.0 + {{- else }} + image: quay.io/k8scsi/csi-provisioner:v1.5.0 + {{- end }} + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + {{- if semverCompare ">= 1.13.0" .Capabilities.KubeVersion.GitVersion }} + - "--timeout=30s" + - "--worker-threads=16" + {{- end }} + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy + - name: csi-attacher + {{- if semverCompare "~1.13.0" .Capabilities.KubeVersion.GitVersion }} + image: quay.io/k8scsi/csi-attacher:v1.1.0 + {{- else }} + image: quay.io/k8scsi/csi-attacher:v2.1.1 + {{- end }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy + {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} + - name: csi-snapshotter + image: quay.io/k8scsi/csi-snapshotter:v2.0.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "Always" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + {{- end }} + {{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} + - name: csi-resizer + image: quay.io/k8scsi/csi-resizer:v0.4.0 + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy + {{- end }} + - name: hpe-csi-driver + image: hpestorage/csi-driver:v1.3.0 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--flavor=kubernetes" + - "--pod-monitor" + - "--pod-monitor-interval=30" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: LOG_LEVEL + value: {{ .Values.logLevel }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy + - name: log-dir + mountPath: /var/log + - name: k8s + mountPath: /etc/kubernetes + - name: hpeconfig + mountPath: /etc/hpe-storage + - name: root-dir + mountPath: /host + - name: csi-volume-mutator + image: quay.io/hpestorage/volume-mutator:v1.0.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-extensions + image: quay.io/hpestorage/csi-extensions:v1.0.0 + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi-extensions.sock + - name: LOG_LEVEL + value: {{ .Values.logLevel }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} + - name: log-dir + hostPath: + path: /var/log + - name: k8s + hostPath: + path: /etc/kubernetes + - name: hpeconfig + hostPath: + path: /etc/hpe-storage + - name: root-dir + hostPath: + path: / + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/templates/hpe-csi-node.yaml b/charts/hpe-csi-driver/templates/hpe-csi-node.yaml new file mode 100644 index 000000000..8a3953638 --- /dev/null +++ b/charts/hpe-csi-driver/templates/hpe-csi-node.yaml @@ -0,0 +1,165 @@ +--- + +####################################### +############ Node driver ############ +####################################### + +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: hpe-csi-node + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: hpe-csi-node + template: + metadata: + labels: + app: hpe-csi-node + role: hpe-csi + spec: + serviceAccount: hpe-csi-node-sa + {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} + priorityClassName: system-node-critical + {{- end }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + containers: + - name: csi-node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:v1.1.0 + args: + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + - "--v=5" + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -rf /registration/csi.hpe.com /registration/csi.hpe.com-reg.sock"] + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/csi.hpe.com/csi.sock + {{- if semverCompare "~1.12.0" .Capabilities.KubeVersion.GitVersion }} + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + {{- end }} + imagePullPolicy: "Always" + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration + - name: hpe-csi-driver + image: hpestorage/csi-driver:v1.3.0 + args : + - "--endpoint=$(CSI_ENDPOINT)" + - "--node-service" + - "--flavor=kubernetes" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: LOG_LEVEL + value: {{ .Values.logLevel }} + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} + - name: CHAP_USER + value: {{ .Values.iscsi.chapUser }} + - name: CHAP_PASSWORD + value: {{ .Values.iscsi.chapPassword }} + {{- end }} + {{ if .Values.disableNodeConformance -}} + - name: DISABLE_NODE_CONFORMANCE + value: "true" + {{- end }} + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: root-dir + mountPath: /host + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: log-dir + mountPath: /var/log + - name: etc-hpe-storage-dir + mountPath: /etc/hpe-storage + - name: etc-kubernetes + mountPath: /etc/kubernetes + - name: sys + mountPath: /sys + - name: runsystemd + mountPath: /run/systemd + - name: etcsystemd + mountPath: /etc/systemd/system + - name: linux-config-file + mountPath: /opt/hpe-storage/nimbletune/config.json + subPath: config.json + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hpe.com + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + - name: root-dir + hostPath: + path: / + - name: device-dir + hostPath: + path: /dev + - name: log-dir + hostPath: + path: /var/log + - name: etc-hpe-storage-dir + hostPath: + path: /etc/hpe-storage + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes + - name: runsystemd + hostPath: + path: /run/systemd + - name: etcsystemd + hostPath: + path: /etc/systemd/system + - name: sys + hostPath: + path: /sys + - name: linux-config-file + configMap: + name: hpe-linux-config + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 diff --git a/charts/hpe-csi-driver/templates/hpe-csi-rbac.yaml b/charts/hpe-csi-driver/templates/hpe-csi-rbac.yaml new file mode 100644 index 000000000..bbde8540e --- /dev/null +++ b/charts/hpe-csi-driver/templates/hpe-csi-rbac.yaml @@ -0,0 +1,408 @@ +--- + +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["services"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] +{{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] +{{- end }} + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: hpe-csi-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] + {{- if semverCompare "~1.12.0" .Capabilities.KubeVersion.GitVersion }} + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + {{- else if semverCompare "~1.13.0" .Capabilities.KubeVersion.GitVersion }} + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + {{ else }} + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + {{- end }} + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: hpe-csi-attacher-role + apiGroup: rbac.authorization.k8s.io + + +{{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "update", "delete", "get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "update", "delete", "get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: hpe-csi-snapshotter-role + apiGroup: rbac.authorization.k8s.io + +{{- end }} + + +{{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} +--- +# Resizer must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: external-resizer-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-resizer-role +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: external-resizer-role + apiGroup: rbac.authorization.k8s.io + +--- + +# Resizer must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: {{ .Release.Namespace }} + name: external-resizer-cfg +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- + +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-resizer-role-cfg + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: external-resizer-cfg + apiGroup: rbac.authorization.k8s.io + + +--- +# mutator must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-mutator-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-mutator-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + # replace with non-default namespace name + namespace: kube-system +roleRef: + kind: ClusterRole + name: csi-mutator-role + apiGroup: rbac.authorization.k8s.io + +--- +# mutator must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: kube-system + name: csi-mutator-cfg +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csi-mutator-role-cfg + namespace: kube-system +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: kube-system +roleRef: + kind: Role + name: csi-mutator-cfg + apiGroup: rbac.authorization.k8s.io +{{- end }} + +--- + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-role + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["hpenodeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpevolumeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpereplicationdeviceinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hpe-csi-node-sa + namespace: {{ .Release.Namespace }} + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: hpe-csi-node-sa + namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: hpe-csp-sa + namespace: {{ .Release.Namespace }} + +roleRef: + kind: ClusterRole + name: hpe-csi-driver-role + apiGroup: rbac.authorization.k8s.io + +--- + +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csp-sa + namespace: {{ .Release.Namespace }} diff --git a/charts/hpe-csi-driver/templates/hpe-linux-config.yaml b/charts/hpe-csi-driver/templates/hpe-linux-config.yaml new file mode 100644 index 000000000..5e4c4944a --- /dev/null +++ b/charts/hpe-csi-driver/templates/hpe-linux-config.yaml @@ -0,0 +1,13 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: hpe-linux-config + namespace: {{ .Release.Namespace }} +data: +{{ if and .Values.iscsi.chapUser .Values.iscsi.chapPassword }} + CHAP_USER: {{ .Values.iscsi.chapUser | quote }} + CHAP_PASSWORD: {{ .Values.iscsi.chapPassword | quote }} +{{- end }} + config.json: |- +{{ (.Files.Get "files/config.json") | indent 4 }} \ No newline at end of file diff --git a/charts/hpe-csi-driver/templates/hpe-secret.yaml b/charts/hpe-csi-driver/templates/hpe-secret.yaml new file mode 100644 index 000000000..f5b252758 --- /dev/null +++ b/charts/hpe-csi-driver/templates/hpe-secret.yaml @@ -0,0 +1,47 @@ +{{ if $secret := (lookup "v1" "Secret" .Release.Namespace "nimble-secret") -}} +# This is required to maintain backward compatibility of resources(secret) +# created with previous releases as we no longer create a secret with CSI driver install. +# Annotation "helm.sh/resource-policy": keep" should help to remove this file altogether +# in future. +# Also, manage the secret only if created by previous versions of helm with below check. +--- +apiVersion: v1 +kind: Secret +metadata: + name: nimble-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: Helm + annotations: + helm.sh/resource-policy: keep + meta.helm.sh/release-name: {{ .Release.Name }} + meta.helm.sh/release-namespace: {{ .Release.Namespace }} +data: + username: {{ $secret.data.username }} + password: {{ $secret.data.password }} + servicePort: {{ $secret.data.servicePort }} + backend: {{ $secret.data.backend }} + serviceName: {{ $secret.data.serviceName }} +{{- end }} + +{{ if $secret := (lookup "v1" "Secret" .Release.Namespace "primera3par-secret") -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: primera3par-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: Helm + annotations: + helm.sh/resource-policy: keep + meta.helm.sh/release-name: {{ .Release.Name }} + meta.helm.sh/release-namespace: {{ .Release.Namespace }} +data: + username: {{ $secret.data.username }} + password: {{ $secret.data.password }} + servicePort: {{ $secret.data.servicePort }} + backend: {{ $secret.data.backend }} + serviceName: {{ $secret.data.serviceName }} +{{- end }} + diff --git a/charts/hpe-csi-driver/templates/nimble-csp.yaml b/charts/hpe-csi-driver/templates/nimble-csp.yaml new file mode 100644 index 000000000..a2efbe5fb --- /dev/null +++ b/charts/hpe-csi-driver/templates/nimble-csp.yaml @@ -0,0 +1,60 @@ +--- +### CSP Service ### +kind: Service +apiVersion: v1 +metadata: + name: nimble-csp-svc + namespace: {{ .Release.Namespace }} + labels: + app: nimble-csp-svc +spec: + ports: + - port: 8080 + protocol: TCP + selector: + app: nimble-csp + +--- +### CSP deployment ### +kind: Deployment +apiVersion: apps/v1 +metadata: + name: nimble-csp + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: nimble-csp + replicas: 1 + template: + metadata: + labels: + app: nimble-csp + spec: + serviceAccount: hpe-csp-sa + {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} + priorityClassName: system-cluster-critical + {{- end }} + containers: + - name: nimble-csp + image: hpestorage/nimble-csp:v1.3.0 + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + ports: + - containerPort: 8080 + volumeMounts: + - name: log-dir + mountPath: /var/log + volumes: + - name: log-dir + hostPath: + path: /var/log + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 + diff --git a/charts/hpe-csi-driver/templates/primera-3par-csp.yaml b/charts/hpe-csi-driver/templates/primera-3par-csp.yaml new file mode 100644 index 000000000..2e13db55e --- /dev/null +++ b/charts/hpe-csi-driver/templates/primera-3par-csp.yaml @@ -0,0 +1,61 @@ +--- +### CSP Service ### +kind: Service +apiVersion: v1 +metadata: + name: primera3par-csp-svc + namespace: {{ .Release.Namespace }} + labels: + app: primera3par-csp-svc +spec: + ports: + - port: 8080 + protocol: TCP + selector: + app: primera3par-csp + +--- +### CSP deployment ### +kind: Deployment +apiVersion: apps/v1 +metadata: + name: primera3par-csp + labels: + app: primera3par-csp + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: primera3par-csp + replicas: 1 + template: + metadata: + labels: + app: primera3par-csp + spec: + serviceAccount: hpe-csp-sa + {{- if semverCompare ">=1.17.0" .Capabilities.KubeVersion.GitVersion }} + priorityClassName: system-cluster-critical + {{- end }} + containers: + - name: primera3par-csp + image: hpestorage/hpe3parprimera-csp:v1.1.0 + imagePullPolicy: {{ .Values.imagePullPolicy | quote }} + ports: + - containerPort: 8080 + volumeMounts: + - name: log-dir + mountPath: /var/log + volumes: + - name: log-dir + hostPath: + path: /var/log + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 \ No newline at end of file diff --git a/charts/hpe-csi-driver/templates/sc.yaml b/charts/hpe-csi-driver/templates/sc.yaml new file mode 100644 index 000000000..8d34426d8 --- /dev/null +++ b/charts/hpe-csi-driver/templates/sc.yaml @@ -0,0 +1,38 @@ +{{ if $sc := (lookup "storage.k8s.io/v1" "StorageClass" "" "hpe-standard") -}} +# This is required to maintain backward compatibility of resources(storageclass) +# created with previous releases as we no longer create a storageclass with CSI driver install. +# Annotation "helm.sh/resource-policy": keep" should help to remove this file altogether +# in future. +# Also, manage the storageClass only if created by previous versions of helm with below check. +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: hpe-standard + labels: + plugin: {{ $.Release.Name }} + app.kubernetes.io/managed-by: Helm + annotations: + helm.sh/resource-policy: keep + meta.helm.sh/release-name: {{ .Release.Name }} + meta.helm.sh/release-namespace: {{ .Release.Namespace }} + {{- range $k, $v := $sc.metadata.annotations }} + {{- if or (eq $v "true") (eq $v "false")}} + {{ $k }}: {{ $v | quote }} + {{- else }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +provisioner: csi.hpe.com +{{- if semverCompare ">=1.15.0" .Capabilities.KubeVersion.GitVersion }} +allowVolumeExpansion: {{ $sc.allowVolumeExpansion }} +{{- end }} +parameters: + {{- range $k, $v := $sc.parameters }} + {{- if or (eq $v "true") (eq $v "false")}} + {{ $k }}: {{ $v | quote }} + {{- else }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/hpe-csi-driver/values.yaml b/charts/hpe-csi-driver/values.yaml new file mode 100644 index 000000000..a05ed5b12 --- /dev/null +++ b/charts/hpe-csi-driver/values.yaml @@ -0,0 +1,20 @@ +# Default values for hpe-csi-storage. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# image pull policy for all images in csi deployment +imagePullPolicy: 'IfNotPresent' + +# flavor +flavor: kubernetes + +# log level for all csi driver components +logLevel: info + +## For controlling automatic iscsi/multipath package installation (default: false) +disableNodeConformance: false + +# values for CHAP Authentication +iscsi: + chapUser: "" + chapPassword: "" \ No newline at end of file diff --git a/index.yaml b/index.yaml index c99c01eda..b343fadc6 100644 --- a/index.yaml +++ b/index.yaml @@ -253,6 +253,33 @@ entries: urls: - assets/haproxy/haproxy-1.4.300.tgz version: 1.4.300 + hpe-csi-driver: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/release-name: hpe-csi-driver + apiVersion: v1 + appVersion: 1.3.0 + created: "2020-09-25T22:06:58.990457871Z" + description: A Helm chart for installing the HPE CSI Driver for Kubernetes + digest: 9436f0c21901eb8bb620ff6f388ce5c3332a7b61b027b54cf0aebda045ed89af + home: https://hpe.com/storage/containers + icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png + keywords: + - HPE + - Storage + - StorageClass + - CentOS + - Ubuntu + - RHEL + maintainers: + - email: hpe-containers-dev@hpe.com + name: shivamerla + name: hpe-csi-driver + sources: + - https://scod.hpedev.io/csi_driver + urls: + - assets/hpe-csi-driver/hpe-csi-driver-1.3.000.tgz + version: 1.3.000 hpe-flexvolume-driver: - annotations: catalog.cattle.io/certified: partner @@ -404,4 +431,4 @@ entries: urls: - assets/sysdig/sysdig-1.9.200.tgz version: 1.9.200 -generated: "2020-09-25T18:35:57.406930567Z" +generated: "2020-09-25T22:06:58.989304471Z" diff --git a/sha256sum/hpe-csi-driver/hpe-csi-driver.sum b/sha256sum/hpe-csi-driver/hpe-csi-driver.sum index bad249039..ae3fbd1b2 100644 --- a/sha256sum/hpe-csi-driver/hpe-csi-driver.sum +++ b/sha256sum/hpe-csi-driver/hpe-csi-driver.sum @@ -1,2 +1,2 @@ 29d960d6d8b6fa6b1a353f6abc8e219df090f3a544d05e4f99f45fd9c0ce3dc5 packages/hpe-csi-driver/package.yaml -150603c0d8fa824a6bbaa4c5c7559804d8b44a17186a44e5d2498f9961bfd2c8 packages/hpe-csi-driver/hpe-csi-driver.patch +6a2f70133586be6504959a95c67afe48ec5209b83fcf4759932debfe8f56f273 packages/hpe-csi-driver/hpe-csi-driver.patch