make charts

pull/429/head
Bharath Sreekanth 2022-05-20 10:51:51 -04:00
parent 78b9a528ce
commit 92f961b6c2
No known key found for this signature in database
GPG Key ID: F2854E1D426CBB43
11 changed files with 1198 additions and 0 deletions

Binary file not shown.

View File

@ -0,0 +1,21 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dell CSI PowerFlex
catalog.cattle.io/release-name: vxflexos
apiVersion: v2
appVersion: 2.2.0
description: |
PowerFlex CSI (Container Storage Interface) driver Kubernetes
integration. This chart includes everything required to provision via CSI as
well as a StorageClass.
icon: https://partner-charts.rancher.io/assets/logos/dell.png
keywords:
- csi
- storage
kubeVersion: 1.21-0 - 1.23-0
maintainers:
- name: DellEMC
name: csi-vxflexos
sources:
- https://github.com/dell/csi-powerflex
version: 2.2.0

View File

@ -0,0 +1,10 @@
CSI Driver for PowerFlex is part of the CSM (Container Storage Modules) open-source suite of Kubernetes storage enablers for Dell EMC products. CSI Driver for PowerFlex is a Container Storage Interface (CSI) driver that provides support for provisioning persistent storage using Dell EMC PowerFlex storage array.
Pre-Install
- All nodes must have the SDC client installed to satisfy the CSI driver for PowerFlex. Ensure that nodes are provided at least two (2) interfaces and potentially up to four (4) interfaces depending on the PowerFlex system configuration.
- [Install Storage Data Client](https://dell.github.io/csm-docs/docs/csidriver/installation/helm/powerflex/#manual-sdc-deployment)
- [Create Configuration Secret (Step 4)](https://dell.github.io/csm-docs/docs/csidriver/installation/helm/powerflex/#install-the-driver)
Post-Install
- [Create Storage Class(es)](https://dell.github.io/csm-docs/docs/csidriver/installation/helm/powerflex/#storage-classes)
[Storage Class Examples](https://github.com/dell/csi-powerflex/tree/main/samples/storageclass)

View File

@ -0,0 +1,21 @@
categories:
- storage
namespace: vxflexos
labels:
io.rancher.certified: partner
questions:
- variable: defaultFsType
label: "Defines Filesystem format"
type: enum
required: true
group: "General settings (Required)"
options:
- "ext4"
- "xfs"
- variable: volumeNamePrefix
label: "Defines a string prepended to each volume created"
type: string
default: "k8svol"
required: true
group: "General settings (Required)"

View File

@ -0,0 +1,86 @@
{{/*
Return the appropriate sidecar images based on k8s version
*/}}
{{- define "csi-vxflexos.attacherImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "19" }}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v3.1.0" -}}
{{- else if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "20") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") -}}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v3.2.1" -}}
{{- else if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") -}}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v3.4.0" -}}
{{- else -}}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v3.1.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-vxflexos.provisionerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "19" }}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v2.1.0" -}}
{{- else if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "20") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") -}}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v2.2.1" -}}
{{- else if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") -}}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.1.0" -}}
{{- else -}}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v2.1.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-vxflexos.snapshotterImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "19" }}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.3" -}}
{{- else if or (eq (trimSuffix "+" .Capabilities.KubeVersion.Minor) "20") (eq (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") -}}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v4.1.0" -}}
{{- else if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") -}}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v5.0.1" -}}
{{- else -}}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v3.0.3" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-vxflexos.resizerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "19" }}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.1.0" -}}
{{- else if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "19") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") -}}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.2.0" -}}
{{- else if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") -}}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.4.0" -}}
{{- else -}}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.1.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-vxflexos.registrarImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "19" }}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.1.0" -}}
{{- else if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "20") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") -}}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0" -}}
{{- else if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") -}}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.0" -}}
{{- else -}}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.1.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "csi-vxflexos.healthmonitorImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if eq ( trimSuffix "+" .Capabilities.KubeVersion.Minor ) "19" }}
{{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.4.0" -}}
{{- else if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "20") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") -}}
{{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.4.0" -}}
{{- else if ge (trimSuffix "+" .Capabilities.KubeVersion.Minor ) "22" -}}
{{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.4.0" -}}
{{- else -}}
{{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.4.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}

View File

@ -0,0 +1,390 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-controller
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
verbs: ["get", "list", "watch", "patch"]
{{- else }}
verbs: ["get", "list", "watch"]
{{- end }}
{{- end }}
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
verbs: ["get", "list", "watch", "update", "patch", "delete"]
{{- else }}
verbs: ["get", "list", "watch", "update", "patch"]
{{- end }}
{{- end }}
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods"]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
verbs: ["get", "list", "watch", "update", "delete"]
{{- else }}
verbs: ["get", "list", "watch"]
{{- end }}
{{- end }}
# below for snapshotter
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
{{- if hasKey .Values "vgsnapshotter" }}
{{- if eq .Values.vgsnapshotter.enabled true }}
- apiGroups: ["volumegroup.storage.dell.com"]
resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"]
verbs: ["create", "list", "watch", "delete", "update"]
{{- end }}
{{- end }}
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
{{- if hasKey .Values "vgsnapshotter" }}
{{- if eq .Values.vgsnapshotter.enabled true }}
verbs: ["get", "list", "watch", "update", "create", "delete"]
{{- else }}
verbs: ["get", "list", "watch", "update"]
{{- end }}
{{- end }}
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status","volumesnapshotcontents/status"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create", "list", "watch", "delete", "update"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-controller
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Release.Name }}-controller
apiGroup: rbac.authorization.k8s.io
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
annotations:
com.dell.karavi-authorization-proxy: "true"
{{ end }}
{{ end }}
spec:
{{- if gt (int .Values.controller.controllerCount) 1 }}
strategy:
rollingUpdate:
maxUnavailable: 1
{{- end }}
selector:
matchLabels:
name: {{ .Release.Name }}-controller
replicas: {{ required "Must provide the number of controller instances to create." .Values.controller.controllerCount }}
template:
metadata:
labels:
{{- if eq (.Values.vgsnapshotter.enabled| toString) "true" }}
vg-snapshotter-enabled: "true"
{{- else if eq (.Values.vgsnapshotter.enabled| toString) "false" }}
vg-snapshotter-enabled: "false"
{{- end }}
name: {{ .Release.Name }}-controller
spec:
affinity:
nodeSelector:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- {{ .Release.Name }}-controller
topologyKey: kubernetes.io/hostname
serviceAccountName: {{ .Release.Name }}-controller
{{- if .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml .Values.controller.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{- toYaml .Values.controller.tolerations | nindent 6 }}
{{- end }}
containers:
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: podmon
image: {{ required "Must provide the podmon container image." .Values.podmon.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
{{- toYaml .Values.podmon.controller.args | nindent 12 }}
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: vxflexos-config-params
mountPath: /vxflexos-config-params
{{- end }}
{{- end }}
- name: attacher
image: {{ required "Must provide the CSI attacher container image." ( include "csi-vxflexos.attacherImage" . ) }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address=$(ADDRESS)"
- "--v=5"
- "--leader-election=true"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: provisioner
image: {{ required "Must provide the CSI provisioner container image." ( include "csi-vxflexos.provisionerImage" . ) }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address=$(ADDRESS)"
- "--feature-gates=Topology=true"
- "--volume-name-prefix={{ required "Must provide a value to prefix to driver created volume names" .Values.controller.volumeNamePrefix }}"
- "--volume-name-uuid-length=10"
- "--leader-election=true"
- "--timeout=120s"
- "--v=5"
- "--default-fstype={{ .Values.defaultFsType | default "ext4" }}"
- "--extra-create-metadata"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- if hasKey .Values.controller "healthMonitor" }}
{{- if eq .Values.controller.healthMonitor.enabled true}}
- name: csi-external-health-monitor-controller
image: {{ required "Must provide the CSI external health monitor image." ( include "csi-vxflexos.healthmonitorImage" . ) }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address=$(ADDRESS)"
- "--v=5"
- "--leader-election=true"
- "--enable-node-watcher=true"
- "--http-endpoint=:8080"
- "--monitor-interval={{ .Values.controller.healthMonitor.volumeHealthMonitorInterval | default "60s" }}"
- "--timeout=180s"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- end }}
{{- end }}
{{- if hasKey .Values "vgsnapshotter" }}
{{- if eq .Values.vgsnapshotter.enabled true }}
- name: vg-snapshotter
image: {{ required "Must provide the vgsnapshotter container image." .Values.vgsnapshotter.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- end }}
{{- end }}
{{- if hasKey .Values.controller "snapshot" }}
{{- if eq .Values.controller.snapshot.enabled true }}
- name: snapshotter
image: {{ required "Must provide the CSI snapshotter container image. " ( include "csi-vxflexos.snapshotterImage" . ) }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address=$(ADDRESS)"
- "--timeout=120s"
- "--v=5"
- "--leader-election=true"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- end }}
{{- end }}
{{- if hasKey .Values.controller "resizer" }}
{{- if eq .Values.controller.resizer.enabled true }}
- name: resizer
image: {{ required "Must provide the CSI resizer container image." ( include "csi-vxflexos.resizerImage" . ) }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address=$(ADDRESS)"
- "--v=5"
- "--leader-election=true"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- end }}
{{- end }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
- name: karavi-authorization-proxy
image: {{ required "Must provide the authorization sidecar container image." .Values.authorization.sidecarProxyImage }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
- name: PROXY_HOST
value: "{{ .Values.authorization.proxyHost }}"
- name: INSECURE
value: "{{ .Values.authorization.skipCertificateValidation }}"
- name: PLUGIN_IDENTIFIER
value: powerflex
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: proxy-authz-tokens
key: access
- name: REFRESH_TOKEN
valueFrom:
secretKeyRef:
name: proxy-authz-tokens
key: refresh
volumeMounts:
- name: karavi-authorization-config
mountPath: /etc/karavi-authorization/config
- name: proxy-server-root-certificate
mountPath: /etc/karavi-authorization/root-certificates
- name: vxflexos-config-params
mountPath: /etc/karavi-authorization
{{- end }}
{{- end }}
- name: driver
image: "{{ required "Must provide the driver image repository." .Values.images.driverRepository }}/{{ .Chart.Name }}:v{{ .Values.version }}"
imagePullPolicy: {{ .Values.imagePullPolicy }}
command: [ "/csi-vxflexos.sh" ]
args:
- "--leader-election"
- "--array-config=/vxflexos-config/config"
- "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml"
env:
- name: CSI_ENDPOINT
value: /var/run/csi/csi.sock
- name: X_CSI_MODE
value: controller
- name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE
value: "{{ required "Enable this to allow deletion of all snaps in CG" .Values.enablesnapshotcgdelete }}"
- name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT
value: "{{ required "Enable this to have CSI ListVolumes include snapshots" .Values.enablelistvolumesnapshot }}"
- name: SSL_CERT_DIR
value: /certs
{{- if hasKey .Values.controller "healthMonitor" }}
{{- if eq .Values.controller.healthMonitor.enabled true}}
- name: X_CSI_HEALTH_MONITOR_ENABLED
value: "{{ .Values.controller.healthMonitor.enabled }}"
{{- end }}
{{- end }}
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: vxflexos-config
mountPath: /vxflexos-config
- name: vxflexos-config-params
mountPath: /vxflexos-config-params
{{- if ge (int .Values.certSecretCount) 1 }}
- name: certs
mountPath: /certs
readOnly: true
{{- end}}
volumes:
- name: socket-dir
emptyDir:
- name: vxflexos-config
secret:
secretName: {{ .Release.Name }}-config
- name: vxflexos-config-params
configMap:
name: {{ .Release.Name }}-config-params
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
- name: karavi-authorization-config
secret:
secretName: karavi-authorization-config
- name: proxy-server-root-certificate
secret:
secretName: proxy-server-root-certificate
{{ end }}
{{ end }}
{{- if ge (int .Values.certSecretCount) 1 }}
- name: certs
projected:
sources:
{{- range $i, $e := until (int .Values.certSecretCount ) }}
- secret:
name: {{ print $.Release.Name "-certs-" $e }}
items:
- key: cert-{{ $e }}
path: cert-{{ $e }}
{{- end }}
{{- end }}

View File

@ -0,0 +1,10 @@
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: csi-vxflexos.dellemc.com
spec:
attachRequired: true
podInfoOnMount: true
volumeLifecycleModes:
- Persistent
- Ephemeral

View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-config-params
namespace: {{ .Release.Namespace }}
data:
driver-config-params.yaml: |
CSI_LOG_LEVEL: "{{ .Values.logLevel }}"
CSI_LOG_FORMAT: "{{ .Values.logFormat }}"
{{ if .Values.podmon.enabled }}
PODMON_CONTROLLER_LOG_LEVEL: "{{ .Values.logLevel }}"
PODMON_CONTROLLER_LOG_FORMAT: "{{ .Values.logFormat }}"
PODMON_NODE_LOG_LEVEL: "{{ .Values.logLevel }}"
PODMON_NODE_LOG_FORMAT: "{{ .Values.logFormat }}"
{{ end }}

View File

@ -0,0 +1,391 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-node
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["create", "delete", "get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["persistentvolumesclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["security.openshift.io"]
resourceNames: ["privileged"]
resources: ["securitycontextconstraints"]
verbs: ["use"]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "update", "delete"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
{{ end }}
{{ end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-node
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Release.Name }}-node
apiGroup: rbac.authorization.k8s.io
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
annotations:
com.dell.karavi-authorization-proxy: "true"
{{ end }}
{{ end }}
spec:
selector:
matchLabels:
app: {{ .Release.Name }}-node
template:
metadata:
labels:
app: {{ .Release.Name }}-node
spec:
{{- if .Values.node.nodeSelector }}
nodeSelector:
{{- toYaml .Values.node.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.node.tolerations }}
tolerations:
{{- toYaml .Values.node.tolerations | nindent 6 }}
{{- end }}
serviceAccount: {{ .Release.Name }}-node
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
{{- if and .Values.monitor.enabled .Values.monitor.hostPID }}
hostPID: true
{{- else }}
hostPID: false
{{- end }}
containers:
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: podmon
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
image: {{ required "Must provide the podmon container image." .Values.podmon.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
{{- toYaml .Values.podmon.node.args | nindent 12 }}
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: X_CSI_PRIVATE_MOUNT_DIR
value: "{{ .Values.kubeletConfigDir }}/plugins/vxflexos.emc.dell.com/disks"
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: kubelet-pods
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/vxflexos.emc.dell.com
mountPropagation: "Bidirectional"
- name: usr-bin
mountPath: /usr-bin
- name: var-run
mountPath: /var/run
- name: vxflexos-config-params
mountPath: /vxflexos-config-params
{{- end }}
{{- end }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
- name: karavi-authorization-proxy
image: {{ required "Must provide the authorization sidecar container image." .Values.authorization.sidecarProxyImage }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
- name: PROXY_HOST
value: "{{ .Values.authorization.proxyHost }}"
- name: INSECURE
value: "{{ .Values.authorization.skipCertificateValidation }}"
- name: PLUGIN_IDENTIFIER
value: powerflex
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: proxy-authz-tokens
key: access
- name: REFRESH_TOKEN
valueFrom:
secretKeyRef:
name: proxy-authz-tokens
key: refresh
volumeMounts:
- name: karavi-authorization-config
mountPath: /etc/karavi-authorization/config
- name: proxy-server-root-certificate
mountPath: /etc/karavi-authorization/root-certificates
- name: vxflexos-config-params
mountPath: /etc/karavi-authorization
{{ end }}
{{ end }}
- name: driver
securityContext:
privileged: true
allowPrivilegeEscalation: true
capabilities:
add: ["SYS_ADMIN"]
image: "{{ required "Must provide the driver image repository." .Values.images.driverRepository }}/{{ .Chart.Name }}:v{{ .Values.version }}"
imagePullPolicy: {{ .Values.imagePullPolicy }}
command: [ "/csi-vxflexos.sh" ]
args:
- "--array-config=/vxflexos-config/config"
- "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml"
env:
- name: CSI_ENDPOINT
value: unix://{{ .Values.kubeletConfigDir }}/plugins/vxflexos.emc.dell.com/csi_sock
- name: X_CSI_MODE
value: node
- name: X_CSI_PRIVATE_MOUNT_DIR
value: "{{ .Values.kubeletConfigDir }}/plugins/vxflexos.emc.dell.com/disks"
- name: X_CSI_ALLOW_RWO_MULTI_POD_ACCESS
value: "{{ required "Must provide a true/false string to allow RWO multi pod access." .Values.allowRWOMultiPodAccess }}"
- name: SSL_CERT_DIR
value: /certs
{{- if hasKey .Values.node "healthMonitor" }}
- name: X_CSI_HEALTH_MONITOR_ENABLED
value: "{{ .Values.node.healthMonitor.enabled }}"
{{- end }}
volumeMounts:
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/vxflexos.emc.dell.com
- name: volumedevices-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi/volumeDevices
mountPropagation: "Bidirectional"
- name: pods-path
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
- name: dev
mountPath: /dev
- name: vxflexos-config
mountPath: /vxflexos-config
- name: vxflexos-config-params
mountPath: /vxflexos-config-params
{{- if ge (int .Values.certSecretCount) 1 }}
- name: certs
mountPath: /certs
readOnly: true
{{- end}}
- name: registrar
image: {{ required "Must provide the CSI registrar container image." ( include "csi-vxflexos.registrarImage" . ) }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--v=5"
- "--csi-address=$(ADDRESS)"
- --kubelet-registration-path={{ .Values.kubeletConfigDir }}/plugins/vxflexos.emc.dell.com/csi_sock
env:
- name: ADDRESS
value: /csi/csi_sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
volumeMounts:
- name: registration-dir
mountPath: /registration
- name: driver-path
mountPath: /csi
{{- if eq .Values.monitor.enabled true }}
- name: sdc-monitor
securityContext:
privileged: true
image: {{ required "Must provide the PowerFlex SDC container image." .Values.images.powerflexSdc }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
{{ if eq .Values.monitor.hostPID true }}
- name: HOST_PID
value: "1"
{{ else }}
- name: HOST_PID
value: "0"
{{ end }}
- name: HOST_NET
value: "1"
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MDM
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-config
key: MDM
- name: MODE
value: "monitoring"
volumeMounts:
- name: dev
mountPath: /dev
- name: os-release
mountPath: /host-os-release
- name: sdc-storage
mountPath: /storage
- name: udev-d
mountPath: /rules.d
{{- end }}
initContainers:
- name: sdc
securityContext:
privileged: true
image: {{ required "Must provide the PowerFlex SDC container image." .Values.images.powerflexSdc }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MODE
value: "config"
- name: MDM
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-config
key: MDM
- name: HOST_DRV_CFG_PATH
value: /opt/emc/scaleio/sdc/bin
volumeMounts:
- name: dev
mountPath: /dev
- name: os-release
mountPath: /host-os-release
- name: sdc-storage
mountPath: /storage
- name: udev-d
mountPath: /rules.d
- name: scaleio-path-opt
mountPath: /host_drv_cfg_path
volumes:
- name: registration-dir
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins_registry/
type: DirectoryOrCreate
- name: driver-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins/vxflexos.emc.dell.com
type: DirectoryOrCreate
- name: volumedevices-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi/volumeDevices
type: DirectoryOrCreate
- name: pods-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/pods
type: Directory
- name: dev
hostPath:
path: /dev
type: Directory
- name: scaleio-path-opt
hostPath:
path: /opt/emc/scaleio/sdc/bin
type: DirectoryOrCreate
- name: sdc-storage
hostPath:
path: /var/emc-scaleio
type: DirectoryOrCreate
- name: udev-d
hostPath:
path: /etc/udev/rules.d
type: Directory
- name: os-release
hostPath:
path: /etc/os-release
type: File
- name: vxflexos-config
secret:
secretName: {{ .Release.Name }}-config
- name: vxflexos-config-params
configMap:
name: {{ .Release.Name }}-config-params
{{- if ge (int .Values.certSecretCount) 1 }}
- name: certs
projected:
sources:
{{- range $i, $e := until (int .Values.certSecretCount ) }}
- secret:
name: {{ print $.Release.Name "-certs-" $e }}
items:
- key: cert-{{ $e }}
path: cert-{{ $e }}
{{- end }}
{{- end }}
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
- name: karavi-authorization-config
secret:
secretName: karavi-authorization-config
- name: proxy-server-root-certificate
secret:
secretName: proxy-server-root-certificate
{{ end }}
{{ end }}
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: usr-bin
hostPath:
path: /usr/bin
type: Directory
- name: kubelet-pods
hostPath:
path: /var/lib/kubelet/pods
type: Directory
- name: var-run
hostPath:
path: /var/run
type: Directory
{{- end }}
{{- end }}

View File

@ -0,0 +1,229 @@
---
# k8s/driver attributes
# "version" is used to verify the values file matches driver version
# Not recommend to change
version: 2.2.0
images:
# "driver" defines the container image, used for the driver container.
driverRepository: dellemc
# "powerflexSdc" defines the SDC image for init container.
powerflexSdc: dellemc/sdc:3.6
# Represents number of certificate secrets, which user is going to create for ssl authentication. (vxflexos-cert-0..vxflexos-cert-n)
# If user does not use certificate, set to 0
certSecretCount: 0
# CSI driver log level
# Allowed values: "error", "warn"/"warning", "info", "debug"
# Default value: "debug"
logLevel: "debug"
# CSI driver log format
# Allowed values: "TEXT" or "JSON"
# Default value: "TEXT"
logFormat: "TEXT"
# Specify kubelet config dir path.
# Ensure that the config.yaml file is present at this path.
# Default value: None
kubeletConfigDir: /var/lib/kubelet
# "defaultFsType" is used to set the default FS type which will be used
# for mount volumes if FsType is not specified in the storage class
# Allowed values: ext4, xfs
# Default value: none
defaultFsType: ext4
# imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container.
# Allowed values:
# Always: Always pull the image.
# IfNotPresent: Only pull the image if it does not already exist on the node.
# Never: Never pull the image.
# Default value: None
imagePullPolicy: IfNotPresent
# "enablesnapshotcgdelete"- a boolean that, when enabled, will delete all snapshots in a consistency group
# everytime a snap in the group is deleted
# Allowed values: true, false
# Default value: none
enablesnapshotcgdelete: "false"
# "enablelistvolumesnapshot" - a boolean that, when enabled, will allow list volume operation to include snapshots (since creating a volume
# from a snap actually results in a new snap)
# It is recommend this be false unless instructed otherwise.
# Allowed values: true, false
# Default value: none
enablelistvolumesnapshot: "false"
# Setting allowRWOMultiPodAccess to "true" will allow multiple pods on the same node
# to access the same RWO volume. This behavior conflicts with the CSI specification version 1.3
# NodePublishVolume descrition that requires an error to be returned in this case.
# However some other CSI drivers support this behavior and some customers desire this behavior.
# Kubernetes could make a change at their discretion that would preclude our ability to support this option.
# Customers use this option at their own risk.
# You should leave this set as "false" unless instructed to change it by Dell support.
# Allowed values: true, false
# Default value: "false"
allowRWOMultiPodAccess: "false"
# "controller" allows to configure controller specific parameters
controller:
healthMonitor:
# enabled: Enable/Disable health monitor of CSI volumes
# Allowed values:
# true: enable checking of health condition of CSI volumes
# false: disable checking of health condition of CSI volumes
# Default value: None
enabled: false
# healthMonitorInterval: Interval of monitoring volume health condition
# Allowed values: Number followed by unit (s,m,h)
# Examples: 60s, 5m, 1h
# Default value: 60s
volumeHealthMonitorInterval: 60s
# volumeNamePrefix- defines a string prepended to each volume created by the CSI driver.
# Default value: none
# Examples: "k8s", "app1"
volumeNamePrefix: k8s
# "controllerCount" defines the number of VxFlex controller pods to deploy
# Allowed values: n, where n > 0
# Default value: none
controllerCount: 2
snapshot:
# enabled: Enable/Disable volume snapshot feature
# Allowed values:
# true: enable volume snapshot feature(install snapshotter sidecar)
# false: disable volume snapshot feature(do not install snapshotter sidecar)
# Default value: None
enabled: true
resizer:
# enabled: Enable/Disable volume expansion feature
# Allowed values:
# true: enable volume expansion feature(install resizer sidecar)
# false: disable volume snapshot feature(do not install resizer sidecar)
# Default value: None
enabled: true
#"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment
# Leave as blank to use all nodes
# Allowed values: map of key-value pairs
# Default value: None
# Examples:
# node-role.kubernetes.io/master: ""
nodeSelector:
# node-role.kubernetes.io/master: ""
# "controller.tolerations" defines tolerations that would be applied to controller deployment
# Leave as blank to install controller on worker nodes
# Default value: None
tolerations:
# - key: "node-role.kubernetes.io/master"
# operator: "Exists"
# effect: "NoSchedule"
# "node" allows to configure node specific parameters
node:
healthMonitor:
# enabled: Enable/Disable health monitor of CSI volumes- volume usage, volume condition
# Allowed values:
# true: enable checking of health condition of CSI volumes
# false: disable checking of health condition of CSI volumes
# Default value: None
enabled: false
# "node.nodeSelector" defines what nodes would be selected for pods of node daemonset
# Leave as blank to use all nodes
# Allowed values: map of key-value pairs
# Default value: None
nodeSelector:
# node-role.kubernetes.io/master: ""
# "node.tolerations" defines tolerations that would be applied to node daemonset
# Leave as blank to install node driver only on worker nodes
# Default value: None
tolerations:
# - key: "node-role.kubernetes.io/master"
# operator: "Exists"
# effect: "NoSchedule"
# monitoring pod details
# These options control the running of the monitoring container
# This container gather diagnostic information in case of failure
monitor:
# enabled allows the usage of the monitoring pod to be disabled
# Allowed values: true, false
# Default value: "false"
enabled: false
# hostNetwork determines if the monitor pod should run on the host network or not
# Allowed values: true, false
# Default value: "false"
hostNetwork: true
# hostPID determines if the monitor pod should run in the host namespace
# Allowed values: true, false
# Default value: "false"
hostPID: true
# CSM module attributes
# volume group snapshotter(vgsnapshotter) details
# These options control the running of the vgsnapshotter container
vgsnapshotter:
enabled: false
image: dellemc/csi-volumegroup-snapshotter:v1.0.0
# Podmon is an optional feature under development and tech preview.
# Enable this feature only after contact support for additional information
podmon:
enabled: false
image: dellemc/podmon:v1.1.0
#controller:
# args:
# - "--csisock=unix:/var/run/csi/csi.sock"
# - "--labelvalue=csi-vxflexos"
# - "--mode=controller"
# - "--skipArrayConnectionValidation=false"
# - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml"
#node:
# args:
# - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock"
# - "--labelvalue=csi-vxflexos"
# - "--mode=node"
# - "--leaderelection=false"
# - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml"
# CSM module attributes
# authorization: enable csm-authorization for RBAC
# Deploy and configure authorization before installing driver
# Allowed values:
# "true" - authorization is enabled
# "false" - authorization is disabled
# Default value: "false"
authorization:
enabled: false
# sidecarProxyImage: the container image used for the csm-authorization-sidecar.
# Default value: dellemc/csm-authorization-sidecar:v1.2.0
sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.2.0
# proxyHost: hostname of the csm-authorization server
# Default value: None
proxyHost:
# skipCertificateValidation: certificate validation of the csm-authorization server
# Allowed Values:
# "true" - TLS certificate verification will be skipped
# "false" - TLS certificate will be verified
# Default value: "true"
skipCertificateValidation: true

View File

@ -869,6 +869,31 @@ entries:
- assets/kubecost/cost-analyzer-1.70.000.tgz
version: 1.70.000
csi-vxflexos:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dell CSI PowerFlex
catalog.cattle.io/release-name: vxflexos
apiVersion: v2
appVersion: 2.2.0
created: "2022-05-20T10:51:15.893808318-04:00"
description: |
PowerFlex CSI (Container Storage Interface) driver Kubernetes
integration. This chart includes everything required to provision via CSI as
well as a StorageClass.
digest: 59c32b320f31ac571bac47783f0c23879cd3c36d26a1c57e59a7698e3ab544f5
icon: https://partner-charts.rancher.io/assets/logos/dell.png
keywords:
- csi
- storage
kubeVersion: 1.21-0 - 1.23-0
maintainers:
- name: DellEMC
name: csi-vxflexos
sources:
- https://github.com/dell/csi-powerflex
urls:
- assets/dell-csi-powerflex/csi-vxflexos-2.2.0.tgz
version: 2.2.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dell CSI PowerFlex