andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #351 from DavidMarchant/add-ondat-0.5.4 

Add ondat 0.5.4
pull/343/head^2
Samuel Attwood 2022-02-25 04:09:40 -05:00 committed by GitHub
parent f57f7c2bee fffb72a065
commit f31a665648
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
25 changed files with 2819 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/ondat-operator/ondat-operator-0.5.400.tgz Normal file
View File

Binary file not shown.

26
charts/ondat-operator/ondat-operator/0.5.400/Chart.yaml Normal file
View File

@ -0,0 +1,26 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Ondat Operator
catalog.cattle.io/release-name: ondat-operator
apiVersion: v2
appVersion: v2.6.0
description: Cloud Native storage for containers
home: https://ondat.io
icon: https://docs.ondat.io/images/generic/Ondat_logo.svg
keywords:
- storage
- block-storage
- volume
- operator
kubeVersion: '>= 1.19'
maintainers:
- email: david@ondat.io
name: DavidMarchant
- email: richard.kovacs@ondat.io
name: mhmxs
- email: angelos.perivolaropoulos@ondat.io
name: aeroniero33
name: ondat-operator
sources:
- https://github.com/ondat
version: 0.5.400

21
charts/ondat-operator/ondat-operator/0.5.400/LICENSE Normal file
View File

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2022 StorageOS
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

271
charts/ondat-operator/ondat-operator/0.5.400/README.md Normal file
View File

@ -0,0 +1,271 @@
# Ondat Operator Helm Chart
> **Note**: This chart requires Helm 3 and defaults to StorageOS v2. To upgrade
> from a previous chart or from StorageOS version 1.x to 2.x, please contact
> support for assistance.
StorageOS is a cloud native, software-defined storage platform that transforms
commodity server or cloud based disk capacity into enterprise-class persistent
storage for containers. StorageOS volumes offer high throughput, low latency
and consistent performance, and are therefore ideal for deploying databases,
message queues, and other mission-critical stateful solutions. StorageOS
Project edition also offers ReadWriteMany volumes that are concurrently
accessible by multiple applications.
The Ondat Operator installs and manages StorageOS within a cluster. Cluster
nodes may contribute local or attached disk-based storage into a distributed
pool, which is then available to all cluster members via a global namespace.
Volumes are available across the cluster so if an application container gets
moved to another node it has immediate access to re-attach its data.
StorageOS is extremely lightweight - minimum requirements are a reserved CPU
core and 2GB of free memory. There are minimal external dependencies, and no
custom kernel modules.
After StorageOS is installed, please register for a free personal license to
enable 1TiB of capacity and HA with synchronous replication by following the
instructions [here](https://docs.ondat.io/docs/operations/licensing). For
additional capacity, features and support plans contact sales@ondat.io.
## Highlighted Features
* High Availability - synchronous replication insulates you from node failure.
* Delta Sync - replicas out of sync due to transient failures only transfer
changed blocks.
* Multiple AccessModes - dynamically provision ReadWriteOnce or ReadWriteMany
volumes.
* Rapid Failover - quickly detects node failure and automates recovery actions
without administrator intervention.
* Data Encryption - both in transit and at rest.
* Scalability - disaggregated consensus means no single scheduling point of
failure.
* Thin provisioning - only consume the space you need in a storage pool.
* Data reduction - transparent inline data compression to reduce the amount of
storage used in a backing store as well as reducing the network bandwidth
requirements for replication.
* Flexible configuration - all features can be enabled per volume, using PVC
and StorageClass labels.
* Multi-tenancy - fully supports standard Namespace and RBAC methods.
* Observability & instrumentation - Log streams for observability and
Prometheus support for instrumentation.
* Deployment flexibility - scale up or scale out storage based on application
requirements. Works with any infrastructure on-premises, VM, bare metal
or cloud.
## About StorageOS
StorageOS is a software-defined cloud native storage platform delivering
persistent storage for Kubernetes. StorageOS is built from the ground-up with
no legacy restrictions to give enterprises working with cloud native workloads
a scalable storage platform with no compromise on performance, availability or
security. For additional information, visit www.ondat.io.
This chart installs a Ondat Cluster Operator which helps deploy and
configure a StorageOS cluster on kubernetes.
## Prerequisites
- Helm 3
- Kubernetes 1.18+
- Privileged mode containers (enabled by default)
- Etcd cluster
Refer to the [StorageOS prerequisites
docs](https://docs.ondat.io/docs/prerequisites/) for more information.
## Installing the chart
<!-- TODO: which URL should I use to refrence the chart? The below also
works at time of writing -->
```console
# Add ondat charts repo.
$ helm repo add ondat https://charts.ondat.io
# Install the chart in a namespace.
$ kubectl create namespace ondat-operator
$ helm install my-ondat ondat/ondat-operator \
--namespace ondat-operator \
--set cluster.kvBackend.address=<etcd-node-ip>:2379 \
--set cluster.admin.password=<password>
```
This will install the Ondat cluster operator in `ondat-operator`
namespace and deploys StorageOS with a minimal configuration. Etcd address
(kvBackend) and admin password are mandatory values to install the chart.
The password must be at least 8 characters long and the default username is
`storageos`, which can be changed like the above values. Find more information
about installing etcd in our [etcd
docs](https://docs.ondat.io/docs/prerequisites/etcd/).
To avoid passing the password as a flag, install the chart with the values file.
Create a values.yaml file and pass the file name with `--values` flag.
```yaml
cluster:
kvBackend:
address: <etcd-node-ip>:2379
admin:
password: <password>
```
```console
$ helm install ondat/ondat-operator \
--namespace ondat-operator \
--values <values-file>
```
> **Tip**: List all releases using `helm list -A`
## Creating a StorageOS cluster manually
The Helm chart supports a subset of StorageOSCluster custom resource parameters.
For advanced configurations, you may wish to create the cluster resource
manually and only use the Helm chart to install the Operator.
To disable auto-provisioning the cluster with the Helm chart, set
`cluster.create` to false:
```yaml
cluster:
...
create: false
```
Create a secret to store storageos cluster secrets:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: "storageos-api"
namespace: <storageos-cluster-namespace>
labels:
app: "storageos"
type: "kubernetes.io/storageos"
data:
# echo -n '<secret>' | base64
username: c3RvcmFnZW9z
password: c3RvcmFnZW9z
```
Create a `StorageOSCluster` custom resource and refer the above secret in the
`secretRefName` field.
```yaml
apiVersion: "storageos.com/v1"
kind: "StorageOSCluster"
metadata:
name: "example-storageos"
namespace: <storageos-cluster-namespace>
spec:
secretRefName: "storageos-api"
kvBackend:
address: "etcd-client.etcd.svc.cluster.local:2379"
# address: '10.42.15.23:2379,10.42.12.22:2379,10.42.13.16:2379' # You can set ETCD server IPs.
storageClassName: "storageos"
```
<!--- TODO: replace this when an equivalent specification exsists for the new
operator, ticket has been created. Also replace in app-readme -->
Learn more about advanced configuration options
[here](https://github.com/storageos/cluster-operator/blob/master/README.md#storageoscluster-resource-configuration).
To check cluster status, run:
```console
$ kubectl get storageoscluster --namespace <storageos-cluster-namespace>
NAME READY STATUS AGE
example-storageos 3/3 Running 4m
```
All the events related to this cluster are logged as part of the cluster object
and can be viewed by describing the object.
```console
$ kubectl describe storageoscluster example-storageos --namespace <storageos-cluster-namespace>
Name: example-storageos
Namespace: default
Labels: <none>
...
...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning ChangedStatus 1m (x2 over 1m) storageos-operator 0/3 StorageOS nodes are functional
Normal ChangedStatus 35s storageos-operator 3/3 StorageOS nodes are functional. Cluster healthy
```
## Configuration
The following tables lists the configurable parameters of the StorageOSCluster
Operator chart and their default values.
Parameter | Description | Default
--------- | ----------- | -------
`operator.image.repository` | StorageOS Operator container image repository | `storageos/operator`
`operator.image.tag` | StorageOS Operator container image tag | `v2.5.0`
`operator.image.pullPolicy` | StorageOS Operator container image pull policy | `IfNotPresent`
`podSecurityPolicy.enabled` | If true, create & use PodSecurityPolicy resources | `false`
`podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}`
`cluster.create` | If true, auto-create the StorageOS cluster | `true`
`cluster.name` | Name of the storageos deployment | `storageos`
`cluster.namespace` | Namespace to install the StorageOS cluster into | `kube-system`
`cluster.createNamespace` | If true, create the namespace used by the cluster | `true`
`cluster.secretRefName` | Name of the secret containing StorageOS API credentials | `storageos-api`
`cluster.admin.username` | Username to authenticate to the StorageOS API with | `storageos`
`cluster.admin.password` | Password to authenticate to the StorageOS API with |
`cluster.sharedDir` | The path shared into to kubelet container when running kubelet in a container |
`cluster.kvBackend.address` | List of etcd targets, in the form ip[:port], separated by commas |
`cluster.kvBackend.backend` | Key-Value store backend name | `etcd`
`cluster.kvBackend.tlsSecretName` | Name of the secret containing kv backend tls cert |
`cluster.kvBackend.tlsSecretNamespace` | Namespace of the secret containing kv backend tls cert |
`cluster.nodeSelectorTerm.key` | Key of the node selector term used for pod placement |
`cluster.nodeSelectorTerm.value` | Value of the node selector term used for pod placement |
`cluster.toleration.key` | Key of the pod toleration parameter |
`cluster.toleration.value` | Value of the pod toleration parameter |
`cluster.disableTelemetry` | If true, no telemetry data will be collected from the cluster | `false`
`cluster.storageClassName` | Name of the StorageClass to be created | `storageos`
`cluster.images.apiManager.repository` | StorageOS API Manager container image repository |
`cluster.images.apiManager.tag` | StorageOS API Manager container image tag |
`cluster.images.csiV1ExternalAttacherV3.repository` | CSI v1 External Attacher v3 image repository |
`cluster.images.csiV1ExternalAttacherV3.tag` | CSI v1 External Attacher v3 image tag |
`cluster.images.csiV1ExternalProvisioner.repository` | CSI v1 External Provisioner image repository |
`cluster.images.csiV1ExternalProvisioner.tag` | CSI v1 External Provisioner image tag |
`cluster.images.csiV1ExternalResizer.repository` | CSI v1 External Resizer image repository |
`cluster.images.csiV1ExternalResizer.tag` | CSI v1 External Resizer image tag |
`cluster.images.csiV1LivenessProbe.repository` | CSI v1 Liveness Probe image repository |
`cluster.images.csiV1LivenessProbe.tag` | CSI v1 Liveness Probe image tag |
`cluster.images.csiV1NodeDriverRegistrar.repository` | CSI v1 Node Driver Registrar image repository |
`cluster.images.csiV1NodeDriverRegistrar.tag` | CSI v1 Node Driver Registrar image tag |
`cluster.images.init.repository` | StorageOS init container image repository |
`cluster.images.init.tag` | StorageOS init container image tag |
`cluster.images.node.repository` | StorageOS Node container image repository |
`cluster.images.node.tag` | StorageOS Node container image tag |
## Deleting a StorageOS Cluster
Deleting the `StorageOSCluster` custom resource object would delete the
storageos cluster and its associated resources.
In the above example,
```console
$ kubectl delete storageoscluster example-storageos --namespace <storageos-cluster-namespace>
```
would delete the custom resource and the cluster.
## Uninstalling the Chart
To uninstall/delete the storageos cluster operator deployment:
```console
$ helm uninstall <release-name> --namespace ondat-operator
```
If the chart was installed with cluster auto-provisioning enabled, chart
uninstall will clean-up the installed StorageOS cluster resources as well.
Learn more about configuring the StorageOS Operator on
[GitHub](https://github.com/storageos/operator).

75
charts/ondat-operator/ondat-operator/0.5.400/app-readme.md Normal file
View File

@ -0,0 +1,75 @@
# Ondat Operator
StorageOS is a cloud native, software-defined storage platform that transforms
commodity server or cloud based disk capacity into enterprise-class persistent
storage for containers. StorageOS volumes offer high throughput, low latency
and consistent performance, and are therefore ideal for deploying databases,
message queues, and other mission-critical stateful solutions. StorageOS
Project edition also offers ReadWriteMany volumes that are concurrently
accessible by multiple applications.
The Ondat Operator installs and manages StorageOS within a cluster. Cluster
nodes may contribute local or attached disk-based storage into a distributed
pool, which is then available to all cluster members via a global namespace.
Volumes are available across the cluster so if an application container gets
moved to another node it has immediate access to re-attach its data.
StorageOS is extremely lightweight - minimum requirements are a reserved CPU
core and 2GB of free memory. There are minimal external dependencies, and no
custom kernel modules.
After StorageOS is installed, please register for a free personal license to
enable 1TiB of capacity and HA with synchronous replication by following the
instructions [here](https://docs.ondat.io/docs/operations/licensing). For
additional capacity, features and support plans contact sales@ondat.io.
## Highlighted Features
* High Availability - synchronous replication insulates you from node failure.
* Delta Sync - replicas out of sync due to transient failures only transfer
changed blocks.
* Multiple AccessModes - dynamically provision ReadWriteOnce or ReadWriteMany
volumes.
* Rapid Failover - quickly detects node failure and automates recovery actions
without administrator intervention.
* Data Encryption - both in transit and at rest.
* Scalability - disaggregated consensus means no single scheduling point of
failure.
* Thin provisioning - only consume the space you need in a storage pool.
* Data reduction - transparent inline data compression to reduce the amount of
storage used in a backing store as well as reducing the network bandwidth
requirements for replication.
* Flexible configuration - all features can be enabled per volume, using PVC
and StorageClass labels.
* Multi-tenancy - fully supports standard Namespace and RBAC methods.
* Observability & instrumentation - Log streams for observability and
Prometheus support for instrumentation.
* Deployment flexibility - scale up or scale out storage based on application
requirements. Works with any infrastructure on-premises, VM, bare metal
or cloud.
## About StorageOS
StorageOS is a software-defined cloud native storage platform delivering
persistent storage for Kubernetes. StorageOS is built from the ground-up with
no legacy restrictions to give enterprises working with cloud native workloads
a scalable storage platform with no compromise on performance, availability or
security. For additional information, visit www.ondat.io.
## Installation
StorageOS requires an etcd cluster in order to function. Find out more about
setting up an etcd cluster in our [etcd
docs](https://docs.ondat.io/docs/prerequisites/etcd/).
By default, a minimal configuration of StorageOS is installed. To set advanced
configurations, disable the default installation of the StorageOS cluster
and create a custom StorageOSCluster resource, documentation
[here](https://github.com/ondat/charts/blob/main/charts/ondat-operator/README.md#creating-a-storageos-cluster-manually)
Newly installed StorageOS clusters require a license to function. For
instructions on applying our free developer license, or obtaining a commercial
license, please see our documentation at
https://docs.ondat.io/docs/reference/licence/.

5
charts/ondat-operator/ondat-operator/0.5.400/ci/std-values.yaml Normal file
View File

@ -0,0 +1,5 @@
podSecurityPolicy:
enabled: true
cluster:
# Disable cluster creation in CI, should install the operator only.
create: false

424
charts/ondat-operator/ondat-operator/0.5.400/crds/storageoscluster_crd.yaml Normal file
View File

@ -0,0 +1,424 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
labels:
app: storageos
app.kubernetes.io/component: operator
name: storageosclusters.storageos.com
spec:
group: storageos.com
names:
kind: StorageOSCluster
listKind: StorageOSClusterList
plural: storageosclusters
shortNames:
- stos
singular: storageoscluster
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Ready status of the storageos nodes.
jsonPath: .status.ready
name: ready
type: string
- description: Status of the whole cluster.
jsonPath: .status.phase
name: status
type: string
- jsonPath: .metadata.creationTimestamp
name: age
type: date
name: v1
schema:
openAPIV3Schema:
description: StorageOSCluster is the Schema for the storageosclusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: StorageOSClusterSpec defines the desired state of StorageOSCluster
properties:
csi:
description: CSI defines the configurations for CSI.
properties:
deploymentStrategy:
type: string
deviceDir:
type: string
driverRegisterationMode:
type: string
driverRequiresAttachment:
type: string
enable:
type: boolean
enableControllerExpandCreds:
type: boolean
enableControllerPublishCreds:
type: boolean
enableNodePublishCreds:
type: boolean
enableProvisionCreds:
type: boolean
endpoint:
type: string
kubeletDir:
type: string
kubeletRegistrationPath:
type: string
pluginDir:
type: string
registrarSocketDir:
type: string
registrationDir:
type: string
version:
type: string
type: object
debug:
description: Debug is to set debug mode of the cluster.
type: boolean
disableFencing:
description: "Disable Pod Fencing. With StatefulSets, Pods are only re-scheduled if the Pod has been marked as killed. In practice this means that failover of a StatefulSet pod is a manual operation. \n By enabling Pod Fencing and setting the `storageos.com/fenced=true` label on a Pod, StorageOS will enable automated Pod failover (by killing the application Pod on the failed node) if the following conditions exist: \n - Pod fencing has not been explicitly disabled. - StorageOS has determined that the node the Pod is running on is offline. StorageOS uses Gossip and TCP checks and will retry for 30 seconds. At this point all volumes on the failed node are marked offline (irrespective of whether fencing is enabled) and volume failover starts. - The Pod has the label `storageos.com/fenced=true` set. - The Pod has at least one StorageOS volume attached. - Each StorageOS volume has at least 1 healthy replica. \n When Pod Fencing is disabled, StorageOS will not perform any interaction with Kubernetes when it detects that a node has gone offline. Additionally, the Kubernetes permissions required for Fencing will not be added to the StorageOS role. Deprecated: Not used any more, fencing is enabled/disabled by storageos.com/fenced label on pod."
type: boolean
disableScheduler:
description: 'Disable StorageOS scheduler extender. Deprecated: Not used any more, scheduler is always enabled on Kubernetes.'
type: boolean
disableTCMU:
description: "Disable TCMU can be set to true to disable the TCMU storage driver. This is required when there are multiple storage systems running on the same node and you wish to avoid conflicts. Only one TCMU-based storage system can run on a node at a time. \n Disabling TCMU will degrade performance. Deprecated: Not used any more."
type: boolean
disableTelemetry:
description: Disable Telemetry.
type: boolean
enablePortalManager:
description: EnablePortalManager enables Portal Manager.
type: boolean
environment:
additionalProperties:
type: string
description: Environment contains environment variables that are passed to StorageOS.
type: object
forceTCMU:
description: "Force TCMU can be set to true to ensure that TCMU is enabled or cause StorageOS to abort startup. \n At startup, StorageOS will automatically fallback to non-TCMU mode if another TCMU-based storage system is running on the node. Since non-TCMU will degrade performance, this may not always be desired. Deprecated: Not used any more."
type: boolean
images:
description: Images defines the various container images used in the cluster.
properties:
apiManagerContainer:
type: string
csiClusterDriverRegistrarContainer:
type: string
csiExternalAttacherContainer:
type: string
csiExternalProvisionerContainer:
type: string
csiExternalResizerContainer:
type: string
csiLivenessProbeContainer:
type: string
csiNodeDriverRegistrarContainer:
type: string
hyperkubeContainer:
type: string
initContainer:
type: string
kubeSchedulerContainer:
type: string
nfsContainer:
type: string
nodeContainer:
type: string
nodeManagerContainer:
type: string
portalManagerContainer:
type: string
upgradeGuardContainer:
type: string
type: object
ingress:
description: 'Ingress defines the ingress configurations used in the cluster. Deprecated: Not used any more, please create your ingress for dashboard on your own.'
properties:
annotations:
additionalProperties:
type: string
type: object
enable:
type: boolean
hostname:
type: string
tls:
type: boolean
type: object
join:
description: 'Join is the join token used for service discovery. Deprecated: Not used any more.'
type: string
k8sDistro:
description: "K8sDistro is the name of the Kubernetes distribution where the operator is being deployed. It should be in the format: `name[-1.0]`, where the version is optional and should only be appended if known. Suitable names include: `openshift`, `rancher`, `aks`, `gke`, `eks`, or the deployment method if using upstream directly, e.g `minishift` or `kubeadm`. \n Setting k8sDistro is optional, and will be used to simplify cluster configuration by setting appropriate defaults for the distribution. The distribution information will also be included in the product telemetry (if enabled), to help focus development efforts."
type: string
kvBackend:
description: KVBackend defines the key-value store backend used in the cluster.
properties:
address:
type: string
backend:
type: string
required:
- address
type: object
namespace:
description: 'Namespace is the kubernetes Namespace where storageos resources are provisioned. Deprecated: StorageOS uses namespace of storageosclusters.storageos.com resource.'
type: string
nodeManagerFeatures:
additionalProperties:
type: string
description: Node manager feature list with optional configurations.
type: object
nodeSelectorTerms:
description: NodeSelectorTerms is to set the placement of storageos pods using node affinity requiredDuringSchedulingIgnoredDuringExecution.
items:
description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements by node's labels.
items:
description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
description: The label key that the selector applies to.
type: string
operator:
description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements by node's fields.
items:
description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
description: The label key that the selector applies to.
type: string
operator:
description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
pause:
description: 'Pause is to pause the operator for the cluster. Deprecated: Not used any more, operator is always running.'
type: boolean
resources:
description: Resources is to set the resource requirements of the storageos containers.
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
secretRefName:
description: SecretRefName is the name of the secret object that contains all the sensitive cluster configurations.
type: string
secretRefNamespace:
description: 'SecretRefNamespace is the namespace of the secret reference. Deprecated: StorageOS uses namespace of storageosclusters.storageos.com resource.'
type: string
service:
description: Service is the Service configuration for the cluster nodes.
properties:
annotations:
additionalProperties:
type: string
type: object
externalPort:
type: integer
internalPort:
type: integer
name:
type: string
type:
type: string
required:
- name
- type
type: object
sharedDir:
description: 'SharedDir is the shared directory to be used when the kubelet is running in a container. Typically: "/var/lib/kubelet/plugins/kubernetes.io~storageos". If not set, defaults will be used.'
type: string
storageClassName:
description: StorageClassName is the name of default StorageClass created for StorageOS volumes.
type: string
tlsEtcdSecretRefName:
description: TLSEtcdSecretRefName is the name of the secret object that contains the etcd TLS certs. This secret is shared with etcd, therefore it's not part of the main storageos secret.
type: string
tlsEtcdSecretRefNamespace:
description: 'TLSEtcdSecretRefNamespace is the namespace of the etcd TLS secret object. Deprecated: StorageOS uses namespace of storageosclusters.storageos.com resource.'
type: string
tolerations:
description: Tolerations is to set the placement of storageos pods using pod toleration.
items:
description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
required:
- kvBackend
- secretRefName
type: object
status:
description: StorageOSClusterStatus defines the observed state of StorageOSCluster
properties:
conditions:
description: Conditions is a list of status of all the components of StorageOS.
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
members:
description: Members is the list of StorageOS nodes in the cluster.
properties:
ready:
description: Ready are the storageos cluster members that are ready to serve requests. The member names are the same as the node IPs.
items:
type: string
type: array
unready:
description: Unready are the storageos cluster nodes not ready to serve requests.
items:
type: string
type: array
type: object
nodeHealthStatus:
additionalProperties:
description: NodeHealth contains health status of a node.
properties:
directfsInitiator:
type: string
director:
type: string
kv:
type: string
kvWrite:
type: string
nats:
type: string
presentation:
type: string
rdb:
type: string
type: object
type: object
nodes:
items:
type: string
type: array
phase:
description: Phase is the phase of the StorageOS cluster.
type: string
ready:
description: Ready is the ready status of the StorageOS control-plane pods.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

177
charts/ondat-operator/ondat-operator/0.5.400/questions.yml Normal file
View File

@ -0,0 +1,177 @@
categories:
- storage
labels:
io.rancher.certified: partner
io.cattle.role: cluster
rancher_min_version: 2.4.0
questions:
- variable: k8sDistro
default: rancher
description: "Kubernetes Distribution is used to fine-tune configuration for
specific Kubernetes distributions. It is also included in anonymized
telemetry data so that we can focus development effort most effectively.
Example values: rancher, openshift"
type: string
label: Kubernetes Distribution
# Operator image configuration.
- variable: defaultImage
default: true
description: "Use default Docker images"
label: Use Default Images
type: boolean
show_subquestion_if: false
group: "Container Images"
subquestions:
- variable: operator.image.pullPolicy
default: IfNotPresent
description: "Operator Image pull policy"
type: enum
label: Operator Image pull policy
options:
- IfNotPresent
- Always
- Never
- variable: operator.image.repository
default: "storageos/operator"
description: "StorageOS operator image name"
type: string
label: StorageOS Operator Image Name
- variable: operator.image.tag
default: "v2.5.0"
description: "StorageOS Operator image tag"
type: string
label: StorageOS Operator Image Tag
# Default minimal cluster configuration.
- variable: cluster.create
default: true
type: boolean
description: "Install StorageOS cluster with minimal configurations"
label: "Install StorageOS cluster"
show_subquestion_if: true
group: "StorageOS Cluster"
subquestions:
# Cluster metadata.
- variable: cluster.name
default: "storageos"
description: "Name of the StorageOS cluster deployment"
type: string
label: Cluster Name
- variable: cluster.namespace
default: "storageos"
description: "Namespace of the StorageOS cluster deployment"
type: string
label: Cluster Namespace
- variable: cluster.createNamespace
default: true
description: "If true, create the namespace for the cluster deployment"
type: boolean
label: Create Cluster Namespace
# Node container image.
- variable: cluster.images.node.repository
default: "storageos/node"
description: "StorageOS node container image name"
type: string
label: StorageOS Node Container Image Name
- variable: cluster.images.node.tag
default: "v2.5.0"
description: "StorageOS Node container image tag"
type: string
label: StorageOS Node Container Image Tag
# Telemetry.
- variable: cluster.disableTelemetry
default: false
type: boolean
description: "Disable telemetry data collection. See https://docs.storageos.com/docs/reference/telemetry for more information."
label: Disable Telemetry
# Credentials.
- variable: cluster.admin.username
default: "admin"
description: "Username of the StorageOS administrator account"
type: string
label: Username
- variable: cluster.admin.password
default: ""
description: "Password of the StorageOS administrator account. Must be at
least 8 characters long"
type: password
label: Password
# KV store backend.
- variable: cluster.kvBackend.address
required: true
default: ""
description: "List of etcd targets, in the form ip:port, separated by
commas. Prefer multiple direct endpoints over a single load-balanced
endpoint. See https://docs.storageos.com/docs/prerequisites/etcd/ for more
information."
type: string
label: External etcd address(es)
- variable: cluster.kvBackend.tls
default: false
type: boolean
description: "Enable etcd TLS"
label: "TLS should be configured for external etcd to protect configuration data (Optional)."
- variable: cluster.kvBackend.tlsSecretName
required: false
default: ""
description: "Name of the secret that contains the etcd TLS certs. This secret is typically shared with etcd."
type: string
label: External etcd TLS secret name
show_if: "cluster.kvBackend.tls=true"
- variable: cluster.kvBackend.tlsSecretNamespace
required: false
default: ""
description: "Namespace of the secret that contains the etcd TLS certs. This secret is typically shared with etcd."
type: string
label: External etcd TLS secret namespace
show_if: "cluster.kvBackend.tls=true"
# Node Selector Term.
- variable: cluster.nodeSelectorTerm.key
required: false
default: ""
description: "Key of the node selector term match expression used to select the nodes to install StorageOS on, e.g. `node-role.kubernetes.io/worker`"
type: string
label: Node selector term key
- variable: cluster.nodeSelectorTerm.value
required: false
default: ""
description: "Value of the node selector term match expression used to select the nodes to install StorageOS on."
type: string
label: Node selector term value
# Pod tolerations.
- variable: cluster.toleration.key
required: false
default: ""
description: "Key of pod toleration with operator 'Equal' and effect 'NoSchedule'"
type: string
label: Pod toleration key
- variable: cluster.toleration.value
required: false
default: ""
description: "Value of pod toleration with operator 'Equal' and effect 'NoSchedule'"
type: string
label: Pod toleration value
# Shared Directory
- variable: cluster.sharedDir
required: false
default: "/var/lib/kubelet/plugins/kubernetes.io~storageos"
description: "Shared Directory should be set if running kubelet in a container. This should be the path shared into to kubelet container, typically: '/var/lib/kubelet/plugins/kubernetes.io~storageos'. If not set, defaults will be used."
type: string
label: Shared Directory
# Cluster metadata.
- variable: cluster.storageClassName
default: "storageos"
description: "Name of the default StorageOS StorageClass"
type: string
label: StorageClass Name

51
charts/ondat-operator/ondat-operator/0.5.400/templates/NOTES.txt Normal file
View File

@ -0,0 +1,51 @@
{{- if .Values.cluster.create }}
As you enabled automatic cluster creation, your StorageOS cluster is spinning
up in the {{ .Values.cluster.namespace }} namespace.
{{- else }}
StorageOS Operator deployed.
As you disabled automatic cluster creation, you can deploy a StorageOS cluster
by creating a custom StorageOSCluster resource:
1. Create a secret containing StorageOS cluster credentials. This secret
contains the API username and password that will be used to authenticate to the
StorageOS cluster. Base64 encode the username and password that you want to use
for your StorageOS cluster.
apiVersion: v1
kind: Secret
metadata:
name: storageos-api
namespace: storageos
labels:
app: storageos
type: kubernetes.io/storageos
data:
# echo -n '<secret>' | base64
username: c3RvcmFnZW9z
password: c3RvcmFnZW9z
2. Create a StorageOS custom resource that references the secret created
above (storageos-api in the above example). They must share a namespace.
When the resource is created, the cluster will be deployed.
apiVersion: storageos.com/v1
kind: StorageOSCluster
metadata:
name: example-storageos
namespace: storageos
spec:
secretRefName: storageos-api
storageClassName: storageos
kvBackend:
address: <etcd-endpoint>
Newly installed StorageOS clusters require a license to function. For
instructions on applying our free developer license, or obtaining a commercial
license, please see our documentation at
https://docs.storageos.com/docs/reference/licence/.
{{- end }}

67
charts/ondat-operator/ondat-operator/0.5.400/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,67 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "storageos.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "storageos.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "storageos.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "storageos.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "storageos.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Validate the admin username to be of minimum length
*/}}
{{- define "validate-username" -}}
{{ $length := len .Values.cluster.admin.username }}
{{- if ge $length 3 -}}
{{ .Values.cluster.admin.username }}
{{- else -}}
{{- fail "Invalid username. Must be at least 3 characters." -}}
{{- end -}}
{{- end -}}
{{/*
Validate the admin password to be of minimum length
*/}}
{{- define "validate-password" -}}
{{ $length := len .Values.cluster.admin.password }}
{{- if ge $length 8 -}}
{{ .Values.cluster.admin.password }}
{{- else -}}
{{- fail "Invalid password. Must be at least 8 characters." -}}
{{- end -}}
{{- end -}}

315
charts/ondat-operator/ondat-operator/0.5.400/templates/cleanup.yaml Normal file
View File

@ -0,0 +1,315 @@
# ClusterRole, ClusterRoleBinding and ServiceAccounts have hook-failed in
# hook-delete-policy to make it easy to rerun the whole setup even after a
# failure, else the rerun fails with existing resource error.
# Hook delete policy before-hook-creation ensures any other leftover resources
# from previous run gets deleted when run again.
# The Job resources will not be deleted to help investigage the failure.
# Since the resources created by the operator are not managed by the chart, each
# of them must be individually deleted in separate jobs.
apiVersion: v1
kind: ServiceAccount
metadata:
name: storageos-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": "hook-succeeded, hook-failed, before-hook-creation"
"helm.sh/hook-weight": "1"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: storageos:cleanup
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": "hook-succeeded, hook-failed, before-hook-creation"
"helm.sh/hook-weight": "1"
rules:
# Using apiGroup "apps" for daemonsets fails and the permission error indicates
# that it's in group "extensions". Not sure if it's a Job specific behavior,
# because the daemonsets deployed by the operator use "apps" apiGroup.
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
verbs:
- delete
- apiGroups:
- apps
resources:
- statefulsets
- deployments
- daemonsets
verbs:
- delete
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- delete
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- delete
- apiGroups:
- ""
resources:
- serviceaccounts
- secrets
- services
- configmaps
verbs:
- delete
- apiGroups:
- storageos.com
resources:
- storageosclusters
verbs:
- get
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: storageos:cleanup
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": "hook-succeeded, hook-failed, before-hook-creation"
"helm.sh/hook-weight": "2"
subjects:
- name: storageos-cleanup
kind: ServiceAccount
namespace: {{ .Release.Namespace }}
roleRef:
name: storageos:cleanup
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
---
{{- if .Values.cluster.create }}
# Delete the CR
apiVersion: batch/v1
kind: Job
metadata:
name: "storageos-storageoscluster-cleanup"
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation"
"helm.sh/hook-weight": "3"
spec:
template:
spec:
serviceAccountName: storageos-cleanup
containers:
- name: "storageos-storageoscluster-cleanup"
image: "{{ $.Values.cleanup.images.kubectl.repository }}:{{ $.Values.cleanup.images.kubectl.tag }}"
command:
- kubectl
- -n
- {{ .Values.cluster.namespace }}
- delete
- storageoscluster
- {{ .Values.cluster.name }}
- --ignore-not-found=true
restartPolicy: Never
backoffLimit: 4
---
# Wait for the operator to appropriately delete resources based on CR deletion
apiVersion: batch/v1
kind: Job
metadata:
name: "storageos-cleanup-wait"
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation"
"helm.sh/hook-weight": "4"
spec:
template:
spec:
serviceAccountName: storageos-cleanup
containers:
- name: "storageos-cleanup-wait"
image: "{{ $.Values.cleanup.images.kubectl.repository }}:{{ $.Values.cleanup.images.kubectl.tag }}"
command:
- "/bin/bash"
- "-c"
args:
- 'while [ -n "$(kubectl get pods -n {{ .Values.cluster.namespace }} -l app=storageos --ignore-not-found)" ]; do echo "Pods stil deleting"; sleep 5; done'
restartPolicy: Never
backoffLimit: 4
---
{{- end }}
# Seperation between pre- & post-delete hooks
# The storageoscluster CR must be deleted before the operator, so the operator
# can handle cluster tear down.
# Some resources must be deleted after the operator otherwise the operator
# will re-create them.
apiVersion: v1
kind: ServiceAccount
metadata:
name: storageos-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": "hook-succeeded, hook-failed, before-hook-creation"
"helm.sh/hook-weight": "1"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: storageos:cleanup
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": "hook-succeeded, hook-failed, before-hook-creation"
"helm.sh/hook-weight": "1"
rules:
# Using apiGroup "apps" for daemonsets fails and the permission error indicates
# that it's in group "extensions". Not sure if it's a Job specific behavior,
# because the daemonsets deployed by the operator use "apps" apiGroup.
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
verbs:
- delete
- apiGroups:
- apps
resources:
- statefulsets
- deployments
- daemonsets
verbs:
- delete
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- delete
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- delete
- apiGroups:
- ""
resources:
- serviceaccounts
- secrets
- services
- configmaps
verbs:
- delete
- apiGroups:
- storageos.com
resources:
- storageosclusters
verbs:
- get
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: storageos:cleanup
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": "hook-succeeded, hook-failed, before-hook-creation"
"helm.sh/hook-weight": "2"
subjects:
- name: storageos-cleanup
kind: ServiceAccount
namespace: {{ .Release.Namespace }}
roleRef:
name: storageos:cleanup
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
---
# Delete some misc operator files that aren't cleaned up otherwise.
# Needs to be done afterwards in a post-delete hook as otherwise the operator
# will sometimes recreate them before it's destroyed.
apiVersion: batch/v1
kind: Job
metadata:
name: "storageos-operator-data-cleanup"
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": "hook-succeeded, before-hook-creation"
"helm.sh/hook-weight": "3"
spec:
template:
spec:
serviceAccountName: storageos-cleanup
containers:
- name: "storageos-operator-data-cleanup"
image: "{{ $.Values.cleanup.images.kubectl.repository }}:{{ $.Values.cleanup.images.kubectl.tag }}"
command:
- kubectl
- -n
- {{ .Release.Namespace }}
- delete
- configmap/operator
- configmap/storageos-api-manager-leader
- secret/storageos-operator-webhook
- secret/storageos-webhook
- --ignore-not-found=true
restartPolicy: Never
backoffLimit: 4

75
charts/ondat-operator/ondat-operator/0.5.400/templates/config-maps.yaml Normal file
View File

@ -0,0 +1,75 @@
apiVersion: v1
data:
operator_config.yaml: |
apiVersion: config.storageos.com/v1
kind: OperatorConfig
health:
healthProbeBindAddress: :8081
metrics:
bindAddress: 127.0.0.1:8080
webhook:
port: 9443
leaderElection:
leaderElect: true
resourceName: storageos-operator
webhookCertRefreshInterval: 15m
webhookServiceName: storageos-operator-webhook
webhookSecretRef: storageos-operator-webhook
validatingWebhookConfigRef: storageos-operator-validating-webhook
kind: ConfigMap
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos-operator
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
data:
{{- if and .Values.cluster.images.apiManager.repository .Values.cluster.images.apiManager.tag }}
RELATED_IMAGE_API_MANAGER: "{{ .Values.cluster.images.apiManager.repository }}:{{ .Values.cluster.images.apiManager.tag }}"
{{- end }}
{{- if and .Values.cluster.images.csiV1ExternalAttacherV3.repository .Values.cluster.images.csiV1ExternalAttacherV3.tag }}
RELATED_IMAGE_CSIV1_EXTERNAL_ATTACHER_V3: "{{ .Values.cluster.images.csiV1ExternalAttacherV3.repository }}:{{ .Values.cluster.images.csiV1ExternalAttacherV3.tag }}"
{{- end }}
{{- if and .Values.cluster.images.csiV1ExternalProvisioner.repository .Values.cluster.images.csiV1ExternalProvisioner.tag }}
RELATED_IMAGE_CSIV1_EXTERNAL_PROVISIONER: "{{ .Values.cluster.images.csiV1ExternalProvisioner.repository }}:{{ .Values.cluster.images.csiV1ExternalProvisioner.tag }}"
{{- end }}
{{- if and .Values.cluster.images.csiV1ExternalResizer.repository .Values.cluster.images.csiV1ExternalResizer.tag }}
RELATED_IMAGE_CSIV1_EXTERNAL_RESIZER: "{{ .Values.cluster.images.csiV1ExternalResizer.repository }}:{{ .Values.cluster.images.csiV1ExternalResizer.tag }}"
{{- end }}
{{- if and .Values.cluster.images.csiV1LivenessProbe.repository .Values.cluster.images.csiV1LivenessProbe.tag }}
RELATED_IMAGE_CSIV1_LIVENESS_PROBE: "{{ .Values.cluster.images.csiV1LivenessProbe.repository }}:{{ .Values.cluster.images.csiV1LivenessProbe.tag }}"
{{- end }}
{{- if and .Values.cluster.images.csiV1NodeDriverRegistrar.repository .Values.cluster.images.csiV1NodeDriverRegistrar.tag }}
RELATED_IMAGE_CSIV1_NODE_DRIVER_REGISTRAR: "{{ .Values.cluster.images.csiV1NodeDriverRegistrar.repository }}:{{ .Values.cluster.images.csiV1NodeDriverRegistrar.tag }}"
{{- end }}
{{- if and .Values.cluster.images.init.repository .Values.cluster.images.init.tag }}
RELATED_IMAGE_STORAGEOS_INIT: "{{ .Values.cluster.images.init.repository }}:{{ .Values.cluster.images.init.tag }}"
{{- end }}
{{- if and .Values.cluster.images.node.repository .Values.cluster.images.node.tag }}
RELATED_IMAGE_STORAGEOS_NODE: "{{ .Values.cluster.images.node.repository }}:{{ .Values.cluster.images.node.tag }}"
{{- end }}
{{- if and .Values.cluster.images.nodeManager.repository .Values.cluster.images.nodeManager.tag }}
RELATED_IMAGE_NODE_MANAGER: "{{ .Values.cluster.images.nodeManager.repository }}:{{ .Values.cluster.images.nodeManager.tag }}"
{{- end }}
{{- if and .Values.cluster.images.portalManager.repository .Values.cluster.images.portalManager.tag }}
RELATED_IMAGE_PORTAL_MANAGER: "{{ .Values.cluster.images.portalManager.repository }}:{{ .Values.cluster.images.portalManager.tag }}"
{{- end }}
{{- if and .Values.cluster.images.upgradeGuard.repository .Values.cluster.images.upgradeGuard.tag }}
RELATED_IMAGE_UPGRADE_GUARD: "{{ .Values.cluster.images.upgradeGuard.repository }}:{{ .Values.cluster.images.upgradeGuard.tag }}"
{{- end }}
kind: ConfigMap
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos-related-images
namespace: {{ .Release.Namespace }}

22
charts/ondat-operator/ondat-operator/0.5.400/templates/namespaces.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if .Values.cluster.createNamespace }}
# Don't want to attempt to create the ns if user has specificied the same ns
# for both the release and the StorageOS cluster.
# As otherwise it would fail & this could be confusing UX for them.
{{- if not (eq .Release.Namespace .Values.cluster.namespace) }}
apiVersion: v1
kind: Namespace
metadata:
name: {{ .Values.cluster.namespace }}
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
control-plane: storageos-operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- end }}
{{- end }}

87
charts/ondat-operator/ondat-operator/0.5.400/templates/operator.yaml Normal file
View File

@ -0,0 +1,87 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "storageos.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
control-plane: storageos-operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
control-plane: storageos-operator
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
control-plane: storageos-operator
release: {{ .Release.Name }}
spec:
containers:
- args:
- --config=operator_config.yaml
command:
- /manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- configMapRef:
name: storageos-related-images
image: "{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}"
imagePullPolicy: {{ .Values.operator.image.pullPolicy }}
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 250m
memory: 200Mi
requests:
cpu: 10m
memory: 100Mi
securityContext:
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /operator_config.yaml
name: storageos-operator
subPath: operator_config.yaml
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=10
image: quay.io/brancz/kube-rbac-proxy:v0.10.0
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
securityContext:
runAsNonRoot: true
serviceAccountName: {{ template "storageos.serviceAccountName" . }}
terminationGracePeriodSeconds: 10
volumes:
- configMap:
name: storageos-operator
name: storageos-operator

29
charts/ondat-operator/ondat-operator/0.5.400/templates/psp.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "storageos.fullname" . }}-psp
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "storageos.name" . }}
chart: {{ template "storageos.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
annotations:
{{- if .Values.podSecurityPolicy.annotations }}
{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
spec:
volumes:
- '*'
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'
{{- end }}

840
charts/ondat-operator/ondat-operator/0.5.400/templates/rbac.yaml Normal file
View File

@ -0,0 +1,840 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
---
# Role for storageos operator
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: storageos:operator
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
- configmaps/status
- endpoints
- endpoints/status
- events
- namespaces
- persistentvolumeclaims
- persistentvolumeclaims/status
- persistentvolumes
- pods/binding
- pods/status
- replicationcontrollers
- secrets
- serviceaccounts
- services
- services/finalizers
- services/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- api.storageos.com
resources:
- nodes
- volumes
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- api.storageos.com
resources:
- nodes/status
- volumes/status
verbs:
- get
- patch
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- delete
- get
- patch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- csi.storage.k8s.io
resources:
- csidrivers
- csistoragecapacities
verbs:
- create
- delete
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- bind
- create
- delete
- get
- patch
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- create
- delete
- get
- update
- use
- apiGroups:
- storage.k8s.io
resources:
- csidrivers
- csinodeinfos
- csinodes
- csistoragecapacities
- storageclasses
- volumeattachments
- volumeattachments/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- storageos.com
resources:
- storageosclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- storageos.com
resources:
- storageosclusters/finalizers
verbs:
- update
- apiGroups:
- storageos.com
resources:
- storageosclusters/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:api-manager
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- endpoints/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- node
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- delete
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- services/status
verbs:
- get
- patch
- update
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- api.storageos.com
resources:
- nodes
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- api.storageos.com
resources:
- nodes/status
verbs:
- get
- patch
- update
- apiGroups:
- api.storageos.com
resources:
- volumes
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- api.storageos.com
resources:
- volumes/status
verbs:
- get
- patch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- delete
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:node-manager
rules:
- apiGroups:
- api.storageos.com
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- api.storageos.com
resources:
- volumes
verbs:
- get
- list
- watch
- apiGroups:
- storageos.com
resources:
- storageosclusters
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:portal-manager
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
- persistentvolumeclaims
- persistentvolumes
- pods
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- api.storageos.com
resources:
- nodes
- volumes
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
- volumeattachments
verbs:
- list
- watch
- apiGroups:
- storageos.com
resources:
- storageosclusters
verbs:
- list
- watch
- apiGroups:
- storageos.com
resources:
- storageosportals
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:scheduler-extender
rules:
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- patch
- apiGroups:
- scheduling.k8s.io
resources:
- priorityclasses
verbs:
- get
- list
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:proxy:operator
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
# Bind operator service account to storageos-operator role
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: storageos:operator
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
subjects:
- kind: ServiceAccount
name: {{ template "storageos.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: storageos:operator
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:api-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: storageos:operator:api-manager
subjects:
- kind: ServiceAccount
name: storageos-operator
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:node-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: storageos:operator:node-manager
subjects:
- kind: ServiceAccount
name: storageos-operator
namespace: storageos
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:portal-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: storageos:operator:portal-manager
subjects:
- kind: ServiceAccount
name: storageos-operator
namespace: storageos
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:operator:scheduler-extender
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: storageos:operator:scheduler-extender
subjects:
- kind: ServiceAccount
name: storageos-operator
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos:proxy:operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: storageos:proxy:operator
subjects:
- kind: ServiceAccount
name: storageos-operator
namespace: {{ .Release.Namespace }}
{{- if .Values.podSecurityPolicy.enabled }}
---
# ClusterRole for using pod security policy.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: storageos:psp-user
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
rules:
- apiGroups: ["extensions"]
resources: ["podsecuritypolicies"]
verbs: ["use"]
resourceNames:
- {{ template "storageos.fullname" . }}-psp
---
# Bind pod security policy cluster role to the operator service account.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: storageos:psp-user
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: storageos:psp-user
subjects:
- kind: ServiceAccount
name: {{ template "storageos.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}

19
charts/ondat-operator/ondat-operator/0.5.400/templates/secrets.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.cluster.create }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.cluster.secretRefName }}
namespace: {{ .Values.cluster.namespace }}
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: "kubernetes.io/storageos"
data:
username: {{ include "validate-username" . | b64enc | quote }}
password: {{ include "validate-password" . | b64enc | quote }}
{{- end }}

13
charts/ondat-operator/ondat-operator/0.5.400/templates/service-account.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "storageos.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- end }}

42
charts/ondat-operator/ondat-operator/0.5.400/templates/services.yaml Normal file
View File

@ -0,0 +1,42 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
control-plane: storageos-operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos-operator
namespace: {{ .Release.Namespace }}
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
control-plane: storageos-operator
---
apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos-operator-webhook
namespace: {{ .Release.Namespace }}
spec:
ports:
- port: 443
targetPort: 9443
selector:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
control-plane: storageos-operator

52
charts/ondat-operator/ondat-operator/0.5.400/templates/storageoscluster_cr.yaml Normal file
View File

@ -0,0 +1,52 @@
{{- if .Values.cluster.create }}
apiVersion: storageos.com/v1
kind: StorageOSCluster
metadata:
name: {{ .Values.cluster.name }}
namespace: {{ .Values.cluster.namespace }}
spec:
secretRefName: {{ .Values.cluster.secretRefName }}
disableTelemetry: {{ .Values.cluster.disableTelemetry }}
storageClassName: {{ .Values.cluster.storageClassName }}
{{- if .Values.k8sDistro }}
k8sDistro: {{ .Values.k8sDistro }}
{{- end }}
{{- if .Values.cluster.sharedDir }}
sharedDir: {{ .Values.cluster.sharedDir }}
{{- end }}
kvBackend:
address: {{ required "kv backend address must be set" .Values.cluster.kvBackend.address }}
backend: {{ .Values.cluster.kvBackend.backend }}
{{- if .Values.cluster.kvBackend.tlsSecretName }}
tlsEtcdSecretRefName: {{ .Values.cluster.kvBackend.tlsSecretName }}
{{- end }}
{{- if .Values.cluster.kvBackend.tlsSecretNamespace }}
tlsEtcdSecretRefNamespace: {{ .Values.cluster.kvBackend.tlsSecretNamespace }}
{{- end }}
resources:
{{ toYaml .Values.cluster.resources | indent 4 }}
{{- if .Values.cluster.nodeSelectorTerm.key }}
nodeSelectorTerms:
- matchExpressions:
- key: {{ .Values.cluster.nodeSelectorTerm.key }}
operator: In
values:
- "{{ .Values.cluster.nodeSelectorTerm.value }}"
{{- end }}
{{- if .Values.cluster.toleration.key }}
tolerations:
- key: {{ .Values.cluster.toleration.key }}
operator: "Equal"
value: {{ .Values.cluster.toleration.value }}
effect: "NoSchedule"
{{- end }}
{{- end }}

31
charts/ondat-operator/ondat-operator/0.5.400/templates/validating-webhook-configuration.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
creationTimestamp: null
labels:
app: {{ template "storageos.name" . }}
app.kubernetes.io/component: operator
chart: {{ template "storageos.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
name: storageos-operator-validating-webhook
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: storageos-operator-webhook
namespace: {{ .Release.Namespace }}
path: /validate-storageoscluster
failurePolicy: Fail
name: cluster-validator.storageos.com
rules:
- apiGroups:
- storageos.com
apiVersions:
- v1
operations:
- CREATE
resources:
- storageosclusters
sideEffects: None

144
charts/ondat-operator/ondat-operator/0.5.400/values.yaml Normal file
View File

@ -0,0 +1,144 @@
# Default values for storageos.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
name: ondat-operator
k8sDistro: default
serviceAccount:
create: true
name: storageos-operator
podSecurityPolicy:
enabled: false
annotations:
{}
## Specify pod annotations
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
##
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
# seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
# apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
# operator-specific configuation parameters.
operator:
image:
repository: storageos/operator
tag: v2.6.0
pullPolicy: IfNotPresent
# cluster-specific configuation parameters.
cluster:
# set create to true if the operator should auto-create the StorageOS cluster.
create: true
# Name of the deployment.
name: storageos
# Namespace to install the StorageOS cluster into.
# This is opposed to the namespace of the operator, which is refered to
# with .Release.Namespace
namespace: storageos
# Set to false if you'd like to use a pre-existing namespace
createNamespace: true
# Name of the secret containing StorageOS API credentials.
secretRefName: storageos-api
# Default admin account.
admin:
# Username to authenticate to the StorageOS API with.
username: storageos
# Password to authenticate to the StorageOS API with. This must be at least
# 8 characters long.
password:
# sharedDir should be set if running kubelet in a container. This should
# be the path shared into to kubelet container, typically:
# "/var/lib/kubelet/plugins/kubernetes.io~storageos". If not set, defaults
# will be used.
sharedDir:
# Key-Value store backend.
kvBackend:
address:
backend: etcd
tlsSecretName:
tlsSecretNamespace:
# Resource requests and limits for the node container
resources: {}
# requests:
# cpu: 1
# memory: 2Gi
# limits:
# cpu:
# memory:
# Node selector terms to install StorageOS on.
nodeSelectorTerm:
key:
value:
# Pod toleration for the StorageOS pods.
toleration:
key:
value:
# To disable anonymous usage reporting across the cluster, set to true.
# Defaults to false. To help improve the product, data such as API usage and
# StorageOS configuration information is collected.
disableTelemetry: false
# The name of the StorageClass to be created
# Using a YAML anchor to allow deletion of the custom storageClass
storageClassName: storageos
images:
apiManager:
repository: storageos/api-manager
tag: v1.2.5
csiV1ExternalAttacherV3:
repository: quay.io/k8scsi/csi-attacher
tag: v3.1.0
csiV1ExternalProvisioner:
repository: storageos/csi-provisioner
tag: v2.1.1-patched
csiV1ExternalResizer:
repository: quay.io/k8scsi/csi-resizer
tag: v1.1.0
csiV1LivenessProbe:
repository: quay.io/k8scsi/livenessprobe
tag: v2.2.0
csiV1NodeDriverRegistrar:
repository: quay.io/k8scsi/csi-node-driver-registrar
tag: v2.1.0
init:
repository: storageos/init
tag: v2.1.1
# nodeContainer is the StorageOS node image to use, available from the
# [Docker Hub](https://hub.docker.com/r/storageos/node/).
node:
repository: storageos/node
tag: v2.6.0
nodeManager:
repository: storageos/node-manager
tag: v0.0.2
portalManager:
repository: storageos/portal-manager
tag: v1.0.1
upgradeGuard:
repository: storageos/upgrade-guard
tag: v0.0.2
# The following is used for cleaning up unmanaged cluster resources when
# auto-install is enabled.
cleanup:
images:
kubectl:
repository: bitnami/kubectl
tag: 1.18.2

30
index.yaml
View File

@ -2719,6 +2719,36 @@ entries:
- assets/nutanix-csi-storage/nutanix-csi-storage-2.3.100.tgz
version: 2.3.100
ondat-operator:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Ondat Operator
catalog.cattle.io/release-name: ondat-operator
apiVersion: v2
appVersion: v2.6.0
created: "2022-02-24T15:13:07.677580962Z"
description: Cloud Native storage for containers
digest: edfbee79757a2403fab03bcb3f220a205ac31c95330045a215c9a49d2c03c65a
home: https://ondat.io
icon: https://docs.ondat.io/images/generic/Ondat_logo.svg
keywords:
- storage
- block-storage
- volume
- operator
kubeVersion: '>= 1.19'
maintainers:
- email: david@ondat.io
name: DavidMarchant
- email: richard.kovacs@ondat.io
name: mhmxs
- email: angelos.perivolaropoulos@ondat.io
name: aeroniero33
name: ondat-operator
sources:
- https://github.com/ondat
urls:
- assets/ondat-operator/ondat-operator-0.5.400.tgz
version: 0.5.400
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Ondat Operator

4
packages/ondat-operator/generated-changes/patch/Chart.yaml.patch
View File

@ -3,8 +3,8 @@
@@ -19,3 +19,8 @@
sources:
- https://github.com/ondat
version: 0.5.2
+kubeVersion: "1.18 - 1.22"
version: 0.5.4
+kubeVersion: ">= 1.19"
+annotations:
+ catalog.cattle.io/certified: partner # Enables the "partner" badge in the UI for easier identification
+ catalog.cattle.io/release-name: ondat-operator # Your chart's name in kebab-case, this is used for deployment

2
packages/ondat-operator/package.yaml
View File

@ -1,2 +1,2 @@
url: https://github.com/ondat/charts/releases/download/ondat-operator-0.5.2/ondat-operator-0.5.2.tgz
url: https://github.com/ondat/charts/releases/download/ondat-operator-0.5.4/ondat-operator-0.5.4.tgz
packageVersion: 00