diff --git a/artifacts/kubezero-local-volume-provisioner/kustomization.yaml b/artifacts/kubezero-local-volume-provisioner/kustomization.yaml deleted file mode 100644 index 3035364f..00000000 --- a/artifacts/kubezero-local-volume-provisioner/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -nameSpace: kube-system - -resources: -- local-sc-xfs.yaml -- local-volume-provisioner.yaml diff --git a/artifacts/kubezero-local-volume-provisioner/local-volume-provisioner.yaml b/artifacts/kubezero-local-volume-provisioner/local-volume-provisioner.yaml deleted file mode 100644 index c2b1d098..00000000 --- a/artifacts/kubezero-local-volume-provisioner/local-volume-provisioner.yaml +++ /dev/null @@ -1,136 +0,0 @@ ---- -# Source: provisioner/templates/provisioner.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: local-provisioner-config - namespace: kube-system - labels: - heritage: "Helm" - release: "RELEASE-NAME" - chart: provisioner-2.3.3 -data: - storageClassMap: | - local-sc-xfs: - hostDir: /mnt/disks - mountDir: /mnt/disks ---- -# Source: provisioner/templates/provisioner-service-account.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: local-storage-admin - namespace: kube-system - labels: - heritage: "Helm" - release: "RELEASE-NAME" - chart: provisioner-2.3.3 ---- -# Source: provisioner/templates/provisioner-cluster-role-binding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: local-storage-provisioner-node-clusterrole - labels: - heritage: "Helm" - release: "RELEASE-NAME" - chart: provisioner-2.3.3 -rules: -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get"] ---- -# Source: provisioner/templates/provisioner-cluster-role-binding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: local-storage-provisioner-pv-binding - labels: - heritage: "Helm" - release: "RELEASE-NAME" - chart: provisioner-2.3.3 -subjects: -- kind: ServiceAccount - name: local-storage-admin - namespace: kube-system -roleRef: - kind: ClusterRole - name: system:persistent-volume-provisioner - apiGroup: rbac.authorization.k8s.io ---- -# Source: provisioner/templates/provisioner-cluster-role-binding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: local-storage-provisioner-node-binding - labels: - heritage: "Helm" - release: "RELEASE-NAME" - chart: provisioner-2.3.3 -subjects: -- kind: ServiceAccount - name: local-storage-admin - namespace: kube-system -roleRef: - kind: ClusterRole - name: local-storage-provisioner-node-clusterrole - apiGroup: rbac.authorization.k8s.io ---- -# Source: provisioner/templates/provisioner.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: local-volume-provisioner - namespace: kube-system - labels: - app: local-volume-provisioner - heritage: "Helm" - release: "RELEASE-NAME" - chart: provisioner-2.3.3 -spec: - selector: - matchLabels: - app: local-volume-provisioner - template: - metadata: - labels: - app: local-volume-provisioner - spec: - serviceAccountName: local-storage-admin - nodeSelector: - node.kubernetes.io/localVolume: present - containers: - - image: "quay.io/external_storage/local-volume-provisioner:v2.3.3" - name: provisioner - securityContext: - privileged: true - env: - - name: MY_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: MY_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: JOB_CONTAINER_IMAGE - value: "quay.io/external_storage/local-volume-provisioner:v2.3.3" - volumeMounts: - - mountPath: /etc/provisioner/config - name: provisioner-config - readOnly: true - - mountPath: /dev - name: provisioner-dev - - mountPath: /mnt/disks - name: local-sc-xfs - mountPropagation: "HostToContainer" - volumes: - - name: provisioner-config - configMap: - name: local-provisioner-config - - name: provisioner-dev - hostPath: - path: /dev - - name: local-sc-xfs - hostPath: - path: /mnt/disks diff --git a/artifacts/kubezero-local-volume-provisioner/update.sh b/artifacts/kubezero-local-volume-provisioner/update.sh deleted file mode 100755 index 66e5dfc7..00000000 --- a/artifacts/kubezero-local-volume-provisioner/update.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -# get chart and render yaml -git clone --depth=1 https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner.git -helm template ./sig-storage-local-static-provisioner/helm/provisioner -f values.yaml --namespace kube-system > local-volume-provisioner.yaml diff --git a/artifacts/kubezero-local-volume-provisioner/values.yaml b/artifacts/kubezero-local-volume-provisioner/values.yaml deleted file mode 100644 index 3f0a1156..00000000 --- a/artifacts/kubezero-local-volume-provisioner/values.yaml +++ /dev/null @@ -1,11 +0,0 @@ -common: - namespace: kube-system -classes: -- name: local-sc-xfs - hostDir: /mnt/disks -daemonset: - nodeSelector: - node.kubernetes.io/localVolume: present -prometheus: - operator: - enabled: false diff --git a/charts/kubezero-calico/README.md b/charts/kubezero-calico/README.md index 07e1e7d1..e53f139d 100644 --- a/charts/kubezero-calico/README.md +++ b/charts/kubezero-calico/README.md @@ -2,7 +2,7 @@ kubezero-calico =============== KubeZero Umbrella Chart for Calico -Current chart version is `0.1.3` +Current chart version is `0.1.4` Source code can be found [here](https://kubezero.com) diff --git a/charts/kubezero-local-volume-provisioner/Chart.yaml b/charts/kubezero-local-volume-provisioner/Chart.yaml new file mode 100644 index 00000000..328614c3 --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: kubezero-local-volume-provisioner +description: KubeZero Umbrella Chart for local-static-provisioner +type: application +version: 0.0.1 +appVersion: 2.3.4 +home: https://kubezero.com +icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png +keywords: + - kubezero + - local-static-provisioner +maintainers: + - name: Quarky9 +dependencies: + - name: kubezero-lib + version: ">= 0.1.1" + repository: https://zero-down-time.github.io/kubezero/ +kubeVersion: ">= 1.16.0" diff --git a/charts/kubezero-local-volume-provisioner/README.md b/charts/kubezero-local-volume-provisioner/README.md new file mode 100644 index 00000000..b3070586 --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/README.md @@ -0,0 +1,24 @@ +kubezero-local-volume-provisioner +================================= +KubeZero Umbrella Chart for local-static-provisioner + +Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles. + +Current chart version is `0.0.1` + +Source code can be found [here](https://kubezero.com) + +## Chart Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.1 | + +## KubeZero default configuration + +- add nodeSelector to only install on nodes actually having ephemeral local storage +- provide matching storage class to expose mounted disks under `/mnt/disks` + +## Resources + +- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner diff --git a/artifacts/kubezero-local-volume-provisioner/README.md b/charts/kubezero-local-volume-provisioner/README.md.gotmpl similarity index 53% rename from artifacts/kubezero-local-volume-provisioner/README.md rename to charts/kubezero-local-volume-provisioner/README.md.gotmpl index 0c10bf0c..af42ff81 100644 --- a/artifacts/kubezero-local-volume-provisioner/README.md +++ b/charts/kubezero-local-volume-provisioner/README.md.gotmpl @@ -1,12 +1,19 @@ -# local-volume-provisioner -Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles. +{{ template "chart.header" . }} +{{ template "chart.description" . }} -As the upstream Helm chart is not part of a repository we extract the chart and store it locally as base for kustomize. -See `update.sh`. +Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles. + +{{ template "chart.versionLine" . }} + +{{ template "chart.sourceLinkLine" . }} + +{{ template "chart.requirementsSection" . }} + +## KubeZero default configuration -## Kustomizations - add nodeSelector to only install on nodes actually having ephemeral local storage - provide matching storage class to expose mounted disks under `/mnt/disks` ## Resources -- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner.git + +- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner diff --git a/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/Chart.yaml b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/Chart.yaml new file mode 100644 index 00000000..21d0314f --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +appVersion: 2.3.4 +description: local provisioner chart +keywords: +- storage +- local +name: local-static-provisioner +version: 3.0.0 diff --git a/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/NOTES.txt b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/NOTES.txt new file mode 100644 index 00000000..58393049 --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/NOTES.txt @@ -0,0 +1 @@ +provisioner installed diff --git a/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/_helpers.tpl b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/_helpers.tpl new file mode 100644 index 00000000..406d4d0b --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/_helpers.tpl @@ -0,0 +1,42 @@ +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "provisioner.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "provisioner.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "provisioner.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "provisioner.serviceAccountName" -}} +{{- if .Values.common.serviceAccount.create -}} + {{ default (include "provisioner.fullname" .) .Values.common.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.common.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/configmap.yaml b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/configmap.yaml new file mode 100644 index 00000000..93cf277a --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/configmap.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "provisioner.fullname" . }}-config + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +data: +{{- if .Values.daemonset.nodeLabels }} + nodeLabelsForPV: | + {{- range $label := .Values.daemonset.nodeLabels }} + - {{$label}} + {{- end }} +{{- end }} +{{- if .Values.common.useAlphaAPI }} + useAlphaAPI: "true" +{{- end }} +{{- if .Values.common.setPVOwnerRef }} + setPVOwnerRef: "true" +{{- end }} +{{- if .Values.common.useJobForCleaning }} + useJobForCleaning: "yes" +{{- end}} +{{- if .Values.common.useNodeNameOnly }} + useNodeNameOnly: "true" +{{- end }} +{{- if .Values.common.minResyncPeriod }} + minResyncPeriod: {{ .Values.common.minResyncPeriod | quote }} +{{- end}} + storageClassMap: | + {{- range $classConfig := .Values.classes }} + {{ $classConfig.name }}: + hostDir: {{ $classConfig.hostDir }} + mountDir: {{ if $classConfig.mountDir }} {{- $classConfig.mountDir -}} {{ else }} {{- $classConfig.hostDir -}} {{ end }} + {{- if $classConfig.blockCleanerCommand }} + blockCleanerCommand: + {{- range $val := $classConfig.blockCleanerCommand }} + - "{{ $val -}}"{{- end}} + {{- end }} + {{- if $classConfig.volumeMode }} + volumeMode: {{ $classConfig.volumeMode }} + {{- end }} + {{- if $classConfig.fsType }} + fsType: {{ $classConfig.fsType }} + {{- end }} + {{- if $classConfig.namePattern }} + namePattern: "{{ $classConfig.namePattern }}" + {{- end }} + {{- end }} diff --git a/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/daemonset.yaml b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/daemonset.yaml new file mode 100644 index 00000000..5bc9e501 --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/daemonset.yaml @@ -0,0 +1,93 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "provisioner.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "provisioner.serviceAccountName" . }} +{{- if .Values.daemonset.priorityClassName }} + priorityClassName: {{.Values.daemonset.priorityClassName}} +{{- end }} +{{- if .Values.daemonset.nodeSelector }} + nodeSelector: +{{ .Values.daemonset.nodeSelector | toYaml | trim | indent 8 }} +{{- end }} +{{- if .Values.daemonset.tolerations }} + tolerations: +{{ .Values.daemonset.tolerations | toYaml | trim | indent 8 }} +{{- end }} +{{- if .Values.daemonset.affinity }} + affinity: +{{ .Values.daemonset.affinity | toYaml | trim | indent 8 }} +{{- end }} + containers: + - image: "{{ .Values.daemonset.image }}" + {{- if .Values.daemonset.imagePullPolicy }} + imagePullPolicy: {{ .Values.daemonset.imagePullPolicy | quote }} + {{- end }} + name: provisioner + securityContext: + privileged: true +{{- if .Values.daemonset.resources }} + resources: +{{ .Values.daemonset.resources | toYaml | trim | indent 12 }} +{{- end }} + env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: JOB_CONTAINER_IMAGE + value: "{{ .Values.daemonset.image }}" + {{- if .Values.daemonset.kubeConfigEnv }} + - name: KUBECONFIG + value: {{.Values.daemonset.kubeConfigEnv}} + {{- end }} + {{- if .Values.serviceMonitor.enabled }} + ports: + - containerPort: 8080 + name: metrics + {{- end }} + volumeMounts: + - mountPath: /etc/provisioner/config + name: provisioner-config + readOnly: true + - mountPath: /dev + name: provisioner-dev + {{- range $classConfig := .Values.classes }} + - mountPath: {{ if $classConfig.mountDir }} {{- $classConfig.mountDir -}} {{ else }} {{- $classConfig.hostDir -}} {{ end }} + name: {{ $classConfig.name }} + mountPropagation: "HostToContainer" + {{- end }} + volumes: + - name: provisioner-config + configMap: + name: {{ template "provisioner.fullname" . }}-config + - name: provisioner-dev + hostPath: + path: /dev + {{- range $classConfig := .Values.classes }} + - name: {{ $classConfig.name }} + hostPath: + path: {{ $classConfig.hostDir }} + {{- end }} diff --git a/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/psp.yaml b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/psp.yaml new file mode 100644 index 00000000..1f2da624 --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/psp.yaml @@ -0,0 +1,36 @@ +{{- if .Values.common.rbac.pspEnabled -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "provisioner.fullname" . }} + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + allowPrivilegeEscalation: true + allowedHostPaths: + - pathPrefix: /dev + {{- range $classConfig := .Values.classes }} + - pathPrefix: {{ $classConfig.hostDir }} + {{- end }} + fsGroup: + rule: RunAsAny + privileged: true + requiredDropCapabilities: + - ALL + runAsUser: + ranges: + - max: 65535 + min: 1 + rule: MustRunAs + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - secret + - hostPath +{{- end }} diff --git a/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/rbac.yaml b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/rbac.yaml new file mode 100644 index 00000000..bd4c9805 --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/rbac.yaml @@ -0,0 +1,131 @@ +{{- if .Values.common.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "provisioner.fullname" . }}-pv-binding + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +subjects: +- kind: ServiceAccount + name: {{ template "provisioner.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: system:persistent-volume-provisioner + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "provisioner.fullname" . }}-node-clusterrole + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "provisioner.fullname" . }}-node-binding + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +subjects: +- kind: ServiceAccount + name: {{ template "provisioner.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "provisioner.fullname" . }}-node-clusterrole + apiGroup: rbac.authorization.k8s.io +{{- if .Values.common.useJobForCleaning }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "provisioner.fullname" . }}-jobs-role + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: + - 'batch' + resources: + - jobs + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "provisioner.fullname" . }}-jobs-rolebinding + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +subjects: +- kind: ServiceAccount + name: {{ template "provisioner.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ template "provisioner.fullname" . }}-jobs-role + apiGroup: rbac.authorization.k8s.io +{{- end }} +{{- if .Values.common.rbac.pspEnabled }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "provisioner.fullname" . }}-psp-role + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - {{ template "provisioner.fullname" . }} + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "provisioner.fullname" . }}-psp-rolebinding + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +subjects: +- kind: ServiceAccount + name: {{ template "provisioner.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ template "provisioner.fullname" . }}-psp-role + apiGroup: rbac.authorization.k8s.io +{{- end }} +{{- end }} diff --git a/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/serviceaccount.yaml b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/serviceaccount.yaml new file mode 100644 index 00000000..19941689 --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.common.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "provisioner.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/servicemonitor.yaml b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/servicemonitor.yaml new file mode 100644 index 00000000..89c69531 --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/servicemonitor.yaml @@ -0,0 +1,53 @@ +{{- if .Values.serviceMonitor.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "provisioner.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: 8080 + name: metrics + selector: + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "provisioner.fullname" . }} + namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace }} + labels: + helm.sh/chart: {{ template "provisioner.chart" . }} + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- range $k, $v := .Values.serviceMonitor.additionalLabels }} + {{ $k }}: {{ $v | quote }} + {{- end }} +spec: + jobLabel: app.kubernetes.io/name + endpoints: + - port: metrics + interval: {{ .Values.serviceMonitor.interval }} + scheme: http +{{- if .Values.serviceMonitor.relabelings }} + relabelings: +{{ toYaml .Values.serviceMonitor.relabelings | indent 4 }} +{{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "provisioner.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/storageclass.yaml b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/storageclass.yaml new file mode 100644 index 00000000..ce2f2ae0 --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/storageclass.yaml @@ -0,0 +1,28 @@ +{{- $release := .Release }} +{{- $chart := .Chart }} +{{- range $val := .Values.classes }} +{{- if $val.storageClass }} +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ $val.name }} + {{- if kindIs "map" $val.storageClass }} + {{- if $val.storageClass.isDefaultClass }} + annotations: + storageclass.kubernetes.io/is-default-class: "true" + {{- end }} + {{- end }} + labels: + app.kubernetes.io/managed-by: {{ $release.Service | quote }} + app.kubernetes.io/instance: {{ $release.Name | quote }} + helm.sh/chart: {{ replace "+" "_" $chart.Version | printf "%s-%s" $chart.Name }} +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: WaitForFirstConsumer +{{- if kindIs "map" $val.storageClass }} +reclaimPolicy: {{ $val.storageClass.reclaimPolicy | default "Delete" }} +{{- else }} +reclaimPolicy: Delete +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/values.yaml b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/values.yaml new file mode 100644 index 00000000..13bed45f --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/values.yaml @@ -0,0 +1,162 @@ +# +# Common options. +# +common: + # + # Defines whether to generate rbac roles + # + rbac: + # rbac.create: `true` if rbac resources should be created + create: true + # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created + pspEnabled: false + # + # Defines whether to generate a serviceAccount + # + serviceAccount: + # serviceAccount.create: Whether to create a service account or not + create: true + # serviceAccount.name: The name of the service account to create or use + name: "" + # + # Beta PV.NodeAffinity field is used by default. If running against pre-1.10 + # k8s version, the `useAlphaAPI` flag must be enabled in the configMap. + # + useAlphaAPI: false + # + # Indicates if PVs should be dependents of the owner Node. + # + setPVOwnerRef: false + # + # Provisioner clean volumes in process by default. If set to true, provisioner + # will use Jobs to clean. + # + useJobForCleaning: false + # + # Provisioner name contains Node.UID by default. If set to true, the provisioner + # name will only use Node.Name. + # + useNodeNameOnly: false + # + # Resync period in reflectors will be random between minResyncPeriod and + # 2*minResyncPeriod. Default: 5m0s. + # + #minResyncPeriod: 5m0s +# +# Configure storage classes. +# +classes: +- name: fast-disks # Defines name of storage classe. + # Path on the host where local volumes of this storage class are mounted + # under. + hostDir: /mnt/fast-disks + # Optionally specify mount path of local volumes. By default, we use same + # path as hostDir in container. + # mountDir: /mnt/fast-disks + # The volume mode of created PersistentVolume object. Default to Filesystem + # if not specified. + volumeMode: Filesystem + # Filesystem type to mount. + # It applies only when the source path is a block device, + # and desire volume mode is Filesystem. + # Must be a filesystem type supported by the host operating system. + fsType: ext4 + # File name pattern to discover. By default, discover all file names. + namePattern: "*" + blockCleanerCommand: + # Do a quick reset of the block device during its cleanup. + # - "/scripts/quick_reset.sh" + # or use dd to zero out block dev in two iterations by uncommenting these lines + # - "/scripts/dd_zero.sh" + # - "2" + # or run shred utility for 2 iteration.s + - "/scripts/shred.sh" + - "2" + # or blkdiscard utility by uncommenting the line below. + # - "/scripts/blkdiscard.sh" + # Uncomment to create storage class object with default configuration. + # storageClass: true + # Uncomment to create storage class object and configure it. + # storageClass: + # reclaimPolicy: Delete # Available reclaim policies: Delete/Retain, defaults: Delete. + # isDefaultClass: true # set as default class +# +# Configure DaemonSet for provisioner. +# +daemonset: + # + # Defines Provisioner's image name including container registry. + # + image: quay.io/external_storage/local-volume-provisioner:v2.3.4 + # + # Defines Image download policy, see kubernetes documentation for available values. + # + #imagePullPolicy: Always + # + # Defines a name of the Pod Priority Class to use with the Provisioner DaemonSet + # + # Note that if you want to make it critical, specify "system-cluster-critical" + # or "system-node-critical" and deploy in kube-system namespace. + # Ref: https://k8s.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical + # + #priorityClassName: system-node-critical + # If configured, nodeSelector will add a nodeSelector field to the DaemonSet PodSpec. + # + # NodeSelector constraint for local-volume-provisioner scheduling to nodes. + # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + nodeSelector: {} + # + # If configured KubeConfigEnv will (optionally) specify the location of kubeconfig file on the node. + # kubeConfigEnv: KUBECONFIG + # + # List of node labels to be copied to the PVs created by the provisioner in a format: + # + # nodeLabels: + # - failure-domain.beta.kubernetes.io/zone + # - failure-domain.beta.kubernetes.io/region + # + # If configured, tolerations will add a toleration field to the DaemonSet PodSpec. + # + # Node tolerations for local-volume-provisioner scheduling to nodes with taints. + # Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + # + # If configured, affinity will add a affinity filed to the DeamonSet PodSpec. + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + # + # If configured, resources will set the requests/limits field to the Daemonset PodSpec. + # Ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + resources: {} + # limits: + # memory: "512Mi" + # cpu: "1000m" + # requests: + # memory: "32Mi" + # cpu: "10m" +# +# Configure Prometheus monitoring +# +serviceMonitor: + enabled: false + ## Interval at which Prometheus scrapes the provisioner + interval: 10s + # Namespace Prometheus is installed in defaults to release namespace + namespace: + ## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/coreos/prometheus-operator/tree/master/helm#tldr) + ## [Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus/templates/prometheus.yaml#L65) + ## [Kube Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/kube-prometheus/values.yaml#L298) + additionalLabels: {} + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace + +# +# Overrice the default chartname or releasename +# +nameOverride: "" +fullnameOverride: "" diff --git a/artifacts/kubezero-local-volume-provisioner/local-sc-xfs.yaml b/charts/kubezero-local-volume-provisioner/templates/local-sc-xfs.yaml similarity index 100% rename from artifacts/kubezero-local-volume-provisioner/local-sc-xfs.yaml rename to charts/kubezero-local-volume-provisioner/templates/local-sc-xfs.yaml diff --git a/charts/kubezero-local-volume-provisioner/update.sh b/charts/kubezero-local-volume-provisioner/update.sh new file mode 100755 index 00000000..b933d2ee --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/update.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# get subchart until they have upstream repo + +rm -rf charts/local-volume-provisioner && mkdir -p charts/local-volume-provisioner + +git clone --depth=1 https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner.git +cp -r ./sig-storage-local-static-provisioner/helm/provisioner/* charts/local-volume-provisioner + +rm -rf sig-storage-local-static-provisioner diff --git a/charts/kubezero-local-volume-provisioner/values.yaml b/charts/kubezero-local-volume-provisioner/values.yaml new file mode 100644 index 00000000..c01ce934 --- /dev/null +++ b/charts/kubezero-local-volume-provisioner/values.yaml @@ -0,0 +1,12 @@ +local-static-provisioner: + common: + namespace: kube-system + classes: + - name: local-sc-xfs + hostDir: /mnt/disks + daemonset: + nodeSelector: + node.kubernetes.io/localVolume: present + prometheus: + operator: + enabled: false diff --git a/charts/kubezero/README.md b/charts/kubezero/README.md index df0d2fd4..e1e416b1 100644 --- a/charts/kubezero/README.md +++ b/charts/kubezero/README.md @@ -2,7 +2,7 @@ kubezero ======== KubeZero ArgoCD Application - Root App of Apps chart of KubeZero -Current chart version is `0.3.1` +Current chart version is `0.3.5` Source code can be found [here](https://kubezero.com) @@ -18,6 +18,8 @@ Source code can be found [here](https://kubezero.com) |-----|------|---------|-------------| | aws-ebs-csi-driver.enabled | bool | `false` | | | calico.enabled | bool | `true` | | +| calico.type | string | `"kustomize"` | | +| calico.values.migration | bool | `false` | | | cert-manager.enabled | bool | `true` | | | global.defaultDestination.server | string | `"https://kubernetes.default.svc"` | | | global.defaultSource.pathPrefix | string | `""` | |