Convert local-static-provisioner into Umbrella Helm chart

artifacts/kubezero-local-volume-provisioner/kustomization.yaml

@@ -1,5 +0,0 @@
-nameSpace: kube-system
-
-resources:
-- local-sc-xfs.yaml
-- local-volume-provisioner.yaml 

artifacts/kubezero-local-volume-provisioner/local-volume-provisioner.yaml

@@ -1,136 +0,0 @@
----
-# Source: provisioner/templates/provisioner.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: local-provisioner-config
-  namespace: kube-system
-  labels:
-    heritage: "Helm"
-    release: "RELEASE-NAME"
-    chart: provisioner-2.3.3
-data:
-  storageClassMap: |
-    local-sc-xfs:
-       hostDir: /mnt/disks
-       mountDir: /mnt/disks
----
-# Source: provisioner/templates/provisioner-service-account.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: local-storage-admin
-  namespace: kube-system
-  labels:
-    heritage: "Helm"
-    release: "RELEASE-NAME"
-    chart: provisioner-2.3.3
----
-# Source: provisioner/templates/provisioner-cluster-role-binding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: local-storage-provisioner-node-clusterrole
-  labels:
-    heritage: "Helm"
-    release: "RELEASE-NAME"
-    chart: provisioner-2.3.3
-rules:
-- apiGroups: [""]
-  resources: ["nodes"]
-  verbs: ["get"]
----
-# Source: provisioner/templates/provisioner-cluster-role-binding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: local-storage-provisioner-pv-binding
-  labels:
-    heritage: "Helm"
-    release: "RELEASE-NAME"
-    chart: provisioner-2.3.3
-subjects:
-- kind: ServiceAccount
-  name: local-storage-admin
-  namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: system:persistent-volume-provisioner
-  apiGroup: rbac.authorization.k8s.io
----
-# Source: provisioner/templates/provisioner-cluster-role-binding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: local-storage-provisioner-node-binding
-  labels:
-    heritage: "Helm"
-    release: "RELEASE-NAME"
-    chart: provisioner-2.3.3
-subjects:
-- kind: ServiceAccount
-  name: local-storage-admin
-  namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: local-storage-provisioner-node-clusterrole
-  apiGroup: rbac.authorization.k8s.io
----
-# Source: provisioner/templates/provisioner.yaml
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: local-volume-provisioner
-  namespace: kube-system
-  labels:
-    app: local-volume-provisioner
-    heritage: "Helm"
-    release: "RELEASE-NAME"
-    chart: provisioner-2.3.3
-spec:
-  selector:
-    matchLabels:
-      app: local-volume-provisioner
-  template:
-    metadata:
-      labels:
-        app: local-volume-provisioner
-    spec:
-      serviceAccountName: local-storage-admin
-      nodeSelector:
-        node.kubernetes.io/localVolume: present
-      containers:
-        - image: "quay.io/external_storage/local-volume-provisioner:v2.3.3"
-          name: provisioner
-          securityContext:
-            privileged: true
-          env:
-          - name: MY_NODE_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: spec.nodeName
-          - name: MY_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          - name: JOB_CONTAINER_IMAGE
-            value: "quay.io/external_storage/local-volume-provisioner:v2.3.3"
-          volumeMounts:
-            - mountPath: /etc/provisioner/config
-              name: provisioner-config
-              readOnly: true
-            - mountPath: /dev
-              name: provisioner-dev
-            - mountPath: /mnt/disks
-              name: local-sc-xfs
-              mountPropagation: "HostToContainer"
-      volumes:
-        - name: provisioner-config
-          configMap:
-            name: local-provisioner-config
-        - name: provisioner-dev
-          hostPath:
-            path: /dev
-        - name: local-sc-xfs
-          hostPath:
-            path: /mnt/disks

artifacts/kubezero-local-volume-provisioner/update.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-
-# get chart and render yaml
-git clone --depth=1 https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner.git
-helm template  ./sig-storage-local-static-provisioner/helm/provisioner -f values.yaml --namespace kube-system > local-volume-provisioner.yaml

artifacts/kubezero-local-volume-provisioner/values.yaml

@@ -1,11 +0,0 @@
-common:
-  namespace: kube-system
-classes:
-- name: local-sc-xfs
-  hostDir: /mnt/disks
-daemonset:
-  nodeSelector:
-    node.kubernetes.io/localVolume: present
-prometheus:
-  operator:
-    enabled: false

charts/kubezero-calico/README.md

@@ -2,7 +2,7 @@ kubezero-calico
 ===============
 KubeZero Umbrella Chart for Calico
 
-Current chart version is `0.1.3`
+Current chart version is `0.1.4`
 
 Source code can be found [here](https://kubezero.com)
 

charts/kubezero-local-volume-provisioner/Chart.yaml

@@ -0,0 +1,18 @@
+apiVersion: v2
+name: kubezero-local-volume-provisioner
+description: KubeZero Umbrella Chart for local-static-provisioner
+type: application
+version: 0.0.1
+appVersion: 2.3.4
+home: https://kubezero.com
+icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
+keywords:
+  - kubezero
+  - local-static-provisioner
+maintainers:
+  - name: Quarky9
+dependencies:
+  - name: kubezero-lib
+    version: ">= 0.1.1"
+    repository: https://zero-down-time.github.io/kubezero/
+kubeVersion: ">= 1.16.0"

charts/kubezero-local-volume-provisioner/README.md

@@ -0,0 +1,24 @@
+kubezero-local-volume-provisioner
+=================================
+KubeZero Umbrella Chart for local-static-provisioner
+
+Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
+
+Current chart version is `0.0.1`
+
+Source code can be found [here](https://kubezero.com)
+
+## Chart Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.1 |
+
+## KubeZero default configuration
+
+- add nodeSelector to only install on nodes actually having ephemeral local storage
+- provide matching storage class to expose mounted disks under `/mnt/disks`
+
+## Resources
+
+- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner

charts/kubezero-local-volume-provisioner/README.md.gotmpl

@@ -1,12 +1,19 @@
-# local-volume-provisioner
+{{ template "chart.header" . }}
+{{ template "chart.description" . }}
+
 Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
 
-As the upstream Helm chart is not part of a repository we extract the chart and store it locally as base for kustomize.  
+{{ template "chart.versionLine" . }}
-See `update.sh`.
+
+{{ template "chart.sourceLinkLine" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+## KubeZero default configuration
 
-## Kustomizations
 - add nodeSelector to only install on nodes actually having ephemeral local storage
 - provide matching storage class to expose mounted disks under `/mnt/disks`
 
 ## Resources
-- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner.git
+
+- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner

charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+appVersion: 2.3.4
+description: local provisioner chart
+keywords:
+- storage
+- local
+name: local-static-provisioner
+version: 3.0.0

charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/NOTES.txt

@@ -0,0 +1 @@
+provisioner installed

charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/_helpers.tpl

@@ -0,0 +1,42 @@
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "provisioner.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "provisioner.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "provisioner.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "provisioner.serviceAccountName" -}}
+{{- if .Values.common.serviceAccount.create -}}
+    {{ default (include "provisioner.fullname" .) .Values.common.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.common.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/configmap.yaml

@@ -0,0 +1,52 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "provisioner.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+data:
+{{- if .Values.daemonset.nodeLabels }}
+  nodeLabelsForPV: |
+   {{- range $label := .Values.daemonset.nodeLabels }}
+    - {{$label}}
+   {{- end }}
+{{- end }}
+{{- if .Values.common.useAlphaAPI }}
+  useAlphaAPI: "true"
+{{- end }}
+{{- if .Values.common.setPVOwnerRef }}
+  setPVOwnerRef: "true"
+{{- end }}
+{{- if .Values.common.useJobForCleaning }}
+  useJobForCleaning: "yes"
+{{- end}}
+{{- if .Values.common.useNodeNameOnly }}
+  useNodeNameOnly: "true"
+{{- end }}
+{{- if .Values.common.minResyncPeriod }}
+  minResyncPeriod: {{ .Values.common.minResyncPeriod | quote }}
+{{- end}}
+  storageClassMap: |
+    {{- range $classConfig := .Values.classes }}
+    {{ $classConfig.name }}:
+       hostDir: {{ $classConfig.hostDir }}
+       mountDir: {{ if $classConfig.mountDir }} {{- $classConfig.mountDir -}} {{ else }} {{- $classConfig.hostDir -}} {{ end }}
+       {{- if $classConfig.blockCleanerCommand }}
+       blockCleanerCommand:
+       {{- range $val := $classConfig.blockCleanerCommand }}
+         - "{{ $val -}}"{{- end}}
+       {{- end }}
+       {{- if $classConfig.volumeMode }}
+       volumeMode: {{ $classConfig.volumeMode }}
+       {{- end }}
+       {{- if $classConfig.fsType }}
+       fsType: {{ $classConfig.fsType }}
+       {{- end }}
+       {{- if $classConfig.namePattern }}
+       namePattern: "{{ $classConfig.namePattern }}"
+       {{- end }}
+    {{- end }}

charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/daemonset.yaml

@@ -0,0 +1,93 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "provisioner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "provisioner.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "provisioner.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      serviceAccountName: {{ template "provisioner.serviceAccountName" . }}
+{{- if .Values.daemonset.priorityClassName }}
+      priorityClassName: {{.Values.daemonset.priorityClassName}}
+{{- end }}
+{{- if .Values.daemonset.nodeSelector }}
+      nodeSelector:
+{{ .Values.daemonset.nodeSelector | toYaml | trim | indent 8 }}
+{{- end }}
+{{- if .Values.daemonset.tolerations }}
+      tolerations:
+{{ .Values.daemonset.tolerations | toYaml | trim | indent 8 }}
+{{- end }}
+{{- if .Values.daemonset.affinity }}
+      affinity:
+{{ .Values.daemonset.affinity | toYaml | trim | indent 8 }}
+{{- end }}
+      containers:
+        - image: "{{ .Values.daemonset.image }}"
+          {{- if .Values.daemonset.imagePullPolicy }}
+          imagePullPolicy: {{ .Values.daemonset.imagePullPolicy | quote }}
+          {{- end }}
+          name: provisioner
+          securityContext:
+            privileged: true
+{{- if .Values.daemonset.resources }}
+          resources:
+{{ .Values.daemonset.resources | toYaml | trim | indent 12 }}
+{{- end }}
+          env:
+          - name: MY_NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+          - name: MY_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: JOB_CONTAINER_IMAGE
+            value: "{{ .Values.daemonset.image }}"
+          {{- if .Values.daemonset.kubeConfigEnv }}
+            - name: KUBECONFIG
+              value: {{.Values.daemonset.kubeConfigEnv}}
+          {{- end }}
+          {{- if .Values.serviceMonitor.enabled }}
+          ports:
+          - containerPort: 8080
+            name: metrics
+          {{- end }}
+          volumeMounts:
+            - mountPath: /etc/provisioner/config
+              name: provisioner-config
+              readOnly: true
+            - mountPath: /dev
+              name: provisioner-dev
+            {{- range $classConfig := .Values.classes }}
+            - mountPath: {{ if $classConfig.mountDir }} {{- $classConfig.mountDir -}} {{ else }} {{- $classConfig.hostDir -}} {{ end }}
+              name: {{ $classConfig.name }}
+              mountPropagation: "HostToContainer"
+            {{- end }}
+      volumes:
+        - name: provisioner-config
+          configMap:
+            name: {{ template "provisioner.fullname" . }}-config
+        - name: provisioner-dev
+          hostPath:
+            path: /dev
+        {{- range $classConfig := .Values.classes }}
+        - name: {{ $classConfig.name }}
+          hostPath:
+            path: {{ $classConfig.hostDir }}
+        {{- end }}

charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/psp.yaml

@@ -0,0 +1,36 @@
+{{- if .Values.common.rbac.pspEnabled -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "provisioner.fullname" . }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  allowPrivilegeEscalation: true
+  allowedHostPaths:
+  - pathPrefix: /dev
+  {{- range $classConfig := .Values.classes }}
+  - pathPrefix: {{ $classConfig.hostDir }}
+  {{- end }}
+  fsGroup:
+    rule: RunAsAny
+  privileged: true
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - configMap
+  - secret
+  - hostPath
+{{- end }}

charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/rbac.yaml

@@ -0,0 +1,131 @@
+{{- if .Values.common.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "provisioner.fullname" . }}-pv-binding
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "provisioner.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: system:persistent-volume-provisioner
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "provisioner.fullname" . }}-node-clusterrole
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+rules:
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "provisioner.fullname" . }}-node-binding
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "provisioner.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "provisioner.fullname" . }}-node-clusterrole
+  apiGroup: rbac.authorization.k8s.io
+{{- if .Values.common.useJobForCleaning }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "provisioner.fullname" . }}-jobs-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+rules:
+- apiGroups:
+    - 'batch'
+  resources:
+    - jobs
+  verbs:
+    - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "provisioner.fullname" . }}-jobs-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "provisioner.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ template "provisioner.fullname" . }}-jobs-role
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- if .Values.common.rbac.pspEnabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "provisioner.fullname" . }}-psp-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+rules:
+- apiGroups:
+    - policy
+  resources:
+    - podsecuritypolicies
+  resourceNames:
+    - {{ template "provisioner.fullname" . }}
+  verbs:
+    - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "provisioner.fullname" . }}-psp-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "provisioner.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ template "provisioner.fullname" . }}-psp-role
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}

charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.common.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "provisioner.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/servicemonitor.yaml

@@ -0,0 +1,53 @@
+{{- if .Values.serviceMonitor.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "provisioner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: 8080
+      name: metrics
+  selector:
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "provisioner.fullname" . }}
+  namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- range $k, $v := .Values.serviceMonitor.additionalLabels }}
+    {{ $k }}: {{ $v | quote }}
+    {{- end }}
+spec:
+  jobLabel: app.kubernetes.io/name
+  endpoints:
+  - port: metrics
+    interval: {{ .Values.serviceMonitor.interval }}
+    scheme: http
+{{- if .Values.serviceMonitor.relabelings }}
+    relabelings:
+{{ toYaml .Values.serviceMonitor.relabelings | indent 4 }}
+{{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "provisioner.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/templates/storageclass.yaml

@@ -0,0 +1,28 @@
+{{- $release := .Release }}
+{{- $chart := .Chart }}
+{{- range $val := .Values.classes }}
+{{- if $val.storageClass }}
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: {{ $val.name }}
+  {{- if kindIs "map" $val.storageClass }}
+  {{- if $val.storageClass.isDefaultClass }}
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+  {{- end }}
+  {{- end }}
+  labels:
+    app.kubernetes.io/managed-by: {{ $release.Service | quote }}
+    app.kubernetes.io/instance: {{ $release.Name | quote }}
+    helm.sh/chart: {{ replace "+" "_" $chart.Version | printf "%s-%s" $chart.Name }}
+provisioner: kubernetes.io/no-provisioner
+volumeBindingMode: WaitForFirstConsumer
+{{- if kindIs "map" $val.storageClass }}
+reclaimPolicy: {{ $val.storageClass.reclaimPolicy | default "Delete" }}
+{{- else }}
+reclaimPolicy: Delete
+{{- end }}
+{{- end }}
+{{- end }}

charts/kubezero-local-volume-provisioner/charts/local-static-provisioner/values.yaml

@@ -0,0 +1,162 @@
+#
+# Common options.
+#
+common:
+  #
+  # Defines whether to generate rbac roles
+  #
+  rbac:
+    # rbac.create: `true` if rbac resources should be created
+    create: true
+    # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created
+    pspEnabled: false
+  #
+  # Defines whether to generate a serviceAccount
+  #
+  serviceAccount:
+    # serviceAccount.create: Whether to create a service account or not
+    create: true
+    # serviceAccount.name: The name of the service account to create or use
+    name: ""
+  #
+  # Beta PV.NodeAffinity field is used by default. If running against pre-1.10
+  # k8s version, the `useAlphaAPI` flag must be enabled in the configMap.
+  #
+  useAlphaAPI: false
+  #
+  # Indicates if PVs should be dependents of the owner Node.
+  #
+  setPVOwnerRef: false
+  #
+  # Provisioner clean volumes in process by default. If set to true, provisioner
+  # will use Jobs to clean.
+  #
+  useJobForCleaning: false
+  #
+  # Provisioner name contains Node.UID by default. If set to true, the provisioner
+  # name will only use Node.Name.
+  #
+  useNodeNameOnly: false
+  #
+  # Resync period in reflectors will be random between minResyncPeriod and
+  # 2*minResyncPeriod. Default: 5m0s.
+  #
+  #minResyncPeriod: 5m0s
+#
+# Configure storage classes.
+#
+classes:
+- name: fast-disks # Defines name of storage classe.
+  # Path on the host where local volumes of this storage class are mounted
+  # under.
+  hostDir: /mnt/fast-disks
+  # Optionally specify mount path of local volumes. By default, we use same
+  # path as hostDir in container.
+  # mountDir: /mnt/fast-disks
+  # The volume mode of created PersistentVolume object. Default to Filesystem
+  # if not specified.
+  volumeMode: Filesystem
+  # Filesystem type to mount.
+  # It applies only when the source path is a block device,
+  # and desire volume mode is Filesystem.
+  # Must be a filesystem type supported by the host operating system.
+  fsType: ext4
+  # File name pattern to discover. By default, discover all file names.
+  namePattern: "*"
+  blockCleanerCommand:
+  #  Do a quick reset of the block device during its cleanup.
+  #  - "/scripts/quick_reset.sh"
+  #  or use dd to zero out block dev in two iterations by uncommenting these lines
+  #  - "/scripts/dd_zero.sh"
+  #  - "2"
+  # or run shred utility for 2 iteration.s
+     - "/scripts/shred.sh"
+     - "2"
+  # or blkdiscard utility by uncommenting the line below.
+  #  - "/scripts/blkdiscard.sh"
+  # Uncomment to create storage class object with default configuration.
+  # storageClass: true
+  # Uncomment to create storage class object and configure it.
+  # storageClass:
+    # reclaimPolicy: Delete # Available reclaim policies: Delete/Retain, defaults: Delete.
+    # isDefaultClass: true # set as default class
+#
+# Configure DaemonSet for provisioner.
+#
+daemonset:
+  #
+  # Defines Provisioner's image name including container registry.
+  #
+  image: quay.io/external_storage/local-volume-provisioner:v2.3.4
+  #
+  # Defines Image download policy, see kubernetes documentation for available values.
+  #
+  #imagePullPolicy: Always
+  #
+  # Defines a name of the Pod Priority Class to use with the Provisioner DaemonSet
+  #
+  # Note that if you want to make it critical, specify "system-cluster-critical"
+  # or "system-node-critical" and deploy in kube-system namespace.
+  # Ref: https://k8s.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical
+  #
+  #priorityClassName: system-node-critical
+  # If configured, nodeSelector will add a nodeSelector field to the DaemonSet PodSpec.
+  #
+  # NodeSelector constraint for local-volume-provisioner scheduling to nodes.
+  # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  nodeSelector: {}
+  #
+  # If configured KubeConfigEnv will (optionally) specify the location of kubeconfig file on the node.
+  #  kubeConfigEnv: KUBECONFIG
+  #
+  # List of node labels to be copied to the PVs created by the provisioner in a format:
+  #
+  #  nodeLabels:
+  #    - failure-domain.beta.kubernetes.io/zone
+  #    - failure-domain.beta.kubernetes.io/region
+  #
+  # If configured, tolerations will add a toleration field to the DaemonSet PodSpec.
+  #
+  # Node tolerations for local-volume-provisioner scheduling to nodes with taints.
+  # Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  tolerations: []
+  #
+  # If configured, affinity will add a affinity filed to the DeamonSet PodSpec.
+  # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+  affinity: {}
+  #
+  # If configured, resources will set the requests/limits field to the Daemonset PodSpec.
+  # Ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  resources: {}
+    # limits:
+    #   memory: "512Mi"
+    #   cpu: "1000m"
+    # requests:
+    #   memory: "32Mi"
+    #   cpu: "10m"
+#
+# Configure Prometheus monitoring
+#
+serviceMonitor:
+  enabled: false
+  ## Interval at which Prometheus scrapes the provisioner
+  interval: 10s
+  # Namespace Prometheus is installed in defaults to release namespace
+  namespace:
+  ## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/coreos/prometheus-operator/tree/master/helm#tldr)
+  ## [Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus/templates/prometheus.yaml#L65)
+  ## [Kube Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/kube-prometheus/values.yaml#L298)
+  additionalLabels: {}
+  relabelings: []
+  # - sourceLabels: [__meta_kubernetes_pod_node_name]
+  #   separator: ;
+  #   regex: ^(.*)$
+  #   targetLabel: nodename
+  #   replacement: $1
+  #   action: replace
+
+#
+# Overrice the default chartname or releasename
+#
+nameOverride: ""
+fullnameOverride: ""

charts/kubezero-local-volume-provisioner/update.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# get subchart until they have upstream repo
+
+rm -rf charts/local-volume-provisioner && mkdir -p charts/local-volume-provisioner
+
+git clone --depth=1 https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner.git
+cp -r ./sig-storage-local-static-provisioner/helm/provisioner/* charts/local-volume-provisioner
+
+rm -rf sig-storage-local-static-provisioner

charts/kubezero-local-volume-provisioner/values.yaml

@@ -0,0 +1,12 @@
+local-static-provisioner:
+  common:
+    namespace: kube-system
+  classes:
+  - name: local-sc-xfs
+    hostDir: /mnt/disks
+  daemonset:
+    nodeSelector:
+      node.kubernetes.io/localVolume: present
+  prometheus:
+    operator:
+      enabled: false

charts/kubezero/README.md

@@ -2,7 +2,7 @@ kubezero
 ========
 KubeZero ArgoCD Application - Root App of Apps chart of KubeZero
 
-Current chart version is `0.3.1`
+Current chart version is `0.3.5`
 
 Source code can be found [here](https://kubezero.com)
 
@@ -18,6 +18,8 @@ Source code can be found [here](https://kubezero.com)
 |-----|------|---------|-------------|
 | aws-ebs-csi-driver.enabled | bool | `false` |  |
 | calico.enabled | bool | `true` |  |
+| calico.type | string | `"kustomize"` |  |
+| calico.values.migration | bool | `false` |  |
 | cert-manager.enabled | bool | `true` |  |
 | global.defaultDestination.server | string | `"https://kubernetes.default.svc"` |  |
 | global.defaultSource.pathPrefix | string | `""` |  |