Convert local-static-provisioner into Umbrella Helm chart
This commit is contained in:
parent
3c8739216b
commit
011fb4b1fb
@ -1,5 +0,0 @@
|
|||||||
nameSpace: kube-system
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- local-sc-xfs.yaml
|
|
||||||
- local-volume-provisioner.yaml
|
|
@ -1,136 +0,0 @@
|
|||||||
---
|
|
||||||
# Source: provisioner/templates/provisioner.yaml
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: local-provisioner-config
|
|
||||||
namespace: kube-system
|
|
||||||
labels:
|
|
||||||
heritage: "Helm"
|
|
||||||
release: "RELEASE-NAME"
|
|
||||||
chart: provisioner-2.3.3
|
|
||||||
data:
|
|
||||||
storageClassMap: |
|
|
||||||
local-sc-xfs:
|
|
||||||
hostDir: /mnt/disks
|
|
||||||
mountDir: /mnt/disks
|
|
||||||
---
|
|
||||||
# Source: provisioner/templates/provisioner-service-account.yaml
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: local-storage-admin
|
|
||||||
namespace: kube-system
|
|
||||||
labels:
|
|
||||||
heritage: "Helm"
|
|
||||||
release: "RELEASE-NAME"
|
|
||||||
chart: provisioner-2.3.3
|
|
||||||
---
|
|
||||||
# Source: provisioner/templates/provisioner-cluster-role-binding.yaml
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: local-storage-provisioner-node-clusterrole
|
|
||||||
labels:
|
|
||||||
heritage: "Helm"
|
|
||||||
release: "RELEASE-NAME"
|
|
||||||
chart: provisioner-2.3.3
|
|
||||||
rules:
|
|
||||||
- apiGroups: [""]
|
|
||||||
resources: ["nodes"]
|
|
||||||
verbs: ["get"]
|
|
||||||
---
|
|
||||||
# Source: provisioner/templates/provisioner-cluster-role-binding.yaml
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: local-storage-provisioner-pv-binding
|
|
||||||
labels:
|
|
||||||
heritage: "Helm"
|
|
||||||
release: "RELEASE-NAME"
|
|
||||||
chart: provisioner-2.3.3
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: local-storage-admin
|
|
||||||
namespace: kube-system
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
name: system:persistent-volume-provisioner
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
---
|
|
||||||
# Source: provisioner/templates/provisioner-cluster-role-binding.yaml
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: local-storage-provisioner-node-binding
|
|
||||||
labels:
|
|
||||||
heritage: "Helm"
|
|
||||||
release: "RELEASE-NAME"
|
|
||||||
chart: provisioner-2.3.3
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: local-storage-admin
|
|
||||||
namespace: kube-system
|
|
||||||
roleRef:
|
|
||||||
kind: ClusterRole
|
|
||||||
name: local-storage-provisioner-node-clusterrole
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
---
|
|
||||||
# Source: provisioner/templates/provisioner.yaml
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
name: local-volume-provisioner
|
|
||||||
namespace: kube-system
|
|
||||||
labels:
|
|
||||||
app: local-volume-provisioner
|
|
||||||
heritage: "Helm"
|
|
||||||
release: "RELEASE-NAME"
|
|
||||||
chart: provisioner-2.3.3
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: local-volume-provisioner
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: local-volume-provisioner
|
|
||||||
spec:
|
|
||||||
serviceAccountName: local-storage-admin
|
|
||||||
nodeSelector:
|
|
||||||
node.kubernetes.io/localVolume: present
|
|
||||||
containers:
|
|
||||||
- image: "quay.io/external_storage/local-volume-provisioner:v2.3.3"
|
|
||||||
name: provisioner
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
env:
|
|
||||||
- name: MY_NODE_NAME
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
- name: MY_NAMESPACE
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: metadata.namespace
|
|
||||||
- name: JOB_CONTAINER_IMAGE
|
|
||||||
value: "quay.io/external_storage/local-volume-provisioner:v2.3.3"
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /etc/provisioner/config
|
|
||||||
name: provisioner-config
|
|
||||||
readOnly: true
|
|
||||||
- mountPath: /dev
|
|
||||||
name: provisioner-dev
|
|
||||||
- mountPath: /mnt/disks
|
|
||||||
name: local-sc-xfs
|
|
||||||
mountPropagation: "HostToContainer"
|
|
||||||
volumes:
|
|
||||||
- name: provisioner-config
|
|
||||||
configMap:
|
|
||||||
name: local-provisioner-config
|
|
||||||
- name: provisioner-dev
|
|
||||||
hostPath:
|
|
||||||
path: /dev
|
|
||||||
- name: local-sc-xfs
|
|
||||||
hostPath:
|
|
||||||
path: /mnt/disks
|
|
@ -1,5 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# get chart and render yaml
|
|
||||||
git clone --depth=1 https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner.git
|
|
||||||
helm template ./sig-storage-local-static-provisioner/helm/provisioner -f values.yaml --namespace kube-system > local-volume-provisioner.yaml
|
|
@ -1,11 +0,0 @@
|
|||||||
common:
|
|
||||||
namespace: kube-system
|
|
||||||
classes:
|
|
||||||
- name: local-sc-xfs
|
|
||||||
hostDir: /mnt/disks
|
|
||||||
daemonset:
|
|
||||||
nodeSelector:
|
|
||||||
node.kubernetes.io/localVolume: present
|
|
||||||
prometheus:
|
|
||||||
operator:
|
|
||||||
enabled: false
|
|
@ -2,7 +2,7 @@ kubezero-calico
|
|||||||
===============
|
===============
|
||||||
KubeZero Umbrella Chart for Calico
|
KubeZero Umbrella Chart for Calico
|
||||||
|
|
||||||
Current chart version is `0.1.3`
|
Current chart version is `0.1.4`
|
||||||
|
|
||||||
Source code can be found [here](https://kubezero.com)
|
Source code can be found [here](https://kubezero.com)
|
||||||
|
|
||||||
|
18
charts/kubezero-local-volume-provisioner/Chart.yaml
Normal file
18
charts/kubezero-local-volume-provisioner/Chart.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
apiVersion: v2
|
||||||
|
name: kubezero-local-volume-provisioner
|
||||||
|
description: KubeZero Umbrella Chart for local-static-provisioner
|
||||||
|
type: application
|
||||||
|
version: 0.0.1
|
||||||
|
appVersion: 2.3.4
|
||||||
|
home: https://kubezero.com
|
||||||
|
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||||
|
keywords:
|
||||||
|
- kubezero
|
||||||
|
- local-static-provisioner
|
||||||
|
maintainers:
|
||||||
|
- name: Quarky9
|
||||||
|
dependencies:
|
||||||
|
- name: kubezero-lib
|
||||||
|
version: ">= 0.1.1"
|
||||||
|
repository: https://zero-down-time.github.io/kubezero/
|
||||||
|
kubeVersion: ">= 1.16.0"
|
24
charts/kubezero-local-volume-provisioner/README.md
Normal file
24
charts/kubezero-local-volume-provisioner/README.md
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
kubezero-local-volume-provisioner
|
||||||
|
=================================
|
||||||
|
KubeZero Umbrella Chart for local-static-provisioner
|
||||||
|
|
||||||
|
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
|
||||||
|
|
||||||
|
Current chart version is `0.0.1`
|
||||||
|
|
||||||
|
Source code can be found [here](https://kubezero.com)
|
||||||
|
|
||||||
|
## Chart Requirements
|
||||||
|
|
||||||
|
| Repository | Name | Version |
|
||||||
|
|------------|------|---------|
|
||||||
|
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.1 |
|
||||||
|
|
||||||
|
## KubeZero default configuration
|
||||||
|
|
||||||
|
- add nodeSelector to only install on nodes actually having ephemeral local storage
|
||||||
|
- provide matching storage class to expose mounted disks under `/mnt/disks`
|
||||||
|
|
||||||
|
## Resources
|
||||||
|
|
||||||
|
- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner
|
@ -1,12 +1,19 @@
|
|||||||
# local-volume-provisioner
|
{{ template "chart.header" . }}
|
||||||
|
{{ template "chart.description" . }}
|
||||||
|
|
||||||
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
|
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
|
||||||
|
|
||||||
As the upstream Helm chart is not part of a repository we extract the chart and store it locally as base for kustomize.
|
{{ template "chart.versionLine" . }}
|
||||||
See `update.sh`.
|
|
||||||
|
{{ template "chart.sourceLinkLine" . }}
|
||||||
|
|
||||||
|
{{ template "chart.requirementsSection" . }}
|
||||||
|
|
||||||
|
## KubeZero default configuration
|
||||||
|
|
||||||
## Kustomizations
|
|
||||||
- add nodeSelector to only install on nodes actually having ephemeral local storage
|
- add nodeSelector to only install on nodes actually having ephemeral local storage
|
||||||
- provide matching storage class to expose mounted disks under `/mnt/disks`
|
- provide matching storage class to expose mounted disks under `/mnt/disks`
|
||||||
|
|
||||||
## Resources
|
## Resources
|
||||||
- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner.git
|
|
||||||
|
- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner
|
@ -0,0 +1,8 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
appVersion: 2.3.4
|
||||||
|
description: local provisioner chart
|
||||||
|
keywords:
|
||||||
|
- storage
|
||||||
|
- local
|
||||||
|
name: local-static-provisioner
|
||||||
|
version: 3.0.0
|
@ -0,0 +1 @@
|
|||||||
|
provisioner installed
|
@ -0,0 +1,42 @@
|
|||||||
|
{{/*
|
||||||
|
Create chart name and version as used by the chart label.
|
||||||
|
*/}}
|
||||||
|
{{- define "provisioner.chart" -}}
|
||||||
|
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "provisioner.name" -}}
|
||||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
If release name contains chart name it will be used as a full name.
|
||||||
|
*/}}
|
||||||
|
{{- define "provisioner.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride -}}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create the name of the service account to use
|
||||||
|
*/}}
|
||||||
|
{{- define "provisioner.serviceAccountName" -}}
|
||||||
|
{{- if .Values.common.serviceAccount.create -}}
|
||||||
|
{{ default (include "provisioner.fullname" .) .Values.common.serviceAccount.name }}
|
||||||
|
{{- else -}}
|
||||||
|
{{ default "default" .Values.common.serviceAccount.name }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
@ -0,0 +1,52 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ template "provisioner.fullname" . }}-config
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
data:
|
||||||
|
{{- if .Values.daemonset.nodeLabels }}
|
||||||
|
nodeLabelsForPV: |
|
||||||
|
{{- range $label := .Values.daemonset.nodeLabels }}
|
||||||
|
- {{$label}}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.common.useAlphaAPI }}
|
||||||
|
useAlphaAPI: "true"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.common.setPVOwnerRef }}
|
||||||
|
setPVOwnerRef: "true"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.common.useJobForCleaning }}
|
||||||
|
useJobForCleaning: "yes"
|
||||||
|
{{- end}}
|
||||||
|
{{- if .Values.common.useNodeNameOnly }}
|
||||||
|
useNodeNameOnly: "true"
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.common.minResyncPeriod }}
|
||||||
|
minResyncPeriod: {{ .Values.common.minResyncPeriod | quote }}
|
||||||
|
{{- end}}
|
||||||
|
storageClassMap: |
|
||||||
|
{{- range $classConfig := .Values.classes }}
|
||||||
|
{{ $classConfig.name }}:
|
||||||
|
hostDir: {{ $classConfig.hostDir }}
|
||||||
|
mountDir: {{ if $classConfig.mountDir }} {{- $classConfig.mountDir -}} {{ else }} {{- $classConfig.hostDir -}} {{ end }}
|
||||||
|
{{- if $classConfig.blockCleanerCommand }}
|
||||||
|
blockCleanerCommand:
|
||||||
|
{{- range $val := $classConfig.blockCleanerCommand }}
|
||||||
|
- "{{ $val -}}"{{- end}}
|
||||||
|
{{- end }}
|
||||||
|
{{- if $classConfig.volumeMode }}
|
||||||
|
volumeMode: {{ $classConfig.volumeMode }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if $classConfig.fsType }}
|
||||||
|
fsType: {{ $classConfig.fsType }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if $classConfig.namePattern }}
|
||||||
|
namePattern: "{{ $classConfig.namePattern }}"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
@ -0,0 +1,93 @@
|
|||||||
|
---
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
name: {{ include "provisioner.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
spec:
|
||||||
|
serviceAccountName: {{ template "provisioner.serviceAccountName" . }}
|
||||||
|
{{- if .Values.daemonset.priorityClassName }}
|
||||||
|
priorityClassName: {{.Values.daemonset.priorityClassName}}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.daemonset.nodeSelector }}
|
||||||
|
nodeSelector:
|
||||||
|
{{ .Values.daemonset.nodeSelector | toYaml | trim | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.daemonset.tolerations }}
|
||||||
|
tolerations:
|
||||||
|
{{ .Values.daemonset.tolerations | toYaml | trim | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.daemonset.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{ .Values.daemonset.affinity | toYaml | trim | indent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- image: "{{ .Values.daemonset.image }}"
|
||||||
|
{{- if .Values.daemonset.imagePullPolicy }}
|
||||||
|
imagePullPolicy: {{ .Values.daemonset.imagePullPolicy | quote }}
|
||||||
|
{{- end }}
|
||||||
|
name: provisioner
|
||||||
|
securityContext:
|
||||||
|
privileged: true
|
||||||
|
{{- if .Values.daemonset.resources }}
|
||||||
|
resources:
|
||||||
|
{{ .Values.daemonset.resources | toYaml | trim | indent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
env:
|
||||||
|
- name: MY_NODE_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
|
- name: MY_NAMESPACE
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: metadata.namespace
|
||||||
|
- name: JOB_CONTAINER_IMAGE
|
||||||
|
value: "{{ .Values.daemonset.image }}"
|
||||||
|
{{- if .Values.daemonset.kubeConfigEnv }}
|
||||||
|
- name: KUBECONFIG
|
||||||
|
value: {{.Values.daemonset.kubeConfigEnv}}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.serviceMonitor.enabled }}
|
||||||
|
ports:
|
||||||
|
- containerPort: 8080
|
||||||
|
name: metrics
|
||||||
|
{{- end }}
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /etc/provisioner/config
|
||||||
|
name: provisioner-config
|
||||||
|
readOnly: true
|
||||||
|
- mountPath: /dev
|
||||||
|
name: provisioner-dev
|
||||||
|
{{- range $classConfig := .Values.classes }}
|
||||||
|
- mountPath: {{ if $classConfig.mountDir }} {{- $classConfig.mountDir -}} {{ else }} {{- $classConfig.hostDir -}} {{ end }}
|
||||||
|
name: {{ $classConfig.name }}
|
||||||
|
mountPropagation: "HostToContainer"
|
||||||
|
{{- end }}
|
||||||
|
volumes:
|
||||||
|
- name: provisioner-config
|
||||||
|
configMap:
|
||||||
|
name: {{ template "provisioner.fullname" . }}-config
|
||||||
|
- name: provisioner-dev
|
||||||
|
hostPath:
|
||||||
|
path: /dev
|
||||||
|
{{- range $classConfig := .Values.classes }}
|
||||||
|
- name: {{ $classConfig.name }}
|
||||||
|
hostPath:
|
||||||
|
path: {{ $classConfig.hostDir }}
|
||||||
|
{{- end }}
|
@ -0,0 +1,36 @@
|
|||||||
|
{{- if .Values.common.rbac.pspEnabled -}}
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodSecurityPolicy
|
||||||
|
metadata:
|
||||||
|
name: {{ template "provisioner.fullname" . }}
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
spec:
|
||||||
|
allowPrivilegeEscalation: true
|
||||||
|
allowedHostPaths:
|
||||||
|
- pathPrefix: /dev
|
||||||
|
{{- range $classConfig := .Values.classes }}
|
||||||
|
- pathPrefix: {{ $classConfig.hostDir }}
|
||||||
|
{{- end }}
|
||||||
|
fsGroup:
|
||||||
|
rule: RunAsAny
|
||||||
|
privileged: true
|
||||||
|
requiredDropCapabilities:
|
||||||
|
- ALL
|
||||||
|
runAsUser:
|
||||||
|
ranges:
|
||||||
|
- max: 65535
|
||||||
|
min: 1
|
||||||
|
rule: MustRunAs
|
||||||
|
seLinux:
|
||||||
|
rule: RunAsAny
|
||||||
|
supplementalGroups:
|
||||||
|
rule: RunAsAny
|
||||||
|
volumes:
|
||||||
|
- configMap
|
||||||
|
- secret
|
||||||
|
- hostPath
|
||||||
|
{{- end }}
|
@ -0,0 +1,131 @@
|
|||||||
|
{{- if .Values.common.rbac.create }}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ template "provisioner.fullname" . }}-pv-binding
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "provisioner.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:persistent-volume-provisioner
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: {{ template "provisioner.fullname" . }}-node-clusterrole
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get"]
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ template "provisioner.fullname" . }}-node-binding
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "provisioner.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
roleRef:
|
||||||
|
kind: ClusterRole
|
||||||
|
name: {{ template "provisioner.fullname" . }}-node-clusterrole
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
{{- if .Values.common.useJobForCleaning }}
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: {{ template "provisioner.fullname" . }}-jobs-role
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- 'batch'
|
||||||
|
resources:
|
||||||
|
- jobs
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ template "provisioner.fullname" . }}-jobs-rolebinding
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "provisioner.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
roleRef:
|
||||||
|
kind: Role
|
||||||
|
name: {{ template "provisioner.fullname" . }}-jobs-role
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.common.rbac.pspEnabled }}
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: {{ template "provisioner.fullname" . }}-psp-role
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- policy
|
||||||
|
resources:
|
||||||
|
- podsecuritypolicies
|
||||||
|
resourceNames:
|
||||||
|
- {{ template "provisioner.fullname" . }}
|
||||||
|
verbs:
|
||||||
|
- use
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ template "provisioner.fullname" . }}-psp-rolebinding
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "provisioner.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
roleRef:
|
||||||
|
kind: Role
|
||||||
|
name: {{ template "provisioner.fullname" . }}-psp-role
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
@ -0,0 +1,12 @@
|
|||||||
|
{{- if .Values.common.serviceAccount.create }}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ template "provisioner.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- end }}
|
@ -0,0 +1,53 @@
|
|||||||
|
{{- if .Values.serviceMonitor.enabled }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ include "provisioner.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
spec:
|
||||||
|
type: ClusterIP
|
||||||
|
ports:
|
||||||
|
- port: 8080
|
||||||
|
targetPort: 8080
|
||||||
|
name: metrics
|
||||||
|
selector:
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
---
|
||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: ServiceMonitor
|
||||||
|
metadata:
|
||||||
|
name: {{ include "provisioner.fullname" . }}
|
||||||
|
namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- range $k, $v := .Values.serviceMonitor.additionalLabels }}
|
||||||
|
{{ $k }}: {{ $v | quote }}
|
||||||
|
{{- end }}
|
||||||
|
spec:
|
||||||
|
jobLabel: app.kubernetes.io/name
|
||||||
|
endpoints:
|
||||||
|
- port: metrics
|
||||||
|
interval: {{ .Values.serviceMonitor.interval }}
|
||||||
|
scheme: http
|
||||||
|
{{- if .Values.serviceMonitor.relabelings }}
|
||||||
|
relabelings:
|
||||||
|
{{ toYaml .Values.serviceMonitor.relabelings | indent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
namespaceSelector:
|
||||||
|
matchNames:
|
||||||
|
- {{ .Release.Namespace }}
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
{{- end }}
|
@ -0,0 +1,28 @@
|
|||||||
|
{{- $release := .Release }}
|
||||||
|
{{- $chart := .Chart }}
|
||||||
|
{{- range $val := .Values.classes }}
|
||||||
|
{{- if $val.storageClass }}
|
||||||
|
---
|
||||||
|
apiVersion: storage.k8s.io/v1
|
||||||
|
kind: StorageClass
|
||||||
|
metadata:
|
||||||
|
name: {{ $val.name }}
|
||||||
|
{{- if kindIs "map" $val.storageClass }}
|
||||||
|
{{- if $val.storageClass.isDefaultClass }}
|
||||||
|
annotations:
|
||||||
|
storageclass.kubernetes.io/is-default-class: "true"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/managed-by: {{ $release.Service | quote }}
|
||||||
|
app.kubernetes.io/instance: {{ $release.Name | quote }}
|
||||||
|
helm.sh/chart: {{ replace "+" "_" $chart.Version | printf "%s-%s" $chart.Name }}
|
||||||
|
provisioner: kubernetes.io/no-provisioner
|
||||||
|
volumeBindingMode: WaitForFirstConsumer
|
||||||
|
{{- if kindIs "map" $val.storageClass }}
|
||||||
|
reclaimPolicy: {{ $val.storageClass.reclaimPolicy | default "Delete" }}
|
||||||
|
{{- else }}
|
||||||
|
reclaimPolicy: Delete
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
@ -0,0 +1,162 @@
|
|||||||
|
#
|
||||||
|
# Common options.
|
||||||
|
#
|
||||||
|
common:
|
||||||
|
#
|
||||||
|
# Defines whether to generate rbac roles
|
||||||
|
#
|
||||||
|
rbac:
|
||||||
|
# rbac.create: `true` if rbac resources should be created
|
||||||
|
create: true
|
||||||
|
# rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created
|
||||||
|
pspEnabled: false
|
||||||
|
#
|
||||||
|
# Defines whether to generate a serviceAccount
|
||||||
|
#
|
||||||
|
serviceAccount:
|
||||||
|
# serviceAccount.create: Whether to create a service account or not
|
||||||
|
create: true
|
||||||
|
# serviceAccount.name: The name of the service account to create or use
|
||||||
|
name: ""
|
||||||
|
#
|
||||||
|
# Beta PV.NodeAffinity field is used by default. If running against pre-1.10
|
||||||
|
# k8s version, the `useAlphaAPI` flag must be enabled in the configMap.
|
||||||
|
#
|
||||||
|
useAlphaAPI: false
|
||||||
|
#
|
||||||
|
# Indicates if PVs should be dependents of the owner Node.
|
||||||
|
#
|
||||||
|
setPVOwnerRef: false
|
||||||
|
#
|
||||||
|
# Provisioner clean volumes in process by default. If set to true, provisioner
|
||||||
|
# will use Jobs to clean.
|
||||||
|
#
|
||||||
|
useJobForCleaning: false
|
||||||
|
#
|
||||||
|
# Provisioner name contains Node.UID by default. If set to true, the provisioner
|
||||||
|
# name will only use Node.Name.
|
||||||
|
#
|
||||||
|
useNodeNameOnly: false
|
||||||
|
#
|
||||||
|
# Resync period in reflectors will be random between minResyncPeriod and
|
||||||
|
# 2*minResyncPeriod. Default: 5m0s.
|
||||||
|
#
|
||||||
|
#minResyncPeriod: 5m0s
|
||||||
|
#
|
||||||
|
# Configure storage classes.
|
||||||
|
#
|
||||||
|
classes:
|
||||||
|
- name: fast-disks # Defines name of storage classe.
|
||||||
|
# Path on the host where local volumes of this storage class are mounted
|
||||||
|
# under.
|
||||||
|
hostDir: /mnt/fast-disks
|
||||||
|
# Optionally specify mount path of local volumes. By default, we use same
|
||||||
|
# path as hostDir in container.
|
||||||
|
# mountDir: /mnt/fast-disks
|
||||||
|
# The volume mode of created PersistentVolume object. Default to Filesystem
|
||||||
|
# if not specified.
|
||||||
|
volumeMode: Filesystem
|
||||||
|
# Filesystem type to mount.
|
||||||
|
# It applies only when the source path is a block device,
|
||||||
|
# and desire volume mode is Filesystem.
|
||||||
|
# Must be a filesystem type supported by the host operating system.
|
||||||
|
fsType: ext4
|
||||||
|
# File name pattern to discover. By default, discover all file names.
|
||||||
|
namePattern: "*"
|
||||||
|
blockCleanerCommand:
|
||||||
|
# Do a quick reset of the block device during its cleanup.
|
||||||
|
# - "/scripts/quick_reset.sh"
|
||||||
|
# or use dd to zero out block dev in two iterations by uncommenting these lines
|
||||||
|
# - "/scripts/dd_zero.sh"
|
||||||
|
# - "2"
|
||||||
|
# or run shred utility for 2 iteration.s
|
||||||
|
- "/scripts/shred.sh"
|
||||||
|
- "2"
|
||||||
|
# or blkdiscard utility by uncommenting the line below.
|
||||||
|
# - "/scripts/blkdiscard.sh"
|
||||||
|
# Uncomment to create storage class object with default configuration.
|
||||||
|
# storageClass: true
|
||||||
|
# Uncomment to create storage class object and configure it.
|
||||||
|
# storageClass:
|
||||||
|
# reclaimPolicy: Delete # Available reclaim policies: Delete/Retain, defaults: Delete.
|
||||||
|
# isDefaultClass: true # set as default class
|
||||||
|
#
|
||||||
|
# Configure DaemonSet for provisioner.
|
||||||
|
#
|
||||||
|
daemonset:
|
||||||
|
#
|
||||||
|
# Defines Provisioner's image name including container registry.
|
||||||
|
#
|
||||||
|
image: quay.io/external_storage/local-volume-provisioner:v2.3.4
|
||||||
|
#
|
||||||
|
# Defines Image download policy, see kubernetes documentation for available values.
|
||||||
|
#
|
||||||
|
#imagePullPolicy: Always
|
||||||
|
#
|
||||||
|
# Defines a name of the Pod Priority Class to use with the Provisioner DaemonSet
|
||||||
|
#
|
||||||
|
# Note that if you want to make it critical, specify "system-cluster-critical"
|
||||||
|
# or "system-node-critical" and deploy in kube-system namespace.
|
||||||
|
# Ref: https://k8s.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical
|
||||||
|
#
|
||||||
|
#priorityClassName: system-node-critical
|
||||||
|
# If configured, nodeSelector will add a nodeSelector field to the DaemonSet PodSpec.
|
||||||
|
#
|
||||||
|
# NodeSelector constraint for local-volume-provisioner scheduling to nodes.
|
||||||
|
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
||||||
|
nodeSelector: {}
|
||||||
|
#
|
||||||
|
# If configured KubeConfigEnv will (optionally) specify the location of kubeconfig file on the node.
|
||||||
|
# kubeConfigEnv: KUBECONFIG
|
||||||
|
#
|
||||||
|
# List of node labels to be copied to the PVs created by the provisioner in a format:
|
||||||
|
#
|
||||||
|
# nodeLabels:
|
||||||
|
# - failure-domain.beta.kubernetes.io/zone
|
||||||
|
# - failure-domain.beta.kubernetes.io/region
|
||||||
|
#
|
||||||
|
# If configured, tolerations will add a toleration field to the DaemonSet PodSpec.
|
||||||
|
#
|
||||||
|
# Node tolerations for local-volume-provisioner scheduling to nodes with taints.
|
||||||
|
# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||||
|
tolerations: []
|
||||||
|
#
|
||||||
|
# If configured, affinity will add a affinity filed to the DeamonSet PodSpec.
|
||||||
|
# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
|
||||||
|
affinity: {}
|
||||||
|
#
|
||||||
|
# If configured, resources will set the requests/limits field to the Daemonset PodSpec.
|
||||||
|
# Ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||||
|
resources: {}
|
||||||
|
# limits:
|
||||||
|
# memory: "512Mi"
|
||||||
|
# cpu: "1000m"
|
||||||
|
# requests:
|
||||||
|
# memory: "32Mi"
|
||||||
|
# cpu: "10m"
|
||||||
|
#
|
||||||
|
# Configure Prometheus monitoring
|
||||||
|
#
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: false
|
||||||
|
## Interval at which Prometheus scrapes the provisioner
|
||||||
|
interval: 10s
|
||||||
|
# Namespace Prometheus is installed in defaults to release namespace
|
||||||
|
namespace:
|
||||||
|
## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/coreos/prometheus-operator/tree/master/helm#tldr)
|
||||||
|
## [Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus/templates/prometheus.yaml#L65)
|
||||||
|
## [Kube Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/kube-prometheus/values.yaml#L298)
|
||||||
|
additionalLabels: {}
|
||||||
|
relabelings: []
|
||||||
|
# - sourceLabels: [__meta_kubernetes_pod_node_name]
|
||||||
|
# separator: ;
|
||||||
|
# regex: ^(.*)$
|
||||||
|
# targetLabel: nodename
|
||||||
|
# replacement: $1
|
||||||
|
# action: replace
|
||||||
|
|
||||||
|
#
|
||||||
|
# Overrice the default chartname or releasename
|
||||||
|
#
|
||||||
|
nameOverride: ""
|
||||||
|
fullnameOverride: ""
|
10
charts/kubezero-local-volume-provisioner/update.sh
Executable file
10
charts/kubezero-local-volume-provisioner/update.sh
Executable file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# get subchart until they have upstream repo
|
||||||
|
|
||||||
|
rm -rf charts/local-volume-provisioner && mkdir -p charts/local-volume-provisioner
|
||||||
|
|
||||||
|
git clone --depth=1 https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner.git
|
||||||
|
cp -r ./sig-storage-local-static-provisioner/helm/provisioner/* charts/local-volume-provisioner
|
||||||
|
|
||||||
|
rm -rf sig-storage-local-static-provisioner
|
12
charts/kubezero-local-volume-provisioner/values.yaml
Normal file
12
charts/kubezero-local-volume-provisioner/values.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
local-static-provisioner:
|
||||||
|
common:
|
||||||
|
namespace: kube-system
|
||||||
|
classes:
|
||||||
|
- name: local-sc-xfs
|
||||||
|
hostDir: /mnt/disks
|
||||||
|
daemonset:
|
||||||
|
nodeSelector:
|
||||||
|
node.kubernetes.io/localVolume: present
|
||||||
|
prometheus:
|
||||||
|
operator:
|
||||||
|
enabled: false
|
@ -2,7 +2,7 @@ kubezero
|
|||||||
========
|
========
|
||||||
KubeZero ArgoCD Application - Root App of Apps chart of KubeZero
|
KubeZero ArgoCD Application - Root App of Apps chart of KubeZero
|
||||||
|
|
||||||
Current chart version is `0.3.1`
|
Current chart version is `0.3.5`
|
||||||
|
|
||||||
Source code can be found [here](https://kubezero.com)
|
Source code can be found [here](https://kubezero.com)
|
||||||
|
|
||||||
@ -18,6 +18,8 @@ Source code can be found [here](https://kubezero.com)
|
|||||||
|-----|------|---------|-------------|
|
|-----|------|---------|-------------|
|
||||||
| aws-ebs-csi-driver.enabled | bool | `false` | |
|
| aws-ebs-csi-driver.enabled | bool | `false` | |
|
||||||
| calico.enabled | bool | `true` | |
|
| calico.enabled | bool | `true` | |
|
||||||
|
| calico.type | string | `"kustomize"` | |
|
||||||
|
| calico.values.migration | bool | `false` | |
|
||||||
| cert-manager.enabled | bool | `true` | |
|
| cert-manager.enabled | bool | `true` | |
|
||||||
| global.defaultDestination.server | string | `"https://kubernetes.default.svc"` | |
|
| global.defaultDestination.server | string | `"https://kubernetes.default.svc"` | |
|
||||||
| global.defaultSource.pathPrefix | string | `""` | |
|
| global.defaultSource.pathPrefix | string | `""` | |
|
||||||
|
Loading…
Reference in New Issue
Block a user