feat: remove local-path and local-volume provisioners, update kubezero and docs
This commit is contained in:
parent
c671429481
commit
9cce24a7ff
@ -1,18 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: kubezero-local-path-provisioner
|
||||
description: KubeZero Umbrella Chart for local-path-provisioner
|
||||
type: application
|
||||
version: 0.1.0
|
||||
appVersion: 0.0.18
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- local-path-provisioner
|
||||
maintainers:
|
||||
- name: Quarky9
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.1.3"
|
||||
repository: https://zero-down-time.github.io/kubezero/
|
||||
kubeVersion: ">= 1.16.0"
|
@ -1,44 +0,0 @@
|
||||
# kubezero-local-path-provisioner
|
||||
|
||||
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.18](https://img.shields.io/badge/AppVersion-0.0.18-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for local-path-provisioner
|
||||
|
||||
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| local-path-provisioner.nodePathMap[0].node | string | `"DEFAULT_PATH_FOR_NON_LISTED_NODES"` | |
|
||||
| local-path-provisioner.nodePathMap[0].paths[0] | string | `"/opt/local-path-provisioner"` | |
|
||||
| local-path-provisioner.nodeSelector."node-role.kubernetes.io/master" | string | `""` | |
|
||||
| local-path-provisioner.storageClass.create | bool | `true` | |
|
||||
| local-path-provisioner.storageClass.defaultClass | bool | `false` | |
|
||||
| local-path-provisioner.tolerations[0].effect | string | `"NoSchedule"` | |
|
||||
| local-path-provisioner.tolerations[0].key | string | `"node-role.kubernetes.io/master"` | |
|
||||
|
||||
## KubeZero default configuration
|
||||
|
||||
- add nodeSelector to only install on nodes actually having ephemeral local storage
|
||||
- provide matching storage class to expose mounted disks under `/mnt/disks`
|
||||
|
||||
## Resources
|
||||
|
||||
- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner
|
@ -1,27 +0,0 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
|
||||
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
||||
|
||||
## KubeZero default configuration
|
||||
|
||||
- add nodeSelector to only install on nodes actually having ephemeral local storage
|
||||
- provide matching storage class to expose mounted disks under `/mnt/disks`
|
||||
|
||||
## Resources
|
||||
|
||||
- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner
|
@ -1,12 +0,0 @@
|
||||
apiVersion: v1
|
||||
description: Use HostPath for persistent local storage with Kubernetes
|
||||
name: local-path-provisioner
|
||||
version: 0.0.18
|
||||
appVersion: "v0.0.18"
|
||||
keywords:
|
||||
- storage
|
||||
- hostpath
|
||||
kubeVersion: ">=1.12.0-r0"
|
||||
home: https://github.com/rancher/local-path-provisioner
|
||||
sources:
|
||||
- https://github.com/rancher/local-path-provisioner.git
|
@ -1,116 +0,0 @@
|
||||
# Local Path Provisioner
|
||||
|
||||
[Local Path Provisioner](https://github.com/rancher/local-path-provisioner) provides a way for the Kubernetes users to
|
||||
utilize the local storage in each node. Based on the user configuration, the Local Path Provisioner will create
|
||||
`hostPath` based persistent volume on the node automatically. It utilizes the features introduced by Kubernetes [Local
|
||||
Persistent Volume feature](https://kubernetes.io/blog/2018/04/13/local-persistent-volumes-beta/), but make it a simpler
|
||||
solution than the built-in `local` volume feature in Kubernetes.
|
||||
|
||||
## TL;DR;
|
||||
|
||||
```console
|
||||
$ git clone https://github.com/rancher/local-path-provisioner.git
|
||||
$ cd local-path-provisioner
|
||||
$ helm install --name local-path-storage --namespace local-path-storage ./deploy/chart/
|
||||
```
|
||||
|
||||
## Introduction
|
||||
|
||||
This chart bootstraps a [Local Path Provisioner](https://github.com/rancher/local-path-provisioner) deployment on a
|
||||
[Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Kubernetes 1.12+ with Beta APIs enabled
|
||||
|
||||
## Installing the Chart
|
||||
|
||||
To install the chart with the release name `local-path-storage`:
|
||||
|
||||
```console
|
||||
$ git clone https://github.com/rancher/local-path-provisioner.git
|
||||
$ cd local-path-provisioner
|
||||
$ helm install ./deploy/chart/ --name local-path-storage --namespace local-path-storage
|
||||
```
|
||||
|
||||
The command deploys Local Path Provisioner on the Kubernetes cluster in the default configuration. The
|
||||
[configuration](#configuration) section lists the parameters that can be configured during installation.
|
||||
|
||||
> **Tip**: List all releases using `helm list`
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To uninstall/delete the `local-path-storage` deployment:
|
||||
|
||||
```console
|
||||
$ helm delete --purge local-path-storage
|
||||
```
|
||||
|
||||
The command removes all the Kubernetes components associated with the chart and deletes the release.
|
||||
|
||||
## Configuration
|
||||
|
||||
The following table lists the configurable parameters of the Local Path Provisioner for Kubernetes chart and their
|
||||
default values.
|
||||
|
||||
| Parameter | Description | Default |
|
||||
| ----------------------------------- | ------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
|
||||
| `image.repository` | Local Path Provisioner image name | `rancher/local-path-provisioner` |
|
||||
| `image.tag` | Local Path Provisioner image tag | `v0.0.18` |
|
||||
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
|
||||
| `storageClass.create` | If true, create a `StorageClass` | `true` |
|
||||
| `storageClass.provisionerName` | The provisioner name for the storage class | `nil` |
|
||||
| `storageClass.defaultClass` | If true, set the created `StorageClass` as the cluster's default `StorageClass` | `false` |
|
||||
| `storageClass.name` | The name to assign the created StorageClass | local-path |
|
||||
| `storageClass.reclaimPolicy` | ReclaimPolicy field of the class | Delete |
|
||||
| `nodePathMap` | Configuration of where to store the data on each node | `[{node: DEFAULT_PATH_FOR_NON_LISTED_NODES, paths: [/opt/local-path-provisioner]}]` |
|
||||
| `resources` | Local Path Provisioner resource requests & limits | `{}` |
|
||||
| `rbac.create` | If true, create & use RBAC resources | `true` |
|
||||
| `serviceAccount.create` | If true, create the Local Path Provisioner service account | `true` |
|
||||
| `serviceAccount.name` | Name of the Local Path Provisioner service account to use or create | `nil` |
|
||||
| `nodeSelector` | Node labels for Local Path Provisioner pod assignment | `{}` |
|
||||
| `tolerations` | Node taints to tolerate | `[]` |
|
||||
| `affinity` | Pod affinity | `{}` |
|
||||
| `configmap.setup` | Configuration of script to execute setup operations on each node | #!/bin/sh<br>while getopts "m:s:p:" opt<br>do<br> case $opt in <br>  p)<br>  absolutePath=$OPTARG<br>  ;;<br>  s)<br>  sizeInBytes=$OPTARG<br>  ;;<br>  m)<br>  volMode=$OPTARG<br>  ;;<br> esac<br>done<br>mkdir -m 0777 -p ${absolutePath} |
|
||||
| `configmap.teardown` | Configuration of script to execute teardown operations on each node | #!/bin/sh<br>while getopts "m:s:p:" opt<br>do<br> case $opt in <br>  p)<br>  absolutePath=$OPTARG<br>  ;;<br>  s)<br>  sizeInBytes=$OPTARG<br>  ;;<br>  m)<br>  volMode=$OPTARG<br>  ;;<br> esac<br>done<br>rm -rf ${absolutePath} |
|
||||
| `configmap.name` | configmap name | `local-path-config` |
|
||||
| `configmap.helperPod` | helper pod yaml file | apiVersion: v1<br>kind: Pod<br>metadata:<br> name: helper-pod<br>spec:<br> containers:<br> - name: helper-pod<br>  image: busybox |
|
||||
|
||||
|
||||
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
|
||||
|
||||
```console
|
||||
$ helm install ./deploy/chart/ --name local-path-storage --namespace local-path-storage --set storageClass.provisionerName=rancher.io/local-path
|
||||
```
|
||||
|
||||
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the
|
||||
chart. For example,
|
||||
|
||||
```console
|
||||
$ helm install --name local-path-storage --namespace local-path-storage ./deploy/chart/ -f values.yaml
|
||||
```
|
||||
|
||||
> **Tip**: You can use the default [values.yaml](values.yaml)
|
||||
|
||||
## RBAC
|
||||
|
||||
By default the chart will install the recommended RBAC roles and rolebindings.
|
||||
|
||||
You need to have the flag `--authorization-mode=RBAC` on the api server. See the following document for how to enable
|
||||
[RBAC](https://kubernetes.io/docs/admin/authorization/rbac/).
|
||||
|
||||
To determine if your cluster supports RBAC, run the following command:
|
||||
|
||||
```console
|
||||
$ kubectl api-versions | grep rbac
|
||||
```
|
||||
|
||||
If the output contains "beta", you may install the chart with RBAC enabled (see below).
|
||||
|
||||
### Enable RBAC role/rolebinding creation
|
||||
|
||||
To enable the creation of RBAC resources (On clusters with RBAC). Do the following:
|
||||
|
||||
```console
|
||||
$ helm install ./deploy/chart/ --name local-path-storage --namespace local-path-storage --set rbac.create=true
|
||||
```
|
@ -1,13 +0,0 @@
|
||||
You can create a hostpath-backed persistent volume with a persistent volume claim like this:
|
||||
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: local-path-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: {{ .Values.storageClass.name }}
|
||||
resources:
|
||||
requests:
|
||||
storage: 2Gi
|
@ -1,71 +0,0 @@
|
||||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "local-path-provisioner.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "local-path-provisioner.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "local-path-provisioner.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "local-path-provisioner.labels" -}}
|
||||
app.kubernetes.io/name: {{ include "local-path-provisioner.name" . }}
|
||||
helm.sh/chart: {{ include "local-path-provisioner.chart" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use.
|
||||
*/}}
|
||||
{{- define "local-path-provisioner.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
{{ default (include "local-path-provisioner.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the provisioner to use.
|
||||
*/}}
|
||||
{{- define "local-path-provisioner.provisionerName" -}}
|
||||
{{- if .Values.storageClass.provisionerName -}}
|
||||
{{- printf .Values.storageClass.provisionerName -}}
|
||||
{{- else -}}
|
||||
cluster.local/{{ template "local-path-provisioner.fullname" . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "local-path-provisioner.secret" }}
|
||||
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }}
|
||||
{{- end }}
|
@ -1,21 +0,0 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ include "local-path-provisioner.fullname" . }}
|
||||
labels:
|
||||
{{ include "local-path-provisioner.labels" . | indent 4 }}
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes", "persistentvolumeclaims", "configmaps"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["endpoints", "persistentvolumes", "pods"]
|
||||
verbs: ["*"]
|
||||
- apiGroups: [""]
|
||||
resources: ["events"]
|
||||
verbs: ["create", "patch"]
|
||||
- apiGroups: ["storage.k8s.io"]
|
||||
resources: ["storageclasses"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
{{- end -}}
|
@ -1,16 +0,0 @@
|
||||
{{- if .Values.rbac.create -}}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ include "local-path-provisioner.fullname" . }}
|
||||
labels:
|
||||
{{ include "local-path-provisioner.labels" . | indent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ template "local-path-provisioner.fullname" . }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "local-path-provisioner.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{- end -}}
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .Values.configmap.name }}
|
||||
labels:
|
||||
{{ include "local-path-provisioner.labels" . | indent 4 }}
|
||||
data:
|
||||
config.json: |-
|
||||
{
|
||||
"nodePathMap": {{ .Values.nodePathMap | toPrettyJson | nindent 8 }}
|
||||
}
|
||||
setup: |-
|
||||
{{ .Values.configmap.setup | nindent 4 }}
|
||||
teardown: |-
|
||||
{{ .Values.configmap.teardown | nindent 4 }}
|
||||
helperPod.yaml: |-
|
||||
{{ .Values.configmap.helperPod | nindent 4 }}
|
||||
|
@ -1,73 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "local-path-provisioner.fullname" . }}
|
||||
labels:
|
||||
{{ include "local-path-provisioner.labels" . | indent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicaCount }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ include "local-path-provisioner.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "local-path-provisioner.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
serviceAccountName: {{ template "local-path-provisioner.serviceAccountName" . }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
{{- if .Values.privateRegistry.registryUrl }}
|
||||
image: "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
{{- else }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
command:
|
||||
- local-path-provisioner
|
||||
- --debug
|
||||
- start
|
||||
- --config
|
||||
- /etc/config/config.json
|
||||
- --service-account-name
|
||||
- {{ template "local-path-provisioner.serviceAccountName" . }}
|
||||
- --provisioner-name
|
||||
- {{ template "local-path-provisioner.provisionerName" . }}
|
||||
- --helper-image
|
||||
{{- if .Values.privateRegistry.registryUrl }}
|
||||
- "{{ .Values.privateRegistry.registryUrl }}/{{ .Values.helperImage.repository }}:{{ .Values.helperImage.tag }}"
|
||||
{{- else }}
|
||||
- "{{ .Values.helperImage.repository }}:{{ .Values.helperImage.tag }}"
|
||||
{{- end }}
|
||||
- --configmap-name
|
||||
- {{ .Values.configmap.name }}
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/config/
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
value: {{ .Release.Namespace }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
volumes:
|
||||
- name: config-volume
|
||||
configMap:
|
||||
name: {{ .Values.configmap.name }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
@ -1,9 +0,0 @@
|
||||
{{- if .Values.defaultSettings.registrySecret }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Values.defaultSettings.registrySecret }}
|
||||
type: kubernetes.io/dockerconfigjson
|
||||
data:
|
||||
.dockerconfigjson: {{ template "local-path-provisioner.secret" . }}
|
||||
{{- end }}
|
@ -1,15 +0,0 @@
|
||||
{{- if .Values.serviceAccount.create -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "local-path-provisioner.serviceAccountName" . }}
|
||||
labels:
|
||||
{{ include "local-path-provisioner.labels" . | indent 4 }}
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- if .Values.defaultSettings.registrySecret }}
|
||||
- name: {{ .Values.defaultSettings.registrySecret }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -1,15 +0,0 @@
|
||||
{{ if .Values.storageClass.create -}}
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: {{ .Values.storageClass.name }}
|
||||
labels:
|
||||
{{ include "local-path-provisioner.labels" . | indent 4 }}
|
||||
{{- if .Values.storageClass.defaultClass }}
|
||||
annotations:
|
||||
storageclass.kubernetes.io/is-default-class: "true"
|
||||
{{- end }}
|
||||
provisioner: {{ template "local-path-provisioner.provisionerName" . }}
|
||||
volumeBindingMode: WaitForFirstConsumer
|
||||
reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }}
|
||||
{{- end }}
|
@ -1,144 +0,0 @@
|
||||
# Default values for local-path-provisioner.
|
||||
|
||||
replicaCount: 1
|
||||
|
||||
image:
|
||||
repository: rancher/local-path-provisioner
|
||||
tag: v0.0.18
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
helperImage:
|
||||
repository: busybox
|
||||
tag: latest
|
||||
|
||||
defaultSettings:
|
||||
registrySecret: ~
|
||||
|
||||
privateRegistry:
|
||||
registryUrl: ~
|
||||
registryUser: ~
|
||||
registryPasswd: ~
|
||||
|
||||
imagePullSecrets: []
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
## For creating the StorageClass automatically:
|
||||
storageClass:
|
||||
create: true
|
||||
|
||||
## Set a provisioner name. If unset, a name will be generated.
|
||||
# provisionerName: rancher.io/local-path
|
||||
|
||||
## Set StorageClass as the default StorageClass
|
||||
## Ignored if storageClass.create is false
|
||||
defaultClass: false
|
||||
|
||||
## Set a StorageClass name
|
||||
## Ignored if storageClass.create is false
|
||||
name: local-path
|
||||
|
||||
## ReclaimPolicy field of the class, which can be either Delete or Retain
|
||||
reclaimPolicy: Delete
|
||||
|
||||
# nodePathMap is the place user can customize where to store the data on each node.
|
||||
# 1. If one node is not listed on the nodePathMap, and Kubernetes wants to create volume on it, the paths specified in
|
||||
# DEFAULT_PATH_FOR_NON_LISTED_NODES will be used for provisioning.
|
||||
# 2. If one node is listed on the nodePathMap, the specified paths will be used for provisioning.
|
||||
# 1. If one node is listed but with paths set to [], the provisioner will refuse to provision on this node.
|
||||
# 2. If more than one path was specified, the path would be chosen randomly when provisioning.
|
||||
#
|
||||
# The configuration must obey following rules:
|
||||
# 1. A path must start with /, a.k.a an absolute path.
|
||||
# 2. Root directory (/) is prohibited.
|
||||
# 3. No duplicate paths allowed for one node.
|
||||
# 4. No duplicate node allowed.
|
||||
nodePathMap:
|
||||
- node: DEFAULT_PATH_FOR_NON_LISTED_NODES
|
||||
paths:
|
||||
- /opt/local-path-provisioner
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
|
||||
rbac:
|
||||
# Specifies whether RBAC resources should be created
|
||||
create: true
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a ServiceAccount should be created
|
||||
create: true
|
||||
# The name of the ServiceAccount to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
name:
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
tolerations: []
|
||||
|
||||
affinity: {}
|
||||
|
||||
configmap:
|
||||
# specify the config map name
|
||||
name: local-path-config
|
||||
# specify the custom script for setup and teardown
|
||||
setup: |-
|
||||
#!/bin/sh
|
||||
while getopts "m:s:p:" opt
|
||||
do
|
||||
case $opt in
|
||||
p)
|
||||
absolutePath=$OPTARG
|
||||
;;
|
||||
s)
|
||||
sizeInBytes=$OPTARG
|
||||
;;
|
||||
m)
|
||||
volMode=$OPTARG
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
mkdir -m 0777 -p ${absolutePath}
|
||||
teardown: |-
|
||||
#!/bin/sh
|
||||
while getopts "m:s:p:" opt
|
||||
do
|
||||
case $opt in
|
||||
p)
|
||||
absolutePath=$OPTARG
|
||||
;;
|
||||
s)
|
||||
sizeInBytes=$OPTARG
|
||||
;;
|
||||
m)
|
||||
volMode=$OPTARG
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
rm -rf ${absolutePath}
|
||||
# specify the custom helper pod yaml
|
||||
helperPod: |-
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
metadata:
|
||||
name: helper-pod
|
||||
spec:
|
||||
containers:
|
||||
- name: helper-pod
|
||||
image: busybox
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -1,8 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# get subchart until they have upstream repo
|
||||
rm -rf charts/local-path-provisioner && mkdir -p charts/local-path-provisioner
|
||||
|
||||
git clone --depth=1 https://github.com/rancher/local-path-provisioner.git
|
||||
cp -r local-path-provisioner/deploy/chart/* charts/local-path-provisioner
|
||||
rm -rf local-path-provisioner
|
@ -1,16 +0,0 @@
|
||||
local-path-provisioner:
|
||||
storageClass:
|
||||
create: true
|
||||
defaultClass: false
|
||||
|
||||
nodePathMap:
|
||||
- node: DEFAULT_PATH_FOR_NON_LISTED_NODES
|
||||
paths:
|
||||
- /opt/local-path-provisioner
|
||||
|
||||
nodeSelector:
|
||||
node-role.kubernetes.io/master: ""
|
||||
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
@ -1,18 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: kubezero-local-volume-provisioner
|
||||
description: KubeZero Umbrella Chart for local-static-provisioner
|
||||
type: application
|
||||
version: 0.1.1
|
||||
appVersion: 2.3.4
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
- kubezero
|
||||
- local-static-provisioner
|
||||
maintainers:
|
||||
- name: Quarky9
|
||||
dependencies:
|
||||
- name: kubezero-lib
|
||||
version: ">= 0.1.3"
|
||||
repository: https://zero-down-time.github.io/kubezero/
|
||||
kubeVersion: ">= 1.16.0"
|
@ -1,43 +0,0 @@
|
||||
# kubezero-local-volume-provisioner
|
||||
|
||||
![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.4](https://img.shields.io/badge/AppVersion-2.3.4-informational?style=flat-square)
|
||||
|
||||
KubeZero Umbrella Chart for local-static-provisioner
|
||||
|
||||
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
|
||||
|
||||
**Homepage:** <https://kubezero.com>
|
||||
|
||||
## Maintainers
|
||||
|
||||
| Name | Email | Url |
|
||||
| ---- | ------ | --- |
|
||||
| Quarky9 | | |
|
||||
|
||||
## Requirements
|
||||
|
||||
Kubernetes: `>= 1.16.0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.3 |
|
||||
|
||||
## Values
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| local-static-provisioner.classes[0].hostDir | string | `"/mnt/disks"` | |
|
||||
| local-static-provisioner.classes[0].name | string | `"local-sc-xfs"` | |
|
||||
| local-static-provisioner.common.namespace | string | `"kube-system"` | |
|
||||
| local-static-provisioner.daemonset.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key | string | `"node.kubernetes.io/localVolumes"` | |
|
||||
| local-static-provisioner.daemonset.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"Exists"` | |
|
||||
| local-static-provisioner.prometheus.operator.enabled | bool | `false` | |
|
||||
|
||||
## KubeZero default configuration
|
||||
|
||||
- add nodeSelector to only install on nodes actually having ephemeral local storage
|
||||
- provide matching storage class to expose mounted disks under `/mnt/disks`
|
||||
|
||||
## Resources
|
||||
|
||||
- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner
|
@ -1,27 +0,0 @@
|
||||
{{ template "chart.header" . }}
|
||||
{{ template "chart.deprecationWarning" . }}
|
||||
|
||||
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
|
||||
|
||||
{{ template "chart.description" . }}
|
||||
|
||||
Provides persistent volumes backed by local volumes, eg. additional SSDs or spindles.
|
||||
|
||||
{{ template "chart.homepageLine" . }}
|
||||
|
||||
{{ template "chart.maintainersSection" . }}
|
||||
|
||||
{{ template "chart.sourcesSection" . }}
|
||||
|
||||
{{ template "chart.requirementsSection" . }}
|
||||
|
||||
{{ template "chart.valuesSection" . }}
|
||||
|
||||
## KubeZero default configuration
|
||||
|
||||
- add nodeSelector to only install on nodes actually having ephemeral local storage
|
||||
- provide matching storage class to expose mounted disks under `/mnt/disks`
|
||||
|
||||
## Resources
|
||||
|
||||
- https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner
|
@ -1,8 +0,0 @@
|
||||
apiVersion: v1
|
||||
appVersion: 2.3.4
|
||||
description: local provisioner chart
|
||||
keywords:
|
||||
- storage
|
||||
- local
|
||||
name: local-static-provisioner
|
||||
version: 3.0.0
|
@ -1 +0,0 @@
|
||||
provisioner installed
|
@ -1,42 +0,0 @@
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "provisioner.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "provisioner.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "provisioner.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "provisioner.serviceAccountName" -}}
|
||||
{{- if .Values.common.serviceAccount.create -}}
|
||||
{{ default (include "provisioner.fullname" .) .Values.common.serviceAccount.name }}
|
||||
{{- else -}}
|
||||
{{ default "default" .Values.common.serviceAccount.name }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
@ -1,52 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "provisioner.fullname" . }}-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
data:
|
||||
{{- if .Values.daemonset.nodeLabels }}
|
||||
nodeLabelsForPV: |
|
||||
{{- range $label := .Values.daemonset.nodeLabels }}
|
||||
- {{$label}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.common.useAlphaAPI }}
|
||||
useAlphaAPI: "true"
|
||||
{{- end }}
|
||||
{{- if .Values.common.setPVOwnerRef }}
|
||||
setPVOwnerRef: "true"
|
||||
{{- end }}
|
||||
{{- if .Values.common.useJobForCleaning }}
|
||||
useJobForCleaning: "yes"
|
||||
{{- end}}
|
||||
{{- if .Values.common.useNodeNameOnly }}
|
||||
useNodeNameOnly: "true"
|
||||
{{- end }}
|
||||
{{- if .Values.common.minResyncPeriod }}
|
||||
minResyncPeriod: {{ .Values.common.minResyncPeriod | quote }}
|
||||
{{- end}}
|
||||
storageClassMap: |
|
||||
{{- range $classConfig := .Values.classes }}
|
||||
{{ $classConfig.name }}:
|
||||
hostDir: {{ $classConfig.hostDir }}
|
||||
mountDir: {{ if $classConfig.mountDir }} {{- $classConfig.mountDir -}} {{ else }} {{- $classConfig.hostDir -}} {{ end }}
|
||||
{{- if $classConfig.blockCleanerCommand }}
|
||||
blockCleanerCommand:
|
||||
{{- range $val := $classConfig.blockCleanerCommand }}
|
||||
- "{{ $val -}}"{{- end}}
|
||||
{{- end }}
|
||||
{{- if $classConfig.volumeMode }}
|
||||
volumeMode: {{ $classConfig.volumeMode }}
|
||||
{{- end }}
|
||||
{{- if $classConfig.fsType }}
|
||||
fsType: {{ $classConfig.fsType }}
|
||||
{{- end }}
|
||||
{{- if $classConfig.namePattern }}
|
||||
namePattern: "{{ $classConfig.namePattern }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -1,93 +0,0 @@
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: {{ include "provisioner.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
serviceAccountName: {{ template "provisioner.serviceAccountName" . }}
|
||||
{{- if .Values.daemonset.priorityClassName }}
|
||||
priorityClassName: {{.Values.daemonset.priorityClassName}}
|
||||
{{- end }}
|
||||
{{- if .Values.daemonset.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ .Values.daemonset.nodeSelector | toYaml | trim | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.daemonset.tolerations }}
|
||||
tolerations:
|
||||
{{ .Values.daemonset.tolerations | toYaml | trim | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.daemonset.affinity }}
|
||||
affinity:
|
||||
{{ .Values.daemonset.affinity | toYaml | trim | indent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- image: "{{ .Values.daemonset.image }}"
|
||||
{{- if .Values.daemonset.imagePullPolicy }}
|
||||
imagePullPolicy: {{ .Values.daemonset.imagePullPolicy | quote }}
|
||||
{{- end }}
|
||||
name: provisioner
|
||||
securityContext:
|
||||
privileged: true
|
||||
{{- if .Values.daemonset.resources }}
|
||||
resources:
|
||||
{{ .Values.daemonset.resources | toYaml | trim | indent 12 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: MY_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: MY_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: JOB_CONTAINER_IMAGE
|
||||
value: "{{ .Values.daemonset.image }}"
|
||||
{{- if .Values.daemonset.kubeConfigEnv }}
|
||||
- name: KUBECONFIG
|
||||
value: {{.Values.daemonset.kubeConfigEnv}}
|
||||
{{- end }}
|
||||
{{- if .Values.serviceMonitor.enabled }}
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: metrics
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- mountPath: /etc/provisioner/config
|
||||
name: provisioner-config
|
||||
readOnly: true
|
||||
- mountPath: /dev
|
||||
name: provisioner-dev
|
||||
{{- range $classConfig := .Values.classes }}
|
||||
- mountPath: {{ if $classConfig.mountDir }} {{- $classConfig.mountDir -}} {{ else }} {{- $classConfig.hostDir -}} {{ end }}
|
||||
name: {{ $classConfig.name }}
|
||||
mountPropagation: "HostToContainer"
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: provisioner-config
|
||||
configMap:
|
||||
name: {{ template "provisioner.fullname" . }}-config
|
||||
- name: provisioner-dev
|
||||
hostPath:
|
||||
path: /dev
|
||||
{{- range $classConfig := .Values.classes }}
|
||||
- name: {{ $classConfig.name }}
|
||||
hostPath:
|
||||
path: {{ $classConfig.hostDir }}
|
||||
{{- end }}
|
@ -1,36 +0,0 @@
|
||||
{{- if .Values.common.rbac.pspEnabled -}}
|
||||
apiVersion: policy/v1beta1
|
||||
kind: PodSecurityPolicy
|
||||
metadata:
|
||||
name: {{ template "provisioner.fullname" . }}
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
allowPrivilegeEscalation: true
|
||||
allowedHostPaths:
|
||||
- pathPrefix: /dev
|
||||
{{- range $classConfig := .Values.classes }}
|
||||
- pathPrefix: {{ $classConfig.hostDir }}
|
||||
{{- end }}
|
||||
fsGroup:
|
||||
rule: RunAsAny
|
||||
privileged: true
|
||||
requiredDropCapabilities:
|
||||
- ALL
|
||||
runAsUser:
|
||||
ranges:
|
||||
- max: 65535
|
||||
min: 1
|
||||
rule: MustRunAs
|
||||
seLinux:
|
||||
rule: RunAsAny
|
||||
supplementalGroups:
|
||||
rule: RunAsAny
|
||||
volumes:
|
||||
- configMap
|
||||
- secret
|
||||
- hostPath
|
||||
{{- end }}
|
@ -1,131 +0,0 @@
|
||||
{{- if .Values.common.rbac.create }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "provisioner.fullname" . }}-pv-binding
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "provisioner.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: system:persistent-volume-provisioner
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ template "provisioner.fullname" . }}-node-clusterrole
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ template "provisioner.fullname" . }}-node-binding
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "provisioner.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: {{ template "provisioner.fullname" . }}-node-clusterrole
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- if .Values.common.useJobForCleaning }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ template "provisioner.fullname" . }}-jobs-role
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- 'batch'
|
||||
resources:
|
||||
- jobs
|
||||
verbs:
|
||||
- '*'
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ template "provisioner.fullname" . }}-jobs-rolebinding
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "provisioner.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ template "provisioner.fullname" . }}-jobs-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- if .Values.common.rbac.pspEnabled }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ template "provisioner.fullname" . }}-psp-role
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- policy
|
||||
resources:
|
||||
- podsecuritypolicies
|
||||
resourceNames:
|
||||
- {{ template "provisioner.fullname" . }}
|
||||
verbs:
|
||||
- use
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ template "provisioner.fullname" . }}-psp-rolebinding
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ template "provisioner.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ template "provisioner.fullname" . }}-psp-role
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -1,12 +0,0 @@
|
||||
{{- if .Values.common.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ template "provisioner.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
@ -1,53 +0,0 @@
|
||||
{{- if .Values.serviceMonitor.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "provisioner.fullname" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 8080
|
||||
targetPort: 8080
|
||||
name: metrics
|
||||
selector:
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ include "provisioner.fullname" . }}
|
||||
namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace }}
|
||||
labels:
|
||||
helm.sh/chart: {{ template "provisioner.chart" . }}
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- range $k, $v := .Values.serviceMonitor.additionalLabels }}
|
||||
{{ $k }}: {{ $v | quote }}
|
||||
{{- end }}
|
||||
spec:
|
||||
jobLabel: app.kubernetes.io/name
|
||||
endpoints:
|
||||
- port: metrics
|
||||
interval: {{ .Values.serviceMonitor.interval }}
|
||||
scheme: http
|
||||
{{- if .Values.serviceMonitor.relabelings }}
|
||||
relabelings:
|
||||
{{ toYaml .Values.serviceMonitor.relabelings | indent 4 }}
|
||||
{{- end }}
|
||||
namespaceSelector:
|
||||
matchNames:
|
||||
- {{ .Release.Namespace }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: {{ template "provisioner.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
@ -1,28 +0,0 @@
|
||||
{{- $release := .Release }}
|
||||
{{- $chart := .Chart }}
|
||||
{{- range $val := .Values.classes }}
|
||||
{{- if $val.storageClass }}
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: {{ $val.name }}
|
||||
{{- if kindIs "map" $val.storageClass }}
|
||||
{{- if $val.storageClass.isDefaultClass }}
|
||||
annotations:
|
||||
storageclass.kubernetes.io/is-default-class: "true"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: {{ $release.Service | quote }}
|
||||
app.kubernetes.io/instance: {{ $release.Name | quote }}
|
||||
helm.sh/chart: {{ replace "+" "_" $chart.Version | printf "%s-%s" $chart.Name }}
|
||||
provisioner: kubernetes.io/no-provisioner
|
||||
volumeBindingMode: WaitForFirstConsumer
|
||||
{{- if kindIs "map" $val.storageClass }}
|
||||
reclaimPolicy: {{ $val.storageClass.reclaimPolicy | default "Delete" }}
|
||||
{{- else }}
|
||||
reclaimPolicy: Delete
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
@ -1,162 +0,0 @@
|
||||
#
|
||||
# Common options.
|
||||
#
|
||||
common:
|
||||
#
|
||||
# Defines whether to generate rbac roles
|
||||
#
|
||||
rbac:
|
||||
# rbac.create: `true` if rbac resources should be created
|
||||
create: true
|
||||
# rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created
|
||||
pspEnabled: false
|
||||
#
|
||||
# Defines whether to generate a serviceAccount
|
||||
#
|
||||
serviceAccount:
|
||||
# serviceAccount.create: Whether to create a service account or not
|
||||
create: true
|
||||
# serviceAccount.name: The name of the service account to create or use
|
||||
name: ""
|
||||
#
|
||||
# Beta PV.NodeAffinity field is used by default. If running against pre-1.10
|
||||
# k8s version, the `useAlphaAPI` flag must be enabled in the configMap.
|
||||
#
|
||||
useAlphaAPI: false
|
||||
#
|
||||
# Indicates if PVs should be dependents of the owner Node.
|
||||
#
|
||||
setPVOwnerRef: false
|
||||
#
|
||||
# Provisioner clean volumes in process by default. If set to true, provisioner
|
||||
# will use Jobs to clean.
|
||||
#
|
||||
useJobForCleaning: false
|
||||
#
|
||||
# Provisioner name contains Node.UID by default. If set to true, the provisioner
|
||||
# name will only use Node.Name.
|
||||
#
|
||||
useNodeNameOnly: false
|
||||
#
|
||||
# Resync period in reflectors will be random between minResyncPeriod and
|
||||
# 2*minResyncPeriod. Default: 5m0s.
|
||||
#
|
||||
#minResyncPeriod: 5m0s
|
||||
#
|
||||
# Configure storage classes.
|
||||
#
|
||||
classes:
|
||||
- name: fast-disks # Defines name of storage classe.
|
||||
# Path on the host where local volumes of this storage class are mounted
|
||||
# under.
|
||||
hostDir: /mnt/fast-disks
|
||||
# Optionally specify mount path of local volumes. By default, we use same
|
||||
# path as hostDir in container.
|
||||
# mountDir: /mnt/fast-disks
|
||||
# The volume mode of created PersistentVolume object. Default to Filesystem
|
||||
# if not specified.
|
||||
volumeMode: Filesystem
|
||||
# Filesystem type to mount.
|
||||
# It applies only when the source path is a block device,
|
||||
# and desire volume mode is Filesystem.
|
||||
# Must be a filesystem type supported by the host operating system.
|
||||
fsType: ext4
|
||||
# File name pattern to discover. By default, discover all file names.
|
||||
namePattern: "*"
|
||||
blockCleanerCommand:
|
||||
# Do a quick reset of the block device during its cleanup.
|
||||
# - "/scripts/quick_reset.sh"
|
||||
# or use dd to zero out block dev in two iterations by uncommenting these lines
|
||||
# - "/scripts/dd_zero.sh"
|
||||
# - "2"
|
||||
# or run shred utility for 2 iteration.s
|
||||
- "/scripts/shred.sh"
|
||||
- "2"
|
||||
# or blkdiscard utility by uncommenting the line below.
|
||||
# - "/scripts/blkdiscard.sh"
|
||||
# Uncomment to create storage class object with default configuration.
|
||||
# storageClass: true
|
||||
# Uncomment to create storage class object and configure it.
|
||||
# storageClass:
|
||||
# reclaimPolicy: Delete # Available reclaim policies: Delete/Retain, defaults: Delete.
|
||||
# isDefaultClass: true # set as default class
|
||||
#
|
||||
# Configure DaemonSet for provisioner.
|
||||
#
|
||||
daemonset:
|
||||
#
|
||||
# Defines Provisioner's image name including container registry.
|
||||
#
|
||||
image: quay.io/external_storage/local-volume-provisioner:v2.3.4
|
||||
#
|
||||
# Defines Image download policy, see kubernetes documentation for available values.
|
||||
#
|
||||
#imagePullPolicy: Always
|
||||
#
|
||||
# Defines a name of the Pod Priority Class to use with the Provisioner DaemonSet
|
||||
#
|
||||
# Note that if you want to make it critical, specify "system-cluster-critical"
|
||||
# or "system-node-critical" and deploy in kube-system namespace.
|
||||
# Ref: https://k8s.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical
|
||||
#
|
||||
#priorityClassName: system-node-critical
|
||||
# If configured, nodeSelector will add a nodeSelector field to the DaemonSet PodSpec.
|
||||
#
|
||||
# NodeSelector constraint for local-volume-provisioner scheduling to nodes.
|
||||
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
||||
nodeSelector: {}
|
||||
#
|
||||
# If configured KubeConfigEnv will (optionally) specify the location of kubeconfig file on the node.
|
||||
# kubeConfigEnv: KUBECONFIG
|
||||
#
|
||||
# List of node labels to be copied to the PVs created by the provisioner in a format:
|
||||
#
|
||||
# nodeLabels:
|
||||
# - failure-domain.beta.kubernetes.io/zone
|
||||
# - failure-domain.beta.kubernetes.io/region
|
||||
#
|
||||
# If configured, tolerations will add a toleration field to the DaemonSet PodSpec.
|
||||
#
|
||||
# Node tolerations for local-volume-provisioner scheduling to nodes with taints.
|
||||
# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||||
tolerations: []
|
||||
#
|
||||
# If configured, affinity will add a affinity filed to the DeamonSet PodSpec.
|
||||
# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
|
||||
affinity: {}
|
||||
#
|
||||
# If configured, resources will set the requests/limits field to the Daemonset PodSpec.
|
||||
# Ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
resources: {}
|
||||
# limits:
|
||||
# memory: "512Mi"
|
||||
# cpu: "1000m"
|
||||
# requests:
|
||||
# memory: "32Mi"
|
||||
# cpu: "10m"
|
||||
#
|
||||
# Configure Prometheus monitoring
|
||||
#
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
## Interval at which Prometheus scrapes the provisioner
|
||||
interval: 10s
|
||||
# Namespace Prometheus is installed in defaults to release namespace
|
||||
namespace:
|
||||
## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/coreos/prometheus-operator/tree/master/helm#tldr)
|
||||
## [Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus/templates/prometheus.yaml#L65)
|
||||
## [Kube Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/kube-prometheus/values.yaml#L298)
|
||||
additionalLabels: {}
|
||||
relabelings: []
|
||||
# - sourceLabels: [__meta_kubernetes_pod_node_name]
|
||||
# separator: ;
|
||||
# regex: ^(.*)$
|
||||
# targetLabel: nodename
|
||||
# replacement: $1
|
||||
# action: replace
|
||||
|
||||
#
|
||||
# Overrice the default chartname or releasename
|
||||
#
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
@ -1,8 +0,0 @@
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: local-sc-xfs
|
||||
provisioner: kubernetes.io/no-provisioner
|
||||
volumeBindingMode: WaitForFirstConsumer
|
||||
# Supported policies: Delete, Retain
|
||||
reclaimPolicy: Delete
|
@ -1,10 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# get subchart until they have upstream repo
|
||||
|
||||
rm -rf charts/local-volume-provisioner && mkdir -p charts/local-volume-provisioner
|
||||
|
||||
git clone --depth=1 https://github.com/kubernetes-sigs/sig-storage-local-static-provisioner.git
|
||||
cp -r ./sig-storage-local-static-provisioner/helm/provisioner/* charts/local-volume-provisioner
|
||||
|
||||
rm -rf sig-storage-local-static-provisioner
|
@ -1,17 +0,0 @@
|
||||
local-static-provisioner:
|
||||
common:
|
||||
namespace: kube-system
|
||||
classes:
|
||||
- name: local-sc-xfs
|
||||
hostDir: /mnt/disks
|
||||
daemonset:
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
nodeSelectorTerms:
|
||||
- matchExpressions:
|
||||
- key: node.kubernetes.io/localVolumes
|
||||
operator: Exists
|
||||
prometheus:
|
||||
operator:
|
||||
enabled: false
|
@ -38,6 +38,7 @@ dashboards:
|
||||
url: file://kube-mixin/namespace-by-workload.json
|
||||
- name: persistentvolumesusage
|
||||
url: file://kube-mixin/persistentvolumesusage.json
|
||||
tags: ['kubernetes', 'csi']
|
||||
- name: pod-total
|
||||
url: file://kube-mixin/pod-total.json
|
||||
- name: proxy
|
||||
|
@ -50,8 +50,6 @@ Kubernetes: `>= 1.18.0`
|
||||
| istio.enabled | bool | `false` | |
|
||||
| istio.namespace | string | `"istio-system"` | |
|
||||
| kiam.enabled | bool | `false` | |
|
||||
| local-path-provisioner.enabled | bool | `false` | |
|
||||
| local-volume-provisioner.enabled | bool | `false` | |
|
||||
| logging.crds | bool | `true` | |
|
||||
| logging.enabled | bool | `false` | |
|
||||
| logging.namespace | string | `"logging"` | |
|
||||
@ -60,6 +58,8 @@ Kubernetes: `>= 1.18.0`
|
||||
| metrics.istio.grafana | object | `{}` | |
|
||||
| metrics.istio.prometheus | object | `{}` | |
|
||||
| metrics.namespace | string | `"monitoring"` | |
|
||||
| storage.crds | bool | `true` | |
|
||||
| storage.enabled | bool | `false` | |
|
||||
| timecapsule.enabled | bool | `false` | |
|
||||
|
||||
----------------------------------------------
|
||||
|
@ -1,6 +1,6 @@
|
||||
{{- if not .Values.argo }}
|
||||
|
||||
{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-node-termination-handler" "aws-ebs-csi-driver" "aws-efs-csi-driver" "local-volume-provisioner" "local-path-provisioner" "istio" "istio-ingress" "metrics" "logging" "argocd" "timecapsule" "storage" }}
|
||||
{{- $artifacts := list "calico" "cert-manager" "kiam" "aws-ebs-csi-driver" "aws-efs-csi-driver" "istio" "istio-ingress" "metrics" "logging" "argocd" "timecapsule" "storage" }}
|
||||
|
||||
{{- if .Values.global }}
|
||||
global:
|
||||
|
@ -1,16 +0,0 @@
|
||||
{{- define "local-path-provisioner-values" }}
|
||||
local-path-provisioner:
|
||||
{{- with index .Values "local-path-provisioner" "storageClass" }}
|
||||
storageClass:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with index .Values "local-path-provisioner" "nodePathMap" }}
|
||||
nodePathMap:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "local-path-provisioner-argo" }}
|
||||
{{- end }}
|
||||
|
||||
{{ include "kubezero-app.app" . }}
|
@ -1,7 +0,0 @@
|
||||
{{- define "local-volume-provisioner-values" }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "local-volume-provisioner-argo" }}
|
||||
{{- end }}
|
||||
|
||||
{{ include "kubezero-app.app" . }}
|
@ -30,12 +30,6 @@ storage:
|
||||
enabled: false
|
||||
crds: true
|
||||
|
||||
local-volume-provisioner:
|
||||
enabled: false
|
||||
|
||||
local-path-provisioner:
|
||||
enabled: false
|
||||
|
||||
aws-ebs-csi-driver:
|
||||
enabled: false
|
||||
crds: true
|
||||
|
@ -5,8 +5,14 @@
|
||||
This allows pods to assume IAM roles without the need of additional services like kiam.
|
||||
- Cert-manager integration now supports [cross-account issuer](https://cert-manager.io/docs/configuration/acme/dns01/route53/#cross-account-access) for AWS route53
|
||||
- Optional Proxy Protocol support for Ingress Loadbalancers, which allows preserving the real client IP and at the same time solves the hairpin routing issues of the AWS NLBs, see [Istio blog](https://istio.io/v1.9/blog/2020/show-source-ip/)
|
||||
- Optional taints for each workergroup allowing to reserve certain nodes for dedicated workloads. The minimum required KubeZero pods will still be scheduled eg. CSI drivers, logging and metric agents.
|
||||
|
||||
## New modules
|
||||
### Storage
|
||||
New module to provide various storage related components from here on. The first provider is a minimal subset of OpenEBS.
|
||||
|
||||
The *LVM Local PV provisioner* allows the use of any available LVM storage on worker nodes as local PVs.
|
||||
|
||||
### MQ / NATS
|
||||
Deploy [NATS](https://docs.nats.io/jetstream/jetstream) services incl. jetstream engine, Grafana dashboards etc.
|
||||
|
||||
@ -14,6 +20,10 @@ Deploy [NATS](https://docs.nats.io/jetstream/jetstream) services incl. jetstream
|
||||
Provides backup solutions for KubeZero clusters, like
|
||||
Scheduled snapshots for EBS backed PVCs incl. custom retention and restore.
|
||||
|
||||
## Removed modules
|
||||
- local-path-provisioner -> functionality replaced by OpenEBS LVM
|
||||
- local-volume-provisioner -> functionality replaced by OpenEBS LVM
|
||||
|
||||
## Changelog
|
||||
|
||||
### General
|
||||
|
@ -8,8 +8,6 @@ FORCE=${2:-''}
|
||||
SRCROOT="$(cd "$(dirname "$0")/.." && pwd)"
|
||||
GIT_PUSH=${GIT_PUSH:-true}
|
||||
|
||||
[[ "$(git branch --show-current)" == "stable" || -n "$FORCE" ]] || { echo "Helm packages should only be built from stable branch !"; exit 1; }
|
||||
|
||||
TMPDIR=$(mktemp -d kubezero-repo.XXX)
|
||||
mkdir -p $TMPDIR/stage && trap 'rm -rf $TMPDIR' ERR EXIT
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user