Tweaks for aws-ebs-csi-driver, added initial aws-efs-csi-driver

charts/kubezero-argo-cd/README.md

@@ -2,7 +2,7 @@ kubezero-argo-cd
 ================
 KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
 
-Current chart version is `0.3.2`
+Current chart version is `0.3.5`
 
 Source code can be found [here](https://kubezero.com)
 
@@ -24,6 +24,7 @@ Source code can be found [here](https://kubezero.com)
 | argo-cd.installCRDs | bool | `false` |  |
 | argo-cd.istio.enabled | bool | `false` | Deploy Istio VirtualService to expose ArgoCD |
 | argo-cd.istio.gateway | string | `"ingressgateway.istio-system.svc.cluster.local"` | Name of the Istio gateway to add the VirtualService to |
+| argo-cd.istio.ipBlocks | list | `[]` |  |
 | argo-cd.redis.nodeSelector."node-role.kubernetes.io/master" | string | `""` |  |
 | argo-cd.redis.tolerations[0].effect | string | `"NoSchedule"` |  |
 | argo-cd.redis.tolerations[0].key | string | `"node-role.kubernetes.io/master"` |  |

charts/kubezero-aws-ebs-csi-driver/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero-aws-ebs-csi-driver
 description: KubeZero Umbrella Chart for aws-ebs-csi-driver
 type: application
-version: 0.1.0
+version: 0.1.1
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 sources:

charts/kubezero-aws-ebs-csi-driver/README.md

@@ -2,7 +2,7 @@ kubezero-aws-ebs-csi-driver
 ===========================
 KubeZero Umbrella Chart for aws-ebs-csi-driver
 
-Current chart version is `0.1.0`
+Current chart version is `0.1.1`
 
 Source code can be found [here](https://kubezero.com)
 
@@ -20,13 +20,15 @@ podAnnotations:
 ```
 
 ## Storage Classes
-Provides the *ebs-sc-gp2-xfs* storage class for gp2, enrypted and XFS.
+By default it also creates the *ebs-sc-gp2-xfs* storage class for gp2, enrypted and XFS.
-This class is also set as default.
+This class is by default also set as default storage class.
 
 ## Chart Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| StorageClass.create | bool | `true` |  |
+| StorageClass.default | bool | `true` |  |
 | aws-ebs-csi-driver.enableVolumeResizing | bool | `false` |  |
 | aws-ebs-csi-driver.enableVolumeScheduling | bool | `true` |  |
 | aws-ebs-csi-driver.enableVolumeSnapshot | bool | `false` |  |

charts/kubezero-aws-ebs-csi-driver/README.md.gotmpl

@@ -15,7 +15,7 @@ podAnnotations:
 ```
 
 ## Storage Classes
-Provides the *ebs-sc-gp2-xfs* storage class for gp2, enrypted and XFS.
+By default it also creates the *ebs-sc-gp2-xfs* storage class for gp2, enrypted and XFS.
-This class is also set as default.
+This class is by default also set as default storage class.
 
 {{ template "chart.valuesSection" . }}

charts/kubezero-aws-ebs-csi-driver/templates/storage-class.yaml

@@ -1,11 +1,14 @@
+{{- if .Values.StorageClass.create }}
 kind: StorageClass
 apiVersion: storage.k8s.io/v1
 metadata:
   name: ebs-sc-gp2-xfs
   labels:
 {{ include "kubezero-lib.labels" . | indent 4 }}
+  {{- if .Values.StorageClass.default }}
   annotations:
     storageclass.kubernetes.io/is-default-class: "true"
+  {{- end }}
 provisioner: ebs.csi.aws.com
 volumeBindingMode: WaitForFirstConsumer
 parameters:
@@ -16,7 +19,7 @@ parameters:
 allowVolumeExpansion: true
 {{- end }}
 
-{{- range .Values.storageClassZones }}
+{{- range .Values.StorageClass.Zones }}
 ---
 kind: StorageClass
 apiVersion: storage.k8s.io/v1
@@ -39,3 +42,4 @@ allowedTopologies:
     values:
     - {{ . }}
 {{- end }}
+{{- end }}

charts/kubezero-aws-ebs-csi-driver/values.yaml

@@ -19,3 +19,7 @@ aws-ebs-csi-driver:
   # aws-ebs-csi-driver.extraVolumeTags -- Optional tags to be added to each EBS volume
   extraVolumeTags: {}
   #  Name: KubeZero-Cluster
+
+StorageClass:
+  create: true
+  default: true

charts/kubezero-aws-efs-csi-driver/Chart.yaml

@@ -0,0 +1,26 @@
+apiVersion: v2
+name: kubezero-aws-efs-csi-driver
+description: KubeZero Umbrella Chart for aws-efs-csi-driver
+version: 0.1.0
+appVersion: 1.0.0
+kubeVersion: ">=1.16.0-0"
+home: https://kubezero.com
+icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
+sources:
+  - https://github.com/Zero-Down-Time/kubezero
+  - https://github.com/kubernetes-sigs/aws-efs-csi-driver
+keywords:
+  - kubezero
+  - aws
+  - efs
+  - csi
+maintainers:
+  - name: Quarky9
+dependencies:
+  - name: kubezero-lib
+    version: ">= 0.1.1"
+    repository: https://zero-down-time.github.io/kubezero/
+# Once they properly update upstream
+#  - name: aws-ebs-csi-driver
+#    version: 1.0.0
+#    repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver

charts/kubezero-aws-efs-csi-driver/PR.patch

@@ -0,0 +1,27 @@
+commit 42a8ce1f587f10aa896ece3edbb7d31b627447a0
+Author: Stefan Reimer <stefan@zero-downtime.net>
+Date:   Fri Jul 24 15:05:14 2020 +0100
+
+    Actually use nodeSelector for the deamonset, to allow selecting onle workers having the EFS mounted
+
+diff --git a/helm/templates/daemonset.yaml b/helm/templates/daemonset.yaml
+index 7fcfc1e..bfe3496 100644
+--- a/helm/templates/daemonset.yaml
++++ b/helm/templates/daemonset.yaml
+@@ -22,12 +22,15 @@ spec:
+     spec:
+       nodeSelector:
+         beta.kubernetes.io/os: linux
++        {{- with .Values.nodeSelector }}
++        {{- . | toYaml | nindent 8 }}
++        {{- end }}
+       hostNetwork: true
+       priorityClassName: system-node-critical
+       tolerations:
+         - operator: Exists
+         {{- with .Values.node.tolerations }}
+-{{ toYaml . | indent 8 }}
++        {{- . | toYaml | nindent 8 }}
+         {{- end }}
+       containers:
+         - name: efs-plugin

charts/kubezero-aws-efs-csi-driver/README.md

@@ -0,0 +1,28 @@
+kubezero-aws-efs-csi-driver
+===========================
+KubeZero Umbrella Chart for aws-efs-csi-driver
+
+Current chart version is `0.1.0`
+
+Source code can be found [here](https://kubezero.com)
+
+## Chart Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://zero-down-time.github.io/kubezero/ | kubezero-lib | >= 0.1.1 |
+
+## Storage Class
+Optionally creates the *efs-cs* storage class.
+Could also be made the default storage class if requested.
+
+## Chart Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| PersistentVolume.EfsId | string | `""` |  |
+| PersistentVolume.Name | string | `""` |  |
+| PersistentVolume.create | bool | `false` |  |
+| StorageClass.create | bool | `true` |  |
+| StorageClass.default | bool | `false` |  |
+| aws-efs-csi-driver.nodeSelector | object | `{}` |  |

charts/kubezero-aws-efs-csi-driver/README.md.gotmpl

@@ -0,0 +1,14 @@
+{{ template "chart.header" . }}
+{{ template "chart.description" . }}
+
+{{ template "chart.versionLine" . }}
+
+{{ template "chart.sourceLinkLine" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+## Storage Class
+Optionally creates the *efs-cs* storage class.
+Could also be made the default storage class if requested.
+
+{{ template "chart.valuesSection" . }}

charts/kubezero-aws-efs-csi-driver/charts/aws-efs-csi-driver/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+appVersion: "1.0.0"
+name: aws-efs-csi-driver
+description: A Helm chart for AWS EFS CSI Driver
+version: 0.1.0
+kubeVersion: ">=1.14.0-0"
+home: https://github.com/kubernetes-sigs/aws-efs-csi-driver
+sources:
+  - https://github.com/kubernetes-sigs/aws-efs-csi-driver
+keywords:
+  - aws
+  - efs
+  - csi
+maintainers:
+  - name: leakingtapan

charts/kubezero-aws-efs-csi-driver/charts/aws-efs-csi-driver/templates/NOTES.txt

@@ -0,0 +1,3 @@
+To verify that aws-efs-csi-driver has started, run:
+
+    kubectl get pod -n kube-system -l "app.kubernetes.io/name={{ include "aws-efs-csi-driver.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"

charts/kubezero-aws-efs-csi-driver/charts/aws-efs-csi-driver/templates/_helpers.tpl

@@ -0,0 +1,45 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "aws-efs-csi-driver.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "aws-efs-csi-driver.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "aws-efs-csi-driver.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "aws-efs-csi-driver.labels" -}}
+app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
+helm.sh/chart: {{ include "aws-efs-csi-driver.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}

charts/kubezero-aws-efs-csi-driver/charts/aws-efs-csi-driver/templates/csidriver.yaml

@@ -0,0 +1,6 @@
+apiVersion: storage.k8s.io/v1beta1
+kind: CSIDriver
+metadata:
+  name: efs.csi.aws.com
+spec:
+  attachRequired: false

charts/kubezero-aws-efs-csi-driver/charts/aws-efs-csi-driver/templates/daemonset.yaml

@@ -0,0 +1,117 @@
+# Node Service
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: efs-csi-node
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app: efs-csi-node
+      app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: efs-csi-node
+        app.kubernetes.io/name: {{ include "aws-efs-csi-driver.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- if .Values.node.podAnnotations }}
+      annotations: {{ toYaml .Values.node.podAnnotations | nindent 8 }}
+      {{- end }}
+    spec:
+      nodeSelector:
+        beta.kubernetes.io/os: linux
+        {{- with .Values.nodeSelector }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+      hostNetwork: true
+      priorityClassName: system-node-critical
+      tolerations:
+        - operator: Exists
+        {{- with .Values.node.tolerations }}
+        {{- . | toYaml | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: efs-plugin
+          securityContext:
+            privileged: true
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          args:
+            - --endpoint=$(CSI_ENDPOINT)
+            - --logtostderr
+            - --v=5
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:/csi/csi.sock
+          volumeMounts:
+            - name: kubelet-dir
+              mountPath: /var/lib/kubelet
+              mountPropagation: "Bidirectional"
+            - name: plugin-dir
+              mountPath: /csi
+            - name: efs-state-dir
+              mountPath: /var/run/efs
+            - name: efs-utils-config
+              mountPath: /etc/amazon/efs
+          ports:
+            - name: healthz
+              containerPort: 9809
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 10
+            timeoutSeconds: 3
+            periodSeconds: 2
+            failureThreshold: 5
+        - name: cs-driver-registrar
+          image: {{ printf "%s:%s" .Values.sidecars.nodeDriverRegistrarImage.repository .Values.sidecars.nodeDriverRegistrarImage.tag }}
+          args:
+            - --csi-address=$(ADDRESS)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+            - --v=5
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: /var/lib/kubelet/plugins/efs.csi.aws.com/csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /csi
+            - name: registration-dir
+              mountPath: /registration
+        - name: liveness-probe
+          image: {{ printf "%s:%s" .Values.sidecars.livenessProbeImage.repository .Values.sidecars.livenessProbeImage.tag }}
+          args:
+            - --csi-address=/csi/csi.sock
+            - --health-port=9809
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /csi
+      volumes:
+        - name: kubelet-dir
+          hostPath:
+            path: /var/lib/kubelet
+            type: Directory
+        - name: plugin-dir
+          hostPath:
+            path: /var/lib/kubelet/plugins/efs.csi.aws.com/
+            type: DirectoryOrCreate
+        - name: registration-dir
+          hostPath:
+            path: /var/lib/kubelet/plugins_registry/
+            type: Directory
+        - name: efs-state-dir
+          hostPath:
+            path: /var/run/efs
+            type: DirectoryOrCreate
+        - name: efs-utils-config
+          hostPath:
+            path: /etc/amazon/efs
+            type: DirectoryOrCreate

charts/kubezero-aws-efs-csi-driver/charts/aws-efs-csi-driver/values.yaml

@@ -0,0 +1,46 @@
+# Default values for aws-efs-csi-driver.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 2
+
+image:
+  repository: amazon/aws-efs-csi-driver
+  tag: "v1.0.0"
+  pullPolicy: IfNotPresent
+
+sidecars:
+  livenessProbeImage:
+    repository: quay.io/k8scsi/livenessprobe
+    tag: "v2.0.0"
+  nodeDriverRegistrarImage:
+    repository: quay.io/k8scsi/csi-node-driver-registrar
+    tag: "v1.3.0"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+podAnnotations: {}
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+node:
+  podAnnotations: {}
+  tolerations: []

charts/kubezero-aws-efs-csi-driver/templates/efs_pv.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.PersistentVolume.create }}
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: {{ default "kubezero-efs-pv" .Values.PersistentVolume.Name }}
+  labels:
+{{ include "kubezero-lib.labels" . | indent 4 }}
+spec:
+  capacity:
+    storage: 5Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: efs-sc
+  csi:
+    driver: efs.csi.aws.com
+    volumeHandle: {{ .Values.PersistentVolume.EfsId }}
+{{- end }}

charts/kubezero-aws-efs-csi-driver/templates/storage-class.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.StorageClass.create }}
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: efs-sc
+  labels:
+{{ include "kubezero-lib.labels" . | indent 4 }}
+  {{- if .Values.StorageClass.default }}
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+  {{- end }}
+provisioner: efs.csi.aws.com
+{{- end }}

charts/kubezero-aws-efs-csi-driver/update.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -ex
+
+REPO="kubernetes-sigs/aws-efs-csi-driver"
+LATEST_RELEASE=$(curl -sL -s https://api.github.com/repos/${REPO}/releases | grep '"tag_name":' | cut -d'"' -f4 | grep -v -E "(alpha|beta|rc)" | sort -t"." -k 1,1 -k 2,2 -k 3,3 -k 4,4 | tail -n 1)
+
+URL="https://github.com/${REPO}/releases/download/${LATEST_RELEASE}/helm-chart.tgz"
+
+rm -rf charts && mkdir -p charts/aws-efs-csi-driver
+curl -sL "$URL" | tar xz -C charts/aws-efs-csi-driver --strip-components=1

charts/kubezero-aws-efs-csi-driver/values.yaml

@@ -0,0 +1,12 @@
+aws-efs-csi-driver:
+  nodeSelector:  {}
+    # node.kubernetes.io/csi.efs.fs: EFS-FS_ID
+
+StorageClass:
+  create: true
+  default: false
+  
+PersistentVolume:
+  create: false
+  EfsId: ""
+  Name: ""

charts/kubezero-istio/README.md

@@ -5,7 +5,7 @@ KubeZero Umbrella Chart for Istio
 Installs Istio Operator and KubeZero Istio profile
 
 
-Current chart version is `0.1.4`
+Current chart version is `0.2.0`
 
 Source code can be found [here](https://kubezero.com)
 
@@ -24,7 +24,9 @@ Source code can be found [here](https://kubezero.com)
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | ingress.autoscaleEnabled | bool | `false` |  |
+| ingress.private | bool | `true` |  |
 | ingress.replicaCount | int | `2` |  |
+| ingress.type | string | `"NodePort"` |  |
 | istio-operator.hub | string | `"docker.io/istio"` |  |
 | istio-operator.tag | string | `"1.6.5"` |  |
 | istiod.autoscaleEnabled | bool | `false` |  |

charts/kubezero/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: kubezero
 description: KubeZero ArgoCD Application - Root App of Apps chart of KubeZero
 type: application
-version: 0.3.9
+version: 0.3.10
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:

charts/kubezero/README.md

@@ -2,7 +2,7 @@ kubezero
 ========
 KubeZero ArgoCD Application - Root App of Apps chart of KubeZero
 
-Current chart version is `0.3.9`
+Current chart version is `0.3.10`
 
 Source code can be found [here](https://kubezero.com)
 
@@ -17,6 +17,7 @@ Source code can be found [here](https://kubezero.com)
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | aws-ebs-csi-driver.enabled | bool | `false` |  |
+| aws-efs-csi-driver.enabled | bool | `false` |  |
 | calico.enabled | bool | `true` |  |
 | calico.type | string | `"kustomize"` |  |
 | calico.values.migration | bool | `false` |  |

charts/kubezero/templates/aws-efs-csi-driver.yaml

@@ -0,0 +1,6 @@
+{{- if index .Values "aws-efs-csi-driver" "enabled" }}
+{{ template "kubezero-app.app" dict "root" . "name" "aws-efs-csi-driver" "type" "helm" }}
+  syncPolicy:
+    automated:
+      prune: true
+{{- end }}

charts/kubezero/values-all.yaml

@@ -28,5 +28,8 @@ kiam:
 aws-ebs-csi-driver:
   enabled: true
 
+aws-efs-csi-driver:
+  enabled: true
+
 istio:
   enabled: true

charts/kubezero/values.yaml

@@ -33,5 +33,8 @@ kiam:
 aws-ebs-csi-driver:
   enabled: false
 
+aws-efs-csi-driver:
+  enabled: false
+
 istio:
   enabled: false