diff --git a/.github/workflows/publish_on_tag.yml b/.github/workflows/publish_on_tag.yml index b8aa971f..04330b29 100644 --- a/.github/workflows/publish_on_tag.yml +++ b/.github/workflows/publish_on_tag.yml @@ -42,4 +42,7 @@ jobs: version: latest args: release --clean env: + # https://github.com/goreleaser/goreleaser/blob/3345f8c9c5b287198a29d3db228388148b788c5e/www/docs/customization/builds.md?plain=1#L416-L418 + GORELEASER_CURRENT_TAG: ${{ github.ref_name }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CHART_REPO_REMOTE: "https://${{ secrets.HCLOUD_BOT_TOKEN }}@github.com/hetznercloud/helm-charts" diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 37d767b1..86f6e0d8 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -23,3 +23,5 @@ jobs: deploy/kubernetes/hcloud-csi.yml deploy/kubernetes/controller/deployment.yaml deploy/kubernetes/node/daemonset.yaml + chart/Chart.yaml + chart/values.yaml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b18873fe..4f4bf3ab 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,15 +18,53 @@ jobs: key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - - name: Verify manifests are up to date - run: | - kustomize build deploy/kubernetes > /tmp/hcloud-csi.yml - # Workaround for kustomize stripping all comments. This comment is - # needed to automatically bump the referenced container tag through - # release-please - sed -i '/hetznercloud\/hcloud-csi-driver/ s/$/ # x-release-please-version/' /tmp/hcloud-csi.yml - diff deploy/kubernetes/hcloud-csi.yml /tmp/hcloud-csi.yml + - name: Run tests run: | go vet ./... go test $(go list ./... | grep -v e2e) -v + + deploy-manifests: + name: Check deployment manifests + runs-on: ubuntu-latest + steps: + - uses: yokawasa/action-setup-kube-tools@v0.9.3 + with: + setup-tools: | + helm + helm: v3.11.2 + + - uses: actions/checkout@v4 + - name: Generate manifests from helm chart + run: hack/update-deployment-yamls.sh + + - name: Check for diff + run: git diff --exit-code -- deploy/ + + - name: Show warning + if: ${{ failure() }} + run: echo "::error title=Deployment Manifests outdated::Please run hack/update-deployment-yamls.sh and commit the changes to deploy/" + + helm-chart: + name: Verify Helm Chart + runs-on: ubuntu-latest + steps: + - uses: yokawasa/action-setup-kube-tools@v0.9.3 + with: + setup-tools: | + helm + helm: v3.11.2 + + - uses: actions/checkout@v4 + + # This step also verifies that the chart builds + - name: Verify Snapshots + run: | + hack/update-helm-snapshots.sh + git diff --exit-code -- deploy/ + - name: Show warning + if: ${{ failure() }} + run: echo "::error title=Helm Snapshots outdated::Please run hack/update-helm-snapshots.sh and commit the changes to chart/.snapshots/" + + - name: Helm Lint + run: helm lint chart/ diff --git a/.github/workflows/test_e2e.yml b/.github/workflows/test_e2e.yml index b970ea44..12b233ba 100644 --- a/.github/workflows/test_e2e.yml +++ b/.github/workflows/test_e2e.yml @@ -60,6 +60,6 @@ jobs: skaffold build --tag="e2e-${GITHUB_RUN_ID}-${GITHUB_RUN_NUMBER}" tag=$(skaffold build --tag="e2e-${GITHUB_RUN_ID}-${GITHUB_RUN_NUMBER}" --quiet --output="{{ (index .Builds 0).Tag }}") - skaffold deploy --images=hetznercloud/hcloud-csi-driver=$tag + skaffold deploy --images=docker.io/hetznercloud/hcloud-csi-driver=$tag test/e2e/kubernetes/run-e2e-tests.sh diff --git a/.gitignore b/.gitignore index 02165e3d..6fa7c4f8 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ hack/.* # Build output dist/ +hcloud-csi-*.tgz # Test binary for integration tests -test/integration/integration.tests \ No newline at end of file +test/integration/integration.tests diff --git a/.goreleaser.yml b/.goreleaser.yml index c44de263..9ea93ccc 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -1,3 +1,7 @@ +before: + hooks: + - ./hack/release-generate-deployment-yamls.sh {{ .Version }} + builds: - id: controller main: ./cmd/controller @@ -48,3 +52,20 @@ docker_manifests: - hetznercloud/hcloud-csi-driver:{{ if not .IsSnapshot }}v{{ end }}{{ .Version }}-amd64 - hetznercloud/hcloud-csi-driver:{{ if not .IsSnapshot }}v{{ end }}{{ .Version }}-arm64v8 - hetznercloud/hcloud-csi-driver:{{ if not .IsSnapshot }}v{{ end }}{{ .Version }}-armv6 + +release: + ids: [""] + extra_files: + - glob: "./hcloud-csi-*.tgz" + +publishers: + - name: helm-chart-repo + + # make sure that this is only executed once. There are no separate ids per binary built, + # we filter for no actual ID and then run the publisher for the checksum. + ids: [""] + checksum: true + + cmd: ./hack/release-publish-helm-chart.sh hcloud-csi-{{ .Version }}.tgz + env: + - CHART_REPO_REMOTE={{ .Env.CHART_REPO_REMOTE }} diff --git a/chart/.helmignore b/chart/.helmignore new file mode 100644 index 00000000..594a98f5 --- /dev/null +++ b/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + +.snapshots \ No newline at end of file diff --git a/chart/.snapshots/default.yaml b/chart/.snapshots/default.yaml new file mode 100644 index 00000000..1d585c09 --- /dev/null +++ b/chart/.snapshots/default.yaml @@ -0,0 +1,364 @@ +--- +# Source: hcloud-csi/templates/controller/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hcloud-csi-controller + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller +automountServiceAccountToken: true +--- +# Source: hcloud-csi/templates/core/storageclass.yaml +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: hcloud-volumes + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: csi.hetzner.cloud +volumeBindingMode: WaitForFirstConsumer +allowVolumeExpansion: true +reclaimPolicy: "Delete" +--- +# Source: hcloud-csi/templates/controller/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hcloud-csi-controller + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller +rules: +# attacher +- apiGroups: [""] + resources: [persistentvolumes] + verbs: [get, list, watch, update, patch] +- apiGroups: [""] + resources: [nodes] + verbs: [get, list, watch] +- apiGroups: [csi.storage.k8s.io] + resources: [csinodeinfos] + verbs: [get, list, watch] +- apiGroups: [storage.k8s.io] + resources: [csinodes] + verbs: [get, list, watch] +- apiGroups: [storage.k8s.io] + resources: [volumeattachments] + verbs: [get, list, watch, update, patch] +- apiGroups: [storage.k8s.io] + resources: [volumeattachments/status] + verbs: [patch] +# provisioner +- apiGroups: [""] + resources: [secrets] + verbs: [get, list] +- apiGroups: [""] + resources: [persistentvolumes] + verbs: [get, list, watch, create, delete, patch] +- apiGroups: [""] + resources: [persistentvolumeclaims, persistentvolumeclaims/status] + verbs: [get, list, watch, update, patch] +- apiGroups: [storage.k8s.io] + resources: [storageclasses] + verbs: [get, list, watch] +- apiGroups: [""] + resources: [events] + verbs: [list, watch, create, update, patch] +- apiGroups: [snapshot.storage.k8s.io] + resources: [volumesnapshots] + verbs: [get, list] +- apiGroups: [snapshot.storage.k8s.io] + resources: [volumesnapshotcontents] + verbs: [get, list] +# resizer +- apiGroups: [""] + resources: [pods] + verbs: [get, list, watch] +# node +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch, create, update, patch] +--- +# Source: hcloud-csi/templates/controller/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hcloud-csi-controller + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: hcloud-csi-controller +subjects: + - kind: ServiceAccount + name: hcloud-csi-controller + namespace: "kube-system" +--- +# Source: hcloud-csi/templates/node/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: hcloud-csi-node + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: node + app: hcloud-csi +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: node + template: + metadata: + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: node + spec: + + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: instance.hetzner.cloud/is-root-server + operator: NotIn + values: + - "true" + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + securityContext: + fsGroup: 1001 + initContainers: + containers: + - name: csi-node-driver-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 + imagePullPolicy: IfNotPresent + args: + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket + volumeMounts: + - name: plugin-dir + mountPath: /run/csi + - name: registration-dir + mountPath: /registration + resources: + limits: {} + requests: {} + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /run/csi + name: plugin-dir + resources: + limits: {} + requests: {} + - name: hcloud-csi-driver + image: docker.io/hetznercloud/hcloud-csi-driver:v2.4.0 + imagePullPolicy: IfNotPresent + command: [/bin/hcloud-csi-driver-node] + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /run/csi + - name: device-dir + mountPath: /dev + securityContext: + privileged: true + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: ENABLE_METRICS + value: "false" + ports: + - name: healthz + protocol: TCP + containerPort: 9808 + resources: + limits: {} + requests: {} + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + httpGet: + path: /healthz + port: healthz + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hetzner.cloud/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory +--- +# Source: hcloud-csi/templates/controller/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hcloud-csi-controller + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + app: hcloud-csi-controller +spec: + replicas: 1 + strategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller + template: + metadata: + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + spec: + serviceAccountName: hcloud-csi-controller + + securityContext: + fsGroup: 1001 + initContainers: + containers: + - name: csi-attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.1.0 + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + args: + - --default-fstype=ext4 + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + args: + - --feature-gates=Topology=true + - --default-fstype=ext4 + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + + - name: hcloud-csi-driver + image: docker.io/hetznercloud/hcloud-csi-driver:v2.4.0 + imagePullPolicy: IfNotPresent + command: [/bin/hcloud-csi-driver-controller] + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: ENABLE_METRICS + value: "false" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: HCLOUD_TOKEN + valueFrom: + secretKeyRef: + name: hcloud + key: token + resources: + limits: {} + requests: {} + ports: + - name: healthz + protocol: TCP + containerPort: 9808 + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + httpGet: + path: /healthz + port: healthz + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + volumes: + - name: socket-dir + emptyDir: {} +--- +# Source: hcloud-csi/templates/core/csidriver.yaml +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.hetzner.cloud +spec: + attachRequired: true + fsGroupPolicy: File + podInfoOnMount: true + volumeLifecycleModes: + - Persistent diff --git a/chart/.snapshots/example-prod.yaml b/chart/.snapshots/example-prod.yaml new file mode 100644 index 00000000..a3e7f9e4 --- /dev/null +++ b/chart/.snapshots/example-prod.yaml @@ -0,0 +1,485 @@ +--- +# Source: hcloud-csi/templates/controller/poddisruptionbudget.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: hcloud-csi-controller + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller +--- +# Source: hcloud-csi/templates/controller/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hcloud-csi-controller + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller +automountServiceAccountToken: true +--- +# Source: hcloud-csi/templates/core/storageclass.yaml +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: hcloud-volumes + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: csi.hetzner.cloud +volumeBindingMode: WaitForFirstConsumer +allowVolumeExpansion: true +reclaimPolicy: "Delete" +--- +# Source: hcloud-csi/templates/controller/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hcloud-csi-controller + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller +rules: +# attacher +- apiGroups: [""] + resources: [persistentvolumes] + verbs: [get, list, watch, update, patch] +- apiGroups: [""] + resources: [nodes] + verbs: [get, list, watch] +- apiGroups: [csi.storage.k8s.io] + resources: [csinodeinfos] + verbs: [get, list, watch] +- apiGroups: [storage.k8s.io] + resources: [csinodes] + verbs: [get, list, watch] +- apiGroups: [storage.k8s.io] + resources: [volumeattachments] + verbs: [get, list, watch, update, patch] +- apiGroups: [storage.k8s.io] + resources: [volumeattachments/status] + verbs: [patch] +# provisioner +- apiGroups: [""] + resources: [secrets] + verbs: [get, list] +- apiGroups: [""] + resources: [persistentvolumes] + verbs: [get, list, watch, create, delete, patch] +- apiGroups: [""] + resources: [persistentvolumeclaims, persistentvolumeclaims/status] + verbs: [get, list, watch, update, patch] +- apiGroups: [storage.k8s.io] + resources: [storageclasses] + verbs: [get, list, watch] +- apiGroups: [""] + resources: [events] + verbs: [list, watch, create, update, patch] +- apiGroups: [snapshot.storage.k8s.io] + resources: [volumesnapshots] + verbs: [get, list] +- apiGroups: [snapshot.storage.k8s.io] + resources: [volumesnapshotcontents] + verbs: [get, list] +# resizer +- apiGroups: [""] + resources: [pods] + verbs: [get, list, watch] +# node +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch, create, update, patch] +--- +# Source: hcloud-csi/templates/controller/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hcloud-csi-controller + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: hcloud-csi-controller +subjects: + - kind: ServiceAccount + name: hcloud-csi-controller + namespace: "kube-system" +--- +# Source: hcloud-csi/templates/controller/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: hcloud-csi-controller-metrics + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller +spec: + ports: + - name: metrics + port: 9189 + selector: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller +--- +# Source: hcloud-csi/templates/node/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: hcloud-csi-node-metrics + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: node +spec: + ports: + - name: metrics + port: 9189 + selector: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: node +--- +# Source: hcloud-csi/templates/node/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: hcloud-csi-node + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: node + app: hcloud-csi +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: node + template: + metadata: + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: node + spec: + + hostNetwork: true + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: NotIn + values: + - "" + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + priorityClassName: "system-node-critical" + securityContext: + fsGroup: 1001 + initContainers: + containers: + - name: csi-node-driver-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 + imagePullPolicy: IfNotPresent + args: + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket + volumeMounts: + - name: plugin-dir + mountPath: /run/csi + - name: registration-dir + mountPath: /registration + resources: + limits: + cpu: 50m + memory: 40Mi + requests: + cpu: 10m + memory: 20Mi + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /run/csi + name: plugin-dir + resources: + limits: + cpu: 50m + memory: 40Mi + requests: + cpu: 10m + memory: 20Mi + - name: hcloud-csi-driver + image: docker.io/hetznercloud/hcloud-csi-driver:v2.4.0 + imagePullPolicy: IfNotPresent + command: [/bin/hcloud-csi-driver-node] + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /run/csi + - name: device-dir + mountPath: /dev + securityContext: + privileged: true + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: METRICS_ENDPOINT + value: "0.0.0.0:9189" + - name: ENABLE_METRICS + value: "true" + ports: + - containerPort: 9189 + name: metrics + - name: healthz + protocol: TCP + containerPort: 9808 + resources: + limits: + cpu: 100m + memory: 80Mi + requests: + cpu: 10m + memory: 40Mi + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + httpGet: + path: /healthz + port: healthz + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hetzner.cloud/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory +--- +# Source: hcloud-csi/templates/controller/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hcloud-csi-controller + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + app: hcloud-csi-controller +spec: + replicas: 2 + strategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller + template: + metadata: + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + spec: + serviceAccountName: hcloud-csi-controller + + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: csi-hcloud + operator: In + values: + - controller + topologyKey: kubernetes.io/hostname + priorityClassName: "system-cluster-critical" + securityContext: + fsGroup: 1001 + initContainers: + containers: + - name: csi-attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.1.0 + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 50m + memory: 80Mi + requests: + cpu: 10m + memory: 20Mi + args: + - --default-fstype=ext4 + - --leader-election + - --leader-election-namespace=kube-system + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 50m + memory: 80Mi + requests: + cpu: 10m + memory: 20Mi + args: + - --leader-election + - --leader-election-namespace=kube-system + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 50m + memory: 80Mi + requests: + cpu: 10m + memory: 20Mi + args: + - --feature-gates=Topology=true + - --default-fstype=ext4 + - --leader-election + - --leader-election-namespace=kube-system + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + imagePullPolicy: IfNotPresent + resources: + limits: + cpu: 50m + memory: 80Mi + requests: + cpu: 10m + memory: 20Mi + volumeMounts: + - mountPath: /run/csi + name: socket-dir + + - name: hcloud-csi-driver + image: docker.io/hetznercloud/hcloud-csi-driver:v2.4.0 + imagePullPolicy: IfNotPresent + command: [/bin/hcloud-csi-driver-controller] + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: HCLOUD_VOLUME_DEFAULT_LOCATION + value: "nbg1" + - name: METRICS_ENDPOINT + value: "0.0.0.0:9189" + - name: ENABLE_METRICS + value: "true" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: HCLOUD_TOKEN + valueFrom: + secretKeyRef: + name: hcloud + key: token + resources: + limits: + cpu: 100m + memory: 80Mi + requests: + cpu: 10m + memory: 40Mi + ports: + - name: metrics + containerPort: 9189 + - name: healthz + protocol: TCP + containerPort: 9808 + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + httpGet: + path: /healthz + port: healthz + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + volumes: + - name: socket-dir + emptyDir: {} +--- +# Source: hcloud-csi/templates/core/csidriver.yaml +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.hetzner.cloud +spec: + attachRequired: true + fsGroupPolicy: File + podInfoOnMount: true + volumeLifecycleModes: + - Persistent diff --git a/chart/.snapshots/full.values.yaml b/chart/.snapshots/full.values.yaml new file mode 100644 index 00000000..3a610362 --- /dev/null +++ b/chart/.snapshots/full.values.yaml @@ -0,0 +1,370 @@ +# This values file sets all available values that are not set in the default. +# The snapshot test related to this verifies that all the optional functionality works as expected. +# These values are not meant to be actually used as is. + +global: + imagePullSecrets: + - global-image-pull-secret + +fullnameOverride: fullname-override +namespaceOverride: namespace-override + +commonLabels: + common-label: common-label +commonAnnotations: + common-annotation: common-annotation + +controller: + image: + csiAttacher: + pullPolicy: Always + pullSecrets: + - csiAttacher + csiResizer: + pullPolicy: Always + pullSecrets: + - csiResizer + csiProvisioner: + pullPolicy: Always + pullSecrets: + - csiProvisioner + livenessProbe: + pullPolicy: Always + pullSecrets: + - livenessProbe + hcloudCSIDriver: + pullPolicy: Always + pullSecrets: + - hcloudCSIDriver + + replicaCount: 3 + + hcloudVolumeDefaultLocation: ash + + service: + annotations: + controller-svc: controller-svc + + rbac: + rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + + customLivenessProbe: + exec: + command: + - cat + - /tmp/live + initialDelaySeconds: 5 + periodSeconds: 5 + + customReadinessProbe: + exec: + command: + - cat + - /tmp/ready + initialDelaySeconds: 5 + periodSeconds: 5 + + customStartupProbe: + exec: + command: + - cat + - /tmp/starty + initialDelaySeconds: 5 + periodSeconds: 5 + + + resources: + csiAttacher: + limits: + memory: 81Mi + cpu: 51m + requests: + memory: 21Mi + cpu: 11m + csiResizer: + limits: + memory: 82Mi + cpu: 52m + requests: + memory: 22Mi + cpu: 12m + csiProvisioner: + limits: + memory: 83Mi + cpu: 53m + requests: + memory: 23Mi + cpu: 13m + livenessProbe: + limits: + memory: 84Mi + cpu: 54m + requests: + memory: 24Mi + cpu: 14m + hcloudCSIDriver: + limits: + memory: 85Mi + cpu: 105m + requests: + memory: 45Mi + cpu: 15m + + podLabels: + pod-label: pod-label + + podAnnotations: + pod-annotation: pod-annotation + + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - antarctica-east1 + - antarctica-west1 + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: another-node-label-key + operator: In + values: + - another-node-label-value + + nodeSelector: + foo: bar + + tolerations: + - key: "example-key" + operator: "Exists" + effect: "NoSchedule" + + updateStrategy: + type: OnDelete + + priorityClassName: super-duper-important + + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + foo: bar + + schedulerName: foobar + + terminationGracePeriodSeconds: 35 + + lifecycleHooks: + postStart: + exec: + command: [ "/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message" ] + preStop: + exec: + command: [ "/bin/sh","-c","nginx -s quit; while killall -0 nginx; do sleep 1; done" ] + + extraEnvVars: + - name: HCLOUD_DEBUG + value: "true" + + extraVolumes: + - name: extra-volume + emptyDir: {} + + extraVolumeMounts: + - name: extra-volume + mountPath: /tmp/extra-volume + + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 + + initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + command: ['sh', '-c', 'echo "hello world"'] + +node: + image: + csiNodeDriverRegistrar: + pullPolicy: Always + pullSecrets: + - csiNodeDriverRegistrar + livenessProbe: + pullPolicy: Always + pullSecrets: + - livenessProbe + hcloudCSIDriver: + pullPolicy: Always + pullSecrets: + - hcloudCSIDriver + + service: + annotations: + node-svc: node-svc + + + customLivenessProbe: + exec: + command: + - cat + - /tmp-node/live + initialDelaySeconds: 5 + periodSeconds: 5 + + customReadinessProbe: + exec: + command: + - cat + - /tmp-node/ready + initialDelaySeconds: 5 + periodSeconds: 5 + + customStartupProbe: + exec: + command: + - cat + - /tmp-node/starty + initialDelaySeconds: 5 + periodSeconds: 5 + + resources: + csiNodeDriverRegistrar: + limits: + memory: 41Mi + cpu: 51m + requests: + memory: 21Mi + cpu: 11m + livenessProbe: + limits: + memory: 42Mi + cpu: 52m + requests: + memory: 22Mi + cpu: 12m + hcloudCSIDriver: + limits: + memory: 83Mi + cpu: 103m + requests: + memory: 43Mi + cpu: 13m + + podLabels: + pod-label: pod-label + + podAnnotations: + pod-annotation: pod-annotation + + nodeSelector: + foo: bar + + tolerations: + - key: "example-key" + operator: "Exists" + effect: "NoSchedule" + + updateStrategy: + type: OnDelete + + priorityClassName: super-duper-important + + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: zone + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + foo: bar + + schedulerName: foobar + + terminationGracePeriodSeconds: 35 + + lifecycleHooks: + postStart: + exec: + command: [ "/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message" ] + preStop: + exec: + command: [ "/bin/sh","-c","nginx -s quit; while killall -0 nginx; do sleep 1; done" ] + + extraEnvVars: + - name: HCLOUD_DEBUG + value: "true" + + extraVolumes: + - name: extra-volume + emptyDir: { } + + extraVolumeMounts: + - name: extra-volume + mountPath: /tmp/extra-volume + + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 + + initContainers: + - name: your-image-name + image: your-image + imagePullPolicy: Always + command: [ 'sh', '-c', 'echo "hello world"' ] + +serviceAccount: + annotations: + service-account-annotation: service-account-annotation + automountServiceAccountToken: false + +metrics: + enabled: true + + serviceMonitor: + enabled: true + namespace: monitoring + annotations: + service-monitor-annotation: service-monitor-annotation + labels: + service-monitor-label: service-monitor-label + jobLabel: service-monitor-job-label + honorLabels: true + interval: 15s + scrapeTimeout: 15s + metricRelabelings: + - sourceLabels: + - bar + action: Drop + relabelings: + - sourceLabels: + - foo + action: Keep + + selector: + prometheus: my-prometheus + +storageClasses: + - name: foobar + defaultStorageClass: false + reclaimPolicy: Keep diff --git a/chart/.snapshots/full.yaml b/chart/.snapshots/full.yaml new file mode 100644 index 00000000..289dd009 --- /dev/null +++ b/chart/.snapshots/full.yaml @@ -0,0 +1,731 @@ +--- +# Source: hcloud-csi/templates/controller/poddisruptionbudget.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: fullname-override-controller + namespace: "namespace-override" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + common-label: common-label + annotations: + common-annotation: common-annotation +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller +--- +# Source: hcloud-csi/templates/controller/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fullname-override-controller + namespace: "namespace-override" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + common-label: common-label + annotations: + common-annotation: common-annotation + service-account-annotation: service-account-annotation +automountServiceAccountToken: false +--- +# Source: hcloud-csi/templates/core/storageclass.yaml +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: foobar + annotations: + storageclass.kubernetes.io/is-default-class: "false" +provisioner: csi.hetzner.cloud +volumeBindingMode: WaitForFirstConsumer +allowVolumeExpansion: true +reclaimPolicy: "Keep" +--- +# Source: hcloud-csi/templates/controller/clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: fullname-override-controller + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + common-label: common-label + annotations: + common-annotation: common-annotation +rules: +# attacher +- apiGroups: [""] + resources: [persistentvolumes] + verbs: [get, list, watch, update, patch] +- apiGroups: [""] + resources: [nodes] + verbs: [get, list, watch] +- apiGroups: [csi.storage.k8s.io] + resources: [csinodeinfos] + verbs: [get, list, watch] +- apiGroups: [storage.k8s.io] + resources: [csinodes] + verbs: [get, list, watch] +- apiGroups: [storage.k8s.io] + resources: [volumeattachments] + verbs: [get, list, watch, update, patch] +- apiGroups: [storage.k8s.io] + resources: [volumeattachments/status] + verbs: [patch] +# provisioner +- apiGroups: [""] + resources: [secrets] + verbs: [get, list] +- apiGroups: [""] + resources: [persistentvolumes] + verbs: [get, list, watch, create, delete, patch] +- apiGroups: [""] + resources: [persistentvolumeclaims, persistentvolumeclaims/status] + verbs: [get, list, watch, update, patch] +- apiGroups: [storage.k8s.io] + resources: [storageclasses] + verbs: [get, list, watch] +- apiGroups: [""] + resources: [events] + verbs: [list, watch, create, update, patch] +- apiGroups: [snapshot.storage.k8s.io] + resources: [volumesnapshots] + verbs: [get, list] +- apiGroups: [snapshot.storage.k8s.io] + resources: [volumesnapshotcontents] + verbs: [get, list] +# resizer +- apiGroups: [""] + resources: [pods] + verbs: [get, list, watch] +# node +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch, create, update, patch] +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list +--- +# Source: hcloud-csi/templates/controller/clusterrolebinding.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: fullname-override-controller + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + common-label: common-label + annotations: + common-annotation: common-annotation +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fullname-override-controller +subjects: + - kind: ServiceAccount + name: fullname-override-controller + namespace: "namespace-override" +--- +# Source: hcloud-csi/templates/controller/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: fullname-override-controller-metrics + namespace: "namespace-override" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + common-label: common-label + annotations: + controller-svc: controller-svc + common-annotation: common-annotation +spec: + ports: + - name: metrics + port: 9189 + selector: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller +--- +# Source: hcloud-csi/templates/node/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: fullname-override-node-metrics + namespace: "namespace-override" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: node + common-label: common-label + annotations: + node-svc: node-svc + common-annotation: common-annotation +spec: + ports: + - name: metrics + port: 9189 + selector: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: node +--- +# Source: hcloud-csi/templates/node/daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: fullname-override-node + namespace: "namespace-override" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: node + app: hcloud-csi + common-label: common-label + annotations: + common-annotation: common-annotation +spec: + updateStrategy: + type: OnDelete + selector: + matchLabels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: node + template: + metadata: + annotations: + pod-annotation: pod-annotation + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: node + pod-label: pod-label + common-label: common-label + spec: + + imagePullSecrets: + - name: global-image-pull-secret + - name: csiNodeDriverRegistrar + - name: hcloudCSIDriver + - name: livenessProbe + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: instance.hetzner.cloud/is-root-server + operator: NotIn + values: + - "true" + nodeSelector: + foo: bar + tolerations: + - effect: NoSchedule + key: example-key + operator: Exists + priorityClassName: "super-duper-important" + securityContext: + fsGroup: 1001 + terminationGracePeriodSeconds: 35 + initContainers: + - command: + - sh + - -c + - echo "hello world" + image: your-image + imagePullPolicy: Always + name: your-image-name + containers: + - name: csi-node-driver-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 + imagePullPolicy: Always + args: + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket + volumeMounts: + - name: plugin-dir + mountPath: /run/csi + - name: registration-dir + mountPath: /registration + - mountPath: /tmp/extra-volume + name: extra-volume + resources: + limits: + cpu: 51m + memory: 41Mi + requests: + cpu: 11m + memory: 21Mi + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + imagePullPolicy: Always + volumeMounts: + - mountPath: /run/csi + name: plugin-dir + resources: + limits: + cpu: 52m + memory: 42Mi + requests: + cpu: 12m + memory: 22Mi + - name: hcloud-csi-driver + image: docker.io/hetznercloud/hcloud-csi-driver:v2.4.0 + imagePullPolicy: Always + command: [/bin/hcloud-csi-driver-node] + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /run/csi + - name: device-dir + mountPath: /dev + securityContext: + privileged: true + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: METRICS_ENDPOINT + value: "0.0.0.0:9189" + - name: ENABLE_METRICS + value: "true" + - name: HCLOUD_DEBUG + value: "true" + ports: + - containerPort: 9189 + name: metrics + - name: healthz + protocol: TCP + containerPort: 9808 + resources: + limits: + cpu: 103m + memory: 83Mi + requests: + cpu: 13m + memory: 43Mi + livenessProbe: + exec: + command: + - cat + - /tmp-node/live + initialDelaySeconds: 5 + periodSeconds: 5 + readinessProbe: + exec: + command: + - cat + - /tmp-node/ready + initialDelaySeconds: 5 + periodSeconds: 5 + startupProbe: + exec: + command: + - cat + - /tmp-node/starty + initialDelaySeconds: 5 + periodSeconds: 5 + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - echo Hello from the postStart handler > /usr/share/message + preStop: + exec: + command: + - /bin/sh + - -c + - nginx -s quit; while killall -0 nginx; do sleep 1; done + - image: your-image + imagePullPolicy: Always + name: your-image-name + ports: + - containerPort: 1234 + name: portname + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hetzner.cloud/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory + - emptyDir: {} + name: extra-volume +--- +# Source: hcloud-csi/templates/controller/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fullname-override-controller + namespace: "namespace-override" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + app: hcloud-csi-controller + common-label: common-label + annotations: + common-annotation: common-annotation +spec: + replicas: 3 + strategy: + type: OnDelete + selector: + matchLabels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller + template: + metadata: + annotations: + pod-annotation: pod-annotation + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + pod-label: pod-label + common-label: common-label + spec: + serviceAccountName: fullname-override-controller + + imagePullSecrets: + - name: global-image-pull-secret + - name: csiAttacher + - name: csiProvisioner + - name: csiResizer + - name: hcloudCSIDriver + - name: livenessProbe + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: another-node-label-key + operator: In + values: + - another-node-label-value + weight: 1 + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: + - antarctica-east1 + - antarctica-west1 + nodeSelector: + foo: bar + tolerations: + - effect: NoSchedule + key: example-key + operator: Exists + priorityClassName: "super-duper-important" + schedulerName: "foobar" + topologySpreadConstraints: + - labelSelector: + matchLabels: + foo: bar + maxSkew: 1 + topologyKey: zone + whenUnsatisfiable: DoNotSchedule + securityContext: + fsGroup: 1001 + terminationGracePeriodSeconds: 35 + initContainers: + - command: + - sh + - -c + - echo "hello world" + image: your-image + imagePullPolicy: Always + name: your-image-name + containers: + - name: csi-attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.1.0 + imagePullPolicy: Always + resources: + limits: + cpu: 51m + memory: 81Mi + requests: + cpu: 11m + memory: 21Mi + args: + - --default-fstype=ext4 + - --leader-election + - --leader-election-namespace=namespace-override + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 + imagePullPolicy: Always + resources: + limits: + cpu: 52m + memory: 82Mi + requests: + cpu: 12m + memory: 22Mi + args: + - --leader-election + - --leader-election-namespace=namespace-override + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 + imagePullPolicy: Always + resources: + limits: + cpu: 53m + memory: 83Mi + requests: + cpu: 13m + memory: 23Mi + args: + - --feature-gates=Topology=true + - --default-fstype=ext4 + - --leader-election + - --leader-election-namespace=namespace-override + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + imagePullPolicy: Always + resources: + limits: + cpu: 54m + memory: 84Mi + requests: + cpu: 14m + memory: 24Mi + volumeMounts: + - mountPath: /run/csi + name: socket-dir + + - name: hcloud-csi-driver + image: docker.io/hetznercloud/hcloud-csi-driver:v2.4.0 + imagePullPolicy: Always + command: [/bin/hcloud-csi-driver-controller] + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: HCLOUD_VOLUME_DEFAULT_LOCATION + value: "ash" + - name: METRICS_ENDPOINT + value: "0.0.0.0:9189" + - name: ENABLE_METRICS + value: "true" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: HCLOUD_TOKEN + valueFrom: + secretKeyRef: + name: hcloud + key: token + - name: HCLOUD_DEBUG + value: "true" + resources: + limits: + cpu: 105m + memory: 85Mi + requests: + cpu: 15m + memory: 45Mi + ports: + - name: metrics + containerPort: 9189 + - name: healthz + protocol: TCP + containerPort: 9808 + livenessProbe: + exec: + command: + - cat + - /tmp/live + initialDelaySeconds: 5 + periodSeconds: 5 + readinessProbe: + exec: + command: + - cat + - /tmp/ready + initialDelaySeconds: 5 + periodSeconds: 5 + startupProbe: + exec: + command: + - cat + - /tmp/starty + initialDelaySeconds: 5 + periodSeconds: 5 + lifecycle: + postStart: + exec: + command: + - /bin/sh + - -c + - echo Hello from the postStart handler > /usr/share/message + preStop: + exec: + command: + - /bin/sh + - -c + - nginx -s quit; while killall -0 nginx; do sleep 1; done + volumeMounts: + - name: socket-dir + mountPath: /run/csi + - mountPath: /tmp/extra-volume + name: extra-volume + - image: your-image + imagePullPolicy: Always + name: your-image-name + ports: + - containerPort: 1234 + name: portname + + volumes: + - name: socket-dir + emptyDir: {} + - emptyDir: {} + name: extra-volume +--- +# Source: hcloud-csi/templates/core/csidriver.yaml +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.hetzner.cloud +spec: + attachRequired: true + fsGroupPolicy: File + podInfoOnMount: true + volumeLifecycleModes: + - Persistent +--- +# Source: hcloud-csi/templates/controller/servicemonitor.yaml +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: fullname-override-controller + namespace: "monitoring" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + service-monitor-label: service-monitor-label + common-label: common-label + annotations: + common-annotation: common-annotation + service-monitor-annotation: service-monitor-annotation +spec: + jobLabel: "service-monitor-job-label" + selector: + matchLabels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller + prometheus: my-prometheus + endpoints: + - port: metrics + scheme: "http" + interval: 15s + scrapeTimeout: 15s + honorLabels: true + metricRelabelings: + - action: Drop + sourceLabels: + - bar + relabelings: + - action: Keep + sourceLabels: + - foo + namespaceSelector: + matchNames: + - "namespace-override" +--- +# Source: hcloud-csi/templates/node/servicemonitor.yaml +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: fullname-override-node + namespace: "monitoring" + labels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + service-monitor-label: service-monitor-label + common-label: common-label + annotations: + common-annotation: common-annotation + service-monitor-annotation: service-monitor-annotation +spec: + jobLabel: "service-monitor-job-label" + selector: + matchLabels: + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: node + prometheus: my-prometheus + endpoints: + - port: metrics + scheme: "http" + interval: 15s + scrapeTimeout: 15s + honorLabels: true + metricRelabelings: + - action: Drop + sourceLabels: + - bar + relabelings: + - action: Keep + sourceLabels: + - foo + namespaceSelector: + matchNames: + - "namespace-override" diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 00000000..13e5249d --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: hcloud-csi +description: Helm Chart for the CSI Driver on Hetzner Cloud +type: application +home: https://github.com/hetznercloud/csi-driver +maintainers: + - name: Hetzner Cloud + email: support@hetzner.com + url: https://github.com/hetznercloud +version: 2.4.0 # x-release-please-version diff --git a/chart/README.md b/chart/README.md new file mode 100644 index 00000000..375dee71 --- /dev/null +++ b/chart/README.md @@ -0,0 +1,59 @@ +# csi-driver Helm Chart + +This Helm chart is the recommended installation method for [hcloud-csi-driver](https://github.com/hetznercloud/csi-driver) on Kubernetes. + +> [!WARNING] +> The Helm Chart is not yet published and the instructions below will not work until the next release (v2.5.0). + +## Quickstart + +First, [install Helm 3](https://helm.sh/docs/intro/install/). + +The following snippet will deploy csi-driver to the kube-system namespace. + +```sh +# Sync the Hetzner Cloud helm chart repository to your local computer. +helm repo add hcloud https://charts.hetzner.cloud +helm repo update hcloud + +# Install the latest version of the csi-driver chart. +helm install hcloud-csi hcloud/csi-driver -n kube-system +``` + +Please note that a secret containing the Hetzner Cloud token is necessary. See the main [Kubernetes Deployment](../docs/kubernetes/README.md) guide. + +If you're unfamiliar with Helm it would behoove you to peep around the documentation. Perhaps start with the [Quickstart Guide](https://helm.sh/docs/intro/quickstart/)? + +### Upgrading from static manifests + +If you previously installed csi-driver with this command: + +```sh +kubectl apply -f https://raw.githubusercontent.com/hetznercloud/csi-driver/v2.4.0/deploy/kubernetes/hcloud-csi.yml +``` + +You can uninstall that same deployment, by running the following command: + +```sh +kubectl delete -f https://raw.githubusercontent.com/hetznercloud/csi-driver/v2.4.0/deploy/kubernetes/hcloud-csi.yml +``` + +Then you can follow the Quickstart installation steps above. + +## Configuration + +This chart aims to be highly flexible. Please review the [values.yaml](./values.yaml) for a full list of configuration options. +There are additional recommendations for production deployments in [`example-prod.values.yaml`](./example-prod.values.yaml). + + +If you've already deployed csi-driver using the `helm install` command above, you can easily change configuration values: + +```sh +helm upgrade hcloud-csi hcloud/csi-driver -n kube-system --set metrics.serviceMonitor.enabled=true +``` + +### Multiple replicas + +If you want to use multiple replicas for the controller you can change `controller.replicaCount` inside the helm values. + +If you have more than 1 replica leader election will be turned on automatically. diff --git a/chart/example-prod.values.yaml b/chart/example-prod.values.yaml new file mode 100644 index 00000000..9461ba18 --- /dev/null +++ b/chart/example-prod.values.yaml @@ -0,0 +1,88 @@ +controller: + replicaCount: 2 + hcloudVolumeDefaultLocation: nbg1 + priorityClassName: "system-cluster-critical" + resources: + csiAttacher: + limits: + memory: 80Mi + cpu: 50m + requests: + memory: 20Mi + cpu: 10m + csiResizer: + limits: + memory: 80Mi + cpu: 50m + requests: + memory: 20Mi + cpu: 10m + csiProvisioner: + limits: + memory: 80Mi + cpu: 50m + requests: + memory: 20Mi + cpu: 10m + livenessProbe: + limits: + memory: 80Mi + cpu: 50m + requests: + memory: 20Mi + cpu: 10m + hcloudCSIDriver: + limits: + memory: 80Mi + cpu: 100m + requests: + memory: 40Mi + cpu: 10m + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: csi-hcloud + operator: In + values: + - controller + topologyKey: "kubernetes.io/hostname" + +node: + priorityClassName: "system-node-critical" + resources: + csiNodeDriverRegistrar: + limits: + memory: 40Mi + cpu: 50m + requests: + memory: 20Mi + cpu: 10m + livenessProbe: + limits: + memory: 40Mi + cpu: 50m + requests: + memory: 20Mi + cpu: 10m + hcloudCSIDriver: + limits: + memory: 80Mi + cpu: 100m + requests: + memory: 40Mi + cpu: 10m + hostNetwork: true + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "node-role.kubernetes.io/control-plane" + operator: NotIn + values: + - "" + +metrics: + enabled: true diff --git a/chart/templates/_common_images.tpl b/chart/templates/_common_images.tpl new file mode 100644 index 00000000..b212fb1b --- /dev/null +++ b/chart/templates/_common_images.tpl @@ -0,0 +1,27 @@ +{{/* +Return the proper Container Image Registry Secret Names evaluating values as templates +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1 .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} \ No newline at end of file diff --git a/chart/templates/_common_labels.tpl b/chart/templates/_common_labels.tpl new file mode 100644 index 00000000..40016fd2 --- /dev/null +++ b/chart/templates/_common_labels.tpl @@ -0,0 +1,17 @@ +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} \ No newline at end of file diff --git a/chart/templates/_common_name.tpl b/chart/templates/_common_name.tpl new file mode 100644 index 00000000..a5d05744 --- /dev/null +++ b/chart/templates/_common_name.tpl @@ -0,0 +1,56 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "common.names.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/chart/templates/_common_tplvalues.tpl b/chart/templates/_common_tplvalues.tpl new file mode 100644 index 00000000..50f1c914 --- /dev/null +++ b/chart/templates/_common_tplvalues.tpl @@ -0,0 +1,12 @@ +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} \ No newline at end of file diff --git a/deploy/kubernetes/controller/rbac.yaml b/chart/templates/controller/clusterrole.yaml similarity index 67% rename from deploy/kubernetes/controller/rbac.yaml rename to chart/templates/controller/clusterrole.yaml index d0e6f328..6311d95d 100644 --- a/deploy/kubernetes/controller/rbac.yaml +++ b/chart/templates/controller/clusterrole.yaml @@ -1,13 +1,16 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: hcloud-csi-controller - namespace: kube-system ---- +{{ if .Values.controller.rbac.create }} kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: hcloud-csi-controller + name: {{ include "common.names.fullname" . }}-controller + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} rules: # attacher - apiGroups: [""] @@ -58,16 +61,7 @@ rules: - apiGroups: [""] resources: [events] verbs: [get, list, watch, create, update, patch] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: hcloud-csi-controller -subjects: -- kind: ServiceAccount - name: hcloud-csi-controller - namespace: kube-system -roleRef: - kind: ClusterRole - name: hcloud-csi-controller - apiGroup: rbac.authorization.k8s.io +{{- if .Values.controller.rbac.rules }} +{{- include "common.tplvalues.render" ( dict "value" .Values.controller.rbac.rules "context" $ ) | nindent 0 }} +{{- end }} +{{- end }} diff --git a/chart/templates/controller/clusterrolebinding.yaml b/chart/templates/controller/clusterrolebinding.yaml new file mode 100644 index 00000000..f20fc3cd --- /dev/null +++ b/chart/templates/controller/clusterrolebinding.yaml @@ -0,0 +1,20 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "common.names.fullname" . }}-controller + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "common.names.fullname" . }}-controller +subjects: + - kind: ServiceAccount + name: {{ template "common.names.serviceAccountName" . }}-controller + namespace: {{ include "common.names.namespace" . | quote }} diff --git a/chart/templates/controller/deployment.yaml b/chart/templates/controller/deployment.yaml new file mode 100644 index 00000000..0ea149b6 --- /dev/null +++ b/chart/templates/controller/deployment.yaml @@ -0,0 +1,212 @@ +{{ $enableLeaderElection := gt (int .Values.controller.replicaCount) 1 }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "common.names.fullname" . }}-controller + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: controller + app: hcloud-csi-controller {{/* Compatibility with old manifests */}} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.controller.replicaCount }} + {{- if .Values.controller.updateStrategy }} + strategy: {{- toYaml .Values.controller.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- if .Values.controller.matchLabelsOverride }} + {{- toYaml .Values.controller.matchLabelsOverride | nindent 6 }} + {{- else }} + {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: controller + {{- end }} + template: + metadata: + {{- if .Values.controller.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: controller + {{- if .Values.controller.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ template "common.names.serviceAccountName" . }}-controller + {{- include "common.images.pullSecrets" (dict "images" .Values.controller.image "context" .) | nindent 6 }} + {{- if .Values.controller.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.controller.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.controller.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.controller.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.controller.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName | quote }} + {{- end }} + {{- if .Values.controller.schedulerName }} + schedulerName: {{ .Values.controller.schedulerName | quote }} + {{- end }} + {{- if .Values.controller.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.controller.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.controller.podSecurityContext.enabled }} + securityContext: {{- omit .Values.controller.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.controller.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if .Values.controller.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: csi-attacher + image: {{ tpl .Values.controller.image.csiAttacher.name . }} + imagePullPolicy: {{ .Values.controller.image.csiAttacher.pullPolicy }} + {{- if .Values.controller.resources.csiAttacher }} + resources: {{- toYaml .Values.controller.resources.csiAttacher | nindent 12 }} + {{- end }} + args: + - --default-fstype=ext4 + {{- if $enableLeaderElection }} + - --leader-election + - --leader-election-namespace={{ include "common.names.namespace" . }} + {{- end}} + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: csi-resizer + image: {{ tpl .Values.controller.image.csiResizer.name . }} + imagePullPolicy: {{ .Values.controller.image.csiResizer.pullPolicy }} + {{- if .Values.controller.resources.csiResizer }} + resources: {{- toYaml .Values.controller.resources.csiResizer | nindent 12 }} + {{- end }} + {{- if $enableLeaderElection }} + args: + - --leader-election + - --leader-election-namespace={{ include "common.names.namespace" . }} + {{- end}} + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: csi-provisioner + image: {{ tpl .Values.controller.image.csiProvisioner.name . }} + imagePullPolicy: {{ .Values.controller.image.csiProvisioner.pullPolicy }} + {{- if .Values.controller.resources.csiProvisioner }} + resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }} + {{- end }} + args: + - --feature-gates=Topology=true + - --default-fstype=ext4 + {{- if $enableLeaderElection }} + - --leader-election + - --leader-election-namespace={{ include "common.names.namespace" . }} + {{- end}} + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: liveness-probe + image: {{ tpl .Values.controller.image.livenessProbe.name . }} + imagePullPolicy: {{ .Values.controller.image.livenessProbe.pullPolicy }} + {{- if .Values.controller.resources.livenessProbe }} + resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + + - name: hcloud-csi-driver + image: {{ tpl .Values.controller.image.hcloudCSIDriver.name . }} + imagePullPolicy: {{ .Values.controller.image.hcloudCSIDriver.pullPolicy }} + command: [/bin/hcloud-csi-driver-controller] + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + {{- if .Values.controller.hcloudVolumeDefaultLocation }} + - name: HCLOUD_VOLUME_DEFAULT_LOCATION + value: {{ .Values.controller.hcloudVolumeDefaultLocation | quote }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: METRICS_ENDPOINT + value: "0.0.0.0:{{ .Values.controller.containerPorts.metrics }}" + {{- end }} + - name: ENABLE_METRICS + value: {{if .Values.metrics.enabled}}"true"{{ else }}"false"{{end}} + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: HCLOUD_TOKEN + valueFrom: + secretKeyRef: + {{- if .Values.controller.hcloudToken.value }} + name: {{ template "common.names.fullname" . }}-hcloud-token + key: token + {{- else }} + name: {{ .Values.controller.hcloudToken.existingSecret.name }} + key: {{ .Values.controller.hcloudToken.existingSecret.key }} + {{- end }} + {{- if .Values.controller.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.controller.resources.hcloudCSIDriver }} + resources: {{- toYaml .Values.controller.resources.hcloudCSIDriver | nindent 12 }} + {{- end }} + ports: + {{- if .Values.metrics.enabled }} + - name: metrics + containerPort: {{ .Values.controller.containerPorts.metrics }} + {{- end }} + - name: healthz + protocol: TCP + containerPort: {{ .Values.controller.containerPorts.healthz }} + {{- if .Values.controller.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.controller.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.controller.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /healthz + port: healthz + {{- end }} + {{- if .Values.controller.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.controller.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.controller.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.controller.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.controller.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - name: socket-dir + mountPath: /run/csi + {{- if .Values.controller.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + + {{- if .Values.controller.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.controller.sidecars "context" $) | nindent 8 }} + {{- end }} + + volumes: + - name: socket-dir + emptyDir: {} + {{- if .Values.controller.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/chart/templates/controller/poddisruptionbudget.yaml b/chart/templates/controller/poddisruptionbudget.yaml new file mode 100644 index 00000000..3f13e97a --- /dev/null +++ b/chart/templates/controller/poddisruptionbudget.yaml @@ -0,0 +1,26 @@ +{{- $replicaCount := int .Values.controller.replicaCount }} +{{- if and .Values.controller.podDisruptionBudget.create (gt $replicaCount 1) }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }}-controller + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.controller.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.controller.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if .Values.controller.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.controller.podDisruptionBudget.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: controller +{{- end }} diff --git a/chart/templates/controller/secret.yaml b/chart/templates/controller/secret.yaml new file mode 100644 index 00000000..963a9aed --- /dev/null +++ b/chart/templates/controller/secret.yaml @@ -0,0 +1,18 @@ +{{- if .Values.controller.hcloudToken.value }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }}-hcloud-token + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + token: {{ .Values.controller.hcloudToken.value | b64enc }} +{{- end }} \ No newline at end of file diff --git a/chart/templates/controller/service.yaml b/chart/templates/controller/service.yaml new file mode 100644 index 00000000..1b1aa8ef --- /dev/null +++ b/chart/templates/controller/service.yaml @@ -0,0 +1,27 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-controller-metrics + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.controller.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.controller.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.controller.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + ports: + - name: metrics + port: {{ .Values.controller.service.ports.metrics }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: controller +{{- end }} \ No newline at end of file diff --git a/chart/templates/controller/serviceaccount.yaml b/chart/templates/controller/serviceaccount.yaml new file mode 100644 index 00000000..e97c88cc --- /dev/null +++ b/chart/templates/controller/serviceaccount.yaml @@ -0,0 +1,22 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "common.names.serviceAccountName" . }}-controller + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: controller + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/chart/templates/controller/servicemonitor.yaml b/chart/templates/controller/servicemonitor.yaml new file mode 100644 index 00000000..606a9a40 --- /dev/null +++ b/chart/templates/controller/servicemonitor.yaml @@ -0,0 +1,50 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }}-controller + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: controller + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: metrics + scheme: "http" + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/deploy/kubernetes/core/csidriver.yaml b/chart/templates/core/csidriver.yaml similarity index 92% rename from deploy/kubernetes/core/csidriver.yaml rename to chart/templates/core/csidriver.yaml index 1f5fb0e9..f511ba3d 100644 --- a/deploy/kubernetes/core/csidriver.yaml +++ b/chart/templates/core/csidriver.yaml @@ -4,7 +4,7 @@ metadata: name: csi.hetzner.cloud spec: attachRequired: true + fsGroupPolicy: File podInfoOnMount: true volumeLifecycleModes: - - Persistent - fsGroupPolicy: File + - Persistent \ No newline at end of file diff --git a/chart/templates/core/storageclass.yaml b/chart/templates/core/storageclass.yaml new file mode 100644 index 00000000..1bc246d2 --- /dev/null +++ b/chart/templates/core/storageclass.yaml @@ -0,0 +1,15 @@ +{{- if .Values.storageClasses }} +{{- range $key, $val := .Values.storageClasses }} +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: {{ $val.name }} + annotations: + storageclass.kubernetes.io/is-default-class: {{ $val.defaultStorageClass | default "false" | quote }} +provisioner: csi.hetzner.cloud +volumeBindingMode: WaitForFirstConsumer +allowVolumeExpansion: true +reclaimPolicy: {{ $val.reclaimPolicy | quote }} +--- +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/templates/node/daemonset.yaml b/chart/templates/node/daemonset.yaml new file mode 100644 index 00000000..ac5391a7 --- /dev/null +++ b/chart/templates/node/daemonset.yaml @@ -0,0 +1,177 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "common.names.fullname" . }}-node + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: node + app: hcloud-csi {{/* Compatibility with old manifests */}} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.node.updateStrategy }} + updateStrategy: {{- toYaml .Values.node.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- if .Values.node.matchLabelsOverride }} + {{- toYaml .Values.node.matchLabelsOverride | nindent 6 }} + {{- else }} + {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: node + {{- end }} + template: + metadata: + {{- if .Values.node.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.node.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: node + {{- if .Values.node.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.node.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "common.images.pullSecrets" (dict "images" .Values.node.image "context" .) | nindent 6 }} + {{- if .Values.node.hostNetwork }} + hostNetwork: true + {{- end }} + {{- if .Values.node.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.node.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.node.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.node.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.node.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.node.tolerations "context" .) | nindent 8 }} + {{- else }} + tolerations: + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + {{- end }} + {{- if .Values.node.priorityClassName }} + priorityClassName: {{ .Values.node.priorityClassName | quote }} + {{- end }} + {{- if .Values.node.podSecurityContext.enabled }} + securityContext: {{- omit .Values.node.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.node.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.node.terminationGracePeriodSeconds }} + {{- end }} + initContainers: + {{- if .Values.node.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.node.initContainers "context" $) | nindent 8 }} + {{- end }} + containers: + - name: csi-node-driver-registrar + image: {{ tpl .Values.node.image.csiNodeDriverRegistrar.name . }} + imagePullPolicy: {{ .Values.node.image.csiNodeDriverRegistrar.pullPolicy }} + args: + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket + volumeMounts: + - name: plugin-dir + mountPath: /run/csi + - name: registration-dir + mountPath: /registration + {{- if .Values.controller.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.controller.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.node.resources.csiNodeDriverRegistrar }} + resources: {{- toYaml .Values.node.resources.csiNodeDriverRegistrar | nindent 12 }} + {{- end }} + - name: liveness-probe + image: {{ tpl .Values.node.image.livenessProbe.name . }} + imagePullPolicy: {{ .Values.node.image.livenessProbe.pullPolicy }} + volumeMounts: + - mountPath: /run/csi + name: plugin-dir + {{- if .Values.node.resources.livenessProbe }} + resources: {{- toYaml .Values.node.resources.livenessProbe | nindent 12 }} + {{- end }} + - name: hcloud-csi-driver + image: {{ tpl .Values.node.image.hcloudCSIDriver.name . }} + imagePullPolicy: {{ .Values.node.image.hcloudCSIDriver.pullPolicy }} + command: [/bin/hcloud-csi-driver-node] + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /run/csi + - name: device-dir + mountPath: /dev + securityContext: + privileged: true + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + {{- if .Values.metrics.enabled }} + - name: METRICS_ENDPOINT + value: "0.0.0.0:{{ .Values.node.containerPorts.metrics }}" + {{- end }} + - name: ENABLE_METRICS + value: {{if .Values.metrics.enabled}}"true"{{ else }}"false"{{end}} + {{- if .Values.node.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.node.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + ports: + {{- if .Values.metrics.enabled }} + - containerPort: {{ .Values.node.containerPorts.metrics }} + name: metrics + {{- end }} + - name: healthz + protocol: TCP + containerPort: {{ .Values.node.containerPorts.healthz }} + {{- if .Values.node.resources.hcloudCSIDriver }} + resources: {{- toYaml .Values.node.resources.hcloudCSIDriver | nindent 12 }} + {{- end }} + {{- if .Values.node.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.node.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.node.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.node.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: /healthz + port: healthz + {{- end }} + {{- if .Values.node.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.node.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.node.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.node.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.node.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.node.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.node.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.node.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hetzner.cloud/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory + {{- if .Values.node.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.node.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/chart/templates/node/service.yaml b/chart/templates/node/service.yaml new file mode 100644 index 00000000..ce7191f4 --- /dev/null +++ b/chart/templates/node/service.yaml @@ -0,0 +1,27 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-node-metrics + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: node + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.node.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.node.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.node.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + ports: + - name: metrics + port: {{ .Values.node.service.ports.metrics }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: node +{{- end }} \ No newline at end of file diff --git a/chart/templates/node/servicemonitor.yaml b/chart/templates/node/servicemonitor.yaml new file mode 100644 index 00000000..a5d00416 --- /dev/null +++ b/chart/templates/node/servicemonitor.yaml @@ -0,0 +1,50 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }}-node + namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: node + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + endpoints: + - port: metrics + scheme: "http" + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ include "common.names.namespace" . | quote }} +{{- end }} diff --git a/chart/values.schema.json b/chart/values.schema.json new file mode 100644 index 00000000..be622889 --- /dev/null +++ b/chart/values.schema.json @@ -0,0 +1,702 @@ +{ + "$schema": "https://json-schema.org/schema#", + "type": "object", + "properties": { + "commonAnnotations": { + "type": "object" + }, + "commonLabels": { + "type": "object" + }, + "controller": { + "type": "object", + "properties": { + "affinity": { + "type": "object" + }, + "containerPorts": { + "type": "object", + "properties": { + "healthz": { + "type": "integer" + }, + "metrics": { + "type": "integer" + } + } + }, + "customLivenessProbe": { + "type": "object" + }, + "customReadinessProbe": { + "type": "object" + }, + "customStartupProbe": { + "type": "object" + }, + "extraEnvVars": { + "type": "array" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "hcloudToken": { + "type": "object", + "properties": { + "existingSecret": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "name": { + "type": "string" + } + } + }, + "value": { + "type": "string" + } + } + }, + "hcloudVolumeDefaultLocation": { + "type": "string" + }, + "image": { + "type": "object", + "properties": { + "csiAttacher": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "pullSecrets": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "csiProvisioner": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "pullSecrets": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "csiResizer": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "pullSecrets": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "hcloudCSIDriver": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "pullSecrets": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "pullSecrets": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + }, + "initContainers": { + "type": "array" + }, + "lifecycleHooks": { + "type": "object" + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "nodeSelector": { + "type": "object" + }, + "podDisruptionBudget": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "maxUnavailable": { + "type": "string" + }, + "minAvailable": { + "type": "integer" + } + } + }, + "podAnnotations": { + "type": "object" + }, + "podLabels": { + "type": "object" + }, + "podSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "fsGroup": { + "type": "integer" + } + } + }, + "priorityClassName": { + "type": "string" + }, + "rbac": { + "type": "object", + "properties": { + "create": { + "type": "boolean" + }, + "rules": { + "type": "array" + } + } + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "type": "object", + "properties": { + "csiAttacher": { + "type": "object", + "properties": { + "limits": { + "type": "object" + }, + "requests": { + "type": "object" + } + } + }, + "csiProvisioner": { + "type": "object", + "properties": { + "limits": { + "type": "object" + }, + "requests": { + "type": "object" + } + } + }, + "csiResizer": { + "type": "object", + "properties": { + "limits": { + "type": "object" + }, + "requests": { + "type": "object" + } + } + }, + "hcloudCSIDriver": { + "type": "object", + "properties": { + "limits": { + "type": "object" + }, + "requests": { + "type": "object" + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "limits": { + "type": "object" + }, + "requests": { + "type": "object" + } + } + } + } + }, + "schedulerName": { + "type": "string" + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "metrics": { + "type": "integer" + } + } + } + } + }, + "sidecars": { + "type": "array" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "fullnameOverride": { + "type": "string" + }, + "global": { + "type": "object", + "properties": { + "pullSecrets": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "serviceMonitor": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "honorLabels": { + "type": "boolean" + }, + "interval": { + "type": "string" + }, + "jobLabel": { + "type": "string" + }, + "labels": { + "type": "object" + }, + "metricRelabelings": { + "type": "array" + }, + "namespace": { + "type": "string" + }, + "relabelings": { + "type": "array" + }, + "scrapeTimeout": { + "type": "string" + }, + "selector": { + "type": "object" + } + } + } + } + }, + "nameOverride": { + "type": "string" + }, + "namespaceOverride": { + "type": "string" + }, + "node": { + "type": "object", + "properties": { + "affinity": { + "type": "object", + "properties": { + "nodeAffinity": { + "type": "object", + "properties": { + "requiredDuringSchedulingIgnoredDuringExecution": { + "type": "object", + "properties": { + "nodeSelectorTerms": { + "type": "array", + "items": { + "type": "object", + "properties": { + "matchExpressions": { + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "operator": { + "type": "string" + }, + "values": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + } + } + } + } + } + } + } + }, + "containerPorts": { + "type": "object", + "properties": { + "healthz": { + "type": "integer" + }, + "metrics": { + "type": "integer" + } + } + }, + "customLivenessProbe": { + "type": "object" + }, + "customReadinessProbe": { + "type": "object" + }, + "customStartupProbe": { + "type": "object" + }, + "extraEnvVars": { + "type": "array" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "hostNetwork": { + "type": "boolean" + }, + "image": { + "type": "object", + "properties": { + "csiNodeDriverRegistrar": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "pullSecrets": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "hcloudCSIDriver": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "pullSecrets": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "pullSecrets": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + }, + "initContainers": { + "type": "array" + }, + "lifecycleHooks": { + "type": "object" + }, + "livenessProbe": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "failureThreshold": { + "type": "integer" + }, + "initialDelaySeconds": { + "type": "integer" + }, + "periodSeconds": { + "type": "integer" + }, + "successThreshold": { + "type": "integer" + }, + "timeoutSeconds": { + "type": "integer" + } + } + }, + "nodeSelector": { + "type": "object" + }, + "podAnnotations": { + "type": "object" + }, + "podLabels": { + "type": "object" + }, + "podSecurityContext": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "fsGroup": { + "type": "integer" + } + } + }, + "priorityClassName": { + "type": "string" + }, + "resources": { + "type": "object", + "properties": { + "csiNodeDriverRegistrar": { + "type": "object", + "properties": { + "limits": { + "type": "object" + }, + "requests": { + "type": "object" + } + } + }, + "hcloudCSIDriver": { + "type": "object", + "properties": { + "limits": { + "type": "object" + }, + "requests": { + "type": "object" + } + } + }, + "livenessProbe": { + "type": "object", + "properties": { + "limits": { + "type": "object" + }, + "requests": { + "type": "object" + } + } + } + } + }, + "schedulerName": { + "type": "string" + }, + "service": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "ports": { + "type": "object", + "properties": { + "metrics": { + "type": "integer" + } + } + } + } + }, + "sidecars": { + "type": "array" + }, + "terminationGracePeriodSeconds": { + "type": "integer" + }, + "tolerations": { + "type": "array" + }, + "updateStrategy": { + "type": "object", + "properties": { + "type": { + "type": "string" + } + } + } + } + }, + "serviceAccount": { + "type": "object", + "properties": { + "annotations": { + "type": "object" + }, + "automountServiceAccountToken": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "name": { + "type": "string" + } + } + }, + "storageClasses": { + "type": "array", + "items": { + "type": "object", + "properties": { + "defaultStorageClass": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "reclaimPolicy": { + "type": "string" + } + } + } + } + } +} diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 00000000..31b50d8b --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1,701 @@ +## @section Global parameters +## Global Container image parameters +## Current available global Container image parameters: imagePullSecrets +## + +## @param global.imagePullSecrets Global container registry secret names as an array +## +global: + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + +## @section Common parameters +## + +## @param nameOverride String to partially override common.names.name +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} + +## @section Controller Parameters +## + +## Controller +## +controller: + ## @param controller.image.csiAttacher.name full path to csi-attacher image (including tag/digest & registry) + ## @param controller.image.csiAttacher.pullPolicy csi-attacher image pull policy + ## @param controller.image.csiAttacher.pullSecrets csi-attacher image pull secrets + ## @param controller.image.csiResizer.name full path to csi-resizer image (including tag/digest & registry) + ## @param controller.image.csiResizer.pullPolicy csi-resizer image pull policy + ## @param controller.image.csiResizer.pullSecrets csi-resizer image pull secrets + ## @param controller.image.csiProvisioner.name full path to csi-provisioner image (including tag/digest & registry) + ## @param controller.image.csiProvisioner.pullPolicy csi-provisioner image pull policy + ## @param controller.image.csiProvisioner.pullSecrets csi-provisioner image pull secrets + ## @param controller.image.livenessProbe.name full path to liveness-probe image (including tag/digest & registry) + ## @param controller.image.livenessProbe.pullPolicy liveness-probe image pull policy + ## @param controller.image.livenessProbe.pullSecrets liveness-probe image pull secrets + ## @param controller.image.hcloudCSIDriver.name full path to hcloud-csi-driver image (including tag/digest & registry) + ## @param controller.image.hcloudCSIDriver.pullPolicy hcloud-csi-driver image pull policy + ## @param controller.image.hcloudCSIDriver.pullSecrets hcloud-csi-driver image pull secrets + ## + image: + csiAttacher: + name: registry.k8s.io/sig-storage/csi-attacher:v4.1.0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + csiResizer: + name: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + csiProvisioner: + name: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + livenessProbe: + name: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + hcloudCSIDriver: + name: docker.io/hetznercloud/hcloud-csi-driver:v{{ .Chart.Version }} + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + ## @param controller.replicaCount Number of controller replicas to deploy + ## + replicaCount: 1 + + ## @param controller.hcloudToken.value Specifies the value for the hcloudToken. Creates a secret from that value. If you have already a hcloud token secret leave this empty. + ## @param controller.hcloudToken.existingSecret.name Specifies the name of an existing Secret for the hcloud Token + ## @param controller.hcloudToken.existingSecret.key Specifies the key of an existing Secret for the hcloud Token + ## + hcloudToken: + value: "" + existingSecret: + name: hcloud + key: token + + ## @param controller.hcloudVolumeDefaultLocation Set this to the location of your cluster. If set the controller could run anywhere. If left empty the controller needs to run on a hcloud node. + ## + hcloudVolumeDefaultLocation: "" + + ## @param controller.containerPorts.metrics controller metrics container port + ## @param controller.containerPorts.healthz controller healthz container port + ## + containerPorts: + metrics: 9189 + healthz: 9808 + + ## controller service parameters + ## + service: + ## @param controller.service.ports.metrics controller service metrics port + ports: + metrics: 9189 + + ## @param controller.service.annotations Additional custom annotations for controller service + annotations: {} + + ## RBAC configuration + ## + rbac: + ## @param controller.rbac.create Specifies whether RBAC resources should be created + ## + create: true + ## @param controller.rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] + + ## Configure extra options for controller containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param controller.livenessProbe.enabled Enable livenessProbe on controller containers + ## @param controller.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param controller.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param controller.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param controller.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param controller.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 2 + timeoutSeconds: 3 + failureThreshold: 5 + successThreshold: 1 + + ## @param controller.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param controller.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param controller.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## controller resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## @param controller.resources.csiAttacher.limits The resources limits for the csiAttacher containers + ## @param controller.resources.csiAttacher.requests The requested resources for the csiAttacher containers + ## @param controller.resources.csiResizer.limits The resources limits for the csiResizer containers + ## @param controller.resources.csiResizer.requests The requested resources for the csiResizer containers + ## @param controller.resources.csiProvisioner.limits The resources limits for the csiProvisioner containers + ## @param controller.resources.csiProvisioner.requests The requested resources for the csiProvisioner containers + ## @param controller.resources.livenessProbe.limits The resources limits for the livenessProbe containers + ## @param controller.resources.livenessProbe.requests The requested resources for the livenessProbe containers + ## @param controller.resources.hcloudCSIDriver.limits The resources limits for the hcloudCSIDriver containers + ## @param controller.resources.hcloudCSIDriver.requests The requested resources for the hcloudCSIDriver containers + ## + resources: + csiAttacher: + limits: {} + requests: {} + csiResizer: + limits: {} + requests: {} + csiProvisioner: + limits: {} + requests: {} + livenessProbe: + limits: {} + requests: {} + hcloudCSIDriver: + limits: {} + requests: {} + + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param controller.podSecurityContext.enabled Enabled controller pods' Security Context + ## @param controller.podSecurityContext.fsGroup Set controller pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + + ## @param controller.podLabels Extra labels for controller pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + + ## @param controller.matchLabelsOverride Override the default spec.selector.matchLabels. Added for backwards compatibility with the static manifests. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#label-selector-updates + ## + # matchLabelsOverride: null + + ## @param controller.podAnnotations Annotations for controller pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## @param controller.podDisruptionBudget.create Enable PodDisruptionBudget for controller pods + ## @param controller.podDisruptionBudget.minAvailable Set minAvailable for controller pods + ## @param controller.podDisruptionBudget.maxUnavailable Set maxUnavailable for controller pods + ## + podDisruptionBudget: + create: true + minAvailable: 1 + maxUnavailable: "" + + ## @param controller.affinity Affinity for controller pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## @param controller.nodeSelector Node labels for controller pods assignment + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + ## + nodeSelector: {} + + ## @param controller.tolerations Tolerations for controller pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## @param controller.updateStrategy.type controller statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + + ## @param controller.priorityClassName controller pods' priorityClassName + ## + priorityClassName: "" + + ## @param controller.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + + ## @param controller.schedulerName Name of the k8s scheduler (other than default) for controller pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + + ## @param controller.terminationGracePeriodSeconds Seconds pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination + ## + # terminationGracePeriodSeconds: 30 + + ## @param controller.lifecycleHooks for the controller container(s) to automate configuration before or after startup + ## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ + ## + lifecycleHooks: {} + + ## @param controller.extraEnvVars Array with extra environment variables to add to controller pods + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + + ## @param controller.extraVolumes Extra Volumes for controller pods + extraVolumes: [] + + ## @param controller.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the controller container(s) + ## + extraVolumeMounts: [] + + ## @param controller.sidecars Add additional sidecar containers to the controller pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + + ## @param controller.initContainers Add additional init containers to the controller pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + +## @section Node Parameters +## + +## Node +## +node: + ## @param node.image.csiNodeDriverRegistrar.name full path to csi-node-driver-registrar image (including tag/digest & registry) + ## @param node.image.csiNodeDriverRegistrar.pullPolicy csi-node-driver-registrar image pull policy + ## @param node.image.csiNodeDriverRegistrar.pullSecrets csi-node-driver-registrar image pull secrets + ## @param node.image.livenessProbe.name full path to liveness-probe image (including tag/digest & registry) + ## @param node.image.livenessProbe.pullPolicy liveness-probe image pull policy + ## @param node.image.livenessProbe.pullSecrets liveness-probe image pull secrets + ## @param node.image.hcloudCSIDriver.name full path to hcloud-csi-driver image (including tag/digest & registry) + ## @param node.image.hcloudCSIDriver.pullPolicy hcloud-csi-driver image pull policy + ## @param node.image.hcloudCSIDriver.pullSecrets hcloud-csi-driver image pull secrets + ## + image: + csiNodeDriverRegistrar: + name: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + livenessProbe: + name: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + hcloudCSIDriver: + name: docker.io/hetznercloud/hcloud-csi-driver:v{{ .Chart.Version }} + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + + + ## @param node.containerPorts.metrics node Metrics container port + ## @param node.containerPorts.healthz node Health container port + ## + containerPorts: + metrics: 9189 + healthz: 9808 + + ## node service parameters + ## + service: + ## @param node.service.ports.metrics node service Metrics port + ## + ports: + metrics: 9189 + + ## @param node.service.annotations Additional custom annotations for node service + ## + annotations: {} + + + ## Configure extra options for node containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param node.livenessProbe.enabled Enable livenessProbe on node containers + ## @param node.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param node.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param node.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param node.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param node.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 2 + timeoutSeconds: 3 + failureThreshold: 5 + successThreshold: 1 + + ## @param node.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + + ## @param node.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + + ## @param node.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + + ## node resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## @param node.resources.csiNodeDriverRegistrar.limits The resources limits for the csiNodeDriverRegistrar containers + ## @param node.resources.csiNodeDriverRegistrar.requests The requested resources for the csiNodeDriverRegistrar containers + ## @param node.resources.livenessProbe.limits The resources limits for the livenessProbe containers + ## @param node.resources.livenessProbe.requests The requested resources for the livenessProbe containers + ## @param node.resources.hcloudCSIDriver.limits The resources limits for the hcloudCSIDriver containers + ## @param node.resources.hcloudCSIDriver.requests The requested resources for the hcloudCSIDriver containers + ## + resources: + csiNodeDriverRegistrar: + limits: {} + requests: {} + livenessProbe: + limits: {} + requests: {} + hcloudCSIDriver: + limits: {} + requests: {} + + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param node.podSecurityContext.enabled Enabled node pods' Security Context + ## @param node.podSecurityContext.fsGroup Set node pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + + ## @param node.hostNetwork Enables the hostNetwork + ## + hostNetwork: false + + ## @param node.podLabels Extra labels for node pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + podLabels: {} + + ## @param node.matchLabelsOverride Override the default spec.selector.matchLabels. Added for backwards compatibility with the static manifests. + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/#pod-selector + ## + # matchLabelsOverride: {} + + ## @param node.podAnnotations Annotations for node pods + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## @param node.affinity Affinity for node pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "instance.hetzner.cloud/is-root-server" + operator: NotIn + values: + - "true" + + ## @param node.nodeSelector Node labels for node pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## @param node.tolerations Tolerations for node pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + # - effect: NoExecute + # operator: Exists + # - effect: NoSchedule + # operator: Exists + # - key: CriticalAddonsOnly + # operator: Exists + + ## @param node.updateStrategy.type node statefulset strategy type + ## ref: https://kubernetes.io/docs/concepts/workloads/nodes/statefulset/#update-strategies + ## + updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + + ## @param node.priorityClassName node pods' priorityClassName + ## + priorityClassName: "" + + ## @param node.schedulerName Name of the k8s scheduler (other than default) for node pods + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + + ## @param node.terminationGracePeriodSeconds Seconds pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + # terminationGracePeriodSeconds: 30 + + ## @param node.lifecycleHooks for the node container(s) to automate configuration before or after startup + ## + lifecycleHooks: {} + + ## @param node.extraEnvVars Array with extra environment variables to add to node pods + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + + ## @param node.extraVolumes Extra Volumes for controller pods + ## + extraVolumes: [] + + ## @param node.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the node container(s) + ## + extraVolumeMounts: [] + + ## @param node.sidecars Add additional sidecar containers to the node pod(s) + ## e.g: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + + ## @param node.initContainers Add additional init containers to the node pod(s) + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + ## e.g: + ## initContainers: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## command: ['sh', '-c', 'echo "hello world"'] + ## + initContainers: [] + +## @section Other Parameters +## + +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount service account token for the controller service account + ## + automountServiceAccountToken: true + +## Prometheus metrics +## +metrics: + ## @param metrics.enabled Enable the export of Prometheus metrics + ## + enabled: false + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor + ## + annotations: {} + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels + ## + honorLabels: false + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings Specify general relabeling + ## + relabelings: [] + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/syself/charts/tree/main/syself/prometheus-operator#prometheus-configuration + ## selector: + ## prometheus: my-prometheus + ## + selector: {} + +## @param storageClasses Creates one or more storageClasses +## +storageClasses: + - name: hcloud-volumes + defaultStorageClass: true + reclaimPolicy: Delete diff --git a/deploy/kubernetes/controller/deployment.yaml b/deploy/kubernetes/controller/deployment.yaml deleted file mode 100644 index b9028d3c..00000000 --- a/deploy/kubernetes/controller/deployment.yaml +++ /dev/null @@ -1,84 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: hcloud-csi-controller - namespace: kube-system -spec: - selector: - matchLabels: - app: hcloud-csi-controller - replicas: 1 - template: - metadata: - labels: - app: hcloud-csi-controller - spec: - serviceAccountName: hcloud-csi-controller - containers: - - name: csi-attacher - image: registry.k8s.io/sig-storage/csi-attacher:v4.1.0 - args: - - --default-fstype=ext4 - volumeMounts: - - name: socket-dir - mountPath: /run/csi - - name: csi-resizer - image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 - volumeMounts: - - name: socket-dir - mountPath: /run/csi - - name: csi-provisioner - image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 - args: - - --feature-gates=Topology=true - - --default-fstype=ext4 - volumeMounts: - - name: socket-dir - mountPath: /run/csi - - name: hcloud-csi-driver - image: hetznercloud/hcloud-csi-driver:v2.4.0 # x-release-please-version - imagePullPolicy: Always - command: [/bin/hcloud-csi-driver-controller] - env: - - name: CSI_ENDPOINT - value: unix:///run/csi/socket - - name: METRICS_ENDPOINT - value: 0.0.0.0:9189 - - name: ENABLE_METRICS - value: "true" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: HCLOUD_TOKEN - valueFrom: - secretKeyRef: - name: hcloud - key: token - volumeMounts: - - name: socket-dir - mountPath: /run/csi - ports: - - containerPort: 9189 - name: metrics - - name: healthz - containerPort: 9808 - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 2 - - name: liveness-probe - imagePullPolicy: Always - image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 - volumeMounts: - - mountPath: /run/csi - name: socket-dir - volumes: - - name: socket-dir - emptyDir: {} diff --git a/deploy/kubernetes/controller/kustomization.yaml b/deploy/kubernetes/controller/kustomization.yaml deleted file mode 100644 index 53038170..00000000 --- a/deploy/kubernetes/controller/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- rbac.yaml -- service.yaml -- deployment.yaml diff --git a/deploy/kubernetes/controller/service.yaml b/deploy/kubernetes/controller/service.yaml deleted file mode 100644 index 8089814b..00000000 --- a/deploy/kubernetes/controller/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: hcloud-csi-controller-metrics - namespace: kube-system - labels: - app: hcloud-csi-controller -spec: - selector: - app: hcloud-csi-controller - ports: - - port: 9189 - name: metrics - targetPort: metrics diff --git a/deploy/kubernetes/core/kustomization.yaml b/deploy/kubernetes/core/kustomization.yaml deleted file mode 100644 index 65a3b418..00000000 --- a/deploy/kubernetes/core/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- csidriver.yaml -- storageclass.yaml diff --git a/deploy/kubernetes/core/storageclass.yaml b/deploy/kubernetes/core/storageclass.yaml deleted file mode 100644 index 36aa1ea4..00000000 --- a/deploy/kubernetes/core/storageclass.yaml +++ /dev/null @@ -1,9 +0,0 @@ -kind: StorageClass -apiVersion: storage.k8s.io/v1 -metadata: - name: hcloud-volumes - annotations: - storageclass.kubernetes.io/is-default-class: "true" -provisioner: csi.hetzner.cloud -volumeBindingMode: WaitForFirstConsumer -allowVolumeExpansion: true diff --git a/deploy/kubernetes/hcloud-csi.yml b/deploy/kubernetes/hcloud-csi.yml index 93c65a66..75061356 100644 --- a/deploy/kubernetes/hcloud-csi.yml +++ b/deploy/kubernetes/hcloud-csi.yml @@ -1,300 +1,184 @@ -allowVolumeExpansion: true -apiVersion: storage.k8s.io/v1 +--- +# Source: hcloud-csi/templates/controller/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hcloud-csi-controller + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.4.0 + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller +automountServiceAccountToken: true +--- +# Source: hcloud-csi/templates/core/storageclass.yaml kind: StorageClass +apiVersion: storage.k8s.io/v1 metadata: + name: hcloud-volumes annotations: storageclass.kubernetes.io/is-default-class: "true" - name: hcloud-volumes provisioner: csi.hetzner.cloud volumeBindingMode: WaitForFirstConsumer +allowVolumeExpansion: true +reclaimPolicy: "Delete" --- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: hcloud-csi-controller - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 +# Source: hcloud-csi/templates/controller/clusterrole.yaml kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hcloud-csi-controller + labels: + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.4.0 + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller rules: -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch -- apiGroups: - - csi.storage.k8s.io - resources: - - csinodeinfos - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - csinodes - verbs: - - get - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - storage.k8s.io - resources: - - volumeattachments/status - verbs: - - patch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - create - - delete - - patch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - persistentvolumeclaims/status - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - list - - watch - - create - - update - - patch -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshots - verbs: - - get - - list -- apiGroups: - - snapshot.storage.k8s.io - resources: - - volumesnapshotcontents - verbs: - - get - - list -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create - - update - - patch +# attacher +- apiGroups: [""] + resources: [persistentvolumes] + verbs: [get, list, watch, update, patch] +- apiGroups: [""] + resources: [nodes] + verbs: [get, list, watch] +- apiGroups: [csi.storage.k8s.io] + resources: [csinodeinfos] + verbs: [get, list, watch] +- apiGroups: [storage.k8s.io] + resources: [csinodes] + verbs: [get, list, watch] +- apiGroups: [storage.k8s.io] + resources: [volumeattachments] + verbs: [get, list, watch, update, patch] +- apiGroups: [storage.k8s.io] + resources: [volumeattachments/status] + verbs: [patch] +# provisioner +- apiGroups: [""] + resources: [secrets] + verbs: [get, list] +- apiGroups: [""] + resources: [persistentvolumes] + verbs: [get, list, watch, create, delete, patch] +- apiGroups: [""] + resources: [persistentvolumeclaims, persistentvolumeclaims/status] + verbs: [get, list, watch, update, patch] +- apiGroups: [storage.k8s.io] + resources: [storageclasses] + verbs: [get, list, watch] +- apiGroups: [""] + resources: [events] + verbs: [list, watch, create, update, patch] +- apiGroups: [snapshot.storage.k8s.io] + resources: [volumesnapshots] + verbs: [get, list] +- apiGroups: [snapshot.storage.k8s.io] + resources: [volumesnapshotcontents] + verbs: [get, list] +# resizer +- apiGroups: [""] + resources: [pods] + verbs: [get, list, watch] +# node +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch, create, update, patch] --- -apiVersion: rbac.authorization.k8s.io/v1 +# Source: hcloud-csi/templates/controller/clusterrolebinding.yaml kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hcloud-csi-controller + labels: + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.4.0 + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: hcloud-csi-controller subjects: -- kind: ServiceAccount - name: hcloud-csi-controller - namespace: kube-system + - kind: ServiceAccount + name: hcloud-csi-controller + namespace: "kube-system" --- +# Source: hcloud-csi/templates/controller/service.yaml apiVersion: v1 kind: Service metadata: - labels: - app: hcloud-csi-controller name: hcloud-csi-controller-metrics - namespace: kube-system + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.4.0 + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller spec: ports: - - name: metrics - port: 9189 - targetPort: metrics + - name: metrics + port: 9189 selector: - app: hcloud-csi-controller + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: controller --- +# Source: hcloud-csi/templates/node/service.yaml apiVersion: v1 kind: Service metadata: - labels: - app: hcloud-csi name: hcloud-csi-node-metrics - namespace: kube-system + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.4.0 + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: node spec: ports: - - name: metrics - port: 9189 - targetPort: metrics - selector: - app: hcloud-csi ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: hcloud-csi-controller - namespace: kube-system -spec: - replicas: 1 + - name: metrics + port: 9189 selector: - matchLabels: - app: hcloud-csi-controller - template: - metadata: - labels: - app: hcloud-csi-controller - spec: - containers: - - args: - - --default-fstype=ext4 - image: registry.k8s.io/sig-storage/csi-attacher:v4.1.0 - name: csi-attacher - volumeMounts: - - mountPath: /run/csi - name: socket-dir - - image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 - name: csi-resizer - volumeMounts: - - mountPath: /run/csi - name: socket-dir - - args: - - --feature-gates=Topology=true - - --default-fstype=ext4 - image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 - name: csi-provisioner - volumeMounts: - - mountPath: /run/csi - name: socket-dir - - command: - - /bin/hcloud-csi-driver-controller - env: - - name: CSI_ENDPOINT - value: unix:///run/csi/socket - - name: METRICS_ENDPOINT - value: 0.0.0.0:9189 - - name: ENABLE_METRICS - value: "true" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: HCLOUD_TOKEN - valueFrom: - secretKeyRef: - key: token - name: hcloud - image: hetznercloud/hcloud-csi-driver:v2.4.0 # x-release-please-version - imagePullPolicy: Always - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 2 - timeoutSeconds: 3 - name: hcloud-csi-driver - ports: - - containerPort: 9189 - name: metrics - - containerPort: 9808 - name: healthz - protocol: TCP - volumeMounts: - - mountPath: /run/csi - name: socket-dir - - image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 - imagePullPolicy: Always - name: liveness-probe - volumeMounts: - - mountPath: /run/csi - name: socket-dir - serviceAccountName: hcloud-csi-controller - volumes: - - emptyDir: {} - name: socket-dir + app.kubernetes.io/name: hcloud-csi + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/component: node --- +# Source: hcloud-csi/templates/node/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: - labels: - app: hcloud-csi name: hcloud-csi-node - namespace: kube-system + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.4.0 + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: node + app: hcloud-csi spec: + updateStrategy: + type: RollingUpdate selector: matchLabels: app: hcloud-csi template: metadata: labels: + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.4.0 + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: node app: hcloud-csi spec: + affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -304,83 +188,225 @@ spec: operator: NotIn values: - "true" - containers: - - args: - - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 - name: csi-node-driver-registrar - volumeMounts: - - mountPath: /run/csi - name: plugin-dir - - mountPath: /registration - name: registration-dir - - command: - - /bin/hcloud-csi-driver-node - env: - - name: CSI_ENDPOINT - value: unix:///run/csi/socket - - name: METRICS_ENDPOINT - value: 0.0.0.0:9189 - - name: ENABLE_METRICS - value: "true" - image: hetznercloud/hcloud-csi-driver:v2.4.0 # x-release-please-version - imagePullPolicy: Always - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - periodSeconds: 2 - timeoutSeconds: 3 - name: hcloud-csi-driver - ports: - - containerPort: 9189 - name: metrics - - containerPort: 9808 - name: healthz - protocol: TCP - securityContext: - privileged: true - volumeMounts: - - mountPath: /var/lib/kubelet - mountPropagation: Bidirectional - name: kubelet-dir - - mountPath: /run/csi - name: plugin-dir - - mountPath: /dev - name: device-dir - - image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 - imagePullPolicy: Always - name: liveness-probe - volumeMounts: - - mountPath: /run/csi - name: plugin-dir tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists + - effect: NoExecute + operator: Exists + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + securityContext: + fsGroup: 1001 + initContainers: + containers: + - name: csi-node-driver-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 + imagePullPolicy: IfNotPresent + args: + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket + volumeMounts: + - name: plugin-dir + mountPath: /run/csi + - name: registration-dir + mountPath: /registration + resources: + limits: {} + requests: {} + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + imagePullPolicy: IfNotPresent + volumeMounts: + - mountPath: /run/csi + name: plugin-dir + resources: + limits: {} + requests: {} + - name: hcloud-csi-driver + image: docker.io/hetznercloud/hcloud-csi-driver:v2.4.0 + imagePullPolicy: IfNotPresent + command: [/bin/hcloud-csi-driver-node] + volumeMounts: + - name: kubelet-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /run/csi + - name: device-dir + mountPath: /dev + securityContext: + privileged: true + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: METRICS_ENDPOINT + value: "0.0.0.0:9189" + - name: ENABLE_METRICS + value: "true" + ports: + - containerPort: 9189 + name: metrics + - name: healthz + protocol: TCP + containerPort: 9808 + resources: + limits: {} + requests: {} + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + httpGet: + path: /healthz + port: healthz + volumes: + - name: kubelet-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hetzner.cloud/ + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory +--- +# Source: hcloud-csi/templates/controller/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hcloud-csi-controller + namespace: "kube-system" + labels: + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.4.0 + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + app: hcloud-csi-controller +spec: + replicas: 1 + strategy: + type: RollingUpdate + selector: + matchLabels: + app: hcloud-csi-controller + template: + metadata: + labels: + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.4.0 + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: controller + app: hcloud-csi-controller + spec: + serviceAccountName: hcloud-csi-controller + + securityContext: + fsGroup: 1001 + initContainers: + containers: + - name: csi-attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.1.0 + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + args: + - --default-fstype=ext4 + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + args: + - --feature-gates=Topology=true + - --default-fstype=ext4 + volumeMounts: + - name: socket-dir + mountPath: /run/csi + + - name: liveness-probe + image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 + imagePullPolicy: IfNotPresent + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + + - name: hcloud-csi-driver + image: docker.io/hetznercloud/hcloud-csi-driver:v2.4.0 + imagePullPolicy: IfNotPresent + command: [/bin/hcloud-csi-driver-controller] + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: METRICS_ENDPOINT + value: "0.0.0.0:9189" + - name: ENABLE_METRICS + value: "true" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: HCLOUD_TOKEN + valueFrom: + secretKeyRef: + name: hcloud + key: token + resources: + limits: {} + requests: {} + ports: + - name: metrics + containerPort: 9189 + - name: healthz + protocol: TCP + containerPort: 9808 + livenessProbe: + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + httpGet: + path: /healthz + port: healthz + volumeMounts: + - name: socket-dir + mountPath: /run/csi + volumes: - - hostPath: - path: /var/lib/kubelet - type: Directory - name: kubelet-dir - - hostPath: - path: /var/lib/kubelet/plugins/csi.hetzner.cloud/ - type: DirectoryOrCreate - name: plugin-dir - - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: Directory - name: registration-dir - - hostPath: - path: /dev - type: Directory - name: device-dir + - name: socket-dir + emptyDir: {} --- +# Source: hcloud-csi/templates/core/csidriver.yaml apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: diff --git a/deploy/kubernetes/kustomization.yaml b/deploy/kubernetes/kustomization.yaml index 0626a6d7..6a66d23a 100644 --- a/deploy/kubernetes/kustomization.yaml +++ b/deploy/kubernetes/kustomization.yaml @@ -1,6 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + +# This kustomization is left for backwards-compatibility. +# If you use this, please switch to the Helm Chart if possible. + resources: -- controller/ -- core/ -- node/ +- hcloud-csi.yml \ No newline at end of file diff --git a/deploy/kubernetes/node/daemonset.yaml b/deploy/kubernetes/node/daemonset.yaml deleted file mode 100644 index 4fdb52ce..00000000 --- a/deploy/kubernetes/node/daemonset.yaml +++ /dev/null @@ -1,100 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: hcloud-csi-node - namespace: kube-system - labels: - app: hcloud-csi -spec: - selector: - matchLabels: - app: hcloud-csi - template: - metadata: - labels: - app: hcloud-csi - spec: - tolerations: - - effect: NoExecute - operator: Exists - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: "instance.hetzner.cloud/is-root-server" - operator: NotIn - values: - - "true" - containers: - - name: csi-node-driver-registrar - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 - args: - - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket - volumeMounts: - - name: plugin-dir - mountPath: /run/csi - - name: registration-dir - mountPath: /registration - - name: hcloud-csi-driver - image: hetznercloud/hcloud-csi-driver:v2.4.0 # x-release-please-version - imagePullPolicy: Always - command: [/bin/hcloud-csi-driver-node] - env: - - name: CSI_ENDPOINT - value: unix:///run/csi/socket - - name: METRICS_ENDPOINT - value: 0.0.0.0:9189 - - name: ENABLE_METRICS - value: "true" - volumeMounts: - - name: kubelet-dir - mountPath: /var/lib/kubelet - mountPropagation: "Bidirectional" - - name: plugin-dir - mountPath: /run/csi - - name: device-dir - mountPath: /dev - securityContext: - privileged: true - ports: - - containerPort: 9189 - name: metrics - - name: healthz - containerPort: 9808 - protocol: TCP - livenessProbe: - failureThreshold: 5 - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 2 - - name: liveness-probe - imagePullPolicy: Always - image: registry.k8s.io/sig-storage/livenessprobe:v2.9.0 - volumeMounts: - - mountPath: /run/csi - name: plugin-dir - volumes: - - name: kubelet-dir - hostPath: - path: /var/lib/kubelet - type: Directory - - name: plugin-dir - hostPath: - path: /var/lib/kubelet/plugins/csi.hetzner.cloud/ - type: DirectoryOrCreate - - name: registration-dir - hostPath: - path: /var/lib/kubelet/plugins_registry/ - type: Directory - - name: device-dir - hostPath: - path: /dev - type: Directory diff --git a/deploy/kubernetes/node/kustomization.yaml b/deploy/kubernetes/node/kustomization.yaml deleted file mode 100644 index efe34984..00000000 --- a/deploy/kubernetes/node/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- daemonset.yaml -- service.yaml diff --git a/deploy/kubernetes/node/service.yaml b/deploy/kubernetes/node/service.yaml deleted file mode 100644 index 1299ea79..00000000 --- a/deploy/kubernetes/node/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: hcloud-csi-node-metrics - namespace: kube-system - labels: - app: hcloud-csi -spec: - selector: - app: hcloud-csi - ports: - - port: 9189 - name: metrics - targetPort: metrics diff --git a/deploy/kubernetes/service-monitor/kustomization.yaml b/deploy/kubernetes/service-monitor/kustomization.yaml index c82ed36f..b66afb64 100644 --- a/deploy/kubernetes/service-monitor/kustomization.yaml +++ b/deploy/kubernetes/service-monitor/kustomization.yaml @@ -1,4 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + +# This kustomization is left for backwards-compatibility. +# If you use this, please switch to the Helm Chart if possible. + resources: - service-monitor.yaml diff --git a/deploy/kustomization.yaml b/deploy/kustomization.yaml index 16c4c2af..bbeb1331 100644 --- a/deploy/kustomization.yaml +++ b/deploy/kustomization.yaml @@ -1,4 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization + +# This kustomization is left for backwards-compatibility. +# If you use this, please switch to the Helm Chart if possible. + resources: - kubernetes/hcloud-csi.yml \ No newline at end of file diff --git a/hack/release-generate-deployment-yamls.sh b/hack/release-generate-deployment-yamls.sh new file mode 100755 index 00000000..96c08ca0 --- /dev/null +++ b/hack/release-generate-deployment-yamls.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +set -ueo pipefail +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" + +: "${TEMPLATES_DIR:=./deploy}" + +VERSION="$1" + +if [[ -z $VERSION ]]; then + echo "Usage: $0 " + exit 1 +fi + +# Update version +sed -e "s/version: .*/version: $VERSION/" --in-place chart/Chart.yaml + +"$SCRIPT_DIR"/update-deployment-yamls.sh + +# Package the chart for publishing +helm package chart diff --git a/hack/release-publish-helm-chart.sh b/hack/release-publish-helm-chart.sh new file mode 100755 index 00000000..3dcc4a50 --- /dev/null +++ b/hack/release-publish-helm-chart.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env bash + +set -e +set -o pipefail + +CHART_REPO_REMOTE=${CHART_REPO_REMOTE:-"https://github.com/hetznercloud/helm-charts.git"} +CHART_REPO_BRANCH=${CHART_REPO_BRANCH:-"main"} + +CHART_FILE="$1" + +if [[ -z "$CHART_FILE" ]]; then + echo "Usage: $0 " + exit 1 +fi + +TMP_DIR=$(mktemp --directory csi-driver-chart-repo.XXXXX) + +git clone --depth 1 -b "${CHART_REPO_BRANCH}" "${CHART_REPO_REMOTE}" "${TMP_DIR}" + +mkdir "${TMP_DIR}"/new-chart +cp "${CHART_FILE}" "${TMP_DIR}/new-chart" + +pushd "${TMP_DIR}/new-chart" + +# Update index +# We use --merge to not update any of the other existing entries in the index file, +# this requires us to put our new chart in a separate dir that only includes the new chart. +helm repo index --merge ../index.yaml . +# Move chart and merged index to root dir +mv -f -- * .. + +popd +pushd "${TMP_DIR}" + +# Setup git-lfs +git lfs install --local + +# commit & push +git add -- index.yaml "${CHART_FILE}" +git commit -m "feat: add ${CHART_FILE}" +git push + +popd +rm -rf "${TMP_DIR}" diff --git a/hack/update-deployment-yamls.sh b/hack/update-deployment-yamls.sh new file mode 100755 index 00000000..949930a0 --- /dev/null +++ b/hack/update-deployment-yamls.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +set -ueo pipefail + +# Template the chart with pre-built values to get the legacy deployment files +helm template hcloud-csi chart \ + --namespace kube-system \ + --set metrics.enabled=true \ + --set controller.matchLabelsOverride.app=hcloud-csi-controller \ + --set controller.podLabels.app=hcloud-csi-controller \ + --set node.matchLabelsOverride.app=hcloud-csi \ + --set node.podLabels.app=hcloud-csi \ + > deploy/kubernetes/hcloud-csi.yml diff --git a/hack/update-helm-snapshots.sh b/hack/update-helm-snapshots.sh new file mode 100755 index 00000000..2c1bb396 --- /dev/null +++ b/hack/update-helm-snapshots.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +set -ueo pipefail + +helm template hcloud-csi chart \ + --namespace kube-system \ + | grep -v helm.sh/chart \ + > chart/.snapshots/default.yaml + +helm template hcloud-csi chart \ + --namespace kube-system \ + -f chart/example-prod.values.yaml \ + | grep -v helm.sh/chart \ + > chart/.snapshots/example-prod.yaml + +helm template hcloud-csi chart \ + --namespace kube-system \ + -f chart/.snapshots/full.values.yaml \ + | grep -v helm.sh/chart \ + > chart/.snapshots/full.yaml diff --git a/skaffold.yaml b/skaffold.yaml index e71b7d38..549caddd 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -4,15 +4,18 @@ metadata: name: csi-driver build: artifacts: - - image: hetznercloud/hcloud-csi-driver + - image: docker.io/hetznercloud/hcloud-csi-driver docker: dockerfile: hack/Dockerfile cacheFrom: - - hetznercloud/hcloud-csi-driver:buildcache + - docker.io/hetznercloud/hcloud-csi-driver:buildcache local: useBuildkit: true insecureRegistries: - localhost:30666 manifests: - kustomize: - paths: [hack/] + helm: + releases: + - name: hcloud-csi + namespace: kube-system + chartPath: chart