diff --git a/deploy/kubernetes/helm/csi-digitalocean/.helmignore b/deploy/kubernetes/helm/csi-digitalocean/.helmignore new file mode 100644 index 00000000..e43b0f98 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/.helmignore @@ -0,0 +1 @@ +.DS_Store diff --git a/deploy/kubernetes/helm/csi-digitalocean/Chart.yaml b/deploy/kubernetes/helm/csi-digitalocean/Chart.yaml new file mode 100644 index 00000000..4c3ff4df --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +name: csi-digitalocean +version: 2.1.1 +appVersion: 2.1.1 +type: application diff --git a/deploy/kubernetes/helm/csi-digitalocean/crds/crds.yaml b/deploy/kubernetes/helm/csi-digitalocean/crds/crds.yaml new file mode 100644 index 00000000..0dcf3a80 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/crds/crds.yaml @@ -0,0 +1,515 @@ +kind: CustomResourceDefinition +apiVersion: apiextensions.k8s.io/v1beta1 +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" + creationTimestamp: null + name: volumesnapshotclasses.snapshot.storage.k8s.io + labels: + helm.sh/chart: csi-digitalocean + app.kubernetes.io/managed-by: Helm +spec: + additionalPrinterColumns: + - JSONPath: .driver + name: Driver + type: string + - JSONPath: .deletionPolicy + description: Determines whether a VolumeSnapshotContent created through the VolumeSnapshotClass + should be deleted when its bound VolumeSnapshot is deleted. + name: DeletionPolicy + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotClass + listKind: VolumeSnapshotClassList + plural: volumesnapshotclasses + singular: volumesnapshotclass + preserveUnknownFields: false + scope: Cluster + subresources: {} + validation: + openAPIV3Schema: + description: VolumeSnapshotClass specifies parameters that a underlying storage + system uses when creating a volume snapshot. A specific VolumeSnapshotClass + is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses + are non-namespaced + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + deletionPolicy: + description: deletionPolicy determines whether a VolumeSnapshotContent created + through the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot + is deleted. Supported values are "Retain" and "Delete". "Retain" means + that the VolumeSnapshotContent and its physical snapshot on underlying + storage system are kept. "Delete" means that the VolumeSnapshotContent + and its physical snapshot on underlying storage system are deleted. Required. + enum: + - Delete + - Retain + type: string + driver: + description: driver is the name of the storage driver that handles this + VolumeSnapshotClass. Required. + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + parameters: + additionalProperties: + type: string + description: parameters is a key-value map with storage driver specific + parameters for creating snapshots. These values are opaque to Kubernetes. + type: object + required: + - deletionPolicy + - driver + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +kind: CustomResourceDefinition +apiVersion: apiextensions.k8s.io/v1beta1 +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" + creationTimestamp: null + name: volumesnapshotcontents.snapshot.storage.k8s.io + labels: + helm.sh/chart: csi-digitalocean + app.kubernetes.io/managed-by: Helm +spec: + additionalPrinterColumns: + - JSONPath: .status.readyToUse + description: Indicates if a snapshot is ready to be used to restore a volume. + name: ReadyToUse + type: boolean + - JSONPath: .status.restoreSize + description: Represents the complete size of the snapshot in bytes + name: RestoreSize + type: integer + - JSONPath: .spec.deletionPolicy + description: Determines whether this VolumeSnapshotContent and its physical snapshot + on the underlying storage system should be deleted when its bound VolumeSnapshot + is deleted. + name: DeletionPolicy + type: string + - JSONPath: .spec.driver + description: Name of the CSI driver used to create the physical snapshot on the + underlying storage system. + name: Driver + type: string + - JSONPath: .spec.volumeSnapshotClassName + description: Name of the VolumeSnapshotClass to which this snapshot belongs. + name: VolumeSnapshotClass + type: string + - JSONPath: .spec.volumeSnapshotRef.name + description: Name of the VolumeSnapshot object to which this VolumeSnapshotContent + object is bound. + name: VolumeSnapshot + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshotContent + listKind: VolumeSnapshotContentList + plural: volumesnapshotcontents + singular: volumesnapshotcontent + preserveUnknownFields: false + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + description: VolumeSnapshotContent represents the actual "on-disk" snapshot + object in the underlying storage system + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: spec defines properties of a VolumeSnapshotContent created + by the underlying storage system. Required. + properties: + deletionPolicy: + description: deletionPolicy determines whether this VolumeSnapshotContent + and its physical snapshot on the underlying storage system should + be deleted when its bound VolumeSnapshot is deleted. Supported values + are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent + and its physical snapshot on underlying storage system are kept. "Delete" + means that the VolumeSnapshotContent and its physical snapshot on + underlying storage system are deleted. In dynamic snapshot creation + case, this field will be filled in with the "DeletionPolicy" field + defined in the VolumeSnapshotClass the VolumeSnapshot refers to. For + pre-existing snapshots, users MUST specify this field when creating + the VolumeSnapshotContent object. Required. + enum: + - Delete + - Retain + type: string + driver: + description: driver is the name of the CSI driver used to create the + physical snapshot on the underlying storage system. This MUST be the + same as the name returned by the CSI GetPluginName() call for that + driver. Required. + type: string + source: + description: source specifies from where a snapshot will be created. + This field is immutable after creation. Required. + properties: + snapshotHandle: + description: snapshotHandle specifies the CSI "snapshot_id" of a + pre-existing snapshot on the underlying storage system. This field + is immutable. + type: string + volumeHandle: + description: volumeHandle specifies the CSI "volume_id" of the volume + from which a snapshot should be dynamically taken from. This field + is immutable. + type: string + type: object + volumeSnapshotClassName: + description: name of the VolumeSnapshotClass to which this snapshot + belongs. + type: string + volumeSnapshotRef: + description: volumeSnapshotRef specifies the VolumeSnapshot object to + which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName + field must reference to this VolumeSnapshotContent's name for the + bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent + object, name and namespace of the VolumeSnapshot object MUST be provided + for binding to happen. This field is immutable after creation. Required. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an + entire object, this string should contain a valid JSON/Go field + access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - deletionPolicy + - driver + - source + - volumeSnapshotRef + type: object + status: + description: status represents the current information of a snapshot. + properties: + creationTime: + description: creationTime is the timestamp when the point-in-time snapshot + is taken by the underlying storage system. In dynamic snapshot creation + case, this field will be filled in with the "creation_time" value + returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing + snapshot, this field will be filled with the "creation_time" value + returned from the CSI "ListSnapshots" gRPC call if the driver supports + it. If not specified, it indicates the creation time is unknown. The + format of this field is a Unix nanoseconds time encoded as an int64. + On Unix, the command `date +%s%N` returns the current time in nanoseconds + since 1970-01-01 00:00:00 UTC. + format: int64 + type: integer + error: + description: error is the latest observed error during snapshot creation, + if any. + properties: + message: + description: 'message is a string detailing the encountered error + during snapshot creation if specified. NOTE: message may be logged, + and it should not contain sensitive information.' + type: string + time: + description: time is the timestamp when the error was encountered. + format: date-time + type: string + type: object + readyToUse: + description: readyToUse indicates if a snapshot is ready to be used + to restore a volume. In dynamic snapshot creation case, this field + will be filled in with the "ready_to_use" value returned from CSI + "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this + field will be filled with the "ready_to_use" value returned from the + CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, + this field will be set to "True". If not specified, it means the readiness + of a snapshot is unknown. + type: boolean + restoreSize: + description: restoreSize represents the complete size of the snapshot + in bytes. In dynamic snapshot creation case, this field will be filled + in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" + gRPC call. For a pre-existing snapshot, this field will be filled + with the "size_bytes" value returned from the CSI "ListSnapshots" + gRPC call if the driver supports it. When restoring a volume from + this snapshot, the size of the volume MUST NOT be smaller than the + restoreSize if it is specified, otherwise the restoration will fail. + If not specified, it indicates that the size is unknown. + format: int64 + minimum: 0 + type: integer + snapshotHandle: + description: snapshotHandle is the CSI "snapshot_id" of a snapshot on + the underlying storage system. If not specified, it indicates that + dynamic snapshot creation has either failed or it is still in progress. + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- + +kind: CustomResourceDefinition +apiVersion: apiextensions.k8s.io/v1beta1 +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/260" + creationTimestamp: null + name: volumesnapshots.snapshot.storage.k8s.io + labels: + helm.sh/chart: csi-digitalocean + app.kubernetes.io/managed-by: Helm +spec: + additionalPrinterColumns: + - JSONPath: .status.readyToUse + description: Indicates if a snapshot is ready to be used to restore a volume. + name: ReadyToUse + type: boolean + - JSONPath: .spec.source.persistentVolumeClaimName + description: Name of the source PVC from where a dynamically taken snapshot will + be created. + name: SourcePVC + type: string + - JSONPath: .spec.source.volumeSnapshotContentName + description: Name of the VolumeSnapshotContent which represents a pre-provisioned + snapshot. + name: SourceSnapshotContent + type: string + - JSONPath: .status.restoreSize + description: Represents the complete size of the snapshot. + name: RestoreSize + type: string + - JSONPath: .spec.volumeSnapshotClassName + description: The name of the VolumeSnapshotClass requested by the VolumeSnapshot. + name: SnapshotClass + type: string + - JSONPath: .status.boundVolumeSnapshotContentName + description: The name of the VolumeSnapshotContent to which this VolumeSnapshot + is bound. + name: SnapshotContent + type: string + - JSONPath: .status.creationTime + description: Timestamp when the point-in-time snapshot is taken by the underlying + storage system. + name: CreationTime + type: date + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: snapshot.storage.k8s.io + names: + kind: VolumeSnapshot + listKind: VolumeSnapshotList + plural: volumesnapshots + singular: volumesnapshot + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: VolumeSnapshot is a user's request for either creating a point-in-time + snapshot of a persistent volume, or binding to a pre-existing snapshot. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + spec: + description: 'spec defines the desired characteristics of a snapshot requested + by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots + Required.' + properties: + source: + description: source specifies where a snapshot will be created from. + This field is immutable after creation. Required. + properties: + persistentVolumeClaimName: + description: persistentVolumeClaimName specifies the name of the + PersistentVolumeClaim object in the same namespace as the VolumeSnapshot + object where the snapshot should be dynamically taken from. This + field is immutable. + type: string + volumeSnapshotContentName: + description: volumeSnapshotContentName specifies the name of a pre-existing + VolumeSnapshotContent object. This field is immutable. + type: string + type: object + volumeSnapshotClassName: + description: 'volumeSnapshotClassName is the name of the VolumeSnapshotClass + requested by the VolumeSnapshot. If not specified, the default snapshot + class will be used if one exists. If not specified, and there is no + default snapshot class, dynamic snapshot creation will fail. Empty + string is not allowed for this field. TODO(xiangqian): a webhook validation + on empty string. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshot-classes' + type: string + required: + - source + type: object + status: + description: 'status represents the current information of a snapshot. NOTE: + status can be modified by sources other than system controllers, and must + not be depended upon for accuracy. Controllers should only use information + from the VolumeSnapshotContent object after verifying that the binding + is accurate and complete.' + properties: + boundVolumeSnapshotContentName: + description: 'boundVolumeSnapshotContentName represents the name of + the VolumeSnapshotContent object to which the VolumeSnapshot object + is bound. If not specified, it indicates that the VolumeSnapshot object + has not been successfully bound to a VolumeSnapshotContent object + yet. NOTE: Specified boundVolumeSnapshotContentName alone does not + mean binding is valid. Controllers MUST always verify bidirectional + binding between VolumeSnapshot and VolumeSnapshotContent to + avoid possible security issues.' + type: string + creationTime: + description: creationTime is the timestamp when the point-in-time snapshot + is taken by the underlying storage system. In dynamic snapshot creation + case, this field will be filled in with the "creation_time" value + returned from CSI "CreateSnapshotRequest" gRPC call. For a pre-existing + snapshot, this field will be filled with the "creation_time" value + returned from the CSI "ListSnapshots" gRPC call if the driver supports + it. If not specified, it indicates that the creation time of the snapshot + is unknown. + format: date-time + type: string + error: + description: error is the last observed error during snapshot creation, + if any. This field could be helpful to upper level controllers(i.e., + application controller) to decide whether they should continue on + waiting for the snapshot to be created based on the type of error + reported. + properties: + message: + description: 'message is a string detailing the encountered error + during snapshot creation if specified. NOTE: message may be logged, + and it should not contain sensitive information.' + type: string + time: + description: time is the timestamp when the error was encountered. + format: date-time + type: string + type: object + readyToUse: + description: readyToUse indicates if a snapshot is ready to be used + to restore a volume. In dynamic snapshot creation case, this field + will be filled in with the "ready_to_use" value returned from CSI + "CreateSnapshotRequest" gRPC call. For a pre-existing snapshot, this + field will be filled with the "ready_to_use" value returned from the + CSI "ListSnapshots" gRPC call if the driver supports it, otherwise, + this field will be set to "True". If not specified, it means the readiness + of a snapshot is unknown. + type: boolean + restoreSize: + anyOf: + - type: integer + - type: string + description: restoreSize represents the complete size of the snapshot + in bytes. In dynamic snapshot creation case, this field will be filled + in with the "size_bytes" value returned from CSI "CreateSnapshotRequest" + gRPC call. For a pre-existing snapshot, this field will be filled + with the "size_bytes" value returned from the CSI "ListSnapshots" + gRPC call if the driver supports it. When restoring a volume from + this snapshot, the size of the volume MUST NOT be smaller than the + restoreSize if it is specified, otherwise the restoration will fail. + If not specified, it indicates that the size is unknown. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/_helpers.tpl b/deploy/kubernetes/helm/csi-digitalocean/templates/_helpers.tpl new file mode 100644 index 00000000..1adbc497 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "csi-digitalocean.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 45 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 45 chars because some Kubernetes name fields are limited to this +(by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "csi-digitalocean.fullname" -}} +{{- if .Values.fullnameOverride -}} + {{- .Values.fullnameOverride | trunc 45 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 45 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 45 | trimSuffix "-" -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "csi-digitalocean.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 45 | trimSuffix "-" -}} +{{- end -}} diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/attacher.clusterrole.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/attacher.clusterrole.yaml new file mode 100755 index 00000000..1610898b --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/attacher.clusterrole.yaml @@ -0,0 +1,27 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ printf "%s-attacher-role" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: attacher +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/attacher.clusterrolebinding.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/attacher.clusterrolebinding.yaml new file mode 100755 index 00000000..88e66f10 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/attacher.clusterrolebinding.yaml @@ -0,0 +1,19 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ printf "%s-attacher-binding" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: attacher +subjects: + - kind: ServiceAccount + name: {{ printf "%s-controller-sa" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: ClusterRole + name: {{ printf "%s-attacher-role" (include "csi-digitalocean.fullname" .) | quote }} + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/block-storage.storageclass.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/block-storage.storageclass.yaml new file mode 100755 index 00000000..59bc43df --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/block-storage.storageclass.yaml @@ -0,0 +1,16 @@ +kind: StorageClass +apiVersion: storage.k8s.io/v1 +metadata: + name: {{ .Values.storageClass.name | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/compnent: driver + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.storageClass.default | quote }} +provisioner: {{ .Values.driver.name | quote }} +reclaimPolicy: {{ .Values.storageClass.reclaimPolicy | quote }} +allowVolumeExpansion: true diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/block-storage.volumesnapshotclass.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/block-storage.volumesnapshotclass.yaml new file mode 100755 index 00000000..b373d1bd --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/block-storage.volumesnapshotclass.yaml @@ -0,0 +1,15 @@ +kind: VolumeSnapshotClass +apiVersion: snapshot.storage.k8s.io/v1beta1 +metadata: + name: {{ .Values.storageClass.name | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: driver + annotations: + snapshot.storage.kubernetes.io/is-default-class: "true" +driver: {{ .Values.driver.name | quote }} +deletionPolicy: {{ .Values.storageClass.snapshot.deletionPolicy | quote }} diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/controller.serviceaccount.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/controller.serviceaccount.yaml new file mode 100755 index 00000000..a509d201 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/controller.serviceaccount.yaml @@ -0,0 +1,11 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: {{ printf "%s-controller-sa" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: controller diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/controller.statefulset.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/controller.statefulset.yaml new file mode 100755 index 00000000..891d7ef1 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/controller.statefulset.yaml @@ -0,0 +1,129 @@ +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: {{ printf "%s-controller" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/component: controller +spec: + serviceName: {{ printf "%s-controller" (include "csi-digitalocean.fullname" .) | quote }} + replicas: {{ .Values.controller.replicas | int }} + selector: + matchLabels: + app.kubernetes.io/name: {{ printf "%s-controller" (include "csi-digitalocean.fullname" .) | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: controller + template: + metadata: + labels: + app.kubernetes.io/name: {{ printf "%s-controller" (include "csi-digitalocean.fullname" .) | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/component: controller + annotations: + checksum/secret: {{ pick (include (print $.Template.BasePath "/secret.yaml") . | fromYaml) "data" | toYaml | sha256sum | quote }} + spec: + priorityClassName: system-cluster-critical + serviceAccountName: {{ printf "%s-controller-sa" (include "csi-digitalocean.fullname" .) | quote }} + {{- with .Values.controller.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.controller.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: csi-provisioner + image: {{ printf "%s:%s" .Values.controller.provisioner.image.repository .Values.controller.provisioner.image.tag | quote }} + imagePullPolicy: {{ .Values.controller.provisioner.image.pullPolicy | quote }} + args: + - "--csi-address=$(ADDRESS)" + - "--default-fstype=ext4" + - "--v=5" + {{- with .Values.controller.provisioner.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: {{ printf "%s:%s" .Values.controller.attacher.image.repository .Values.controller.attacher.image.tag | quote }} + imagePullPolicy: {{ .Values.controller.attacher.image.pullPolicy | quote }} + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + {{- with .Values.controller.attacher.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: {{ printf "%s:%s" .Values.controller.snapshotter.image.repository .Values.controller.snapshotter.image.tag | quote }} + imagePullPolicy: {{ .Values.controller.snapshotter.image.pullPolicy | quote }} + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + {{- with .Values.controller.snapshotter.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: {{ printf "%s:%s" .Values.controller.resizer.image.repository .Values.controller.resizer.image.tag | quote }} + imagePullPolicy: {{ .Values.controller.resizer.image.pullPolicy | quote }} + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=30s" + - "--v=5" + # DigitalOcean volumes support online resize. + - "--handle-volume-inuse-error=false" + {{- with .Values.controller.resizer.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-do-plugin + image: {{ printf "%s:%s" .Values.plugin.image.repository .Values.plugin.image.tag | quote }} + imagePullPolicy: {{ .Values.plugin.image.pullPolicy | quote }} + args: + - "--endpoint=$(CSI_ENDPOINT)" + - "--token=$(DIGITALOCEAN_ACCESS_TOKEN)" + - "--url=$(DIGITALOCEAN_API_URL)" + {{- with .Values.plugin.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: DIGITALOCEAN_API_URL + value: https://api.digitalocean.com/ + - name: DIGITALOCEAN_ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: {{ include "csi-digitalocean.fullname" . | quote }} + key: access-token + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/dobs.csidriver.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/dobs.csidriver.yaml new file mode 100755 index 00000000..dcbb3047 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/dobs.csidriver.yaml @@ -0,0 +1,14 @@ +kind: CSIDriver +apiVersion: storage.k8s.io/v1beta1 +metadata: + name: {{ .Values.driver.name | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: driver +spec: + attachRequired: true + podInfoOnMount: true diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/node-driver-registrar.clusterrole.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/node-driver-registrar.clusterrole.yaml new file mode 100755 index 00000000..9dfffa85 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/node-driver-registrar.clusterrole.yaml @@ -0,0 +1,15 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ printf "%s-node-driver-registrar-role" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: node-driver +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/node-driver-registrar.clusterrolebinding.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/node-driver-registrar.clusterrolebinding.yaml new file mode 100755 index 00000000..5b9e5794 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/node-driver-registrar.clusterrolebinding.yaml @@ -0,0 +1,19 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ printf "%s-node-driver-registrar-binding" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: node-driver +subjects: + - kind: ServiceAccount + name: {{ printf "%s-node-sa" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: ClusterRole + name: {{ printf "%s-node-driver-registrar-role" (include "csi-digitalocean.fullname" .) | quote }} + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/node-driver.daemonset.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/node-driver.daemonset.yaml new file mode 100755 index 00000000..f85274ae --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/node-driver.daemonset.yaml @@ -0,0 +1,128 @@ +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: {{ printf "%s-node" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/component: node-driver +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ printf "%s-node" (include "csi-digitalocean.fullname" .) | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: node-driver + template: + metadata: + labels: + app.kubernetes.io/name: {{ printf "%s-node" (include "csi-digitalocean.fullname" .) | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/component: node-driver + spec: + priorityClassName: system-node-critical + serviceAccountName: {{ printf "%s-node-sa" (include "csi-digitalocean.fullname" .) | quote }} + hostNetwork: true + {{- with .Values.node.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.node.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + initContainers: + # Delete automount udev rule running on all DO droplets. The rule mounts + # devices briefly and may conflict with CSI-managed droplets (leading to + # "resource busy" errors). We can safely delete it in DOKS. + - name: automount-udev-deleter + image: alpine:3 + args: + - "rm" + - "-f" + - "/etc/udev/rules.d/99-digitalocean-automount.rules" + volumeMounts: + - name: udev-rules-dir + mountPath: /etc/udev/rules.d/ + containers: + - name: csi-node-driver-registrar + image: {{ printf "%s:%s" .Values.node.registrar.image.repository .Values.node.registrar.image.tag | quote }} + imagePullPolicy: {{ .Values.node.registrar.pullPolicy | quote }} + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + {{- with .Values.node.registrar.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + lifecycle: + preStop: + exec: + command: + - "/bin/sh" + - "-c" + - "rm -rf /registration/{{ .Values.driver.name }} /registration/{{ .Values.driver.name }}-reg.sock" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/{{ .Values.driver.name }}/csi.sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: registration-dir + mountPath: /registration/ + - name: csi-do-plugin + image: {{ printf "%s:%s" .Values.plugin.image.repository .Values.plugin.image.tag | quote }} + imagePullPolicy: {{ .Values.plugin.image.pullPolicy | quote }} + args: + - "--endpoint=$(CSI_ENDPOINT)" + - "--url=$(DIGITALOCEAN_API_URL)" + {{- with .Values.plugin.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: DIGITALOCEAN_API_URL + value: https://api.digitalocean.com/ + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi/ + - name: pods-mount-dir + mountPath: /var/lib/kubelet/ + # Needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: Bidirectional + - name: device-dir + mountPath: /dev/ + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/{{ .Values.driver.name }}/ + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet/ + type: Directory + - name: device-dir + hostPath: + path: /dev/ + - name: udev-rules-dir + hostPath: + path: /etc/udev/rules.d/ diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/node-driver.serviceaccount.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/node-driver.serviceaccount.yaml new file mode 100755 index 00000000..402c0c0d --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/node-driver.serviceaccount.yaml @@ -0,0 +1,11 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: {{ printf "%s-node-sa" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: node-driver diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/provisioner.clusterrole.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/provisioner.clusterrole.yaml new file mode 100755 index 00000000..d2341d77 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/provisioner.clusterrole.yaml @@ -0,0 +1,39 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ printf "%s-provisioner-role" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: provisioner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch"] diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/provisioner.clusterrolebinding.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/provisioner.clusterrolebinding.yaml new file mode 100755 index 00000000..1512f29d --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/provisioner.clusterrolebinding.yaml @@ -0,0 +1,19 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ printf "%s-provisioner-binding" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: provisioner +subjects: + - kind: ServiceAccount + name: {{ printf "%s-controller-sa" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: ClusterRole + name: {{ printf "%s-provisioner-role" (include "csi-digitalocean.fullname" .) | quote }} + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/resizer.clusterrole.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/resizer.clusterrole.yaml new file mode 100755 index 00000000..c0cff336 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/resizer.clusterrole.yaml @@ -0,0 +1,24 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ printf "%s-resizer-role" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: resizer +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/resizer.clusterrolebinding.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/resizer.clusterrolebinding.yaml new file mode 100755 index 00000000..0e278c5c --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/resizer.clusterrolebinding.yaml @@ -0,0 +1,19 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ printf "%s-resizer-binding" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: resizer +subjects: + - kind: ServiceAccount + name: {{ printf "%s-controller-sa" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: ClusterRole + name: {{ printf "%s-resizer-role" (include "csi-digitalocean.fullname" .) | quote }} + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/snapshotter.clusterrole.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/snapshotter.clusterrole.yaml new file mode 100755 index 00000000..f06f3b83 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/snapshotter.clusterrole.yaml @@ -0,0 +1,24 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ printf "%s-snapshotter-role" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: snapshotter +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/driver/snapshotter.clusterrolebinding.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/snapshotter.clusterrolebinding.yaml new file mode 100755 index 00000000..14a534da --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/driver/snapshotter.clusterrolebinding.yaml @@ -0,0 +1,19 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ printf "%s-snapshotter-binding" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: snapshotter +subjects: + - kind: ServiceAccount + name: {{ printf "%s-controller-sa" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: ClusterRole + name: {{ printf "%s-snapshotter-role" (include "csi-digitalocean.fullname" .) | quote }} + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/secret.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/secret.yaml new file mode 100644 index 00000000..06d8fa1f --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/secret.yaml @@ -0,0 +1,13 @@ +kind: Secret +apiVersion: v1 +metadata: + name: {{ include "csi-digitalocean.fullname" . | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +type: Opaque +data: + access-token: {{ required "`accessToken` must be specified" .Values.accessToken | b64enc | quote }} diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/snapshot-controller/clusterrole.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/snapshot-controller/clusterrole.yaml new file mode 100755 index 00000000..727540dd --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/snapshot-controller/clusterrole.yaml @@ -0,0 +1,36 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ printf "%s-snapshot-controller-role" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: snapshot-controller +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/snapshot-controller/clusterrolebinding.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/snapshot-controller/clusterrolebinding.yaml new file mode 100755 index 00000000..7cb7209d --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/snapshot-controller/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ printf "%s-snapshot-controller-binding" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: snapshot-controller +subjects: + - kind: ServiceAccount + name: {{ printf "%s-snapshot-controller" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: ClusterRole + name: {{ printf "%s-snapshot-controller-role" (include "csi-digitalocean.fullname" .) | quote }} + apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/snapshot-controller/serviceaccount.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/snapshot-controller/serviceaccount.yaml new file mode 100755 index 00000000..0380bb76 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/snapshot-controller/serviceaccount.yaml @@ -0,0 +1,11 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: {{ printf "%s-snapshot-controller" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: snapshot-controller diff --git a/deploy/kubernetes/helm/csi-digitalocean/templates/snapshot-controller/statefulset.yaml b/deploy/kubernetes/helm/csi-digitalocean/templates/snapshot-controller/statefulset.yaml new file mode 100755 index 00000000..74060890 --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/templates/snapshot-controller/statefulset.yaml @@ -0,0 +1,44 @@ +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: {{ printf "%s-snapshot-controller" (include "csi-digitalocean.fullname" .) | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ include "csi-digitalocean.chart" . | quote }} + app.kubernetes.io/name: {{ include "csi-digitalocean.name" . | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/component: snapshot-controller +spec: + serviceName: {{ printf "%s-snapshot-controller" (include "csi-digitalocean.fullname" .) | quote }} + replicas: {{ .Values.snapshotController.replicas | int }} + selector: + matchLabels: + app.kubernetes.io/name: {{ printf "%s-snapshot-controller" (include "csi-digitalocean.fullname" .) | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/component: snapshot-controller + template: + metadata: + labels: + app.kubernetes.io/name: {{ printf "%s-snapshot-controller" (include "csi-digitalocean.fullname" .) | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + app.kubernetes.io/component: snapshot-controller + spec: + serviceAccountName: {{ printf "%s-snapshot-controller" (include "csi-digitalocean.fullname" .) | quote }} + {{- with .Values.snapshotController.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.snapshotController.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: snapshot-controller + image: {{ printf "%s:%s" .Values.snapshotController.image.repository .Values.snapshotController.image.tag | quote }} + imagePullPolicy: {{ .Values.snapshotController.image.pullPolicy | quote }} + args: + - "--v=5" + {{- with .Values.snapshotController.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} diff --git a/deploy/kubernetes/helm/csi-digitalocean/values.yaml b/deploy/kubernetes/helm/csi-digitalocean/values.yaml new file mode 100644 index 00000000..33959dae --- /dev/null +++ b/deploy/kubernetes/helm/csi-digitalocean/values.yaml @@ -0,0 +1,95 @@ +# Access token to DigitalOcean API. +accessToken: "" + +driver: + name: dobs.csi.digitalocean.com + +storageClass: + name: do-block-storage + default: yes + # `Delete` removes PersistentVolume when PersistentVolumeClaim is deleted. + # `Retain` preserves PersistentVolume when PersistentVolumeClaim is deleted. + reclaimPolicy: Retain + snapshot: + deletionPolicy: Delete + +plugin: + # https://hub.docker.com/r/digitalocean/do-csi-plugin/tags + image: + repository: digitalocean/do-csi-plugin + tag: v2.1.1 + pullPolicy: IfNotPresent + + extraArgs: [] + +node: + registrar: + # https://quay.io/repository/k8scsi/csi-node-driver-registrar?tab=tags + image: + repository: quay.io/k8scsi/csi-node-driver-registrar + tag: v2.0.1 + pullPolicy: IfNotPresent + + extraArgs: [] + + affinity: {} + + tolerations: [] + +controller: + replicas: 1 + + attacher: + # https://quay.io/repository/k8scsi/csi-attacher?tab=tags + image: + repository: quay.io/k8scsi/csi-attacher + tag: v3.0.0 + pullPolicy: IfNotPresent + + extraArgs: [] + + provisioner: + # https://quay.io/repository/k8scsi/csi-provisioner?tab=tags + image: + repository: quay.io/k8scsi/csi-provisioner + tag: v2.0.2 + pullPolicy: IfNotPresent + + extraArgs: [] + + resizer: + # https://quay.io/repository/k8scsi/csi-resizer?tab=tags + image: + repository: quay.io/k8scsi/csi-resizer + tag: v1.0.0 + pullPolicy: IfNotPresent + + extraArgs: [] + + snapshotter: + # https://quay.io/repository/k8scsi/csi-snapshotter?tab=tags + image: + repository: quay.io/k8scsi/csi-snapshotter + tag: v3.0.0 + pullPolicy: IfNotPresent + + extraArgs: [] + + affinity: {} + + tolerations: [] + +snapshotController: + replicas: 1 + + # https://quay.io/repository/k8scsi/snapshot-controller?tab=tags + image: + repository: quay.io/k8scsi/snapshot-controller + tag: v3.0.0 + pullPolicy: IfNotPresent + + extraArgs: [] + + affinity: {} + + tolerations: []