diff --git a/helm/esdk/.helmignore b/helm/esdk/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/helm/esdk/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/esdk/Chart.yaml b/helm/esdk/Chart.yaml new file mode 100644 index 00000000..b4400abf --- /dev/null +++ b/helm/esdk/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +name: esdk +description: Huawei Container Storage Interface (CSI) Driver + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# compatible Kubernetes versions, helm installation fails fail if the cluster runs an unsupported Kubernetes version +kubeVersion: ">= 1.13.0 < 1.19.3" +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "2.2.13" + +home: https://github.com/Huawei/eSDK_K8S_Plugin +sources: + - https://github.com/Huawei/eSDK_K8S_Plugin diff --git a/helm/esdk/templates/huawei-csi-configmap.yaml b/helm/esdk/templates/huawei-csi-configmap.yaml new file mode 100644 index 00000000..e274bda2 --- /dev/null +++ b/helm/esdk/templates/huawei-csi-configmap.yaml @@ -0,0 +1,10 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: huawei-csi-configmap + namespace: kube-system +data: + csi.json: | + {{ $length := len .Values.backends }} {{ if gt $length 0 }} { {{ end }} + "backends": {{ .Values.backends | toPrettyJson | nindent 8 }} + {{ $length := len .Values.backends }} {{ if gt $length 0 }} } {{ end }} diff --git a/helm/esdk/templates/huawei-csi-controller.yaml b/helm/esdk/templates/huawei-csi-controller.yaml new file mode 100644 index 00000000..6d51e0ed --- /dev/null +++ b/helm/esdk/templates/huawei-csi-controller.yaml @@ -0,0 +1,165 @@ +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: huawei-csi-controller + namespace: kube-system +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: huawei-csi-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list", "watch", "create", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: huawei-csi-provisioner-role +subjects: + - kind: ServiceAccount + name: huawei-csi-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: huawei-csi-provisioner-runner + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: huawei-csi-attacher-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: huawei-csi-attacher-role +subjects: + - kind: ServiceAccount + name: huawei-csi-controller + namespace: kube-system +roleRef: + kind: ClusterRole + name: huawei-csi-attacher-runner + apiGroup: rbac.authorization.k8s.io + +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: huawei-csi-controller + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + app: huawei-csi-controller + template: + metadata: + labels: + app: huawei-csi-controller + spec: + serviceAccount: huawei-csi-controller + hostNetwork: true + containers: + - name: csi-provisioner + image: {{ .Values.images.sidecar.provisioner }} + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=6h" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + + - name: csi-attacher + image: {{ .Values.images.sidecar.attacher }} + args: + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: huawei-csi-driver + image: {{ required "Must provide the CSI controller service container image." .Values.images.huaweiCsiControllerService }} + args: + - "--endpoint=$(CSI_ENDPOINT)" + - "--controller" + - "--containerized" + - "--backend-update-interval=120" + - "--driver-name=csi.huawei.com" + env: + - name: CSI_ENDPOINT + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: {{ .Values.imagePullPolicy }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: log + mountPath: /var/log + - name: config-map + mountPath: /etc/huawei + - name: secret + mountPath: /etc/huawei/secret + volumes: + - name: socket-dir + emptyDir: + - name: log + hostPath: + path: /var/log/ + type: Directory + - name: config-map + configMap: + name: huawei-csi-configmap + - name: secret + secret: + secretName: huawei-csi-secret + diff --git a/helm/esdk/templates/huawei-csi-node.yaml b/helm/esdk/templates/huawei-csi-node.yaml new file mode 100644 index 00000000..c6955bee --- /dev/null +++ b/helm/esdk/templates/huawei-csi-node.yaml @@ -0,0 +1,132 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: huawei-csi-node + namespace: kube-system + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: huawei-csi-driver-registrar-runner + namespace: kube-system +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: huawei-csi-driver-registrar-role +subjects: + - kind: ServiceAccount + name: huawei-csi-node + namespace: kube-system +roleRef: + kind: ClusterRole + name: huawei-csi-driver-registrar-runner + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: huawei-csi-node + namespace: kube-system +spec: + selector: + matchLabels: + app: huawei-csi-node + template: + metadata: + labels: + app: huawei-csi-node + spec: + serviceAccountName: huawei-csi-node + hostPID: true + hostNetwork: true + containers: + - name: csi-node-driver-registrar + image: {{ .Values.images.sidecar.registrar }} + args: + - "--csi-address=/csi/csi.sock" + - "--kubelet-registration-path=/var/lib/kubelet/plugins/csi.huawei.com/csi.sock" + imagePullPolicy: {{ .Values.imagePullPolicy }} + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: huawei-csi-driver + image: {{ required "Must provide the CSI node service node image." .Values.images.huaweiCsiNodeService }} + args: + - "--endpoint=/csi/csi.sock" + - "--containerized" + - "--driver-name=csi.huawei.com" + - "--volume-use-multipath={{ .Values.multipath.enable }}" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + imagePullPolicy: {{ .Values.imagePullPolicy }} + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "rm -f /csi/csi.sock"] + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-dir + mountPath: /var/lib/kubelet + mountPropagation: "Bidirectional" + - name: etc-dir + mountPath: /etc + - name: log-dir + mountPath: /var/log + - name: dev-dir + mountPath: /dev + mountPropagation: "HostToContainer" + - name: iscsi-dir + mountPath: /var/lib/iscsi + - name: config-map + mountPath: /etc/huawei + - name: secret + mountPath: /etc/huawei/secret + volumes: + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.huawei.com + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + - name: pods-dir + hostPath: + path: /var/lib/kubelet + type: Directory + - name: etc-dir + hostPath: + path: /etc + type: Directory + - name: dev-dir + hostPath: + path: /dev + type: Directory + - name: iscsi-dir + hostPath: + path: /var/lib/iscsi + - name: log-dir + hostPath: + path: /var/log/ + type: Directory + - name: config-map + configMap: + name: huawei-csi-configmap + - name: secret + secret: + secretName: huawei-csi-secret + diff --git a/helm/esdk/values.yaml b/helm/esdk/values.yaml new file mode 100644 index 00000000..d52ef124 --- /dev/null +++ b/helm/esdk/values.yaml @@ -0,0 +1,27 @@ +# An array of storages with the access info +backends: + - storage: "fusionstorage-san" + name: "test-esdk-deployment" + urls: + - "https://1.2.3.4:28443" + pools: + - "StoragePool001" + parameters: + protocol: "iscsi" + portals: + - "1.2.3.4" +images: + # The image name and tag for the attacher, provisioner and registrar sidecars. These must match the appropriate Kubernetes version. + sidecar: + attacher: quay.io/k8scsi/csi-attacher:v1.2.1 + provisioner: quay.io/k8scsi/csi-provisioner:v1.6.0 + registrar: quay.io/k8scsi/csi-node-driver-registrar:v2.0.1 + # The image name and tag for the Huawei CSI controller service container + huaweiCsiControllerService: huawei-csi:test + # The image name and tag for the Huawei CSI node service container + huaweiCsiNodeService: huawei-csi:test +# Default image pull policy for container images +imagePullPolicy: "IfNotPresent" +multipath: + enable: false +