diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml new file mode 100644 index 000000000..b0bddd113 --- /dev/null +++ b/deploy/helm/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +name: openebs-ndm +description: Kubernetes Storage Device Management. Also used to maintain the inventory of block devices. +version: 0.9.1 +appVersion: 0.9.1 +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png +home: http://www.openebs.io/ +keywords: + - cloud-native-storage + - block-storage + - ndm + - disk-inventory + - storage +sources: + - https://github.com/openebs/node-disk-manager +maintainers: + - name: akhilerm + email: akhil.mohan@mayadata.io + - name: xUnholy + email: michaelfornaro@gmail.com + - name: prateekpandey14 + email: prateek.pandey@mayadata.io diff --git a/deploy/helm/crds/blockdevice.yaml b/deploy/helm/crds/blockdevice.yaml new file mode 100644 index 000000000..f0b854a84 --- /dev/null +++ b/deploy/helm/crds/blockdevice.yaml @@ -0,0 +1,39 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: blockdevices.openebs.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.nodeAttributes.nodeName + name: NodeName + type: string + - JSONPath: .spec.path + name: Path + priority: 1 + type: string + - JSONPath: .spec.filesystem.fsType + name: FSType + priority: 1 + type: string + - JSONPath: .spec.capacity.storage + name: Size + type: string + - JSONPath: .status.claimState + name: ClaimState + type: string + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: openebs.io + version: v1alpha1 + scope: Namespaced + names: + kind: BlockDevice + listKind: BlockDeviceList + plural: blockdevices + singular: blockdevice + shortNames: + - bd diff --git a/deploy/helm/crds/blockdeviceclaim.yaml b/deploy/helm/crds/blockdeviceclaim.yaml new file mode 100644 index 000000000..a2d796f85 --- /dev/null +++ b/deploy/helm/crds/blockdeviceclaim.yaml @@ -0,0 +1,25 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: blockdeviceclaims.openebs.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.blockDeviceName + name: BlockDeviceName + type: string + - JSONPath: .status.phase + name: Phase + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: openebs.io + version: v1alpha1 + scope: Namespaced + names: + kind: BlockDeviceClaim + listKind: BlockDeviceClaimList + plural: blockdeviceclaims + shortNames: + - bdc + singular: blockdeviceclaim diff --git a/deploy/helm/templates/_helpers.tpl b/deploy/helm/templates/_helpers.tpl new file mode 100644 index 000000000..e6d5b99dc --- /dev/null +++ b/deploy/helm/templates/_helpers.tpl @@ -0,0 +1,132 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +This name is used for ndm daemonset +*/}} +{{- define "openebs-ndm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "openebs-ndm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified ndm daemonset app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "openebs-ndm.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains .Release.Name $name }} +{{- $name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "openebs-ndm.operator.name" -}} +{{- $ndmName := default .Chart.Name .Values.ndmOperator.nameOverride | trunc 63 | trimSuffix "-" }} +{{- $componentName := .Values.ndmOperator.name | trunc 63 | trimSuffix "-" }} +{{- printf "%s-%s" $ndmName $componentName | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified ndm operator app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "openebs-ndm.operator.fullname" -}} +{{- if .Values.ndmOperator.fullnameOverride }} +{{- .Values.ndmOperator.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $ndmOperatorName := include "openebs-ndm.operator.name" .}} + +{{- $name := default $ndmOperatorName .Values.ndmOperator.nameOverride }} +{{- if contains .Release.Name $name }} +{{- $name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "openebs-ndm.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "openebs-ndm.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Define meta labels for ndm components +*/}} +{{- define "openebs-ndm.common.metaLabels" -}} +chart: {{ template "openebs-ndm.chart" . }} +heritage: {{ .Release.Service }} +openebs.io/version: {{ .Values.release.version | quote }} +{{- end -}} + + +{{/* +Create match labels for ndm daemonset component +*/}} +{{- define "openebs-ndm.matchLabels" -}} +app: {{ template "openebs-ndm.name" . }} +release: {{ .Release.Name }} +component: {{ .Values.ndm.componentName | quote }} +{{- end -}} + +{{/* +Create component labels for ndm daemonset component +*/}} +{{- define "openebs-ndm.componentLabels" -}} +openebs.io/component-name: {{ .Values.ndm.componentName | quote }} +{{- end -}} + + +{{/* +Create labels for ndm daemonset component +*/}} +{{- define "openebs-ndm.labels" -}} +{{ include "openebs-ndm.common.metaLabels" . }} +{{ include "openebs-ndm.matchLabels" . }} +{{ include "openebs-ndm.componentLabels" . }} +{{- end -}} + +{{/* +Create match labels for ndm operator deployment +*/}} +{{- define "openebs-ndm.operator.matchLabels" -}} +app: {{ template "openebs-ndm.operator.name" . }} +release: {{ .Release.Name }} +component: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }} +{{- end -}} + +{{/* +Create component labels for ndm operator component +*/}} +{{- define "openebs-ndm.operator.componentLabels" -}} +openebs.io/component-name: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }} +{{- end -}} + + +{{/* +Create labels for ndm operator component +*/}} +{{- define "openebs-ndm.operator.labels" -}} +{{ include "openebs-ndm.common.metaLabels" . }} +{{ include "openebs-ndm.operator.matchLabels" . }} +{{ include "openebs-ndm.operator.componentLabels" . }} +{{- end -}} diff --git a/deploy/helm/templates/configmap.yaml b/deploy/helm/templates/configmap.yaml new file mode 100644 index 000000000..451cf1b01 --- /dev/null +++ b/deploy/helm/templates/configmap.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "openebs-ndm.fullname" . }}-config +data: + # node-disk-manager-config contains config of available probes and filters. + # Probes and Filters will initialize with default values if config for that + # filter or probe are not present in configmap + + # udev-probe is default or primary probe it should be enabled to run ndm + # filterconfigs contains configs of filters. To provide a group of include + # and exclude values add it as , separated string + node-disk-manager.config: | + probeconfigs: + - key: udev-probe + name: udev probe + state: {{ .Values.ndm.probes.enableUdevProbe }} + - key: seachest-probe + name: seachest probe + state: {{ .Values.ndm.probes.enableSeachest }} + - key: smart-probe + name: smart probe + state: {{ .Values.ndm.probes.enableSmartProbe }} + filterconfigs: + - key: os-disk-exclude-filter + name: os disk exclude filter + state: {{ .Values.ndm.filters.enableOsDiskExcludeFilter }} + exclude: "/,/etc/hosts,/boot" + - key: vendor-filter + name: vendor filter + state: {{ .Values.ndm.filters.enableVendorFilter }} + include: "" + exclude: "{{ .Values.ndm.filters.excludeVendors }}" + - key: path-filter + name: path filter + state: {{ .Values.ndm.filters.enablePathFilter }} + include: "{{ .Values.ndm.filters.includePaths }}" + exclude: "{{ .Values.ndm.filters.excludePaths }}" diff --git a/deploy/helm/templates/daemonset.yaml b/deploy/helm/templates/daemonset.yaml new file mode 100644 index 000000000..0af23fff3 --- /dev/null +++ b/deploy/helm/templates/daemonset.yaml @@ -0,0 +1,170 @@ +{{- if .Values.ndm.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "openebs-ndm.fullname" . }} + {{- with .Values.ndm.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "openebs-ndm.labels" . | nindent 4 }} +spec: + updateStrategy: +{{ toYaml .Values.ndm.updateStrategy | indent 4 }} + selector: + matchLabels: + {{- include "openebs-ndm.matchLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.ndm.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "openebs-ndm.labels" . | nindent 8 }} + {{- if .Values.ndm.podLabels}} + {{ toYaml .Values.ndm.podLabels | nindent 8 }} + {{- end}} + spec: + serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }} +{{- if .Values.featureGates.enabled }} +{{- if .Values.featureGates.APIService.enabled }} + hostPID: true +{{- end}} +{{- end}} + containers: + - name: {{ template "openebs-ndm.name" . }} + image: "{{ .Values.ndm.image.registry }}{{ .Values.ndm.image.repository }}:{{ .Values.ndm.image.tag }}" + args: + - -v=4 +{{- if .Values.featureGates.enabled }} +{{- if .Values.featureGates.GPTBasedUUID.enabled }} + - --feature-gates={{ .Values.featureGates.GPTBasedUUID.featureGateFlag }} +{{- end}} +{{- if .Values.featureGates.APIService.enabled }} + - --feature-gates={{ .Values.featureGates.APIService.featureGateFlag }} + - --api-service-address={{ .Values.featureGates.APIService.address }} +{{- end}} +{{- end}} + imagePullPolicy: {{ .Values.ndm.image.pullPolicy }} + resources: +{{ toYaml .Values.ndm.resources | indent 12 }} + securityContext: + privileged: true + env: + # namespace in which NDM is installed will be passed to NDM Daemonset + # as environment variable + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # pass hostname as env variable using downward API to the NDM container + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName +{{- if .Values.ndm.sparse }} +{{- if .Values.ndm.sparse.path }} + # specify the directory where the sparse files need to be created. + # if not specified, then sparse files will not be created. + - name: SPARSE_FILE_DIR + value: "{{ .Values.ndm.sparse.path }}" +{{- end }} +{{- if .Values.ndm.sparse.size }} + # Size(bytes) of the sparse file to be created. + - name: SPARSE_FILE_SIZE + value: "{{ .Values.ndm.sparse.size }}" +{{- end }} +{{- if .Values.ndm.sparse.count }} + # Specify the number of sparse files to be created + - name: SPARSE_FILE_COUNT + value: "{{ .Values.ndm.sparse.count }}" +{{- end }} +{{- end }} + # Process name used for matching is limited to the 15 characters + # present in the pgrep output. + # So fullname can be used here with pgrep (cmd is < 15 chars). + livenessProbe: + exec: + command: + - pgrep + - "ndm" + initialDelaySeconds: {{ .Values.ndm.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.ndm.healthCheck.periodSeconds }} + volumeMounts: + - name: config + mountPath: /host/node-disk-manager.config + subPath: node-disk-manager.config + readOnly: true + - name: udev + mountPath: /run/udev + - name: procmount + mountPath: /host/proc + readOnly: true + - name: devmount + mountPath: /dev + - name: basepath + mountPath: /var/openebs/ndm +{{- if .Values.ndm.sparse }} +{{- if .Values.ndm.sparse.path }} + - name: sparsepath + mountPath: {{ .Values.ndm.sparse.path }} +{{- end }} +{{- end }} + volumes: + - name: config + configMap: + name: {{ include "openebs-ndm.fullname" . }}-config + - name: udev + hostPath: + path: /run/udev + type: Directory + # mount /proc (to access mount file of process 1 of host) inside container + # to read mount-point of disks and partitions + - name: procmount + hostPath: + path: /proc + type: Directory + - name: devmount + # the /dev directory is mounted so that we have access to the devices that + # are connected at runtime of the pod. + hostPath: + path: /dev + type: Directory + - name: basepath + hostPath: + path: "{{ .Values.varDirectoryPath.baseDir }}/ndm" + type: DirectoryOrCreate +{{- if .Values.ndm.sparse }} +{{- if .Values.ndm.sparse.path }} + - name: sparsepath + hostPath: + path: {{ .Values.ndm.sparse.path }} +{{- end }} +{{- end }} + # By default the node-disk-manager will be run on all kubernetes nodes + # If you would like to limit this to only some nodes, say the nodes + # that have storage attached, you could label those node and use + # nodeSelector. + # + # e.g. label the storage nodes with - "openebs.io/nodegroup"="storage-node" + # kubectl label node "openebs.io/nodegroup"="storage-node" + #nodeSelector: + # "openebs.io/nodegroup": "storage-node" +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 2 }} +{{- end }} +{{- if .Values.ndm.nodeSelector }} + nodeSelector: +{{ toYaml .Values.ndm.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.ndm.tolerations }} + tolerations: +{{ toYaml .Values.ndm.tolerations | indent 8 }} +{{- end }} +{{- if .Values.ndm.securityContext }} + securityContext: +{{ toYaml .Values.ndm.securityContext | indent 8 }} +{{- end }} + hostNetwork: true +{{- end }} diff --git a/deploy/helm/templates/deployment.yaml b/deploy/helm/templates/deployment.yaml new file mode 100644 index 000000000..de0c45b35 --- /dev/null +++ b/deploy/helm/templates/deployment.yaml @@ -0,0 +1,93 @@ +{{- if .Values.ndmOperator.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "openebs-ndm.operator.fullname" . }} + {{- with .Values.ndmOperator.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "openebs-ndm.operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.ndmOperator.replicas }} + strategy: + type: "Recreate" + rollingUpdate: null + selector: + matchLabels: + {{- include "openebs-ndm.operator.matchLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.ndmOperator.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "openebs-ndm.operator.labels" . | nindent 8 }} + {{- if .Values.ndmOperator.podLabels}} + {{ toYaml .Values.ndmOperator.podLabels | nindent 8 }} + {{- end}} + spec: + serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }} + containers: + - name: {{ template "openebs-ndm.operator.fullname" . }} + image: "{{ .Values.ndmOperator.image.registry }}{{ .Values.ndmOperator.image.repository }}:{{ .Values.ndmOperator.image.tag }}" + imagePullPolicy: {{ .Values.ndmOperator.image.pullPolicy }} + resources: +{{ toYaml .Values.ndmOperator.resources | indent 12 }} + readinessProbe: + exec: + command: + - stat + - /tmp/operator-sdk-ready + initialDelaySeconds: {{ .Values.ndmOperator.readinessCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.ndmOperator.readinessCheck.periodSeconds }} + failureThreshold: {{ .Values.ndmOperator.readinessCheck.failureThreshold }} + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: OPERATOR_NAME + value: "node-disk-operator" + - name: CLEANUP_JOB_IMAGE + value: "{{ .Values.helperPod.image.registry }}{{ .Values.helperPod.image.repository }}:{{ .Values.helperPod.image.tag }}" + # OPENEBS_IO_INSTALL_CRD environment variable is used to enable/disable CRD installation + # from NDM Operator. By default the CRDs will be installed + - name: OPENEBS_IO_INSTALL_CRD + value: "{{ .Values.crd.enableInstall }}" + # Process name used for matching is limited to the 15 characters + # present in the pgrep output. + # So fullname can be used here with pgrep (cmd is < 15 chars). + livenessProbe: + exec: + command: + - pgrep + - "ndo" + initialDelaySeconds: {{ .Values.ndmOperator.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.ndmOperator.healthCheck.periodSeconds }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 2 }} +{{- end }} +{{- if .Values.ndmOperator.nodeSelector }} + nodeSelector: +{{ toYaml .Values.ndmOperator.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.ndmOperator.securityContext }} + securityContext: +{{ toYaml .Values.ndmOperator.securityContext | indent 8 }} +{{- end }} +{{- if .Values.ndmOperator.tolerations }} + tolerations: +{{ toYaml .Values.ndmOperator.tolerations | indent 8 }} +{{- end }} +{{- end }} diff --git a/deploy/helm/templates/rbac.yaml b/deploy/helm/templates/rbac.yaml new file mode 100644 index 000000000..8e81c4922 --- /dev/null +++ b/deploy/helm/templates/rbac.yaml @@ -0,0 +1,44 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "openebs-ndm.serviceAccountName" . }} +{{- end }} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "openebs-ndm.fullname" . }} +rules: + - apiGroups: ["*"] + resources: ["nodes", "pods", "events", "configmaps", "jobs"] + verbs: + - '*' + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: + - '*' + - apiGroups: + - openebs.io + resources: + - blockdevices + - blockdeviceclaims + verbs: + - '*' +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "openebs-ndm.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "openebs-ndm.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + - kind: User + name: system:serviceaccount:default:default + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: {{ include "openebs-ndm.fullname" . }} + apiGroup: rbac.authorization.k8s.io +--- diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml new file mode 100644 index 000000000..67c71a627 --- /dev/null +++ b/deploy/helm/values.yaml @@ -0,0 +1,113 @@ +# Default values for ndm. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +release: + version: "0.9.1" + +imagePullSecrets: +# - name: "image-pull-secret" + +ndm: + componentName: ndm + enabled: true + image: + # Make sure that registry name end with a '/'. + # For example : quay.io/ is a correct value here and quay.io is incorrect + registry: + repository: openebs/node-disk-manager + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: 0.9.1 + sparse: + path: "/var/openebs/sparse" + size: "10737418240" + count: "0" + updateStrategy: + type: RollingUpdate + annotations: {} + podAnnotations: {} + resources: {} + # limits: + # cpu: 10m + # memory: 32Mi + # requests: + # cpu: 10m + # memory: 32Mi + ## Labels to be added to ndm daemonset pods + podLabels: + name: openebs-ndm + nodeSelector: {} + tolerations: [] + securityContext: {} + filters: + enableOsDiskExcludeFilter: true + enableVendorFilter: true + excludeVendors: "CLOUDBYT,OpenEBS" + enablePathFilter: true + includePaths: "" + excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd" + probes: + enableSeachest: true + enableUdevProbe: true + enableSmartProbe: true + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 + +ndmOperator: + name: operator + enabled: true + image: + registry: + repository: openebs/node-disk-operator + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: 0.9.1 + annotations: {} + podAnnotations: {} + nodeSelector: {} + resources: {} + securityContext: {} + tolerations: [] + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 + readinessCheck: + initialDelaySeconds: 4 + periodSeconds: 10 + failureThreshold: 1 + replicas: 1 + upgradeStrategy: Recreate + +helperPod: + image: + registry: "" + repository: openebs/linux-utils + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: 2.0.0 + +crd: + enableInstall: true + +featureGates: + enabled: true + GPTBasedUUID: + enabled: true + featureGateFlag: "GPTBasedUUID" + APIService: + enabled: true + featureGateFlag: "APIService" + address: "0.0.0.0:9115" + +# Directory used by the OpenEBS to store debug information and so forth +# that are generated in the course of running OpenEBS containers. +varDirectoryPath: + baseDir: "/var/openebs" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: openebs-ndm