From 4119e95531c92abd200dcae9f5e50d1ff52d7ef8 Mon Sep 17 00:00:00 2001 From: Ashutosh Kumar Date: Wed, 11 Nov 2020 17:55:45 +0530 Subject: [PATCH] chore(charts): add ndm helm3 charts (#488) **NOTE:** This PR should be merged only after #491 and #490 This PR adds helm3 charts for NDM installation. NDM component will have its own service account and RBAC. So following Kubernetes resource are created for NDM that is not shared with other OpenEBS components: 1. ClusterRole: ( Default name is `openebs-ndm`) 2. ClusterRoleBinding: ( Default name is `openebs-ndm`) 3. ServiceAccount : ( Default name is `openebs-ndm`) NDM Daemonset default name : `openebs-ndm` NDM deployment default name: `openebs-ndm-operator` NDM configmap default name: `openebs-ndm-config` #### Special notes for your reviewer: - There has been a change in match label selectors for the NDM pods. See the following for the comparison **Older Helm Chart Based NDM Daemon Set:** ``` apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "openebs.fullname" . }}-ndm labels: app: {{ template "openebs.name" . }} chart: {{ template "openebs.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: ndm openebs.io/component-name: ndm openebs.io/version: {{ .Values.release.version }} spec: updateStrategy: type: "RollingUpdate" selector: matchLabels: app: {{ template "openebs.name" . }} release: {{ .Release.Name }} component: ndm template: metadata: labels: app: {{ template "openebs.name" . }} release: {{ .Release.Name }} component: ndm openebs.io/component-name: ndm name: openebs-ndm openebs.io/version: {{ .Values.release.version }} ``` **Current Helm Chart Based NDM Daemon Set:** ``` apiVersion: apps/v1 kind: DaemonSet metadata: annotations: deprecated.daemonset.template.generation: "1" meta.helm.sh/release-name: pascal meta.helm.sh/release-namespace: openebs creationTimestamp: "2020-08-26T15:28:33Z" generation: 1 labels: app: openebs-ndm app.kubernetes.io/managed-by: Helm chart: openebs-ndm-0.8.0 component: ndm heritage: Helm openebs.io/component-name: ndm openebs.io/version: 0.8.0 release: pascal spec: selector: matchLabels: app: openebs-ndm component: ndm release: pascal template: metadata: creationTimestamp: null labels: app: openebs-ndm chart: openebs-ndm-0.8.0 component: ndm heritage: Helm name: openebs-ndm openebs.io/component-name: ndm openebs.io/version: 0.8.0 release: pascal ``` **Older Helm Chart Based NDM Operator:** ``` apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "openebs.fullname" . }}-ndm-operator labels: app: {{ template "openebs.name" . }} chart: {{ template "openebs.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: ndm-operator openebs.io/component-name: ndm-operator openebs.io/version: {{ .Values.release.version }} name: ndm-operator spec: replicas: {{ .Values.ndmOperator.replicas }} strategy: type: "Recreate" rollingUpdate: null selector: matchLabels: app: {{ template "openebs.name" . }} release: {{ .Release.Name }} template: metadata: labels: app: {{ template "openebs.name" . }} release: {{ .Release.Name }} component: ndm-operator name: ndm-operator openebs.io/component-name: ndm-operator openebs.io/version: {{ .Values.release.version }} ``` **Current Helm Chart Based NDM operator:** ``` apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "1" meta.helm.sh/release-name: pascal meta.helm.sh/release-namespace: openebs creationTimestamp: "2020-08-26T15:28:33Z" generation: 1 labels: app: openebs-ndm-operator app.kubernetes.io/managed-by: Helm chart: openebs-ndm-0.8.0 component: openebs-ndm-operator heritage: Helm openebs.io/component-name: openebs-ndm-operator openebs.io/version: 0.8.0 release: pascal spec: replicas: 1 selector: matchLabels: app: openebs-ndm-operator component: openebs-ndm-operator release: pascal strategy: type: Recreate template: metadata: creationTimestamp: null labels: app: openebs-ndm-operator chart: openebs-ndm-0.8.0 component: openebs-ndm-operator heritage: Helm openebs.io/component-name: openebs-ndm-operator openebs.io/version: 0.8.0 release: pascal ``` **Notable Changes As Part of Best Practice:** - The labels of ndm daemonset and ndm operator yaml comes from `helper.tpl`. This is more maintainable and less error prone. - Clean up container image values is segregated in Values.yaml file. Signed-off-by: Ashutosh Kumar --- deploy/helm/Chart.yaml | 22 ++++ deploy/helm/crds/blockdevice.yaml | 39 ++++++ deploy/helm/crds/blockdeviceclaim.yaml | 25 ++++ deploy/helm/templates/_helpers.tpl | 132 +++++++++++++++++++ deploy/helm/templates/configmap.yaml | 38 ++++++ deploy/helm/templates/daemonset.yaml | 170 +++++++++++++++++++++++++ deploy/helm/templates/deployment.yaml | 93 ++++++++++++++ deploy/helm/templates/rbac.yaml | 44 +++++++ deploy/helm/values.yaml | 113 ++++++++++++++++ 9 files changed, 676 insertions(+) create mode 100644 deploy/helm/Chart.yaml create mode 100644 deploy/helm/crds/blockdevice.yaml create mode 100644 deploy/helm/crds/blockdeviceclaim.yaml create mode 100644 deploy/helm/templates/_helpers.tpl create mode 100644 deploy/helm/templates/configmap.yaml create mode 100644 deploy/helm/templates/daemonset.yaml create mode 100644 deploy/helm/templates/deployment.yaml create mode 100644 deploy/helm/templates/rbac.yaml create mode 100644 deploy/helm/values.yaml diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml new file mode 100644 index 000000000..b0bddd113 --- /dev/null +++ b/deploy/helm/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +name: openebs-ndm +description: Kubernetes Storage Device Management. Also used to maintain the inventory of block devices. +version: 0.9.1 +appVersion: 0.9.1 +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png +home: http://www.openebs.io/ +keywords: + - cloud-native-storage + - block-storage + - ndm + - disk-inventory + - storage +sources: + - https://github.com/openebs/node-disk-manager +maintainers: + - name: akhilerm + email: akhil.mohan@mayadata.io + - name: xUnholy + email: michaelfornaro@gmail.com + - name: prateekpandey14 + email: prateek.pandey@mayadata.io diff --git a/deploy/helm/crds/blockdevice.yaml b/deploy/helm/crds/blockdevice.yaml new file mode 100644 index 000000000..f0b854a84 --- /dev/null +++ b/deploy/helm/crds/blockdevice.yaml @@ -0,0 +1,39 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: blockdevices.openebs.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.nodeAttributes.nodeName + name: NodeName + type: string + - JSONPath: .spec.path + name: Path + priority: 1 + type: string + - JSONPath: .spec.filesystem.fsType + name: FSType + priority: 1 + type: string + - JSONPath: .spec.capacity.storage + name: Size + type: string + - JSONPath: .status.claimState + name: ClaimState + type: string + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: openebs.io + version: v1alpha1 + scope: Namespaced + names: + kind: BlockDevice + listKind: BlockDeviceList + plural: blockdevices + singular: blockdevice + shortNames: + - bd diff --git a/deploy/helm/crds/blockdeviceclaim.yaml b/deploy/helm/crds/blockdeviceclaim.yaml new file mode 100644 index 000000000..a2d796f85 --- /dev/null +++ b/deploy/helm/crds/blockdeviceclaim.yaml @@ -0,0 +1,25 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: blockdeviceclaims.openebs.io +spec: + additionalPrinterColumns: + - JSONPath: .spec.blockDeviceName + name: BlockDeviceName + type: string + - JSONPath: .status.phase + name: Phase + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: openebs.io + version: v1alpha1 + scope: Namespaced + names: + kind: BlockDeviceClaim + listKind: BlockDeviceClaimList + plural: blockdeviceclaims + shortNames: + - bdc + singular: blockdeviceclaim diff --git a/deploy/helm/templates/_helpers.tpl b/deploy/helm/templates/_helpers.tpl new file mode 100644 index 000000000..e6d5b99dc --- /dev/null +++ b/deploy/helm/templates/_helpers.tpl @@ -0,0 +1,132 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +This name is used for ndm daemonset +*/}} +{{- define "openebs-ndm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "openebs-ndm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified ndm daemonset app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "openebs-ndm.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains .Release.Name $name }} +{{- $name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "openebs-ndm.operator.name" -}} +{{- $ndmName := default .Chart.Name .Values.ndmOperator.nameOverride | trunc 63 | trimSuffix "-" }} +{{- $componentName := .Values.ndmOperator.name | trunc 63 | trimSuffix "-" }} +{{- printf "%s-%s" $ndmName $componentName | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified ndm operator app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "openebs-ndm.operator.fullname" -}} +{{- if .Values.ndmOperator.fullnameOverride }} +{{- .Values.ndmOperator.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $ndmOperatorName := include "openebs-ndm.operator.name" .}} + +{{- $name := default $ndmOperatorName .Values.ndmOperator.nameOverride }} +{{- if contains .Release.Name $name }} +{{- $name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "openebs-ndm.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "openebs-ndm.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Define meta labels for ndm components +*/}} +{{- define "openebs-ndm.common.metaLabels" -}} +chart: {{ template "openebs-ndm.chart" . }} +heritage: {{ .Release.Service }} +openebs.io/version: {{ .Values.release.version | quote }} +{{- end -}} + + +{{/* +Create match labels for ndm daemonset component +*/}} +{{- define "openebs-ndm.matchLabels" -}} +app: {{ template "openebs-ndm.name" . }} +release: {{ .Release.Name }} +component: {{ .Values.ndm.componentName | quote }} +{{- end -}} + +{{/* +Create component labels for ndm daemonset component +*/}} +{{- define "openebs-ndm.componentLabels" -}} +openebs.io/component-name: {{ .Values.ndm.componentName | quote }} +{{- end -}} + + +{{/* +Create labels for ndm daemonset component +*/}} +{{- define "openebs-ndm.labels" -}} +{{ include "openebs-ndm.common.metaLabels" . }} +{{ include "openebs-ndm.matchLabels" . }} +{{ include "openebs-ndm.componentLabels" . }} +{{- end -}} + +{{/* +Create match labels for ndm operator deployment +*/}} +{{- define "openebs-ndm.operator.matchLabels" -}} +app: {{ template "openebs-ndm.operator.name" . }} +release: {{ .Release.Name }} +component: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }} +{{- end -}} + +{{/* +Create component labels for ndm operator component +*/}} +{{- define "openebs-ndm.operator.componentLabels" -}} +openebs.io/component-name: {{ default (include "openebs-ndm.operator.name" .) .Values.ndmOperator.componentName }} +{{- end -}} + + +{{/* +Create labels for ndm operator component +*/}} +{{- define "openebs-ndm.operator.labels" -}} +{{ include "openebs-ndm.common.metaLabels" . }} +{{ include "openebs-ndm.operator.matchLabels" . }} +{{ include "openebs-ndm.operator.componentLabels" . }} +{{- end -}} diff --git a/deploy/helm/templates/configmap.yaml b/deploy/helm/templates/configmap.yaml new file mode 100644 index 000000000..451cf1b01 --- /dev/null +++ b/deploy/helm/templates/configmap.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "openebs-ndm.fullname" . }}-config +data: + # node-disk-manager-config contains config of available probes and filters. + # Probes and Filters will initialize with default values if config for that + # filter or probe are not present in configmap + + # udev-probe is default or primary probe it should be enabled to run ndm + # filterconfigs contains configs of filters. To provide a group of include + # and exclude values add it as , separated string + node-disk-manager.config: | + probeconfigs: + - key: udev-probe + name: udev probe + state: {{ .Values.ndm.probes.enableUdevProbe }} + - key: seachest-probe + name: seachest probe + state: {{ .Values.ndm.probes.enableSeachest }} + - key: smart-probe + name: smart probe + state: {{ .Values.ndm.probes.enableSmartProbe }} + filterconfigs: + - key: os-disk-exclude-filter + name: os disk exclude filter + state: {{ .Values.ndm.filters.enableOsDiskExcludeFilter }} + exclude: "/,/etc/hosts,/boot" + - key: vendor-filter + name: vendor filter + state: {{ .Values.ndm.filters.enableVendorFilter }} + include: "" + exclude: "{{ .Values.ndm.filters.excludeVendors }}" + - key: path-filter + name: path filter + state: {{ .Values.ndm.filters.enablePathFilter }} + include: "{{ .Values.ndm.filters.includePaths }}" + exclude: "{{ .Values.ndm.filters.excludePaths }}" diff --git a/deploy/helm/templates/daemonset.yaml b/deploy/helm/templates/daemonset.yaml new file mode 100644 index 000000000..0af23fff3 --- /dev/null +++ b/deploy/helm/templates/daemonset.yaml @@ -0,0 +1,170 @@ +{{- if .Values.ndm.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "openebs-ndm.fullname" . }} + {{- with .Values.ndm.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "openebs-ndm.labels" . | nindent 4 }} +spec: + updateStrategy: +{{ toYaml .Values.ndm.updateStrategy | indent 4 }} + selector: + matchLabels: + {{- include "openebs-ndm.matchLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.ndm.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "openebs-ndm.labels" . | nindent 8 }} + {{- if .Values.ndm.podLabels}} + {{ toYaml .Values.ndm.podLabels | nindent 8 }} + {{- end}} + spec: + serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }} +{{- if .Values.featureGates.enabled }} +{{- if .Values.featureGates.APIService.enabled }} + hostPID: true +{{- end}} +{{- end}} + containers: + - name: {{ template "openebs-ndm.name" . }} + image: "{{ .Values.ndm.image.registry }}{{ .Values.ndm.image.repository }}:{{ .Values.ndm.image.tag }}" + args: + - -v=4 +{{- if .Values.featureGates.enabled }} +{{- if .Values.featureGates.GPTBasedUUID.enabled }} + - --feature-gates={{ .Values.featureGates.GPTBasedUUID.featureGateFlag }} +{{- end}} +{{- if .Values.featureGates.APIService.enabled }} + - --feature-gates={{ .Values.featureGates.APIService.featureGateFlag }} + - --api-service-address={{ .Values.featureGates.APIService.address }} +{{- end}} +{{- end}} + imagePullPolicy: {{ .Values.ndm.image.pullPolicy }} + resources: +{{ toYaml .Values.ndm.resources | indent 12 }} + securityContext: + privileged: true + env: + # namespace in which NDM is installed will be passed to NDM Daemonset + # as environment variable + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # pass hostname as env variable using downward API to the NDM container + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName +{{- if .Values.ndm.sparse }} +{{- if .Values.ndm.sparse.path }} + # specify the directory where the sparse files need to be created. + # if not specified, then sparse files will not be created. + - name: SPARSE_FILE_DIR + value: "{{ .Values.ndm.sparse.path }}" +{{- end }} +{{- if .Values.ndm.sparse.size }} + # Size(bytes) of the sparse file to be created. + - name: SPARSE_FILE_SIZE + value: "{{ .Values.ndm.sparse.size }}" +{{- end }} +{{- if .Values.ndm.sparse.count }} + # Specify the number of sparse files to be created + - name: SPARSE_FILE_COUNT + value: "{{ .Values.ndm.sparse.count }}" +{{- end }} +{{- end }} + # Process name used for matching is limited to the 15 characters + # present in the pgrep output. + # So fullname can be used here with pgrep (cmd is < 15 chars). + livenessProbe: + exec: + command: + - pgrep + - "ndm" + initialDelaySeconds: {{ .Values.ndm.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.ndm.healthCheck.periodSeconds }} + volumeMounts: + - name: config + mountPath: /host/node-disk-manager.config + subPath: node-disk-manager.config + readOnly: true + - name: udev + mountPath: /run/udev + - name: procmount + mountPath: /host/proc + readOnly: true + - name: devmount + mountPath: /dev + - name: basepath + mountPath: /var/openebs/ndm +{{- if .Values.ndm.sparse }} +{{- if .Values.ndm.sparse.path }} + - name: sparsepath + mountPath: {{ .Values.ndm.sparse.path }} +{{- end }} +{{- end }} + volumes: + - name: config + configMap: + name: {{ include "openebs-ndm.fullname" . }}-config + - name: udev + hostPath: + path: /run/udev + type: Directory + # mount /proc (to access mount file of process 1 of host) inside container + # to read mount-point of disks and partitions + - name: procmount + hostPath: + path: /proc + type: Directory + - name: devmount + # the /dev directory is mounted so that we have access to the devices that + # are connected at runtime of the pod. + hostPath: + path: /dev + type: Directory + - name: basepath + hostPath: + path: "{{ .Values.varDirectoryPath.baseDir }}/ndm" + type: DirectoryOrCreate +{{- if .Values.ndm.sparse }} +{{- if .Values.ndm.sparse.path }} + - name: sparsepath + hostPath: + path: {{ .Values.ndm.sparse.path }} +{{- end }} +{{- end }} + # By default the node-disk-manager will be run on all kubernetes nodes + # If you would like to limit this to only some nodes, say the nodes + # that have storage attached, you could label those node and use + # nodeSelector. + # + # e.g. label the storage nodes with - "openebs.io/nodegroup"="storage-node" + # kubectl label node "openebs.io/nodegroup"="storage-node" + #nodeSelector: + # "openebs.io/nodegroup": "storage-node" +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 2 }} +{{- end }} +{{- if .Values.ndm.nodeSelector }} + nodeSelector: +{{ toYaml .Values.ndm.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.ndm.tolerations }} + tolerations: +{{ toYaml .Values.ndm.tolerations | indent 8 }} +{{- end }} +{{- if .Values.ndm.securityContext }} + securityContext: +{{ toYaml .Values.ndm.securityContext | indent 8 }} +{{- end }} + hostNetwork: true +{{- end }} diff --git a/deploy/helm/templates/deployment.yaml b/deploy/helm/templates/deployment.yaml new file mode 100644 index 000000000..de0c45b35 --- /dev/null +++ b/deploy/helm/templates/deployment.yaml @@ -0,0 +1,93 @@ +{{- if .Values.ndmOperator.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "openebs-ndm.operator.fullname" . }} + {{- with .Values.ndmOperator.annotations }} + annotations: {{ toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "openebs-ndm.operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.ndmOperator.replicas }} + strategy: + type: "Recreate" + rollingUpdate: null + selector: + matchLabels: + {{- include "openebs-ndm.operator.matchLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.ndmOperator.podAnnotations }} + annotations: {{ toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "openebs-ndm.operator.labels" . | nindent 8 }} + {{- if .Values.ndmOperator.podLabels}} + {{ toYaml .Values.ndmOperator.podLabels | nindent 8 }} + {{- end}} + spec: + serviceAccountName: {{ template "openebs-ndm.serviceAccountName" . }} + containers: + - name: {{ template "openebs-ndm.operator.fullname" . }} + image: "{{ .Values.ndmOperator.image.registry }}{{ .Values.ndmOperator.image.repository }}:{{ .Values.ndmOperator.image.tag }}" + imagePullPolicy: {{ .Values.ndmOperator.image.pullPolicy }} + resources: +{{ toYaml .Values.ndmOperator.resources | indent 12 }} + readinessProbe: + exec: + command: + - stat + - /tmp/operator-sdk-ready + initialDelaySeconds: {{ .Values.ndmOperator.readinessCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.ndmOperator.readinessCheck.periodSeconds }} + failureThreshold: {{ .Values.ndmOperator.readinessCheck.failureThreshold }} + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: OPERATOR_NAME + value: "node-disk-operator" + - name: CLEANUP_JOB_IMAGE + value: "{{ .Values.helperPod.image.registry }}{{ .Values.helperPod.image.repository }}:{{ .Values.helperPod.image.tag }}" + # OPENEBS_IO_INSTALL_CRD environment variable is used to enable/disable CRD installation + # from NDM Operator. By default the CRDs will be installed + - name: OPENEBS_IO_INSTALL_CRD + value: "{{ .Values.crd.enableInstall }}" + # Process name used for matching is limited to the 15 characters + # present in the pgrep output. + # So fullname can be used here with pgrep (cmd is < 15 chars). + livenessProbe: + exec: + command: + - pgrep + - "ndo" + initialDelaySeconds: {{ .Values.ndmOperator.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.ndmOperator.healthCheck.periodSeconds }} +{{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 2 }} +{{- end }} +{{- if .Values.ndmOperator.nodeSelector }} + nodeSelector: +{{ toYaml .Values.ndmOperator.nodeSelector | indent 8 }} +{{- end }} +{{- if .Values.ndmOperator.securityContext }} + securityContext: +{{ toYaml .Values.ndmOperator.securityContext | indent 8 }} +{{- end }} +{{- if .Values.ndmOperator.tolerations }} + tolerations: +{{ toYaml .Values.ndmOperator.tolerations | indent 8 }} +{{- end }} +{{- end }} diff --git a/deploy/helm/templates/rbac.yaml b/deploy/helm/templates/rbac.yaml new file mode 100644 index 000000000..8e81c4922 --- /dev/null +++ b/deploy/helm/templates/rbac.yaml @@ -0,0 +1,44 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "openebs-ndm.serviceAccountName" . }} +{{- end }} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "openebs-ndm.fullname" . }} +rules: + - apiGroups: ["*"] + resources: ["nodes", "pods", "events", "configmaps", "jobs"] + verbs: + - '*' + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: + - '*' + - apiGroups: + - openebs.io + resources: + - blockdevices + - blockdeviceclaims + verbs: + - '*' +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "openebs-ndm.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ include "openebs-ndm.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + - kind: User + name: system:serviceaccount:default:default + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: {{ include "openebs-ndm.fullname" . }} + apiGroup: rbac.authorization.k8s.io +--- diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml new file mode 100644 index 000000000..67c71a627 --- /dev/null +++ b/deploy/helm/values.yaml @@ -0,0 +1,113 @@ +# Default values for ndm. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +release: + version: "0.9.1" + +imagePullSecrets: +# - name: "image-pull-secret" + +ndm: + componentName: ndm + enabled: true + image: + # Make sure that registry name end with a '/'. + # For example : quay.io/ is a correct value here and quay.io is incorrect + registry: + repository: openebs/node-disk-manager + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: 0.9.1 + sparse: + path: "/var/openebs/sparse" + size: "10737418240" + count: "0" + updateStrategy: + type: RollingUpdate + annotations: {} + podAnnotations: {} + resources: {} + # limits: + # cpu: 10m + # memory: 32Mi + # requests: + # cpu: 10m + # memory: 32Mi + ## Labels to be added to ndm daemonset pods + podLabels: + name: openebs-ndm + nodeSelector: {} + tolerations: [] + securityContext: {} + filters: + enableOsDiskExcludeFilter: true + enableVendorFilter: true + excludeVendors: "CLOUDBYT,OpenEBS" + enablePathFilter: true + includePaths: "" + excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md,/dev/rbd,/dev/zd" + probes: + enableSeachest: true + enableUdevProbe: true + enableSmartProbe: true + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 + +ndmOperator: + name: operator + enabled: true + image: + registry: + repository: openebs/node-disk-operator + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: 0.9.1 + annotations: {} + podAnnotations: {} + nodeSelector: {} + resources: {} + securityContext: {} + tolerations: [] + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 + readinessCheck: + initialDelaySeconds: 4 + periodSeconds: 10 + failureThreshold: 1 + replicas: 1 + upgradeStrategy: Recreate + +helperPod: + image: + registry: "" + repository: openebs/linux-utils + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: 2.0.0 + +crd: + enableInstall: true + +featureGates: + enabled: true + GPTBasedUUID: + enabled: true + featureGateFlag: "GPTBasedUUID" + APIService: + enabled: true + featureGateFlag: "APIService" + address: "0.0.0.0:9115" + +# Directory used by the OpenEBS to store debug information and so forth +# that are generated in the course of running OpenEBS containers. +varDirectoryPath: + baseDir: "/var/openebs" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: openebs-ndm