디렉토리 구조 및 각 서비스 추가

helm/openebs/charts/cstor/templates/NOTES.txt

@@ -0,0 +1,11 @@
+The OpenEBS cstor has been installed check its status by running:
+$ kubectl get pods -n {{ .Release.Namespace }}
+
+Use `kubectl get bd -n {{ .Release.Namespace }} ` to see the list of 
+blockdevices attached to the Kubernetes cluster nodes.
+
+For more information, visit our Slack at https://openebs.io/community or view 
+the documentation online at http://docs.openebs.io/.
+
+For more information related to cstor pool and volume provisioning, visit
+https://github.com/openebs/cstor-operators/tree/master/docs .

helm/openebs/charts/cstor/templates/_helpers.tpl

@@ -0,0 +1,217 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cstor.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cstor.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cstor.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "cstor.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "cstor.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Define meta labels for cstor components
+*/}}
+{{- define "cstor.common.metaLabels" -}}
+chart: {{ template "cstor.chart" . }}
+heritage: {{ .Release.Service }}
+openebs.io/version: {{ .Values.release.version | quote }}
+{{- end -}}
+
+{{/*
+Create match labels for cstor admission server
+*/}}
+{{- define "cstor.admissionServer.matchLabels" -}}
+app: {{ .Values.admissionServer.componentName | quote }}
+release: {{ .Release.Name }}
+component: {{ .Values.admissionServer.componentName | quote }}
+{{- end -}}
+
+{{/*
+Create component labels for cstor admission server
+*/}}
+{{- define "cstor.admissionServer.componentLabels" -}}
+openebs.io/component-name: {{ .Values.admissionServer.componentName | quote }}
+{{- end -}}
+
+{{/*
+Create labels for cstor admission server
+*/}}
+{{- define "cstor.admissionServer.labels" -}}
+{{ include "cstor.common.metaLabels" . }}
+{{ include "cstor.admissionServer.matchLabels" . }}
+{{ include "cstor.admissionServer.componentLabels" . }}
+{{- end -}}
+
+{{/*
+Create match labels for cstor cspc operator
+*/}}
+{{- define "cstor.cspcOperator.matchLabels" -}}
+name: {{ .Values.cspcOperator.componentName | quote }}
+release: {{ .Release.Name }}
+component: {{ .Values.cspcOperator.componentName | quote }}
+{{- end -}}
+
+{{/*
+Create component labels cstor cspc operator
+*/}}
+{{- define "cstor.cspcOperator.componentLabels" -}}
+openebs.io/component-name: {{ .Values.cspcOperator.componentName | quote }}
+{{- end -}}
+
+
+{{/*
+Create labels for cstor cspc operator
+*/}}
+{{- define "cstor.cspcOperator.labels" -}}
+{{ include "cstor.common.metaLabels" . }}
+{{ include "cstor.cspcOperator.matchLabels" . }}
+{{ include "cstor.cspcOperator.componentLabels" . }}
+{{- end -}}
+
+{{/*
+Create match labels for cstor cvc operator
+*/}}
+{{- define "cstor.cvcOperator.matchLabels" -}}
+name: {{ .Values.cvcOperator.componentName | quote }}
+release: {{ .Release.Name }}
+component: {{ .Values.cvcOperator.componentName | quote }}
+{{- end -}}
+
+{{/*
+Create component labels cstor cvc operator
+*/}}
+{{- define "cstor.cvcOperator.componentLabels" -}}
+openebs.io/component-name: {{ .Values.cvcOperator.componentName | quote }}
+{{- end -}}
+
+{{/*
+Create component labels cstor cvc operator service
+*/}}
+{{- define "cstor.cvcOperatorService.componentLabels" -}}
+openebs.io/component-name: {{ printf "%s-svc" .Values.cvcOperator.componentName | quote }}
+{{- end -}}
+
+
+{{/*
+Create labels for cstor cvc operator
+*/}}
+{{- define "cstor.cvcOperator.labels" -}}
+{{ include "cstor.common.metaLabels" . }}
+{{ include "cstor.cvcOperator.matchLabels" . }}
+{{ include "cstor.cvcOperator.componentLabels" . }}
+{{- end -}}
+
+{{/*
+Create labels for cstor cvc operator service
+*/}}
+{{- define "cstor.cvcOperatorService.labels" -}}
+{{ include "cstor.common.metaLabels" . }}
+{{ include "cstor.cvcOperator.matchLabels" . }}
+{{ include "cstor.cvcOperatorService.componentLabels" . }}
+{{- end -}}
+
+{{/*
+Create match labels for cstor csi node operator
+*/}}
+{{- define "cstor.csiNode.matchLabels" -}}
+name: {{ .Values.csiNode.componentName | quote }}
+release: {{ .Release.Name }}
+component: {{ .Values.csiNode.componentName | quote }}
+{{- end -}}
+
+{{/*
+Create component labels cstor csi node operator
+*/}}
+{{- define "cstor.csiNode.componentLabels" -}}
+openebs.io/component-name: {{ .Values.csiNode.componentName | quote }}
+{{- end -}}
+
+{{/*
+Create labels for cstor csi node operator
+*/}}
+{{- define "cstor.csiNode.labels" -}}
+{{ include "cstor.common.metaLabels" . }}
+{{ include "cstor.csiNode.matchLabels" . }}
+{{ include "cstor.csiNode.componentLabels" . }}
+{{- end -}}
+
+{{/*
+Create match labels for cstor csi controller
+*/}}
+{{- define "cstor.csiController.matchLabels" -}}
+name: {{ .Values.csiController.componentName | quote }}
+release: {{ .Release.Name }}
+component: {{ .Values.csiController.componentName | quote }}
+{{- end -}}
+
+{{/*
+Create component labels cstor csi controller
+*/}}
+{{- define "cstor.csiController.componentLabels" -}}
+openebs.io/component-name: {{ .Values.csiController.componentName | quote }}
+{{- end -}}
+
+{{/*
+Create labels for cstor csi controller
+*/}}
+{{- define "cstor.csiController.labels" -}}
+{{ include "cstor.common.metaLabels" . }}
+{{ include "cstor.csiController.matchLabels" . }}
+{{ include "cstor.csiController.componentLabels" . }}
+{{- end -}}
+
+{{/*
+Create the name of the priority class for csi node plugin
+*/}}
+{{- define "cstor.csiNode.priorityClassName" -}}
+{{- if .Values.csiNode.priorityClass.create }}
+{{- printf "%s-%s" .Release.Name .Values.csiNode.priorityClass.name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s" .Values.csiNode.priorityClass.name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the priority class for csi controller plugin
+*/}}
+{{- define "cstor.csiController.priorityClassName" -}}
+{{- if .Values.csiController.priorityClass.create }}
+{{- printf "%s-%s" .Release.Name .Values.csiController.priorityClass.name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s" .Values.csiController.priorityClass.name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}

helm/openebs/charts/cstor/templates/admission-server.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "cstor.fullname" . }}-admission-server
+  {{- with .Values.admissionServer.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cstor.admissionServer.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.admissionServer.replicas }}
+  strategy:
+    type: Recreate
+    rollingUpdate: null
+  selector:
+    matchLabels:
+      {{- include "cstor.admissionServer.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "cstor.admissionServer.labels" . | nindent 8 }}
+        {{- if .Values.admissionServer.podLabels }}
+        {{ toYaml .Values.admissionServer.podLabels | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ .Values.serviceAccount.cstorOperator.name }}
+      containers:
+        - name: {{ template "cstor.fullname" . }}-admission-webhook
+          image: "{{ .Values.admissionServer.image.registry }}{{ .Values.admissionServer.image.repository }}:{{ .Values.admissionServer.image.tag }}"
+          imagePullPolicy: {{ .Values.admissionServer.image.pullPolicy }}
+          resources:
+{{ toYaml .Values.admissionServer.resources | indent 12 }}
+          args:
+            - -alsologtostderr
+            - -v=2
+            - 2>&1
+          env:
+            - name: OPENEBS_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: ADMISSION_WEBHOOK_FAILURE_POLICY
+              value: {{ .Values.admissionServer.failurePolicy }}
+{{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 2 }}
+{{- end }}
+{{- if .Values.admissionServer.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.admissionServer.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.admissionServer.securityContext }}
+      securityContext:
+{{ toYaml .Values.admissionServer.securityContext | indent 8 }}
+{{- end }}
+{{- if .Values.admissionServer.tolerations }}
+      tolerations:
+{{ toYaml .Values.admissionServer.tolerations | indent 8 }}
+{{- end }}

helm/openebs/charts/cstor/templates/cleanup-webhook.yaml

@@ -0,0 +1,39 @@
+# HELM first deletes RBAC, then it tries to delete other resources like CSPC and PVC. 
+# We've got validating webhook on CSPC and PVC.
+# But even that the policy of this webhook is Ignore, it fails because the ServiceAccount 
+# does not have permission to access resources like BDC anymore which are used for validation.
+# Therefore we first need to delete webhook so we can delete the rest of the deployments.
+{{- $kubeMinor := .Capabilities.KubeVersion.Minor | replace "+" "" }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "cstor.fullname" . }}-webhook-cleanup
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-delete-policy": hook-succeeded
+  labels:
+    app: {{ template "cstor.name" . }}
+spec:
+  template:
+    metadata:
+      name: {{ template "cstor.fullname" . }}-webhook-cleanup
+      labels:
+        app: {{ template "cstor.name" . }}
+    spec:
+      serviceAccountName: {{ .Values.serviceAccount.cstorOperator.name }}
+      containers:
+        - name: kubectl
+          {{- /* bitnami maintains an image for all k8s versions */}}
+          {{- /* see: https://hub.docker.com/r/bitnami/kubectl */}}
+          {{- if .Values.cleanup.image.tag }}
+          image: "{{ .Values.cleanup.image.registry }}{{ .Values.cleanup.image.repository }}:{{ .Values.cleanup.image.tag }}"
+          {{- else }}
+          image: "{{ .Values.cleanup.image.registry }}{{ .Values.cleanup.image.repository }}:{{ .Capabilities.KubeVersion.Major }}.{{ $kubeMinor }}"
+          {{- end }}
+          command:
+          - /bin/sh
+          - -c
+          - >
+              kubectl delete validatingWebhookConfiguration openebs-cstor-validation-webhook || true;
+      restartPolicy: OnFailure

helm/openebs/charts/cstor/templates/csi-controller-rbac.yaml

@@ -0,0 +1,196 @@
+{{- if .Values.serviceAccount.csiController.create -}}
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: {{ .Values.serviceAccount.csiController.name }}
+  labels:
+    {{- include "cstor.csiController.labels" . | nindent 4 }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- if .Values.rbac.create }}
+---
+# cstor csi roles and bindings
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-csi-snapshotter-binding
+  labels:
+    {{- include "cstor.csiController.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.csiController.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: openebs-cstor-csi-snapshotter-role
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-csi-snapshotter-role
+  labels:
+    {{- include "cstor.csiController.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents/status"]
+    verbs: ["update"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots/status"]
+    verbs: ["update"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["create", "list", "watch", "delete", "get", "update"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-csi-provisioner-role
+  labels:
+    {{- include "cstor.csiController.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets","namespaces"]
+    verbs: ["get", "list"]
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [""]
+    resources: ["persistentvolumes", "services"]
+    verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses", "csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["get", "list"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["*"]
+  - apiGroups: ["*"]
+    resources: ["cstorvolumeattachments", "cstorvolumes","cstorvolumeconfigs"]
+    verbs: ["*"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-csi-provisioner-binding
+  labels:
+    {{- include "cstor.csiController.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.csiController.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: openebs-cstor-csi-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+---
+############################## CSI- Attacher #######################
+# Attacher must be able to work with PVs, nodes and VolumeAttachments
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-csi-attacher-role
+  labels:
+    {{- include "cstor.csiController.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["csi.storage.k8s.io"]
+    resources: ["csinodeinfos"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments", "csinodes"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "volumeattachments/status" ]
+    verbs: [ "patch" ]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-csi-attacher-binding
+  labels:
+    {{- include "cstor.csiController.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.csiController.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: openebs-cstor-csi-attacher-role
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-csi-cluster-registrar-role
+  labels:
+    {{- include "cstor.csiController.labels" . | nindent 4 }}
+rules:
+  - apiGroups: ["csi.storage.k8s.io"]
+    resources: ["csidrivers"]
+    verbs: ["create", "delete"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-csi-cluster-registrar-binding
+  labels:
+    {{- include "cstor.csiController.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.csiController.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: openebs-cstor-csi-cluster-registrar-role
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}

helm/openebs/charts/cstor/templates/csi-controller.yaml

@@ -0,0 +1,137 @@
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: {{ template "cstor.fullname" . }}-csi-controller
+  {{- with .Values.csiController.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cstor.csiController.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "cstor.csiController.matchLabels" . | nindent 6 }}
+  serviceName: "openebs-csi"
+  replicas: {{ .Values.csiController.replicas }}
+  template:
+    metadata:
+      labels:
+        {{- include "cstor.csiController.labels" . | nindent 8 }}
+        {{- if .Values.csiController.podLabels }}
+        {{ toYaml .Values.csiController.podLabels | nindent 8 }}
+        {{- end }}
+    spec:
+      priorityClassName: {{ template "cstor.csiController.priorityClassName" . }}
+      serviceAccountName: {{ .Values.serviceAccount.csiController.name }}
+      containers:
+        - name: {{ .Values.csiController.resizer.name }}
+          image: "{{ .Values.csiController.resizer.image.registry }}{{ .Values.csiController.resizer.image.repository }}:{{ .Values.csiController.resizer.image.tag }}"
+          resources:
+{{ toYaml .Values.csiController.resources | indent 12 }}
+          args:
+            - "--v={{ .Values.csiController.resizer.logLevel | default .Values.csiController.logLevel }}"
+            - "--csi-address=$(ADDRESS)"
+            - "--leader-election"
+          env:
+            - name: ADDRESS
+              value: /var/lib/csi/sockets/pluginproxy/csi.sock
+          imagePullPolicy: {{ .Values.csiController.resizer.image.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy/
+        - name: {{ .Values.csiController.snapshotter.name }}
+          image: "{{ .Values.csiController.snapshotter.image.registry }}{{ .Values.csiController.snapshotter.image.repository }}:{{ .Values.csiController.snapshotter.image.tag }}"
+          args:
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: /var/lib/csi/sockets/pluginproxy/csi.sock
+          imagePullPolicy: {{ .Values.csiController.snapshotter.image.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy/
+        - name: {{ .Values.csiController.snapshotController.name }}
+          image: "{{ .Values.csiController.snapshotController.image.registry }}{{ .Values.csiController.snapshotController.image.repository }}:{{ .Values.csiController.snapshotController.image.tag }}"
+          args:
+            - "--v={{ .Values.csiController.snapshotController.logLevel | default .Values.csiController.logLevel }}"
+            - "--leader-election=false"
+          imagePullPolicy: {{ .Values.csiController.snapshotController.image.pullPolicy }}
+        - name: {{ .Values.csiController.provisioner.name }}
+          image: "{{ .Values.csiController.provisioner.image.registry }}{{ .Values.csiController.provisioner.image.repository }}:{{ .Values.csiController.provisioner.image.tag }}"
+          imagePullPolicy: {{ .Values.csiController.provisioner.image.pullPolicy }}
+          args:
+            - "--csi-address=$(ADDRESS)"
+            - "--v={{ .Values.csiController.provisioner.logLevel | default .Values.csiController.logLevel }}"
+            - "--feature-gates=Topology=true"
+            - "--extra-create-metadata=true"
+            - "--metrics-address=:22011"
+            - "--timeout=250s"
+            - "--default-fstype=ext4"
+          env:
+            - name: MY_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: ADDRESS
+              value: /var/lib/csi/sockets/pluginproxy/csi.sock
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy/
+        - name: {{ .Values.csiController.attacher.name }}
+          image: "{{ .Values.csiController.attacher.image.registry }}{{ .Values.csiController.attacher.image.repository }}:{{ .Values.csiController.attacher.image.tag }}"
+          imagePullPolicy: {{ .Values.csiController.attacher.image.pullPolicy }}
+          args:
+            - "--v={{ .Values.csiController.attacher.logLevel | default .Values.csiController.logLevel }}"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: /var/lib/csi/sockets/pluginproxy/csi.sock
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy/
+        - name: {{ .Values.cstorCSIPlugin.name }}
+          image: "{{ .Values.cstorCSIPlugin.image.registry }}{{ .Values.cstorCSIPlugin.image.repository }}:{{ .Values.cstorCSIPlugin.image.tag }}"
+          imagePullPolicy: {{ .Values.cstorCSIPlugin.image.pullPolicy }}
+          env:
+            - name: OPENEBS_CONTROLLER_DRIVER
+              value: controller
+            - name: OPENEBS_CSI_ENDPOINT
+              value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
+            - name: OPENEBS_CSI_API_URL
+              value: https://openebs.io
+              # OpenEBS namespace where the openebs cstor operator components
+              # has been installed
+            - name: OPENEBS_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OPENEBS_IO_INSTALLER_TYPE
+              value: "cstor-helm"
+            - name: OPENEBS_IO_ENABLE_ANALYTICS
+              value: "{{ .Values.analytics.enabled }}"
+          args :
+            - "--endpoint=$(OPENEBS_CSI_ENDPOINT)"
+            - "--url=$(OPENEBS_CSI_API_URL)"
+            - "--plugin=$(OPENEBS_CONTROLLER_DRIVER)"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy/
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
+{{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 2 }}
+{{- end }}
+{{- if .Values.csiController.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.csiController.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.csiController.securityContext }}
+      securityContext:
+{{ toYaml .Values.csiController.securityContext | indent 8 }}
+{{- end }}
+{{- if .Values.csiController.tolerations }}
+      tolerations:
+{{ toYaml .Values.csiController.tolerations | indent 8 }}
+{{- end }}

helm/openebs/charts/cstor/templates/csi-driver.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.csiDriver.create -}}
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: cstor.csi.openebs.io
+spec:
+  # Supports persistent inline volumes.
+  volumeLifecycleModes:
+    - Persistent
+    # Not yet supported but added just to support upgrade control plane seamlessly
+    - Ephemeral
+  # To determine at runtime which mode a volume uses, pod info and its
+  # "csi.storage.k8s.io/ephemeral" entry are needed.
+  podInfoOnMount: {{ .Values.csiDriver.podInfoOnMount }}
+  attachRequired: {{ .Values.csiDriver.attachRequired }}
+{{- end }}

helm/openebs/charts/cstor/templates/csi-iscsiadm-config.yaml

@@ -0,0 +1,18 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: openebs-cstor-csi-iscsiadm
+data:
+  iscsiadm: |
+    #!/bin/sh
+    if [ -x /host/sbin/iscsiadm ]; then
+      chroot /host /sbin/iscsiadm "$@"
+    elif [ -x /host/usr/local/sbin/iscsiadm ]; then
+      chroot /host /usr/local/sbin/iscsiadm "$@"
+    elif [ -x /host/bin/iscsiadm ]; then
+      chroot /host /bin/iscsiadm "$@"
+    elif [ -x /host/usr/local/bin/iscsiadm ]; then
+      chroot /host /usr/local/bin/iscsiadm "$@"
+    else
+      chroot /host iscsiadm "$@"
+    fi

helm/openebs/charts/cstor/templates/csi-node-rbac.yaml

@@ -0,0 +1,73 @@
+{{- if .Values.serviceAccount.csiNode.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.csiNode.name }}
+  labels:
+    {{- include "cstor.csiNode.labels" . | nindent 4 }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- if .Values.rbac.create }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-csi-registrar-role
+  labels:
+    {{- include "cstor.csiNode.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes", "nodes", "services"]
+    verbs: ["get", "list", "patch"]
+  - apiGroups: ["*"]
+    resources: ["cstorvolumeattachments", "cstorvolumes","cstorvolumeconfigs"]
+    verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-csi-registrar-binding
+  labels:
+    {{- include "cstor.csiNode.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.csiNode.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: openebs-cstor-csi-registrar-role
+  apiGroup: rbac.authorization.k8s.io
+{{- if .Values.rbac.pspEnabled }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-csi-node-role
+  labels:
+    {{- include "cstor.csiNode.labels" . | nindent 4 }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+  - openebs-cstor-csi-node-psp
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: openebs-cstor-csi-node-binding
+  labels:
+    {{- include "cstor.csiNode.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: openebs-cstor-csi-node-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.csiNode.name }}
+    namespace: {{ $.Release.Namespace }}
+{{- end }}
+{{- end }}

helm/openebs/charts/cstor/templates/csi-node.yaml

@@ -0,0 +1,143 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ template "cstor.fullname" . }}-csi-node
+  {{- with .Values.csiNode.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cstor.csiNode.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "cstor.csiNode.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "cstor.csiNode.labels" . | nindent 8 }}
+        {{- if .Values.csiNode.podLabels }}
+        {{ toYaml .Values.csiNode.podLabels | nindent 8 }}
+        {{- end }}
+    spec:
+      priorityClassName: {{ template "cstor.csiNode.priorityClassName" . }}
+      serviceAccountName: {{ .Values.serviceAccount.csiNode.name }}
+      hostNetwork: true
+      containers:
+        - name: {{ .Values.csiNode.driverRegistrar.name }}
+          image: "{{ .Values.csiNode.driverRegistrar.image.registry }}{{ .Values.csiNode.driverRegistrar.image.repository }}:{{ .Values.csiNode.driverRegistrar.image.tag }}"
+          imagePullPolicy: {{ .Values.csiNode.driverRegistrar.image.pullPolicy }}
+          resources:
+{{ toYaml .Values.csiNode.resources | indent 12 }}
+          args:
+            - "--v={{ .Values.csiNode.driverRegistrar.logLevel | default .Values.csiNode.logLevel }}"
+            - "--csi-address=$(ADDRESS)"
+            - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
+          lifecycle:
+            preStop:
+              exec:
+                command: ["/bin/sh", "-c", "rm -rf /registration/cstor.csi.openebs.io /registration/cstor.csi.openebs.io-reg.sock"]
+          env:
+            - name: ADDRESS
+              value: /plugin/csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.csiNode.kubeletDir }}plugins/cstor.csi.openebs.io/csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: NODE_DRIVER
+              value: openebs-cstor-csi
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /plugin
+            - name: registration-dir
+              mountPath: /registration
+        - name: {{ .Values.cstorCSIPlugin.name }}
+          securityContext:
+            privileged: true
+            allowPrivilegeEscalation: true
+          image: "{{ .Values.cstorCSIPlugin.image.registry }}{{ .Values.cstorCSIPlugin.image.repository }}:{{ .Values.cstorCSIPlugin.image.tag }}"
+          imagePullPolicy: {{ .Values.cstorCSIPlugin.image.pullPolicy }}
+          args:
+            - "--nodeid=$(OPENEBS_NODE_ID)"
+            - "--endpoint=$(OPENEBS_CSI_ENDPOINT)"
+            - "--url=$(OPENEBS_CSI_API_URL)"
+            - "--plugin=$(OPENEBS_NODE_DRIVER)"
+          env:
+            - name: OPENEBS_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: OPENEBS_CSI_ENDPOINT
+              value: unix:///plugin/csi.sock
+            - name: OPENEBS_NODE_DRIVER
+              value: node
+            - name: OPENEBS_CSI_API_URL
+              value: https://openebs.io
+              # OpenEBS namespace where the openebs cstor operator components
+              # has been installed
+            - name: OPENEBS_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+              # Enable/Disable auto-remount feature, when volumes
+              # recovers from the read-only state
+            - name: REMOUNT
+              value: "{{ .Values.cstorCSIPlugin.remount }}"
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /plugin
+            - name: device-dir
+              mountPath: /dev
+            - name: pods-mount-dir
+              mountPath: {{ .Values.csiNode.kubeletDir }}
+              # needed so that any mounts setup inside this container are
+              # propagated back to the host machine.
+              mountPropagation: "Bidirectional"
+            - name: host-root
+              mountPath: /host
+              mountPropagation: "HostToContainer"
+            - name: chroot-iscsiadm
+              mountPath: /sbin/iscsiadm
+              subPath: iscsiadm
+      volumes:
+        - name: device-dir
+          hostPath:
+            path: /dev
+            type: Directory
+        - name: registration-dir
+          hostPath:
+            path: {{ .Values.csiNode.kubeletDir }}plugins_registry/
+            type: DirectoryOrCreate
+        - name: plugin-dir
+          hostPath:
+            path: {{ .Values.csiNode.kubeletDir }}plugins/cstor.csi.openebs.io/
+            type: DirectoryOrCreate
+        - name: pods-mount-dir
+          hostPath:
+            path: {{ .Values.csiNode.kubeletDir }}
+            type: Directory
+        - name: chroot-iscsiadm
+          configMap:
+            defaultMode: 0555
+            name: openebs-cstor-csi-iscsiadm
+        - name: host-root
+          hostPath:
+            path: /
+            type: Directory
+{{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 2 }}
+{{- end }}
+{{- if .Values.csiNode.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.csiNode.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.csiNode.securityContext }}
+      securityContext:
+{{ toYaml .Values.csiNode.securityContext | indent 8 }}
+{{- end }}
+{{- if .Values.csiNode.tolerations }}
+      tolerations:
+{{ toYaml .Values.csiNode.tolerations | indent 8 }}
+{{- end }}

helm/openebs/charts/cstor/templates/cspc-operator.yaml

@@ -0,0 +1,90 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "cstor.fullname" . }}-cspc-operator
+  {{- with .Values.cspcOperator.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cstor.cspcOperator.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "cstor.cspcOperator.matchLabels" . | nindent 6 }}
+  replicas: {{ .Values.cspcOperator.replicas }}
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      {{- with .Values.cspcOperator.podAnnotations }}
+      annotations: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "cstor.cspcOperator.labels" . | nindent 8 }}
+        {{- if .Values.cspcOperator.podLabels }}
+        {{ toYaml .Values.cspcOperator.podLabels | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ .Values.serviceAccount.cstorOperator.name }}
+      containers:
+        - name: {{ template "cstor.fullname" . }}-cspc-operator
+          imagePullPolicy: {{ .Values.cspcOperator.image.pullPolicy }}
+          image: "{{ .Values.cspcOperator.image.registry }}{{ .Values.cspcOperator.image.repository }}:{{ .Values.cspcOperator.image.tag }}"
+          resources:
+{{ toYaml .Values.cspcOperator.resources | indent 12 }}
+          env:
+            - name: OPENEBS_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OPENEBS_SERVICEACCOUNT_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.serviceAccountName
+            - name: CSPC_OPERATOR_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+{{- if .Values.cspcOperator.baseDir }}
+            # OPENEBS_IO_BASE_DIR is used to configure base directory for openebs on host path.
+            # Where OpenEBS can store required files. Default base path will be /var/openebs
+            - name: OPENEBS_IO_BASE_DIR
+              value: {{ .Values.cspcOperator.baseDir | quote }}
+{{- end }}
+{{- if .Values.cspcOperator.sparseDir }}
+            # OPENEBS_IO_CSTOR_POOL_SPARSE_DIR can be used to specify the hostpath
+            # to be used for saving the shared content between the side cars
+            # of cstor pool pod. This ENV is also used to indicate the location
+            # of the sparse devices.
+            # The default path used is /var/openebs/sparse
+            - name: OPENEBS_IO_CSTOR_POOL_SPARSE_DIR
+              value: "{{ .Values.cspcOperator.sparseDir }}"
+{{- end }}
+            - name: OPENEBS_IO_CSPI_MGMT_IMAGE
+              value: "{{ .Values.cspcOperator.poolManager.image.registry }}{{ .Values.cspcOperator.poolManager.image.repository }}:{{ .Values.cspcOperator.poolManager.image.tag }}"
+            - name: OPENEBS_IO_CSTOR_POOL_IMAGE
+              value: "{{ .Values.cspcOperator.cstorPool.image.registry }}{{ .Values.cspcOperator.cstorPool.image.repository }}:{{ .Values.cspcOperator.cstorPool.image.tag }}"
+            - name:  OPENEBS_IO_CSTOR_POOL_EXPORTER_IMAGE
+              value: "{{ .Values.cspcOperator.cstorPoolExporter.image.registry }}{{ .Values.cspcOperator.cstorPoolExporter.image.repository }}:{{ .Values.cspcOperator.cstorPoolExporter.image.tag }}"
+            - name: RESYNC_INTERVAL
+              value: "{{ .Values.cspcOperator.resyncInterval }}"
+{{- if .Values.imagePullSecrets }}
+            - name: OPENEBS_IO_IMAGE_PULL_SECRETS
+              value: "{{- range $.Values.imagePullSecrets }}{{ .name }},{{- end }}"
+{{- end }}
+{{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 2 }}
+{{- end }}
+{{- if .Values.cspcOperator.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.cspcOperator.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.cspcOperator.securityContext }}
+      securityContext:
+{{ toYaml .Values.cspcOperator.securityContext | indent 8 }}
+{{- end }}
+{{- if .Values.cspcOperator.tolerations }}
+      tolerations:
+{{ toYaml .Values.cspcOperator.tolerations | indent 8 }}
+{{- end }}

helm/openebs/charts/cstor/templates/cvc-operator-service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "cstor.fullname" . }}-cvc-operator-svc
+  labels:
+    {{- include "cstor.cvcOperatorService.labels" . | nindent 4 }}
+spec:
+  ports:
+    - name: api
+      port: 5757
+      protocol: TCP
+      targetPort: 5757
+  selector:
+    name: cvc-operator
+  sessionAffinity: None

helm/openebs/charts/cstor/templates/cvc-operator.yaml

@@ -0,0 +1,80 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "cstor.fullname" . }}-cvc-operator
+  {{- with .Values.cvcOperator.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cstor.cvcOperator.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "cstor.cvcOperator.matchLabels" . | nindent 6 }}
+  replicas: {{ .Values.cvcOperator.replicas }}
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        {{- include "cstor.cvcOperator.labels" . | nindent 8 }}
+        {{- if .Values.cvcOperator.podLabels }}
+        {{ toYaml .Values.cvcOperator.podLabels | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ .Values.serviceAccount.cstorOperator.name }}
+      containers:
+        - name: {{ template "cstor.fullname" . }}-cvc-operator
+          imagePullPolicy: {{ .Values.cvcOperator.image.pullPolicy }}
+          image: "{{ .Values.cvcOperator.image.registry }}{{ .Values.cvcOperator.image.repository }}:{{ .Values.cvcOperator.image.tag }}"
+          args:
+            - "--v={{ .Values.cvcOperator.logLevel }}"
+            - "--leader-election=false"
+            - "--bind=$(OPENEBS_CVC_POD_IP)"
+          resources:
+{{ toYaml .Values.cvcOperator.resources | indent 12 }}
+          env:
+{{- if .Values.cvcOperator.baseDir }}
+            # OPENEBS_IO_BASE_DIR is used to configure base directory for openebs on host path.
+            # Where OpenEBS can store required files. Default base path will be /var/openebs
+            - name: OPENEBS_IO_BASE_DIR
+              value: "{{ .Values.cvcOperator.baseDir }}"
+{{- end }}
+            - name: OPENEBS_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OPENEBS_SERVICEACCOUNT_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.serviceAccountName
+            - name: OPENEBS_CVC_POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: OPENEBS_IO_CSTOR_TARGET_IMAGE
+              value: "{{ .Values.cvcOperator.target.image.registry }}{{ .Values.cvcOperator.target.image.repository }}:{{ .Values.cvcOperator.target.image.tag }}"
+            - name:  OPENEBS_IO_CSTOR_VOLUME_MGMT_IMAGE
+              value: "{{ .Values.cvcOperator.volumeMgmt.image.registry }}{{ .Values.cvcOperator.volumeMgmt.image.repository }}:{{ .Values.cvcOperator.volumeMgmt.image.tag }}"
+            - name:  OPENEBS_IO_VOLUME_MONITOR_IMAGE
+              value: "{{ .Values.cvcOperator.volumeExporter.image.registry }}{{ .Values.cvcOperator.volumeExporter.image.repository }}:{{ .Values.cvcOperator.volumeExporter.image.tag }}"
+{{- if .Values.imagePullSecrets }}
+            - name: OPENEBS_IO_IMAGE_PULL_SECRETS
+              value: "{{- range $.Values.imagePullSecrets }}{{ .name }},{{- end }}"
+{{- end }}
+{{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 2 }}
+{{- end }}
+{{- if .Values.cvcOperator.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.cvcOperator.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.cvcOperator.securityContext }}
+      securityContext:
+{{ toYaml .Values.cvcOperator.securityContext | indent 8 }}
+{{- end }}
+{{- if .Values.cvcOperator.tolerations }}
+      tolerations:
+{{ toYaml .Values.cvcOperator.tolerations | indent 8 }}
+{{- end }}

helm/openebs/charts/cstor/templates/priority-class.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.csiController.priorityClass.create }}
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: {{ template "cstor.csiController.priorityClassName" . }}
+value: {{ .Values.csiController.priorityClass.value }}
+globalDefault: false
+description: "This priority class should be used for the CStor CSI driver controller deployment only."
+{{- end }}
+---
+{{- if .Values.csiNode.priorityClass.create }}
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+  name: {{ template "cstor.csiNode.priorityClassName" . }}
+value: {{ .Values.csiNode.priorityClass.value }}
+globalDefault: false
+description: "This priority class should be used for the CStor CSI driver node deployment only."
+{{- end }}

helm/openebs/charts/cstor/templates/psp.yaml

@@ -0,0 +1,24 @@
+{{- if .Values.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: openebs-cstor-csi-node-psp
+  labels:
+    {{- include "cstor.csiNode.labels" . | nindent 4 }}
+spec:
+  privileged: true
+  allowPrivilegeEscalation: true
+  allowedCapabilities: ['*']
+  volumes: ['*']
+  hostNetwork: true
+  hostIPC: true
+  hostPID: true
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
+{{- end }}

helm/openebs/charts/cstor/templates/rbac.yaml

@@ -0,0 +1,117 @@
+{{- if .Values.serviceAccount.cstorOperator.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.cstorOperator.name }}
+  labels:
+    {{- include "cstor.common.metaLabels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- if .Values.rbac.create }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-operator
+  {{- with .Values.serviceAccount.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cstor.common.metaLabels" . | nindent 4 }}
+rules:
+  - apiGroups: ["*"]
+    resources: ["nodes", "nodes/proxy"]
+    verbs: ["*"]
+  - apiGroups: ["*"]
+    resources: ["namespaces", "services", "pods", "deployments", "deployments/finalizers", "replicationcontrollers", "replicasets", "events", "endpoints", "configmaps", "secrets", "jobs", "cronjobs"]
+    verbs: ["*"]
+  - apiGroups: ["*"]
+    resources: ["statefulsets", "daemonsets"]
+    verbs: ["*"]
+  - apiGroups: ["*"]
+    resources: ["resourcequotas", "limitranges"]
+    verbs: ["list", "watch"]
+  - apiGroups: ["*"]
+    resources: ["certificatesigningrequests"]
+    verbs: ["list", "watch"]
+  - apiGroups: ["*"]
+    resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"]
+    verbs: ["*"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: [ "get", "list", "create", "update", "delete", "patch"]
+  - apiGroups: ["openebs.io"]
+    resources: ["*"]
+    verbs: ["*" ]
+  - apiGroups: ["cstor.openebs.io"]
+    resources: ["*"]
+    verbs: ["*" ]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  - apiGroups: ["admissionregistration.k8s.io"]
+    resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
+    verbs: ["get", "create", "list", "delete", "update", "patch"]
+  - nonResourceURLs: ["/metrics"]
+    verbs: ["get"]
+  - apiGroups: ["*"]
+    resources: ["upgradetasks","migrationtasks"]
+    verbs: ["*"]
+  - apiGroups: ["*"]
+    resources: ["poddisruptionbudgets"]
+    verbs: ["get", "list", "create", "delete", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: openebs-cstor-operator
+  {{- with .Values.serviceAccount.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cstor.common.metaLabels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: openebs-cstor-operator
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount.cstorOperator.name }}
+  namespace: {{ .Release.Namespace }}
+---
+# Define Role that allows operations required for migration of snapshots
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-migration
+  labels:
+    {{- include "cstor.common.metaLabels" . | nindent 4 }}
+rules:
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotclasses"]
+    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["create", "get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["create", "get", "list"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-cstor-migration
+  labels:
+    {{- include "cstor.common.metaLabels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount.cstorOperator.name }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: openebs-cstor-migration
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}

helm/openebs/charts/cstor/templates/snapshot-class.yaml

@@ -0,0 +1,14 @@
+{{ if or (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass") (.Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1/VolumeSnapshotClass") }}
+kind: VolumeSnapshotClass
+apiVersion: {{ if .Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass" -}}
+  snapshot.storage.k8s.io/v1beta1
+{{- else -}}
+  snapshot.storage.k8s.io/v1
+{{- end }}
+metadata:
+  name: csi-cstor-snapshotclass
+  annotations:
+    snapshot.storage.kubernetes.io/is-default-class: "true"
+driver: cstor.csi.openebs.io
+deletionPolicy: Delete
+{{- end }}