sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

디렉토리 구조 및 각 서비스 추가

Browse Source
This commit is contained in:
dsk-minchulahn
2024-01-03 17:29:11 +09:00
parent 98de2a7627
commit d601d0f259
1632 changed files with 207616 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
helm/openebs/charts/jiva/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,8 @@
The OpenEBS jiva has been installed check its status by running:
$ kubectl get pods -n {{ .Release.Namespace }}
For more information, visit our Slack at https://openebs.io/community or view
the documentation online at http://docs.openebs.io/.
For more information related to jiva volume provisioning, visit
https://github.com/openebs/jiva-operator/tree/master/docs .

150
helm/openebs/charts/jiva/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,150 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "jiva.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "jiva.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "jiva.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "jiva.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "jiva.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Define meta labels for jiva components
*/}}
{{- define "jiva.common.metaLabels" -}}
chart: {{ template "jiva.chart" . }}
heritage: {{ .Release.Service }}
openebs.io/version: {{ .Values.release.version | quote }}
{{- end -}}
{{/*
Create match labels for jiva operator
*/}}
{{- define "jiva.operator.matchLabels" -}}
name: {{ .Values.jivaOperator.componentName | quote }}
release: {{ .Release.Name }}
component: {{ .Values.jivaOperator.componentName | quote }}
{{- end -}}
{{/*
Create component labels jiva operator
*/}}
{{- define "jiva.operator.componentLabels" -}}
openebs.io/component-name: {{ .Values.jivaOperator.componentName | quote }}
{{- end -}}
{{/*
Create labels for jiva operator
*/}}
{{- define "jiva.operator.labels" -}}
{{ include "jiva.common.metaLabels" . }}
{{ include "jiva.operator.matchLabels" . }}
{{ include "jiva.operator.componentLabels" . }}
{{- end -}}
{{/*
Create match labels for jiva csi node operator
*/}}
{{- define "jiva.csiNode.matchLabels" -}}
name: {{ .Values.csiNode.componentName | quote }}
release: {{ .Release.Name }}
component: {{ .Values.csiNode.componentName | quote }}
{{- end -}}
{{/*
Create component labels jiva csi node operator
*/}}
{{- define "jiva.csiNode.componentLabels" -}}
openebs.io/component-name: {{ .Values.csiNode.componentName | quote }}
{{- end -}}
{{/*
Create labels for jiva csi node operator
*/}}
{{- define "jiva.csiNode.labels" -}}
{{ include "jiva.common.metaLabels" . }}
{{ include "jiva.csiNode.matchLabels" . }}
{{ include "jiva.csiNode.componentLabels" . }}
{{- end -}}
{{/*
Create match labels for jiva csi controller
*/}}
{{- define "jiva.csiController.matchLabels" -}}
name: {{ .Values.csiController.componentName | quote }}
release: {{ .Release.Name }}
component: {{ .Values.csiController.componentName | quote }}
{{- end -}}
{{/*
Create component labels jiva csi controller
*/}}
{{- define "jiva.csiController.componentLabels" -}}
openebs.io/component-name: {{ .Values.csiController.componentName | quote }}
{{- end -}}
{{/*
Create labels for jiva csi controller
*/}}
{{- define "jiva.csiController.labels" -}}
{{ include "jiva.common.metaLabels" . }}
{{ include "jiva.csiController.matchLabels" . }}
{{ include "jiva.csiController.componentLabels" . }}
{{- end -}}
{{/*
Create the name of the priority class for csi node plugin
*/}}
{{- define "jiva.csiNode.priorityClassName" -}}
{{- if .Values.csiNode.priorityClass.create }}
{{- printf "%s-%s" .Release.Name .Values.csiNode.priorityClass.name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s" .Values.csiNode.priorityClass.name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{/*
Create the name of the priority class for csi controller plugin
*/}}
{{- define "jiva.csiController.priorityClassName" -}}
{{- if .Values.csiController.priorityClass.create }}
{{- printf "%s-%s" .Release.Name .Values.csiController.priorityClass.name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s" .Values.csiController.priorityClass.name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}

196
helm/openebs/charts/jiva/templates/csi-controller-rbac.yaml Normal file
View File

@@ -0,0 +1,196 @@
{{- if .Values.serviceAccount.csiController.create -}}
kind: ServiceAccount
apiVersion: v1
metadata:
name: {{ .Values.serviceAccount.csiController.name }}
labels:
{{- include "jiva.csiController.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.rbac.create }}
---
# jiva csi roles and bindings
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-jiva-csi-snapshotter-binding
labels:
{{- include "jiva.csiController.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.csiController.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: openebs-jiva-csi-snapshotter-role
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-jiva-csi-snapshotter-role
labels:
{{- include "jiva.csiController.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["update"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create", "list", "watch", "delete", "get", "update"]
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-jiva-csi-provisioner-role
labels:
{{- include "jiva.csiController.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["secrets","namespaces"]
verbs: ["get", "list"]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [""]
resources: ["persistentvolumes", "services"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses", "csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["get", "list"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["*"]
- apiGroups: ["*"]
resources: ["jivavolumeattachments", "jivavolumes","jivavolumeconfigs"]
verbs: ["*"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-jiva-csi-provisioner-binding
labels:
{{- include "jiva.csiController.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.csiController.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: openebs-jiva-csi-provisioner-role
apiGroup: rbac.authorization.k8s.io
---
############################## CSI- Attacher #######################
# Attacher must be able to work with PVs, nodes and VolumeAttachments
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-jiva-csi-attacher-role
labels:
{{- include "jiva.csiController.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments", "csinodes"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattachments/status" ]
verbs: [ "patch" ]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-jiva-csi-attacher-binding
labels:
{{- include "jiva.csiController.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.csiController.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: openebs-jiva-csi-attacher-role
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-jiva-csi-cluster-registrar-role
labels:
{{- include "jiva.csiController.labels" . | nindent 4 }}
rules:
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csidrivers"]
verbs: ["create", "delete"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-jiva-csi-cluster-registrar-binding
labels:
{{- include "jiva.csiController.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.csiController.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: openebs-jiva-csi-cluster-registrar-role
apiGroup: rbac.authorization.k8s.io
{{- end }}

134
helm/openebs/charts/jiva/templates/csi-controller.yaml Normal file
View File

@@ -0,0 +1,134 @@
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: {{ template "jiva.fullname" . }}-csi-controller
{{- with .Values.csiController.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "jiva.csiController.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "jiva.csiController.matchLabels" . | nindent 6 }}
serviceName: "openebs-csi"
replicas: {{ .Values.csiController.replicas }}
template:
metadata:
labels:
{{- include "jiva.csiController.labels" . | nindent 8 }}
{{- if .Values.csiController.podLabels }}
{{ toYaml .Values.csiController.podLabels | nindent 8 }}
{{- end }}
spec:
priorityClassName: {{ template "jiva.csiController.priorityClassName" . }}
serviceAccountName: {{ .Values.serviceAccount.csiController.name }}
containers:
- name: {{ .Values.csiController.resizer.name }}
image: "{{ .Values.csiController.resizer.image.registry }}{{ .Values.csiController.resizer.image.repository }}:{{ .Values.csiController.resizer.image.tag }}"
resources:
{{ toYaml .Values.csiController.resources | indent 12 }}
args:
- "--v={{ .Values.csiController.resizer.logLevel | default .Values.csiController.logLevel }}"
- "--csi-address=$(ADDRESS)"
- "--leader-election"
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
imagePullPolicy: {{ .Values.csiController.resizer.image.pullPolicy }}
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: {{ .Values.csiController.provisioner.name }}
image: "{{ .Values.csiController.provisioner.image.registry }}{{ .Values.csiController.provisioner.image.repository }}:{{ .Values.csiController.provisioner.image.tag }}"
imagePullPolicy: {{ .Values.csiController.provisioner.image.pullPolicy }}
args:
- "--csi-address=$(ADDRESS)"
- "--v={{ .Values.csiController.provisioner.logLevel | default .Values.csiController.logLevel }}"
- "--feature-gates=Topology=true"
- "--extra-create-metadata=true"
- "--metrics-address=:22011"
- "--timeout=250s"
- "--default-fstype=ext4"
env:
- name: MY_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: {{ .Values.csiController.attacher.name }}
image: "{{ .Values.csiController.attacher.image.registry }}{{ .Values.csiController.attacher.image.repository }}:{{ .Values.csiController.attacher.image.tag }}"
imagePullPolicy: {{ .Values.csiController.attacher.image.pullPolicy }}
args:
- "--v={{ .Values.csiController.attacher.logLevel | default .Values.csiController.logLevel }}"
- "--csi-address=$(ADDRESS)"
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: {{ .Values.jivaCSIPlugin.name }}
image: "{{ .Values.jivaCSIPlugin.image.registry }}{{ .Values.jivaCSIPlugin.image.repository }}:{{ .Values.jivaCSIPlugin.image.tag }}"
imagePullPolicy: {{ .Values.jivaCSIPlugin.image.pullPolicy }}
env:
- name: OPENEBS_JIVA_CSI_CONTROLLER
value: controller
- name: OPENEBS_JIVA_CSI_ENDPOINT
value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
- name: OPENEBS_CSI_API_URL
value: https://openebs.io
- name: OPENEBS_NODEID
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
# OpenEBS namespace where the openebs jiva operator components
# has been installed
- name: OPENEBS_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OPENEBS_IO_INSTALLER_TYPE
value: "jiva-helm"
- name: OPENEBS_IO_ENABLE_ANALYTICS
value: "{{ .Values.analytics.enabled }}"
args :
- "--endpoint=$(OPENEBS_JIVA_CSI_ENDPOINT)"
- "--plugin=$(OPENEBS_JIVA_CSI_CONTROLLER)"
- "--name=jiva.csi.openebs.io"
- "--nodeid=$(OPENEBS_NODEID)"
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: {{ .Values.csiController.livenessprobe.name }}
image: "{{ .Values.csiController.livenessprobe.image.registry }}{{ .Values.csiController.livenessprobe.image.repository }}:{{ .Values.csiController.livenessprobe.image.tag }}"
imagePullPolicy: {{ .Values.csiController.livenessprobe.image.pullPolicy }}
args:
- "--csi-address=/csi/csi.sock"
volumeMounts:
- mountPath: /csi
name: socket-dir
volumes:
- name: socket-dir
emptyDir: {}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.csiController.nodeSelector }}
nodeSelector:
{{ toYaml .Values.csiController.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.csiController.securityContext }}
securityContext:
{{ toYaml .Values.csiController.securityContext | indent 8 }}
{{- end }}
{{- if .Values.csiController.tolerations }}
tolerations:
{{ toYaml .Values.csiController.tolerations | indent 8 }}
{{- end }}

9
helm/openebs/charts/jiva/templates/csi-driver.yaml Normal file
View File

@@ -0,0 +1,9 @@
{{- if .Values.csiDriver.create -}}
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: jiva.csi.openebs.io
spec:
podInfoOnMount: {{ .Values.csiDriver.podInfoOnMount }}
attachRequired: {{ .Values.csiDriver.attachRequired }}
{{- end }}

18
helm/openebs/charts/jiva/templates/csi-iscsiadm-config.yaml Normal file
View File

@@ -0,0 +1,18 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: openebs-jiva-csi-iscsiadm
data:
iscsiadm: |
#!/bin/sh
if [ -x /host/sbin/iscsiadm ]; then
chroot /host /sbin/iscsiadm "$@"
elif [ -x /host/usr/local/sbin/iscsiadm ]; then
chroot /host /usr/local/sbin/iscsiadm "$@"
elif [ -x /host/bin/iscsiadm ]; then
chroot /host /bin/iscsiadm "$@"
elif [ -x /host/usr/local/bin/iscsiadm ]; then
chroot /host /usr/local/bin/iscsiadm "$@"
else
chroot /host iscsiadm "$@"
fi

43
helm/openebs/charts/jiva/templates/csi-node-rbac.yaml Normal file
View File

@@ -0,0 +1,43 @@
{{- if .Values.serviceAccount.csiNode.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.csiNode.name }}
labels:
{{- include "jiva.csiNode.labels" . | nindent 4 }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if .Values.rbac.create }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-jiva-csi-registrar-role
labels:
{{- include "jiva.csiNode.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["persistentvolumes", "nodes", "services"]
verbs: ["get", "list", "patch"]
- apiGroups: ["*"]
resources: ["jivavolumes"]
verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-jiva-csi-registrar-binding
labels:
{{- include "jiva.csiNode.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.csiNode.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: openebs-jiva-csi-registrar-role
apiGroup: rbac.authorization.k8s.io
{{- end }}

165
helm/openebs/charts/jiva/templates/csi-node.yaml Normal file
View File

@@ -0,0 +1,165 @@
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ template "jiva.fullname" . }}-csi-node
{{- with .Values.csiNode.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "jiva.csiNode.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "jiva.csiNode.matchLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "jiva.csiNode.labels" . | nindent 8 }}
{{- if .Values.csiNode.podLabels }}
{{ toYaml .Values.csiNode.podLabels | nindent 8 }}
{{- end }}
spec:
priorityClassName: {{ template "jiva.csiNode.priorityClassName" . }}
serviceAccountName: {{ .Values.serviceAccount.csiNode.name }}
hostNetwork: true
containers:
- name: {{ .Values.csiNode.driverRegistrar.name }}
image: "{{ .Values.csiNode.driverRegistrar.image.registry }}{{ .Values.csiNode.driverRegistrar.image.repository }}:{{ .Values.csiNode.driverRegistrar.image.tag }}"
imagePullPolicy: {{ .Values.csiNode.driverRegistrar.image.pullPolicy }}
resources:
{{ toYaml .Values.csiNode.resources | indent 12 }}
args:
- "--v={{ .Values.csiNode.driverRegistrar.logLevel | default .Values.csiNode.logLevel }}"
- "--csi-address=$(ADDRESS)"
- "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "rm -rf /registration/jiva.csi.openebs.io /registration/jiva.csi.openebs.io-reg.sock"]
env:
- name: ADDRESS
value: /plugin/csi.sock
- name: DRIVER_REG_SOCK_PATH
value: {{ .Values.csiNode.kubeletDir }}plugins/jiva.csi.openebs.io/csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODE_DRIVER
value: openebs-jiva-csi
volumeMounts:
- name: plugin-dir
mountPath: /plugin
- name: registration-dir
mountPath: /registration
- name: {{ .Values.jivaCSIPlugin.name }}
securityContext:
privileged: true
allowPrivilegeEscalation: true
image: "{{ .Values.jivaCSIPlugin.image.registry }}{{ .Values.jivaCSIPlugin.image.repository }}:{{ .Values.jivaCSIPlugin.image.tag }}"
imagePullPolicy: {{ .Values.jivaCSIPlugin.image.pullPolicy }}
args:
- "--name=jiva.csi.openebs.io"
- "--nodeid=$(OPENEBS_NODE_ID)"
- "--endpoint=$(OPENEBS_CSI_ENDPOINT)"
- "--plugin=$(OPENEBS_NODE_DRIVER)"
# enableiscsidebug is used to enable debug logs for iscsi operations
- "--enableiscsidebug=true"
# logging level for klog library used in k8s packages
#- "--v=5"
# retrycount is the max number of retries per nodeStaging rpc
# request on a timeout of 5 sec
# This count has been set to 20 for sanity test cases as it takes
# time in minikube
- "--retrycount=20"
# metricsBindAddress is the TCP address that the controller should bind to
# for serving prometheus metrics. By default the address is set to localhost:9505.
# The address can be configured to any desired address.
# Remove the flag to disable prometheus metrics.
- "--metricsBindAddress=:9505"
env:
- name: OPENEBS_NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OPENEBS_CSI_ENDPOINT
value: unix:///plugin/csi.sock
- name: OPENEBS_NODE_DRIVER
value: node
- name: OPENEBS_CSI_API_URL
value: https://openebs.io
# OpenEBS namespace where the openebs jiva operator components
# has been installed
- name: OPENEBS_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# Enable/Disable auto-remount feature, when volumes
# recovers form the read-only state
- name: REMOUNT
value: "{{ .Values.jivaCSIPlugin.remount }}"
volumeMounts:
- name: plugin-dir
mountPath: /plugin
- name: device-dir
mountPath: /dev
- name: pods-mount-dir
mountPath: {{ .Values.csiNode.kubeletDir }}
# needed so that any mounts setup inside this container are
# propagated back to the host machine.
mountPropagation: "Bidirectional"
- name: host-root
mountPath: /host
mountPropagation: "HostToContainer"
- name: chroot-iscsiadm
mountPath: /sbin/iscsiadm
subPath: iscsiadm
- name: {{ .Values.csiNode.livenessprobe.name }}
image: "{{ .Values.csiNode.livenessprobe.image.registry }}{{ .Values.csiNode.livenessprobe.image.repository }}:{{ .Values.csiNode.livenessprobe.image.tag }}"
imagePullPolicy: {{ .Values.csiNode.livenessprobe.image.pullPolicy }}
args:
- "--csi-address=/plugin/csi.sock"
volumeMounts:
- mountPath: /plugin
name: plugin-dir
volumes:
- name: device-dir
hostPath:
path: /dev
type: Directory
- name: registration-dir
hostPath:
path: {{ .Values.csiNode.kubeletDir }}plugins_registry/
type: DirectoryOrCreate
- name: plugin-dir
hostPath:
path: {{ .Values.csiNode.kubeletDir }}plugins/jiva.csi.openebs.io/
type: DirectoryOrCreate
- name: pods-mount-dir
hostPath:
path: {{ .Values.csiNode.kubeletDir }}
type: Directory
- name: chroot-iscsiadm
configMap:
defaultMode: 0555
name: openebs-jiva-csi-iscsiadm
- name: host-root
hostPath:
path: /
type: Directory
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.csiNode.nodeSelector }}
nodeSelector:
{{ toYaml .Values.csiNode.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.csiNode.securityContext }}
securityContext:
{{ toYaml .Values.csiNode.securityContext | indent 8 }}
{{- end }}
{{- if .Values.csiNode.tolerations }}
tolerations:
{{ toYaml .Values.csiNode.tolerations | indent 8 }}
{{- end }}

10
helm/openebs/charts/jiva/templates/default-policy.yaml Normal file
View File

@@ -0,0 +1,10 @@
{{- if .Values.defaultPolicy.enabled }}
apiVersion: openebs.io/v1alpha1
kind: JivaVolumePolicy
metadata:
name: {{ .Values.defaultPolicy.name }}
spec:
replicaSC: {{ .Values.defaultPolicy.replicaSC }}
target:
replicationFactor: {{ .Values.defaultPolicy.replicas }}
{{- end }}

17
helm/openebs/charts/jiva/templates/default-storageclass.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.storageClass.enabled }}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: {{ .Values.storageClass.name }}
annotations:
{{- if .Values.storageClass.isDefaultClass }}
storageclass.kubernetes.io/is-default-class: "true"
{{- end }}
provisioner: jiva.csi.openebs.io
volumeBindingMode: Immediate
allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }}
reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }}
parameters:
cas-type: "jiva"
policy: {{ .Values.defaultPolicy.name }}
{{- end }}

103
helm/openebs/charts/jiva/templates/jiva-operator-rbac.yaml Normal file
View File

@@ -0,0 +1,103 @@
{{- if .Values.serviceAccount.jivaOperator.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.jivaOperator.name }}
labels:
{{- include "jiva.common.metaLabels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: jiva-operator
rules:
- apiGroups:
- ""
resources:
- pods
- services
- services/finalizers
- endpoints
- persistentvolumes
- persistentvolumeclaims
- events
- configmaps
- secrets
verbs:
- '*'
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- jiva-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- '*'
- apiGroups:
- openebs.io
resources:
- '*'
verbs:
- '*'
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-jiva-operator
{{- with .Values.serviceAccount.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "jiva.common.metaLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.jivaOperator.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: jiva-operator
apiGroup: rbac.authorization.k8s.io
{{- end }}

74
helm/openebs/charts/jiva/templates/jiva-operator.yaml Normal file
View File

@@ -0,0 +1,74 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "jiva.fullname" . }}-operator
{{- with .Values.jivaOperator.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "jiva.operator.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "jiva.operator.matchLabels" . | nindent 6 }}
replicas: {{ .Values.jivaOperator.replicas }}
strategy:
type: Recreate
template:
metadata:
labels:
{{- include "jiva.operator.labels" . | nindent 8 }}
{{- if .Values.jivaOperator.podLabels }}
{{ toYaml .Values.jivaOperator.podLabels | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ .Values.serviceAccount.jivaOperator.name }}
containers:
- name: {{ template "jiva.fullname" . }}-operator
imagePullPolicy: {{ .Values.jivaOperator.image.pullPolicy }}
image: "{{ .Values.jivaOperator.image.registry }}{{ .Values.jivaOperator.image.repository }}:{{ .Values.jivaOperator.image.tag }}"
command:
- jiva-operator
resources:
{{ toYaml .Values.jivaOperator.resources | indent 12 }}
env:
- name: OPENEBS_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "jiva-operator"
- name: OPENEBS_SERVICEACCOUNT_NAME
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: OPENEBS_IO_JIVA_CONTROLLER_IMAGE
value: "{{ .Values.jivaOperator.controller.image.registry }}{{ .Values.jivaOperator.controller.image.repository }}:{{ .Values.jivaOperator.controller.image.tag }}"
- name: OPENEBS_IO_JIVA_REPLICA_IMAGE
value: "{{ .Values.jivaOperator.replica.image.registry }}{{ .Values.jivaOperator.replica.image.repository }}:{{ .Values.jivaOperator.replica.image.tag }}"
- name: OPENEBS_IO_MAYA_EXPORTER_IMAGE
value: "{{ .Values.jivaOperator.exporter.image.registry }}{{ .Values.jivaOperator.exporter.image.repository }}:{{ .Values.jivaOperator.exporter.image.tag }}"
{{- if .Values.imagePullSecrets }}
- name: OPENEBS_IO_IMAGE_PULL_SECRETS
value: "{{- range $.Values.imagePullSecrets }}{{ .name }},{{- end }}"
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | nindent 8 }}
{{- end }}
{{- if .Values.jivaOperator.nodeSelector }}
nodeSelector:
{{ toYaml .Values.jivaOperator.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.jivaOperator.securityContext }}
securityContext:
{{ toYaml .Values.jivaOperator.securityContext | indent 8 }}
{{- end }}
{{- if .Values.jivaOperator.tolerations }}
tolerations:
{{ toYaml .Values.jivaOperator.tolerations | indent 8 }}
{{- end }}

19
helm/openebs/charts/jiva/templates/priority-class.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.csiController.priorityClass.create }}
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: {{ template "jiva.csiController.priorityClassName" . }}
value: {{ .Values.csiController.priorityClass.value }}
globalDefault: false
description: "This priority class should be used for the OpenEBS CSI driver controller deployment only."
{{- end }}
---
{{- if .Values.csiNode.priorityClass.create }}
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: {{ template "jiva.csiNode.priorityClassName" . }}
value: {{ .Values.csiNode.priorityClass.value }}
globalDefault: false
description: "This priority class should be used for the OpenEBS CSI driver node deployment only."
{{- end }}

27
helm/openebs/charts/jiva/templates/psp.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "jiva.fullname" . }}-psp
{{- with .Values.csiNode.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "jiva.csiNode.labels" . | nindent 4 }}
spec:
privileged: true
allowPrivilegeEscalation: true
allowedCapabilities: ['*']
volumes: ['*']
hostNetwork: true
hostIPC: true
hostPID: true
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'
{{- end }}