디렉토리 구조 및 각 서비스 추가

helm/openebs/charts/localpv-provisioner/templates/NOTES.txt

@@ -0,0 +1,12 @@
+The OpenEBS Dynamic LocalPV Provisioner has been installed.
+Check its status by running:
+$ kubectl get pods -n {{ .Release.Namespace }}
+
+Use `kubectl get bd -n {{ .Release.Namespace }}` to list the 
+blockdevices attached to the Kubernetes cluster nodes.
+
+Get started with the Dynamic LocalPV Provisioner Quickstart guide at:
+https://github.com/openebs/dynamic-localpv-provisioner/blob/develop/docs/quickstart.md
+
+For more information, visit our Slack at https://openebs.io/community or view 
+the OpenEBS documentation online at https://openebs.io/docs

helm/openebs/charts/localpv-provisioner/templates/_helpers.tpl

@@ -0,0 +1,79 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "localpv.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified localpv provisioner name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "localpv.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "localpv.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Meta labels
+*/}}
+{{- define "localpv.common.metaLabels" -}}
+chart: {{ template "localpv.chart" . }}
+heritage: {{ .Release.Service }}
+openebs.io/version: {{ .Values.release.version | quote }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "localpv.selectorLabels" -}}
+app: {{ template "localpv.name" . }}
+release: {{ .Release.Name }}
+component: {{ .Values.localpv.name | quote }}
+{{- end -}}
+
+{{/*
+Component labels
+*/}}
+{{- define "localpv.componentLabels" -}}
+openebs.io/component-name: openebs-{{ .Values.localpv.name }}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "localpv.labels" -}}
+{{ include "localpv.common.metaLabels" . }}
+{{ include "localpv.selectorLabels" . }}
+{{ include "localpv.componentLabels" . }}
+{{- end -}}
+
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "localpv.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "localpv.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

helm/openebs/charts/localpv-provisioner/templates/deployment.yaml

@@ -0,0 +1,120 @@
+{{- if .Values.localpv.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "localpv.fullname" . }}
+  {{- with .Values.localpv.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "localpv.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.localpv.replicas }}
+  strategy:
+    type: "Recreate"
+    rollingUpdate: null
+  selector:
+    matchLabels:
+      {{- include "localpv.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.localpv.podAnnotations }}
+      annotations: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "localpv.labels" . | nindent 8 }}
+        {{- with .Values.localpv.podLabels }}
+        {{ toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "localpv.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+      - name: {{ template "localpv.fullname" . }}
+        image: "{{ .Values.localpv.image.registry }}{{ .Values.localpv.image.repository }}:{{ .Values.localpv.image.tag }}"
+        imagePullPolicy: {{ .Values.localpv.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.localpv.resources | indent 10 }}
+        args:
+          - "--bd-time-out=$(BDC_BD_BIND_RETRIES)"
+        env:
+        # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s
+        # based on this address. This is ignored if empty.
+        # This is supported for openebs provisioner version 0.5.2 onwards
+        #- name: OPENEBS_IO_K8S_MASTER
+        #  value: "http://10.128.0.12:8080"
+        # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s
+        # based on this config. This is ignored if empty.
+        # This is supported for openebs provisioner version 0.5.2 onwards
+        #- name: OPENEBS_IO_KUBE_CONFIG
+        #  value: "/home/ubuntu/.kube/config"
+        # This sets the number of times the provisioner should try
+        # with a polling interval of 5 seconds, to get the Blockdevice
+        # Name from a BlockDeviceClaim, before the BlockDeviceClaim
+        # is deleted. E.g. 12 * 5 seconds = 60 seconds timeout
+        - name: BDC_BD_BIND_RETRIES
+          value: "{{ .Values.localpv.waitForBDBindTimeoutRetryCount }}"
+        - name: OPENEBS_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        # OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as
+        # environment variable
+        - name: OPENEBS_SERVICE_ACCOUNT
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.serviceAccountName
+        # OPENEBS_IO_BASE_PATH is the environment variable that provides the
+        # default base path on the node where host-path PVs will be provisioned.
+        - name: OPENEBS_IO_ENABLE_ANALYTICS
+          value: "{{ .Values.analytics.enabled }}"
+        - name: OPENEBS_IO_BASE_PATH
+          value: "{{ .Values.localpv.basePath }}"
+        - name: OPENEBS_IO_HELPER_IMAGE
+          value: "{{ .Values.helperPod.image.registry }}{{ .Values.helperPod.image.repository }}:{{ .Values.helperPod.image.tag }}"
+        - name: OPENEBS_IO_INSTALLER_TYPE
+          value: "localpv-charts-helm"
+        # LEADER_ELECTION_ENABLED is used to enable/disable leader election. By default
+        # leader election is enabled.
+        - name: LEADER_ELECTION_ENABLED
+          value: "{{ .Values.localpv.enableLeaderElection }}"
+{{- if .Values.imagePullSecrets }}
+        - name: OPENEBS_IO_IMAGE_PULL_SECRETS
+          value: "{{- range $index, $secret := .Values.imagePullSecrets}}{{if $index}},{{end}}{{ $secret.name }}{{- end}}"
+{{- end }}
+        # Process name used for matching is limited to the 15 characters
+        # present in the pgrep output.
+        # So fullname can't be used here with pgrep (>15 chars).A regular expression
+        # that matches the entire command name has to specified.
+        # Anchor `^` : matches any string that starts with `provisioner-loc`
+        # `.*`: matches any string that has `provisioner-loc` followed by zero or more char
+        livenessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - test `pgrep -c "^provisioner-loc.*"` = 1
+          initialDelaySeconds: {{ .Values.localpv.healthCheck.initialDelaySeconds }}
+          periodSeconds: {{ .Values.localpv.healthCheck.periodSeconds }}
+{{- if .Values.localpv.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.localpv.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.localpv.tolerations }}
+      tolerations:
+{{ toYaml .Values.localpv.tolerations | indent 8 }}
+{{- end }}
+{{- if .Values.localpv.affinity }}
+      affinity:
+{{ toYaml .Values.localpv.affinity | indent 8 }}
+{{- end }}
+{{- end }}

helm/openebs/charts/localpv-provisioner/templates/device-class.yaml

@@ -0,0 +1,31 @@
+{{- if .Values.deviceClass.enabled }}
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: {{ .Values.deviceClass.name }}
+  annotations:
+    openebs.io/cas-type: local
+    cas.openebs.io/config: |
+      - name: StorageType
+        value: "device"
+{{- if .Values.deviceClass.fsType }}
+      - name: FSType
+        value: {{ .Values.deviceClass.fsType | quote }}
+{{- end }}
+{{- if .Values.deviceClass.blockDeviceSelectors }}
+      - name: BlockDeviceSelectors
+        data:
+{{ toYaml .Values.deviceClass.blockDeviceSelectors | indent 10 }}
+{{- end }}
+{{- if .Values.deviceClass.nodeAffinityLabels }}
+      - name: NodeAffinityLabels
+        list:
+{{ toYaml .Values.deviceClass.nodeAffinityLabels | indent 10 }}
+{{- end }}
+{{- if .Values.deviceClass.isDefaultClass }}
+    storageclass.kubernetes.io/is-default-class: "true"
+{{- end }}
+provisioner: openebs.io/local
+volumeBindingMode: WaitForFirstConsumer
+reclaimPolicy: {{ .Values.deviceClass.reclaimPolicy }}
+{{- end }}

helm/openebs/charts/localpv-provisioner/templates/hostpath-class.yaml

@@ -0,0 +1,40 @@
+{{- if .Values.hostpathClass.enabled }}
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: {{ tpl (.Values.hostpathClass.name) .}}
+  annotations:
+    openebs.io/cas-type: local
+    cas.openebs.io/config: |
+      - name: StorageType
+        value: "hostpath"
+{{- if or .Values.localpv.basePath .Values.hostpathClass.basePath }}
+      - name: BasePath
+        value: {{ tpl (.Values.hostpathClass.basePath | default .Values.localpv.basePath | quote) . }}
+{{- end }}
+{{- if .Values.hostpathClass.nodeAffinityLabels }}
+      - name: NodeAffinityLabels
+        list:
+{{ toYaml .Values.hostpathClass.nodeAffinityLabels | indent 10 }}
+{{- end }}
+{{- if .Values.hostpathClass.xfsQuota.enabled }}
+      - name: XFSQuota
+        enabled: "{{ .Values.hostpathClass.xfsQuota.enabled }}"
+        data:
+          softLimitGrace: "{{ .Values.hostpathClass.xfsQuota.softLimitGrace }}"
+          hardLimitGrace: "{{ .Values.hostpathClass.xfsQuota.hardLimitGrace }}"
+{{- end }}
+{{- if .Values.hostpathClass.ext4Quota.enabled }}
+      - name: EXT4Quota
+        enabled: "{{ .Values.hostpathClass.ext4Quota.enabled }}"
+        data:
+          softLimitGrace: "{{ .Values.hostpathClass.ext4Quota.softLimitGrace }}"
+          hardLimitGrace: "{{ .Values.hostpathClass.ext4Quota.hardLimitGrace }}"
+{{- end }}
+{{- if .Values.hostpathClass.isDefaultClass }}
+    storageclass.kubernetes.io/is-default-class: "true"
+{{- end }}
+provisioner: openebs.io/local
+volumeBindingMode: WaitForFirstConsumer
+reclaimPolicy: {{ .Values.hostpathClass.reclaimPolicy }}
+{{- end }}

helm/openebs/charts/localpv-provisioner/templates/psp.yaml

@@ -0,0 +1,30 @@
+{{- if .Values.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "localpv.fullname" . }}-psp
+  {{- with .Values.localpv.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "localpv.labels" . | nindent 4 }}
+spec:
+  privileged: {{ .Values.localpv.privileged }}
+  allowPrivilegeEscalation: true
+  allowedCapabilities: ['*']
+  volumes: ['*']
+  hostNetwork: true
+  hostPorts:
+  - min: 0
+    max: 65535
+  hostIPC: true
+  hostPID: true
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
+{{- end }}

helm/openebs/charts/localpv-provisioner/templates/rbac.yaml

@@ -0,0 +1,99 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "localpv.serviceAccountName" . }}
+  labels:
+    {{- include "localpv.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- if .Values.rbac.create }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "localpv.fullname" . }}
+  {{- with .Values.localpv.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "localpv.labels" . | nindent 4 }}
+rules:
+- apiGroups: ["*"]
+  resources: ["nodes"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["*"]
+  resources: ["namespaces", "pods", "events", "endpoints"]
+  verbs: ["*"]
+- apiGroups: ["*"]
+  resources: ["resourcequotas", "limitranges"]
+  verbs: ["list", "watch"]
+- apiGroups: ["*"]
+  resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"]
+  verbs: ["*"]
+- apiGroups: ["apiextensions.k8s.io"]
+  resources: ["customresourcedefinitions"]
+  verbs: [ "get", "list", "create", "update", "delete", "patch"]
+- apiGroups: ["openebs.io"]
+  resources: [ "*"]
+  verbs: ["*" ]
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "localpv.fullname" . }}
+  {{- with .Values.localpv.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "localpv.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "localpv.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "localpv.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+{{- if .Values.rbac.pspEnabled }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ template "localpv.fullname" . }}-psp
+  {{- with .Values.localpv.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "localpv.labels" . | nindent 4 }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+  - {{ template "localpv.fullname" . }}-psp
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "localpv.fullname" . }}-psp
+  {{- with .Values.localpv.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "localpv.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "localpv.fullname" . }}-psp
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "localpv.serviceAccountName" . }}
+    namespace: {{ $.Release.Namespace }}
+{{- end }}
+{{- end }}