sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

디렉토리 구조 및 각 서비스 추가

Browse Source
This commit is contained in:
dsk-minchulahn
2024-01-03 17:29:11 +09:00
parent 98de2a7627
commit d601d0f259
1632 changed files with 207616 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
helm/openebs/charts/nfs-provisioner/Chart.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v2
appVersion: 0.10.0
description: Helm chart for OpenEBS Dynamic NFS PV. For instructions to install OpenEBS
Dynamic NFS PV using helm chart, refer to https://openebs.github.io/dynamic-nfs-provisioner.
home: http://www.openebs.io/
icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/openebs/icon/color/openebs-icon-color.png
keywords:
- storage
- nfs
- dynamic-nfs-pv
- kubernetes
maintainers:
- email: kiran.mova@mayadata.io
name: kmova
- email: mayank.patel@mayadata.io
name: mynktl
- email: rahulkrishnanfs@gmail.com
name: rahulkrishnanra
- email: sai.chaithanya@mayadata.io
name: mittachaitu
name: nfs-provisioner
sources:
- https://github.com/openebs/dynamic-nfs-provisioner
type: application
version: 0.10.0

156
helm/openebs/charts/nfs-provisioner/README.md Normal file
View File

@@ -0,0 +1,156 @@
# OpenEBS NFS Provisioner
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
A Helm chart for openebs dynamic nfs provisioner. This chart bootstraps OpenEBS Dynamic NFS Provisioner deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
**Homepage:** <http://www.openebs.io/>
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| kmova | kiran.mova@mayadata.io | |
| mynktl | mayank.patel@mayadata.io | |
| rahulkrishnanra | rahulkrishnanfs@gmail.com | |
| mittachaitu | sai.chaithanya@mayadata.io | |
## Get Repo Info
```console
helm repo add openebs-nfs https://openebs.github.io/dynamic-nfs-provisioner
helm repo update
```
_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
## Install Chart
Run the following command to install the OpenEBS Dynamic NFS Provisioner helm chart using the default StorageClass as the Backend StorageClass:
```console
# Helm
helm install [RELEASE_NAME] openebs-nfs/nfs-provisioner --namespace [NAMESPACE] --create-namespace
```
The chart requires a StorageClass to provision the backend volume for the NFS share. You can use the `--set-string nfsStorageClass.backendStorageClass=<storageclass-name>` flag in the `helm install` command to specify the Backend StorageClass. If a StorageClass is not specified, the default StorageClass is used.
Use the command below to get the name of the default StorageClasses in your cluster:
```console
kubectl get sc -o=jsonpath='{range .items[?(@.metadata.annotations.storageclass\.kubernetes\.io/is-default-class=="true")]}{@.metadata.name}{"\n"}{end}'
```
Sample command to install the OpenEBS Dynamic NFS Provisioner helm chart using the default StorageClass as BackendStorageClass:
```console
helm install openebs-nfs openebs-nfs/nfs-provisioner --namespace openebs --create-namespace
```
If you do not have an available StorageClass, you can install the [OpenEBS Dynamic LocalPV Provisioner helm chart](https://openebs.github.io/dynamic-localpv-provisioner) and use the 'openebs-hostpath' StorageClass as Backend Storage Class. Sample commands:
```console
# Add openebs-localpv repo
helm repo add openebs-localpv https://openebs.github.io/dynamic-localpv-provisioner
helm repo update
# Install localpv-provisioner
helm install openebs-localpv openebs-localpv/localpv-provisioner -n openebs --create-namespace \
--set openebsNDM.enabled=false \
--set deviceClass.enabled=false
# Install nfs-provisioner
helm install openebs-nfs openebs-nfs/nfs-provisioner -n openebs \
--set-string nfsStorageClass.backendStorageClass="openebs-hostpath"
```
Please visit this [link](https://helm.sh/docs/) for helm 3 installation instructions.
_See [configuration](#configuration) below._
_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
## Uninstall Chart
```console
# Helm
helm uninstall [RELEASE_NAME] --namespace [NAMESPACE]
```
This removes all the Kubernetes components associated with the chart and deletes the release.
_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._
## Upgrading Chart
```console
# Helm
helm upgrade [RELEASE_NAME] [CHART] --install --namespace [NAMESPACE]
```
## Configuration
The following table lists the configurable parameters of the OpenEBS Dynamic NFS Provisioner chart and their default values. You can modify different parameters by specifying the desired value in the `helm install` command by using the `--set` and/or the `--set-string` flag(s).
In the following sample command we modify `nfsStorageClass.backendStorageClass` to specify the StorageClass to be used to provision the backend volume used for the NFS share. We also use `nfsStorageClass.isDefaultClass` to set an annotation such that the 'openebs-kernel-nfs' StorageClass is used as the default StorageClass for the cluster.
```console
helm install openebs-nfs openebs-nfs/nfs-provisioner --namespace openebs --create-namespace \
--set-string nfsStorageClass.backendStorageClass="openebs-hostpath" \
--set nfsStorageClass.isDefaultClass=true
```
| Parameter | Description | Default |
| ------------------------------------- | --------------------------------------------- |-----------------------------|
| `analytics.enabled` | Enable sending stats to Google Analytics | `true` |
| `fullnameOverride` | Set custom Full Name for resources. Defaults to ( Release-name + `nfsProvisioner.name` ) | `""` |
| `imagePullSecrets` | Provides image pull secret | `""` |
| `nameOverride` | Set custom name for resources. Defaults to `nfsProvisioner.name` | `""` |
| `nfsProvisioner.affinity` | NFS Provisioner pod affinity | `{}` |
| `nfsProvisioner.enabled` | Enable NFS Provisioner | `true` |
| `nfsProvisioner.enableLeaderElection` | Enable leader election | `true` |
| `nfsProvisioner.healthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` |
| `nfsProvisioner.healthCheck.periodSeconds` | How often to perform the liveness probe | `60` |
| `nfsProvisioner.image.registry` | Registry for NFS Provisioner image | `""` |
| `nfsProvisioner.image.repository` | Image repository for NFS Provisioner | `openebs/provisioner-nfs` |
| `nfsProvisioner.image.tag` | Image tag for NFS Provisioner | `0.10.0` |
| `nfsProvisioner.image.pullPolicy` | Image pull policy for NFS Provisioner image | `IfNotPresent` |
| `nfsProvisioner.annotations` | Annotations for NFS Provisioner metadata | `""` |
| `nfsProvisioner.nodeSelector` | Nodeselector for NFS Provisioner pod | `""` |
| `nfsProvisioner.nfsServerAlpineImage.registry` | Registry for nfs-server-alpine | `""` |
| `nfsProvisioner.nfsServerAlpineImage.repository` | Image repository for nfs-server-alpine | `openebs/nfs-server-alpine` |
| `nfsProvisioner.nfsServerAlpineImage.tag` | Image tag for nfs-server-alpine | `0.10.0` |
| `nfsProvisioner.resources` | Resource request and limit for the container | `true` |
| `nfsProvisioner.securityContext` | Security context for container | `""` |
| `nfsProvisioner.tolerations` | NFS Provisioner pod toleration values | `""` |
| `nfsProvisioner.nfsServerNamespace` | NFS server namespace | `"openebs"` |
| `nfsProvisioner.nfsServerNodeAffinity` | NFS Server node affinity rules | `""` |
| `nfsProvisioner.nfsBackendPvcTimeout` | Timeout for backend PVC binding in seconds | `"60"` |
| `nfsProvisioner.nfsHookConfigMap` | Existing Configmap name to load hook configuration | `""` |
| `nfsStorageClass.backendStorageClass` | StorageClass to be used to provision the backend volume. If not specified, the default StorageClass is used. | `""` |
| `nfsStorageClass.isDefaultClass` | Make 'openebs-kernel-nfs' the default StorageClass | `"false"` |
| `nfsStorageClass.reclaimPolicy` | ReclaimPolicy for NFS PVs | `"Delete"` |
| `nfsStorageClass.leaseTime` | Renewal period(in seconds) for NFS client state | `90` |
| `nfsStorageClass.graceTime` | Recovery period(in seconds) to reclaim locks for NFS client | `90` |
| `nfsStorageClass.nfsServerResources` | Resource requests and limits of NFS Server | `""` |
| `nfsStorageClass.filePermissions.UID` | Set user owner of the shared directory | `""` |
| `nfsStorageClass.filePermissions.GID` | Set group owner of the shared directory | `""` |
| `nfsStorageClass.filePermissions.mode` | Set file mode of the shared directory | `""` |
| `rbac.create` | Enable RBAC Resources | `true` |
| `rbac.pspEnabled` | Create pod security policy resources | `false` |
| `nfsServer.imagePullSecret` | Image pull secret name to be used by NFS Server pods | `""` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```console
helm install <release-name> -f values.yaml ----namespace openebs openebs-nfs/nfs-provisioner --create-namespace
```
> **Tip**: You can use the default [values.yaml](values.yaml)

9
helm/openebs/charts/nfs-provisioner/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,9 @@
Thank you for installing {{ .Chart.Name }} 😀
Your release is named {{ .Release.Name }} and it's installed to namespace: {{ .Release.Namespace }}.
The OpenEBS NFSPV Provisioner has been installed check its status by running:
$ kubectl get pods -n {{ .Release.Namespace }}
For more information, visit our Slack at https://openebs.io/community or view
the documentation online at https://github.com/openebs/dynamic-nfs-provisioner/.

77
helm/openebs/charts/nfs-provisioner/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,77 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "nfsProvisioner.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "nfsProvisioner.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "nfsProvisioner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "nfsProvisioner.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "nfsProvisioner.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Meta labels
*/}}
{{- define "nfsProvisioner.common.metaLabels" -}}
chart: {{ include "nfsProvisioner.chart" . }}
heritage: {{ .Release.Service }}
openebs.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
{{/*
Selector Labels
*/}}
{{- define "nfsProvisioner.selectorLabels" -}}
app: {{ include "nfsProvisioner.name" . }}
release: {{ .Release.Name }}
component: {{ .Values.nfsProvisioner.name }}
{{- end }}
{{/*
Component labels
*/}}
{{- define "nfsProvisioner.componentLabels" -}}
openebs.io/component-name: openebs-{{ .Values.nfsProvisioner.name }}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "nfsProvisioner.labels" -}}
{{ include "nfsProvisioner.common.metaLabels" . }}
{{ include "nfsProvisioner.selectorLabels" . }}
{{ include "nfsProvisioner.componentLabels" . }}
{{- end -}}

58
helm/openebs/charts/nfs-provisioner/templates/clusterrole.yaml Normal file
View File

@@ -0,0 +1,58 @@
# Define Role that allows operations on K8s pods/deployments
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "nfsProvisioner.fullname" . }}
{{- with .Values.nfsProvisioner.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "nfsProvisioner.labels" . | nindent 4 }}
rules:
- apiGroups: ["*"]
resources: ["nodes", "nodes/proxy"]
verbs: ["*"]
- apiGroups: ["*"]
resources: ["namespaces", "services", "pods", "pods/exec", "deployments", "deployments/finalizers", "replicationcontrollers", "replicasets", "events", "endpoints", "configmaps", "secrets", "jobs", "cronjobs"]
verbs: ["*"]
- apiGroups: ["*"]
resources: ["statefulsets", "daemonsets"]
verbs: ["*"]
- apiGroups: ["*"]
resources: ["resourcequotas", "limitranges"]
verbs: ["list", "watch"]
- apiGroups: ["*"]
resources: ["ingresses", "horizontalpodautoscalers", "verticalpodautoscalers", "poddisruptionbudgets", "certificatesigningrequests"]
verbs: ["list", "watch"]
- apiGroups: ["*"]
resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"]
verbs: ["*"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: [ "get", "list", "create", "update", "delete", "patch"]
- apiGroups: ["openebs.io"]
resources: [ "*"]
verbs: ["*"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]
{{- if .Values.rbac.pspEnabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "nfsProvisioner.fullname" . }}-psp
{{- with .Values.nfsProvisioner.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "nfsProvisioner.labels" . | nindent 4 }}
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- {{ include "nfsProvisioner.fullname" . }}-psp
{{- end }}
{{- end }}

43
helm/openebs/charts/nfs-provisioner/templates/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,43 @@
---
# Bind the Service Account with the Role Privileges.
{{- if .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "nfsProvisioner.fullname" . }}
{{- with .Values.nfsProvisioner.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "nfsProvisioner.labels" . | nindent 4 }}
roleRef:
kind: ClusterRole
name: {{ include "nfsProvisioner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ include "nfsProvisioner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.rbac.pspEnabled }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "nfsProvisioner.fullname" . }}-psp
{{- with .Values.nfsProvisioner.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "nfsProvisioner.labels" . | nindent 4 }}
roleRef:
kind: ClusterRole
name: {{ include "nfsProvisioner.fullname" . }}-psp
apiGroup: rbac.authorization.k8s.io
subjects:
# Authorize specific service accounts:
- kind: ServiceAccount
name: {{ include "nfsProvisioner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}

149
helm/openebs/charts/nfs-provisioner/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,149 @@
{{- if .Values.nfsProvisioner.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "nfsProvisioner.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- if .Values.nfsProvisioner.annotations }}
annotations: {{- with .Values.nfsProvisioner.annotations }}
{{ toYaml . | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "nfsProvisioner.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "nfsProvisioner.selectorLabels" . | nindent 8 }}
replicas: 1
strategy:
type: Recreate
rollingUpdate: null
template:
metadata:
labels:
{{- include "nfsProvisioner.labels" . | nindent 8 }}
{{- with .Values.nfsProvisioner.podLabels -}}
{{ toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "nfsProvisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- end }}
containers:
- name: {{ include "nfsProvisioner.fullname" . }}
imagePullPolicy: {{ .Values.nfsProvisioner.image.pullPolicy }}
image: "{{ .Values.nfsProvisioner.image.registry }}{{ .Values.nfsProvisioner.image.repository }}:{{ default .Chart.AppVersion .Values.nfsProvisioner.image.tag }}"
{{- if .Values.nfsProvisioner.resources }}
resources:
{{- toYaml .Values.nfsProvisioner.resources | nindent 12 }}
{{ end }}
env:
# OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s
# based on this address. This is ignored if empty.
# This is supported for openebs provisioner version 0.5.2 onwards
#- name: OPENEBS_IO_K8S_MASTER
# value: "http://10.128.0.12:8080"
# OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s
# based on this config. This is ignored if empty.
# This is supported for openebs provisioner version 0.5.2 onwards
#- name: OPENEBS_IO_KUBE_CONFIG
# value: "/home/ubuntu/.kube/config"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OPENEBS_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as
# environment variable
- name: OPENEBS_SERVICE_ACCOUNT
valueFrom:
fieldRef:
fieldPath: spec.serviceAccountName
- name: OPENEBS_IO_ENABLE_ANALYTICS
value: "{{ .Values.analytics.enabled }}"
- name: OPENEBS_IO_NFS_SERVER_USE_CLUSTERIP
value: "{{ .Values.nfsServer.useClusterIP }}"
- name: OPENEBS_IO_INSTALLER_TYPE
value: "nfs-helm"
# OPENEBS_IO_NFS_SERVER_IMG defines the nfs-server-alpine image name to be used
# while creating nfs volume
- name: OPENEBS_IO_NFS_SERVER_IMG
value: "{{ .Values.nfsProvisioner.nfsServerAlpineImage.registry }}{{ .Values.nfsProvisioner.nfsServerAlpineImage.repository }}:{{ default .Chart.AppVersion .Values.nfsProvisioner.nfsServerAlpineImage.tag }}"
# LEADER_ELECTION_ENABLED is used to enable/disable leader election. By default
# leader election is enabled.
- name: LEADER_ELECTION_ENABLED
value: "{{ .Values.nfsProvisioner.enableLeaderElection }}"
{{- if .Values.nfsProvisioner.nfsServerNamespace }}
- name: OPENEBS_IO_NFS_SERVER_NS
value: {{ .Values.nfsProvisioner.nfsServerNamespace }}
{{- end }}
{{- if .Values.nfsServer.imagePullSecret }}
- name: OPENEBS_IO_NFS_SERVER_IMAGE_PULL_SECRET
value: {{ .Values.nfsServer.imagePullSecret }}
{{- end }}
# OPENEBS_IO_NFS_SERVER_NODE_AFFINITY defines the node affinity rules to place NFS Server
# instance. It accepts affinity rules in multiple ways:
# - If NFS Server needs to be placed on storage nodes as well as only in
# zone-1 & zone-2 then value can be:
# value: "kubernetes.io/zone:[zone-1,zone-2],kubernetes.io/storage-node".
# - If NFS Server needs to be placed only on storage nodes & nfs nodes then
# value can be:
# value: "kubernetes.io/storage-node,kubernetes.io/nfs-node"
{{- if .Values.nfsProvisioner.nfsServerNodeAffinity }}
- name: OPENEBS_IO_NFS_SERVER_NODE_AFFINITY
value: "{{ .Values.nfsProvisioner.nfsServerNodeAffinity }}"
{{- end }}
{{- if .Values.nfsProvisioner.nfsBackendPvcTimeout }}
- name: OPENEBS_IO_NFS_SERVER_BACKEND_PVC_TIMEOUT
value: "{{ .Values.nfsProvisioner.nfsBackendPvcTimeout }}"
{{- end }}
# Process name used for matching is limited to the 15 characters
# present in the pgrep output.
# So fullname can't be used here with pgrep (>15 chars).A regular expression
# that matches the entire command name has to specified.
# Anchor `^` : matches any string that starts with `provisioner-nfs`
# `.*`: matches any string that has `provisioner-loc` followed by zero or more char
livenessProbe:
exec:
command:
- sh
- -c
- test `pgrep "^provisioner-nfs.*"` = 1
initialDelaySeconds: {{ .Values.nfsProvisioner.healthCheck.initialDelaySeconds }}
periodSeconds: {{ .Values.nfsProvisioner.healthCheck.periodSeconds }}
volumeMounts:
# Mounting hook-config volume into nfs-provisioner config directory
{{- if .Values.nfsProvisioner.nfsHookConfigMap }}
- name: hook-config
mountPath: /etc/nfs-provisioner
{{- end }}
volumes:
# hook-config volume uses ConfigMap 'hook-config' to load hook configuration
{{- if .Values.nfsProvisioner.nfsHookConfigMap }}
- name: hook-config
configMap:
name: {{ .Values.nfsProvisioner.nfsHookConfigMap }}
{{- end }}
{{- if .Values.nfsProvisioner.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nfsProvisioner.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.nfsProvisioner.tolerations }}
tolerations:
{{ toYaml .Values.nfsProvisioner.tolerations | indent 8 }}
{{- end }}
{{- if .Values.nfsProvisioner.affinity }}
affinity:
{{ toYaml .Values.nfsProvisioner.affinity | indent 8 }}
{{- end }}
{{- end }}

57
helm/openebs/charts/nfs-provisioner/templates/kernel-nfs-storageclass.yaml Normal file
View File

@@ -0,0 +1,57 @@
---
# Storage classes for OpenEBS NFS Dynamic PV
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: {{ .Values.nfsStorageClass.name }}
annotations:
openebs.io/cas-type: nfsrwx
cas.openebs.io/config: |
- name: NFSServerType
value: {{ .Values.nfsStorageClass.nfsServerType }}
{{- if .Values.nfsStorageClass.backendStorageClass }}
- name: BackendStorageClass
value: {{ .Values.nfsStorageClass.backendStorageClass }}
{{- end }}
{{- if .Values.nfsStorageClass.customServerConfig }}
- name: CustomServerConfig
value: {{ .Values.nfsStorageClass.customServerConfig }}
{{- end }}
{{- if .Values.nfsStorageClass.leaseTime }}
- name: LeaseTime
value: {{ .Values.nfsStorageClass.leaseTime }}
{{- end }}
{{- if .Values.nfsStorageClass.graceTime }}
- name: GraceTime
value: {{ .Values.nfsStorageClass.graceTime }}
{{- end }}
{{- if .Values.nfsStorageClass.nfsServerResources }}
{{- if .Values.nfsStorageClass.nfsServerResources.requests }}
- name: NFSServerResourceRequests
value: |-
{{ toYaml .Values.nfsStorageClass.nfsServerResources.requests | indent 10 }}
{{- end }}
{{- if .Values.nfsStorageClass.nfsServerResources.limits }}
- name: NFSServerResourceLimits
value: |-
{{ toYaml .Values.nfsStorageClass.nfsServerResources.limits | indent 10 }}
{{- end }}
{{- end }}
{{- if .Values.nfsStorageClass.filePermissions }}
- name: FilePermissions
data:
{{- if .Values.nfsStorageClass.filePermissions.UID }}
UID: {{ .Values.nfsStorageClass.filePermissions.UID | quote }}
{{- end }}
{{- if .Values.nfsStorageClass.filePermissions.GID }}
GID: {{ .Values.nfsStorageClass.filePermissions.GID | quote }}
{{- end }}
{{- if .Values.nfsStorageClass.filePermissions.mode }}
mode: {{ .Values.nfsStorageClass.filePermissions.mode | quote }}
{{- end }}
{{- end }}
{{- if .Values.nfsStorageClass.isDefaultClass }}
storageclass.kubernetes.io/is-default-class: "true"
{{- end }}
provisioner: openebs.io/nfsrwx
reclaimPolicy: {{ .Values.nfsStorageClass.reclaimPolicy }}

31
helm/openebs/charts/nfs-provisioner/templates/psp.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if .Values.rbac.pspEnabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ template "nfsProvisioner.fullname" . }}-psp
{{- with .Values.nfsProvisioner.annotations }}
annotations: {{ toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "nfsProvisioner.labels" . | nindent 4 }}
spec:
privileged: {{ .Values.nfsProvisioner.privileged }}
allowPrivilegeEscalation: true
allowedCapabilities: ['*']
volumes: ['*']
hostNetwork: true
hostPorts:
- min: 0
max: 65535
hostIPC: true
hostPID: true
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'
{{- end }}

10
helm/openebs/charts/nfs-provisioner/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,10 @@
# Create Service Account for nfs-provisioner.
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "nfsProvisioner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "nfsProvisioner.labels" . | nindent 4 }}
{{- end }}

142
helm/openebs/charts/nfs-provisioner/values.yaml Normal file
View File

@@ -0,0 +1,142 @@
# Default values for nfspv-provisioner.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
rbac:
# rbac.create: `true` if rbac resources should be created
create: true
# rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created
pspEnabled: false
podSecurityContext: {}
# fsGroup: 2000
imagePullSecrets:
# - name: image-pull-secret
fullnameOverride: ""
nameOverride: ""
nfsProvisioner:
name: nfs-provisioner
enabled: true
annotations: {}
podLabels:
name: openebs-nfs-provisioner
image:
# Make sure that registry name end with a '/'.
# For example : quay.io/ is a correct value here and quay.io is incorrect
registry:
repository: openebs/provisioner-nfs
tag:
pullPolicy: IfNotPresent
enableLeaderElection: "true"
# Specify image name of nfs-server-alpine used for creating nfs server deployment
# If not mentioned, default value openebs/nfs-server-alpine:tag will be used where
# the tag will be the same as a provisioner-nfs image tag
nfsServerAlpineImage:
registry:
repository: openebs/nfs-server-alpine
tag:
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# ## Normal cases CPU and memory usage are around ~10 millicores and
# ## memory usage is around ~16Mb(after provisioing 70 volumes)
# requests:
# cpu: 50m
# memory: 50M
# ## During provisioning(large no.of pvcs at a time) time CPU and memory usage
# ## are around ~67 millicores(6.7% of cpu) and memory usage is around ~34Mb
# limits:
# cpu: 200m
# memory: 200Mi
# If set to false, containers created by the nfs provisioner will run without extra privileges.
privileged: true
nodeSelector: {}
tolerations: []
affinity: {}
healthCheck:
initialDelaySeconds: 30
periodSeconds: 60
# namespace in which nfs server objects should be created
# By default, nfs provisioner will create these resources in nfs provisioner's namespace
# nfsServerNamespace: openebs
#
# nfsServerNodeAffinity defines the node affinity rules to place NFS Server
# instance. It accepts affinity rules in multiple ways:
# - If NFS Server needs to be placed on storage nodes as well as only in
# zone-1 & zone-2 then value can be: "kubernetes.io/zone:[zone-1,zone-2],kubernetes.io/storage-node".
# - If NFS Server needs to be placed only on storage nodes & nfs nodes then
# value can be: "kubernetes.io/storage-node,kubernetes.io/nfs-node"
# nfsServerNodeAffinity: "kubernetes.io/storage-node,kubernetes.io/nfs-node"
#
# nfsHookConfigMap represent the ConfigMap name to be used for hook configuration.
# By default, nfsHookConfigMap is set to empty.
# If nfsHookConfigMap is set then chart will mount the configmap using volume, named `hook-config`
nfsHookConfigMap: ""
nfsStorageClass:
name: openebs-kernel-nfs
reclaimPolicy: Delete
nfsServerType: kernel
isDefaultClass: false
backendStorageClass: ""
# The customServerConfig key passes a custom /etc/exports configuration to
# the NFS servers created using this StorageClass.
# The configuration settings are not validated, and can lead to security
# vulnerability.
# USING THIS IS NOT RECOMMENDED
customServerConfig: ""
# leaseTime defines the renewal period(in seconds) for client state
leaseTime:
# graceTime defines the recovery period(in seconds) to reclaim locks
# setting graceTime and leaseTime lower will reduce the io pause time during nfs server restart
graceTime:
# filePermissions defines the file ownership and mode specifications
# for the NFS server's shared filesystem volume.
# File permission changes are applied recursively if the root of the
# volume's filesystem does not match the specified value.
# For more information: https://github.com/openebs/dynamic-nfs-provisioner/blob/develop/docs/tutorial/file-permissions.md
filePermissions: {}
# The UID value is used to set the user-owner of NFS shared directory. Only valid
# UIDs are accepted.
# The ownership change is carried out recursively down the directory tree.
# UID: ""
# The GID value is used to set the group-owner of NFS shared directory. Only valid
# GIDs are accepted.
# The ownership change is carried out recursively down the directory tree.
# GID: ""
# The mode value is used to set the file mode of NFS shared directory. Both octals (e.g. 0744)
# and incremental/decremental (e.g. "u+r", "o+rw") values are accepted.
# The file mode change is carried out recursively down the directory tree.
# mode: ""
# nfsServerResources defines the NFS server resource requests and limits
# Usually, below request and limits are good enough for NFS Server to work
# seamlessly(IOs will be taken care by kerner space process i.e nfsd).
nfsServerResources: {}
# requests:
# memory: 50Mi
# cpu: 50m
# limits:
# memory: 100Mi
# cpu: 100m
nfsServer:
useClusterIP: "true"
imagePullSecret: ""
analytics:
enabled: "true"