디렉토리 구조 및 각 서비스 추가

helm/openebs/charts/nfs-provisioner/templates/NOTES.txt

@@ -0,0 +1,9 @@
+Thank you for installing {{ .Chart.Name }} 😀
+
+Your release is named {{ .Release.Name }} and it's installed to namespace: {{ .Release.Namespace }}.
+
+The OpenEBS NFSPV Provisioner has been installed check its status by running:
+$ kubectl get pods -n {{ .Release.Namespace }}
+
+For more information, visit our Slack at https://openebs.io/community or view
+the documentation online at https://github.com/openebs/dynamic-nfs-provisioner/.

helm/openebs/charts/nfs-provisioner/templates/_helpers.tpl

@@ -0,0 +1,77 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "nfsProvisioner.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "nfsProvisioner.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "nfsProvisioner.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "nfsProvisioner.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "nfsProvisioner.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Meta labels
+*/}}
+{{- define "nfsProvisioner.common.metaLabels" -}}
+chart: {{ include "nfsProvisioner.chart" . }}
+heritage: {{ .Release.Service }}
+openebs.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+
+{{/*
+Selector Labels
+*/}}
+{{- define "nfsProvisioner.selectorLabels" -}}
+app: {{ include "nfsProvisioner.name" . }}
+release: {{ .Release.Name }}
+component: {{ .Values.nfsProvisioner.name }}
+{{- end }}
+
+{{/*
+Component labels
+*/}}
+{{- define "nfsProvisioner.componentLabels" -}}
+openebs.io/component-name: openebs-{{ .Values.nfsProvisioner.name }}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "nfsProvisioner.labels" -}}
+{{ include "nfsProvisioner.common.metaLabels" . }}
+{{ include "nfsProvisioner.selectorLabels" . }}
+{{ include "nfsProvisioner.componentLabels" . }}
+{{- end -}}

helm/openebs/charts/nfs-provisioner/templates/clusterrole.yaml

@@ -0,0 +1,58 @@
+# Define Role that allows operations on K8s pods/deployments
+{{- if .Values.rbac.create }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "nfsProvisioner.fullname" . }}
+  {{- with .Values.nfsProvisioner.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+  {{- include "nfsProvisioner.labels" . | nindent 4 }}
+rules:
+  - apiGroups: ["*"]
+    resources: ["nodes", "nodes/proxy"]
+    verbs: ["*"]
+  - apiGroups: ["*"]
+    resources: ["namespaces", "services", "pods", "pods/exec", "deployments", "deployments/finalizers", "replicationcontrollers", "replicasets", "events", "endpoints", "configmaps", "secrets", "jobs", "cronjobs"]
+    verbs: ["*"]
+  - apiGroups: ["*"]
+    resources: ["statefulsets", "daemonsets"]
+    verbs: ["*"]
+  - apiGroups: ["*"]
+    resources: ["resourcequotas", "limitranges"]
+    verbs: ["list", "watch"]
+  - apiGroups: ["*"]
+    resources: ["ingresses", "horizontalpodautoscalers", "verticalpodautoscalers", "poddisruptionbudgets", "certificatesigningrequests"]
+    verbs: ["list", "watch"]
+  - apiGroups: ["*"]
+    resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"]
+    verbs: ["*"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: [ "get", "list", "create", "update", "delete", "patch"]
+  - apiGroups: ["openebs.io"]
+    resources: [ "*"]
+    verbs: ["*"]
+  - nonResourceURLs: ["/metrics"]
+    verbs: ["get"]
+
+{{- if .Values.rbac.pspEnabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "nfsProvisioner.fullname" . }}-psp
+  {{- with .Values.nfsProvisioner.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+  {{- include "nfsProvisioner.labels" . | nindent 4 }}
+rules:
+  - apiGroups: ['policy']
+    resources: ['podsecuritypolicies']
+    verbs:     ['use']
+    resourceNames:
+      - {{ include "nfsProvisioner.fullname" . }}-psp
+{{- end }}
+{{- end }}

helm/openebs/charts/nfs-provisioner/templates/clusterrolebinding.yaml

@@ -0,0 +1,43 @@
+---
+# Bind the Service Account with the Role Privileges.
+{{- if .Values.rbac.create }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "nfsProvisioner.fullname" . }}
+  {{- with .Values.nfsProvisioner.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+  {{- include "nfsProvisioner.labels" . | nindent 4 }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "nfsProvisioner.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "nfsProvisioner.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+
+{{- if .Values.rbac.pspEnabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "nfsProvisioner.fullname" . }}-psp
+  {{- with .Values.nfsProvisioner.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+  {{- include "nfsProvisioner.labels" . | nindent 4 }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "nfsProvisioner.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  # Authorize specific service accounts:
+  - kind: ServiceAccount
+    name: {{ include "nfsProvisioner.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}

helm/openebs/charts/nfs-provisioner/templates/deployment.yaml

@@ -0,0 +1,149 @@
+{{- if .Values.nfsProvisioner.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "nfsProvisioner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  {{- if .Values.nfsProvisioner.annotations }}
+  annotations: {{- with .Values.nfsProvisioner.annotations }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  {{- end }}
+  labels:
+  {{- include "nfsProvisioner.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "nfsProvisioner.selectorLabels" . | nindent 8 }}
+  replicas: 1
+  strategy:
+    type: Recreate
+    rollingUpdate: null
+  template:
+    metadata:
+      labels:
+        {{- include "nfsProvisioner.labels" . | nindent 8  }}
+        {{- with .Values.nfsProvisioner.podLabels -}}
+        {{ toYaml . | nindent 8  }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "nfsProvisioner.serviceAccountName" . }}
+      {{- if .Values.podSecurityContext }}
+      securityContext:
+          {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ include "nfsProvisioner.fullname" . }}
+          imagePullPolicy: {{ .Values.nfsProvisioner.image.pullPolicy }}
+          image: "{{ .Values.nfsProvisioner.image.registry }}{{ .Values.nfsProvisioner.image.repository }}:{{ default .Chart.AppVersion .Values.nfsProvisioner.image.tag }}"
+          {{- if .Values.nfsProvisioner.resources  }}
+          resources:
+          {{- toYaml .Values.nfsProvisioner.resources | nindent 12 }}
+          {{ end }}
+          env:
+            # OPENEBS_IO_K8S_MASTER enables openebs provisioner to connect to K8s
+            # based on this address. This is ignored if empty.
+            # This is supported for openebs provisioner version 0.5.2 onwards
+            #- name: OPENEBS_IO_K8S_MASTER
+            #  value: "http://10.128.0.12:8080"
+            # OPENEBS_IO_KUBE_CONFIG enables openebs provisioner to connect to K8s
+            # based on this config. This is ignored if empty.
+            # This is supported for openebs provisioner version 0.5.2 onwards
+            #- name: OPENEBS_IO_KUBE_CONFIG
+            #  value: "/home/ubuntu/.kube/config"
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: OPENEBS_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            # OPENEBS_SERVICE_ACCOUNT provides the service account of this pod as
+            # environment variable
+            - name: OPENEBS_SERVICE_ACCOUNT
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.serviceAccountName
+            - name: OPENEBS_IO_ENABLE_ANALYTICS
+              value: "{{ .Values.analytics.enabled }}"
+            - name: OPENEBS_IO_NFS_SERVER_USE_CLUSTERIP
+              value: "{{ .Values.nfsServer.useClusterIP }}"
+            - name: OPENEBS_IO_INSTALLER_TYPE
+              value: "nfs-helm"
+            # OPENEBS_IO_NFS_SERVER_IMG defines the nfs-server-alpine image name to be used
+            # while creating nfs volume
+            - name: OPENEBS_IO_NFS_SERVER_IMG
+              value: "{{ .Values.nfsProvisioner.nfsServerAlpineImage.registry }}{{ .Values.nfsProvisioner.nfsServerAlpineImage.repository }}:{{ default .Chart.AppVersion .Values.nfsProvisioner.nfsServerAlpineImage.tag }}"
+            # LEADER_ELECTION_ENABLED is used to enable/disable leader election. By default
+            # leader election is enabled.
+            - name: LEADER_ELECTION_ENABLED
+              value: "{{ .Values.nfsProvisioner.enableLeaderElection }}"
+            {{- if .Values.nfsProvisioner.nfsServerNamespace }}
+            - name: OPENEBS_IO_NFS_SERVER_NS
+              value: {{ .Values.nfsProvisioner.nfsServerNamespace }}
+            {{- end }}
+            {{- if .Values.nfsServer.imagePullSecret }}
+            - name: OPENEBS_IO_NFS_SERVER_IMAGE_PULL_SECRET
+              value: {{ .Values.nfsServer.imagePullSecret }}
+            {{- end }}
+            # OPENEBS_IO_NFS_SERVER_NODE_AFFINITY defines the node affinity rules to place NFS Server
+            # instance. It accepts affinity rules in multiple ways:
+            # - If NFS Server needs to be placed on storage nodes as well as only in
+            #   zone-1 & zone-2 then value can be:
+            #   value:  "kubernetes.io/zone:[zone-1,zone-2],kubernetes.io/storage-node".
+            # - If NFS Server needs to be placed only on storage nodes & nfs nodes then
+            #   value can be:
+            #   value:  "kubernetes.io/storage-node,kubernetes.io/nfs-node"
+            {{- if .Values.nfsProvisioner.nfsServerNodeAffinity }}
+            - name: OPENEBS_IO_NFS_SERVER_NODE_AFFINITY
+              value: "{{ .Values.nfsProvisioner.nfsServerNodeAffinity }}"
+            {{- end }}
+           {{- if .Values.nfsProvisioner.nfsBackendPvcTimeout }}
+            - name: OPENEBS_IO_NFS_SERVER_BACKEND_PVC_TIMEOUT
+              value: "{{ .Values.nfsProvisioner.nfsBackendPvcTimeout }}"
+            {{- end }}
+          # Process name used for matching is limited to the 15 characters
+          # present in the pgrep output.
+          # So fullname can't be used here with pgrep (>15 chars).A regular expression
+          # that matches the entire command name has to specified.
+          # Anchor `^` : matches any string that starts with `provisioner-nfs`
+          # `.*`: matches any string that has `provisioner-loc` followed by zero or more char
+          livenessProbe:
+            exec:
+              command:
+                - sh
+                - -c
+                - test `pgrep "^provisioner-nfs.*"` = 1
+            initialDelaySeconds: {{ .Values.nfsProvisioner.healthCheck.initialDelaySeconds }}
+            periodSeconds: {{ .Values.nfsProvisioner.healthCheck.periodSeconds }}
+          volumeMounts:
+            # Mounting hook-config volume into nfs-provisioner config directory
+            {{- if .Values.nfsProvisioner.nfsHookConfigMap }}
+            - name: hook-config
+              mountPath: /etc/nfs-provisioner
+            {{- end }}
+      volumes:
+        # hook-config volume uses ConfigMap 'hook-config' to load hook configuration
+        {{- if .Values.nfsProvisioner.nfsHookConfigMap }}
+        - name: hook-config
+          configMap:
+            name: {{ .Values.nfsProvisioner.nfsHookConfigMap }}
+        {{- end }}
+{{- if .Values.nfsProvisioner.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nfsProvisioner.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.nfsProvisioner.tolerations }}
+      tolerations:
+{{ toYaml .Values.nfsProvisioner.tolerations | indent 8 }}
+{{- end }}
+{{- if .Values.nfsProvisioner.affinity }}
+      affinity:
+{{ toYaml .Values.nfsProvisioner.affinity | indent 8 }}
+{{- end }}
+{{- end }}

helm/openebs/charts/nfs-provisioner/templates/kernel-nfs-storageclass.yaml

@@ -0,0 +1,57 @@
+---
+# Storage classes for OpenEBS NFS Dynamic PV
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: {{ .Values.nfsStorageClass.name }}
+  annotations:
+    openebs.io/cas-type: nfsrwx
+    cas.openebs.io/config: |
+      - name: NFSServerType
+        value: {{ .Values.nfsStorageClass.nfsServerType }}
+{{- if .Values.nfsStorageClass.backendStorageClass }}
+      - name: BackendStorageClass
+        value: {{ .Values.nfsStorageClass.backendStorageClass }}
+{{- end }}
+{{- if .Values.nfsStorageClass.customServerConfig }}
+      - name: CustomServerConfig
+        value: {{ .Values.nfsStorageClass.customServerConfig }}
+{{- end }}
+{{- if .Values.nfsStorageClass.leaseTime }}
+      - name: LeaseTime
+        value: {{ .Values.nfsStorageClass.leaseTime }}
+{{- end }}
+{{- if .Values.nfsStorageClass.graceTime }}
+      - name: GraceTime
+        value: {{ .Values.nfsStorageClass.graceTime }}
+{{- end }}
+{{- if .Values.nfsStorageClass.nfsServerResources }}
+{{- if .Values.nfsStorageClass.nfsServerResources.requests }}
+      - name: NFSServerResourceRequests
+        value: |-
+{{ toYaml .Values.nfsStorageClass.nfsServerResources.requests | indent 10 }}
+{{- end }}
+{{- if .Values.nfsStorageClass.nfsServerResources.limits }}
+      - name: NFSServerResourceLimits
+        value: |-
+{{ toYaml .Values.nfsStorageClass.nfsServerResources.limits | indent 10 }}
+{{- end }}
+{{- end }}
+{{- if .Values.nfsStorageClass.filePermissions }}
+      - name: FilePermissions
+        data:
+{{- if .Values.nfsStorageClass.filePermissions.UID }}
+          UID: {{ .Values.nfsStorageClass.filePermissions.UID | quote }}
+{{- end }}
+{{- if .Values.nfsStorageClass.filePermissions.GID }}
+          GID: {{ .Values.nfsStorageClass.filePermissions.GID | quote }}
+{{- end }}
+{{- if .Values.nfsStorageClass.filePermissions.mode }}
+          mode: {{ .Values.nfsStorageClass.filePermissions.mode | quote }}
+{{- end }}
+{{- end }}
+{{- if .Values.nfsStorageClass.isDefaultClass }}
+    storageclass.kubernetes.io/is-default-class: "true"
+{{- end }}
+provisioner: openebs.io/nfsrwx
+reclaimPolicy: {{ .Values.nfsStorageClass.reclaimPolicy }}

helm/openebs/charts/nfs-provisioner/templates/psp.yaml

@@ -0,0 +1,31 @@
+{{- if .Values.rbac.pspEnabled }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "nfsProvisioner.fullname" . }}-psp
+  {{- with .Values.nfsProvisioner.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+  {{- include "nfsProvisioner.labels" . | nindent 4 }}
+spec:
+  privileged: {{ .Values.nfsProvisioner.privileged }}
+  allowPrivilegeEscalation: true
+  allowedCapabilities: ['*']
+  volumes: ['*']
+  hostNetwork: true
+  hostPorts:
+    - min: 0
+      max: 65535
+  hostIPC: true
+  hostPID: true
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
+  {{- end }}
+

helm/openebs/charts/nfs-provisioner/templates/serviceaccount.yaml

@@ -0,0 +1,10 @@
+# Create Service Account for nfs-provisioner.
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "nfsProvisioner.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "nfsProvisioner.labels" . | nindent 4 }}
+{{- end }}