diff --git a/README.md b/README.md index e69de29..685b007 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,11 @@ +nfs 安装 + +helm upgrade -i nfs-client-provisioner-201 nfs-client-provisioner/ --values local-values/201-nfs-client-provisioner-values.yaml +helm upgrade -i nfs-client-provisioner-207 nfs-client-provisioner/ --values local-values/207-nfs-client-provisioner-values.yaml +helm upgrade -i nfs-client-provisioner-208 nfs-client-provisioner/ --values local-values/208-nfs-client-provisioner-values.yaml +helm upgrade -i nfs-client-provisioner-209 nfs-client-provisioner/ --values local-values/209-nfs-client-provisioner-values.yaml + + + + +kubectl patch pvc harbor-redis -n harbor -p '{“metadata”:{“finalizers”:null}}' \ No newline at end of file diff --git a/local-values/201-nfs-client-provisioner-values.yaml b/local-values/201-nfs-client-provisioner-values.yaml index ec6c178..b8446bb 100644 --- a/local-values/201-nfs-client-provisioner-values.yaml +++ b/local-values/201-nfs-client-provisioner-values.yaml @@ -1,52 +1,103 @@ -# Default values for nfs-client-provisioner. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -## Deployment replica count replicaCount: 1 +strategyType: Recreate -## docker image image: - repository: quay.io/external_storage/nfs-client-provisioner - tag: v3.1.0-k8s1.11 + repository: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner + tag: v4.0.2 pullPolicy: IfNotPresent +imagePullSecrets: [] -## Cloud Filestore instance nfs: - ## Set IP address - server: "192.168.1.201" - ## Set file share name - path: "/nfs" + server: 192.168.1.201 + path: /nfs + mountOptions: + volumeName: nfs-subdir-external-provisioner-root + # Reclaim policy for the main nfs volume + reclaimPolicy: Retain -## For creating the StorageClass automatically: +# For creating the StorageClass automatically: storageClass: create: true - ## Set a StorageClass name - name: nfs-201 + # Set a provisioner name. If unset, a name will be generated. + # provisionerName: - ## Set reclaim policy for PV - reclaimPolicy: Retain + # Set StorageClass as the default StorageClass + # Ignored if storageClass.create is false + defaultClass: false + + # Set a StorageClass name + # Ignored if storageClass.create is false + name: nfs-client-201 + + # Allow volume to be expanded dynamically + allowVolumeExpansion: true + + # Method used to reclaim an obsoleted volume + reclaimPolicy: Delete + + # When set to false your PVs will not be archived by the provisioner upon deletion of the PVC. + archiveOnDelete: true + + # If it exists and has 'delete' value, delete the directory. If it exists and has 'retain' value, save the directory. + # Overrides archiveOnDelete. + # Ignored if value not set. + onDelete: + + # Specifies a template for creating a directory path via PVC metadata's such as labels, annotations, name or namespace. + # Ignored if value not set. + pathPattern: + + # Set access mode - ReadWriteOnce, ReadOnlyMany or ReadWriteMany + accessModes: ReadWriteOnce + + # Storage class annotations + annotations: {} + +leaderElection: + # When set to false leader election will be disabled + enabled: true ## For RBAC support: rbac: + # Specifies whether RBAC resources should be created create: true - ## Ignored if rbac.create is true - ## - serviceAccountName: default +# If true, create & use Pod Security Policy resources +# https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +podSecurityPolicy: + enabled: false + +# Deployment pod annotations +podAnnotations: {} + +## Set pod priorityClassName +# priorityClassName: "" + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + + # Annotations to add to the service account + annotations: {} + + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: -## resources: {} # limits: - # cpu: 100m - # memory: 128Mi + # cpu: 100m + # memory: 128Mi # requests: - # cpu: 100m - # memory: 128Mi + # cpu: 100m + # memory: 128Mi nodeSelector: {} tolerations: [] affinity: {} + +# Additional labels for any resource created +labels: {} diff --git a/local-values/207-nfs-client-provisioner-values.yaml b/local-values/207-nfs-client-provisioner-values.yaml index acb0b01..21553b7 100644 --- a/local-values/207-nfs-client-provisioner-values.yaml +++ b/local-values/207-nfs-client-provisioner-values.yaml @@ -1,52 +1,103 @@ -# Default values for nfs-client-provisioner. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -## Deployment replica count replicaCount: 1 +strategyType: Recreate -## docker image image: - repository: quay.io/external_storage/nfs-client-provisioner - tag: v3.1.0-k8s1.11 + repository: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner + tag: v4.0.2 pullPolicy: IfNotPresent +imagePullSecrets: [] -## Cloud Filestore instance nfs: - ## Set IP address - server: "192.168.1.207" - ## Set file share name - path: "/nfs" + server: 192.168.1.207 + path: /nfs + mountOptions: + volumeName: nfs-subdir-external-provisioner-root + # Reclaim policy for the main nfs volume + reclaimPolicy: Retain -## For creating the StorageClass automatically: +# For creating the StorageClass automatically: storageClass: create: true - ## Set a StorageClass name - name: nfs-207 + # Set a provisioner name. If unset, a name will be generated. + # provisionerName: - ## Set reclaim policy for PV - reclaimPolicy: Retain + # Set StorageClass as the default StorageClass + # Ignored if storageClass.create is false + defaultClass: false + + # Set a StorageClass name + # Ignored if storageClass.create is false + name: nfs-client-207 + + # Allow volume to be expanded dynamically + allowVolumeExpansion: true + + # Method used to reclaim an obsoleted volume + reclaimPolicy: Delete + + # When set to false your PVs will not be archived by the provisioner upon deletion of the PVC. + archiveOnDelete: true + + # If it exists and has 'delete' value, delete the directory. If it exists and has 'retain' value, save the directory. + # Overrides archiveOnDelete. + # Ignored if value not set. + onDelete: + + # Specifies a template for creating a directory path via PVC metadata's such as labels, annotations, name or namespace. + # Ignored if value not set. + pathPattern: + + # Set access mode - ReadWriteOnce, ReadOnlyMany or ReadWriteMany + accessModes: ReadWriteOnce + + # Storage class annotations + annotations: {} + +leaderElection: + # When set to false leader election will be disabled + enabled: true ## For RBAC support: rbac: + # Specifies whether RBAC resources should be created create: true - ## Ignored if rbac.create is true - ## - serviceAccountName: default +# If true, create & use Pod Security Policy resources +# https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +podSecurityPolicy: + enabled: false + +# Deployment pod annotations +podAnnotations: {} + +## Set pod priorityClassName +# priorityClassName: "" + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + + # Annotations to add to the service account + annotations: {} + + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: -## resources: {} # limits: - # cpu: 100m - # memory: 128Mi + # cpu: 100m + # memory: 128Mi # requests: - # cpu: 100m - # memory: 128Mi + # cpu: 100m + # memory: 128Mi nodeSelector: {} tolerations: [] affinity: {} + +# Additional labels for any resource created +labels: {} diff --git a/local-values/208-nfs-client-provisioner-values.yaml b/local-values/208-nfs-client-provisioner-values.yaml index c8834e6..412ee95 100644 --- a/local-values/208-nfs-client-provisioner-values.yaml +++ b/local-values/208-nfs-client-provisioner-values.yaml @@ -1,52 +1,103 @@ -# Default values for nfs-client-provisioner. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -## Deployment replica count replicaCount: 1 +strategyType: Recreate -## docker image image: - repository: quay.io/external_storage/nfs-client-provisioner - tag: v3.1.0-k8s1.11 + repository: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner + tag: v4.0.2 pullPolicy: IfNotPresent +imagePullSecrets: [] -## Cloud Filestore instance nfs: - ## Set IP address - server: "192.168.1.208" - ## Set file share name - path: "/nfs" + server: 192.168.1.208 + path: /nfs + mountOptions: + volumeName: nfs-subdir-external-provisioner-root + # Reclaim policy for the main nfs volume + reclaimPolicy: Retain -## For creating the StorageClass automatically: +# For creating the StorageClass automatically: storageClass: create: true - ## Set a StorageClass name - name: nfs-208 + # Set a provisioner name. If unset, a name will be generated. + # provisionerName: - ## Set reclaim policy for PV - reclaimPolicy: Retain + # Set StorageClass as the default StorageClass + # Ignored if storageClass.create is false + defaultClass: false + + # Set a StorageClass name + # Ignored if storageClass.create is false + name: nfs-client-208 + + # Allow volume to be expanded dynamically + allowVolumeExpansion: true + + # Method used to reclaim an obsoleted volume + reclaimPolicy: Delete + + # When set to false your PVs will not be archived by the provisioner upon deletion of the PVC. + archiveOnDelete: true + + # If it exists and has 'delete' value, delete the directory. If it exists and has 'retain' value, save the directory. + # Overrides archiveOnDelete. + # Ignored if value not set. + onDelete: + + # Specifies a template for creating a directory path via PVC metadata's such as labels, annotations, name or namespace. + # Ignored if value not set. + pathPattern: + + # Set access mode - ReadWriteOnce, ReadOnlyMany or ReadWriteMany + accessModes: ReadWriteOnce + + # Storage class annotations + annotations: {} + +leaderElection: + # When set to false leader election will be disabled + enabled: true ## For RBAC support: rbac: + # Specifies whether RBAC resources should be created create: true - ## Ignored if rbac.create is true - ## - serviceAccountName: default +# If true, create & use Pod Security Policy resources +# https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +podSecurityPolicy: + enabled: false + +# Deployment pod annotations +podAnnotations: {} + +## Set pod priorityClassName +# priorityClassName: "" + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + + # Annotations to add to the service account + annotations: {} + + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: -## resources: {} # limits: - # cpu: 100m - # memory: 128Mi + # cpu: 100m + # memory: 128Mi # requests: - # cpu: 100m - # memory: 128Mi + # cpu: 100m + # memory: 128Mi nodeSelector: {} tolerations: [] affinity: {} + +# Additional labels for any resource created +labels: {} diff --git a/local-values/209-nfs-client-provisioner-values.yaml b/local-values/209-nfs-client-provisioner-values.yaml index 11174da..f8b517c 100644 --- a/local-values/209-nfs-client-provisioner-values.yaml +++ b/local-values/209-nfs-client-provisioner-values.yaml @@ -1,52 +1,103 @@ -# Default values for nfs-client-provisioner. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -## Deployment replica count replicaCount: 1 +strategyType: Recreate -## docker image image: - repository: quay.io/external_storage/nfs-client-provisioner - tag: v3.1.0-k8s1.11 + repository: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner + tag: v4.0.2 pullPolicy: IfNotPresent +imagePullSecrets: [] -## Cloud Filestore instance nfs: - ## Set IP address - server: "192.168.1.209" - ## Set file share name - path: "/nfs" + server: 192.168.1.209 + path: /nfs + mountOptions: + volumeName: nfs-subdir-external-provisioner-root + # Reclaim policy for the main nfs volume + reclaimPolicy: Retain -## For creating the StorageClass automatically: +# For creating the StorageClass automatically: storageClass: create: true - ## Set a StorageClass name - name: nfs-209 + # Set a provisioner name. If unset, a name will be generated. + # provisionerName: - ## Set reclaim policy for PV - reclaimPolicy: Retain + # Set StorageClass as the default StorageClass + # Ignored if storageClass.create is false + defaultClass: false + + # Set a StorageClass name + # Ignored if storageClass.create is false + name: nfs-client-209 + + # Allow volume to be expanded dynamically + allowVolumeExpansion: true + + # Method used to reclaim an obsoleted volume + reclaimPolicy: Delete + + # When set to false your PVs will not be archived by the provisioner upon deletion of the PVC. + archiveOnDelete: true + + # If it exists and has 'delete' value, delete the directory. If it exists and has 'retain' value, save the directory. + # Overrides archiveOnDelete. + # Ignored if value not set. + onDelete: + + # Specifies a template for creating a directory path via PVC metadata's such as labels, annotations, name or namespace. + # Ignored if value not set. + pathPattern: + + # Set access mode - ReadWriteOnce, ReadOnlyMany or ReadWriteMany + accessModes: ReadWriteOnce + + # Storage class annotations + annotations: {} + +leaderElection: + # When set to false leader election will be disabled + enabled: true ## For RBAC support: rbac: + # Specifies whether RBAC resources should be created create: true - ## Ignored if rbac.create is true - ## - serviceAccountName: default +# If true, create & use Pod Security Policy resources +# https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +podSecurityPolicy: + enabled: false + +# Deployment pod annotations +podAnnotations: {} + +## Set pod priorityClassName +# priorityClassName: "" + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + + # Annotations to add to the service account + annotations: {} + + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: -## resources: {} # limits: - # cpu: 100m - # memory: 128Mi + # cpu: 100m + # memory: 128Mi # requests: - # cpu: 100m - # memory: 128Mi + # cpu: 100m + # memory: 128Mi nodeSelector: {} tolerations: [] affinity: {} + +# Additional labels for any resource created +labels: {} diff --git a/local-values/nfs-client-provisioner-values.yaml b/local-values/nfs-client-provisioner-values.yaml deleted file mode 100644 index 0152b05..0000000 --- a/local-values/nfs-client-provisioner-values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# Default values for nfs-client-provisioner. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -## Deployment replica count -replicaCount: 1 - -## docker image -image: - repository: quay.io/external_storage/nfs-client-provisioner - tag: v3.1.0-k8s1.11 - pullPolicy: IfNotPresent - -## Cloud Filestore instance -nfs: - ## Set IP address - server: "" - ## Set file share name - path: "/vol1" - -## For creating the StorageClass automatically: -storageClass: - create: true - - ## Set a StorageClass name - name: nfs - - ## Set reclaim policy for PV - reclaimPolicy: Retain - -## For RBAC support: -rbac: - create: true - - ## Ignored if rbac.create is true - ## - serviceAccountName: default - -## -resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/nfs-client-provisioner/.helmignore b/nfs-client-provisioner/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/nfs-client-provisioner/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/nfs-client-provisioner/Chart.yaml b/nfs-client-provisioner/Chart.yaml deleted file mode 100644 index 97ea8be..0000000 --- a/nfs-client-provisioner/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v2 -appVersion: "v3.1.0-k8s1.11" -version: 0.1.5 -type: application -name: nfs-client-provisioner -description: nfs-client-provisioner is an automatic provisioner creating Persistent Volumes from the NFS -home: https://github.com/rimusz/charts/tree/master/stable/nfs-client-provisioner -sources: -- https://github.com/rimusz/hostpath-provisioner -keywords: -- nfs -- storage -- nfs-client -maintainers: -- email: rmocius@gmail.com - name: rimusz diff --git a/nfs-client-provisioner/OWNERS b/nfs-client-provisioner/OWNERS deleted file mode 100644 index 2daa738..0000000 --- a/nfs-client-provisioner/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -approvers: -- rimusz -reviewers: -- rimusz diff --git a/nfs-client-provisioner/README.md b/nfs-client-provisioner/README.md deleted file mode 100644 index 4a42792..0000000 --- a/nfs-client-provisioner/README.md +++ /dev/null @@ -1,116 +0,0 @@ -# NFS Client Provisioner - -[NFS Client Provisioner](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client) -is an automatic provisioner that uses your already configured NFS server to automatically create Persistent Volumes. - -## TL;DR; - -```console -$ helm install rimusz/nfs-client-provisioner --set nfs.server="1.2.3.4" -``` - -## Introduction - -This chart bootstraps a [nfs-client-provisioner](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client) -deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) -package manager. - -## Installing the Chart - -To install the chart with the release name `nfs`: - -```console -$ helm install rimusz/nfs-client-provisioner --name nfs --set nfs.server="1.2.3.4" -``` - -The command deploys nfs-client-provisioner on the Kubernetes cluster in the default -configuration. The [configuration](#configuration) section lists the parameters -that can be configured during installation. - -## Testing the Chart - -Now we'll test your NFS provisioner. - -Deploy: - -```console -$ kubectl create -f test/test-claim.yaml -f test/test-pod.yaml -``` - -Now check in PVC folder on your NFS Server for the file `SUCCESS`. - -Delete: - -```console -kubectl delete -f test/test-pod.yaml -f test/test-claim.yaml -``` - -Now check that PVC folder got renamed to `archived-???`. - -## Deploying your own PersistentVolumeClaim - -To deploy your own PVC, make sure that you have the correct `storage-class` as indicated by your `values.yaml` file. - -For example: - -```yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: test-claim - annotations: - volume.beta.kubernetes.io/storage-class: "nfs" -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 5Mi -``` - -## Uninstalling the Chart - -To uninstall/delete the `nfs` deployment: - -```console -$ helm delete nfs -``` - -The command removes all the Kubernetes components associated with the chart and -deletes the release. - -## Configuration - -The following table lists the configurable parameters of the kibana chart and -their default values. - -| Parameter | Description | Default | -|:-------------------------------|:----------------------------------------------------------------------------------|:------------------------------------------------------| -| `image.repository` | The image repository to pull from | `quay.io/kubernetes_incubator/nfs-client-provisioner` | -| `image.tag` | The image tag to pull from | `v2.1.0-k8s1.10` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `nfs.server` | NFS server IP | `` | -| `nfs.path` | NFS server share path | `/vol1` | -| `storageClass.create` | Enable creation of a StorageClass to consume this nfs-client-provisioner instance | `true` | -| `storageClass.name` | The name to assign the created StorageClass | `nfs` | -| `storageClass.reclaimPolicy` | Set the reclaimPolicy for PV within StorageClass | `Delete` | -| `rbac.create` | Enable RABC | `false` | -| `rbac.serviceAccountName` | Service account name | `default` | -| `resources` | Resource limits for nfs-client-provisioner pod | `{}` | -| `nodeSelector` | Map of node labels for pod assignment | `{}` | -| `tolerations` | List of node taints to tolerate | `[]` | -| `affinity` | Map of node/pod affinities | `{}` | - -```console -$ helm install rimusz/nfs-client-provisioner --name nfs \ - --set nfs.server="1.2.3.4",resources.limits.cpu=200m -``` - -Alternatively, a YAML file that specifies the values for the above parameters -can be provided while installing the chart. For example, - -```console -$ helm install rimusz/nfs-client-provisioner --name nfs -f values.yaml -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) as an example diff --git a/nfs-client-provisioner/templates/NOTES.txt b/nfs-client-provisioner/templates/NOTES.txt deleted file mode 100644 index 2a9369d..0000000 --- a/nfs-client-provisioner/templates/NOTES.txt +++ /dev/null @@ -1,36 +0,0 @@ -The NFS Client Provisioner deployment has now been installed. - -{{- if not .Values.nfs.server }} -############################################################################## -#### ERROR: You did not provide NFS server IP. #### -############################################################################## - -All pods do not go to the running state if the NFS server IP was not provided. - -{{- end }} - -{{ if .Values.storageClass.create -}} -A storage class named '{{ .Values.storageClass.name }}' has now been created -and is available to provision dynamic volumes. - -You can use this storageclass by creating a `PersistentVolumeClaim` with the -correct storageClassName attribute. For example: - - --- - kind: PersistentVolumeClaim - apiVersion: v1 - metadata: - name: test-claim - annotations: - volume.beta.kubernetes.io/storage-class: "{{ .Values.storageClass.name }}" - spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 5Mi - -{{ else -}} -A storage class has NOT been created. You may create a custom `StorageClass` -resource with a `provisioner` annotation of `{{ template "nfs-client-provisioner.provisionerName" . }}`. -{{ end -}} diff --git a/nfs-client-provisioner/templates/_helpers.tpl b/nfs-client-provisioner/templates/_helpers.tpl deleted file mode 100644 index 237978d..0000000 --- a/nfs-client-provisioner/templates/_helpers.tpl +++ /dev/null @@ -1,43 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "nfs-client-provisioner.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "nfs-client-provisioner.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nfs-client-provisioner.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "nfs-client-provisioner.provisionerName" -}} -{{- if .Values.storageClass.provisionerName -}} -{{- printf .Values.storageClass.provisionerName -}} -{{- else -}} -cluster.local/{{ template "nfs-client-provisioner.fullname" . -}} -{{- end -}} -{{- end -}} diff --git a/nfs-client-provisioner/templates/clusterrole.yaml b/nfs-client-provisioner/templates/clusterrole.yaml deleted file mode 100644 index b608892..0000000 --- a/nfs-client-provisioner/templates/clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "nfs-client-provisioner.fullname" . }} - labels: - app: {{ template "nfs-client-provisioner.name" . }} - chart: {{ template "nfs-client-provisioner.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: - - apiGroups: [""] - resources: ["persistentvolumes"] - verbs: ["get", "list", "watch", "create", "delete"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["list", "watch", "create", "update", "patch"] -{{- end -}} diff --git a/nfs-client-provisioner/templates/clusterrolebinding.yaml b/nfs-client-provisioner/templates/clusterrolebinding.yaml deleted file mode 100644 index daa7a6b..0000000 --- a/nfs-client-provisioner/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app: {{ template "nfs-client-provisioner.name" . }} - chart: {{ template "nfs-client-provisioner.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "nfs-client-provisioner.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "nfs-client-provisioner.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "nfs-client-provisioner.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/nfs-client-provisioner/templates/deployment.yaml b/nfs-client-provisioner/templates/deployment.yaml deleted file mode 100644 index b4c7355..0000000 --- a/nfs-client-provisioner/templates/deployment.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.nfs.server }} -kind: Deployment -apiVersion: apps/v1 -metadata: - name: {{ template "nfs-client-provisioner.fullname" . }} - labels: - app: {{ template "nfs-client-provisioner.name" . }} - chart: {{ template "nfs-client-provisioner.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ template "nfs-client-provisioner.name" . }} - release: {{ .Release.Name }} - strategy: - type: Recreate - template: - metadata: - labels: - app: {{ template "nfs-client-provisioner.name" . }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ if .Values.rbac.create }}{{ template "nfs-client-provisioner.fullname" . }}{{ else }}{{ .Values.rbac.serviceAccountName | quote }}{{ end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: nfs-client-root - mountPath: /persistentvolumes - env: - - name: PROVISIONER_NAME - value: {{ template "nfs-client-provisioner.provisionerName" . }} - - name: NFS_SERVER - value: {{ .Values.nfs.server }} - - name: NFS_PATH - value: {{ .Values.nfs.path }} - volumes: - - name: nfs-client-root - nfs: - server: {{ .Values.nfs.server }} - path: {{ .Values.nfs.path }} - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} -{{- end }} diff --git a/nfs-client-provisioner/templates/serviceaccount.yaml b/nfs-client-provisioner/templates/serviceaccount.yaml deleted file mode 100644 index c39fd10..0000000 --- a/nfs-client-provisioner/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: {{ template "nfs-client-provisioner.name" . }} - chart: {{ template "nfs-client-provisioner.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "nfs-client-provisioner.fullname" . }} -{{- end -}} diff --git a/nfs-client-provisioner/templates/storageclass.yaml b/nfs-client-provisioner/templates/storageclass.yaml deleted file mode 100644 index 17ea8f7..0000000 --- a/nfs-client-provisioner/templates/storageclass.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if .Values.storageClass.create -}} -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: {{ .Values.storageClass.name }} - labels: - app: {{ template "nfs-client-provisioner.name" . }} - chart: {{ template "nfs-client-provisioner.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -provisioner: {{ template "nfs-client-provisioner.provisionerName" . }} -reclaimPolicy: {{.Values.storageClass.reclaimPolicy}} -{{ end -}} diff --git a/nfs-client-provisioner/test/test-claim.yaml b/nfs-client-provisioner/test/test-claim.yaml deleted file mode 100644 index 9f7038b..0000000 --- a/nfs-client-provisioner/test/test-claim.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: test-claim - annotations: - volume.beta.kubernetes.io/storage-class: "managed-nfs-storage" -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 1Mi diff --git a/nfs-client-provisioner/test/test-pod.yaml b/nfs-client-provisioner/test/test-pod.yaml deleted file mode 100644 index e5e7b7f..0000000 --- a/nfs-client-provisioner/test/test-pod.yaml +++ /dev/null @@ -1,21 +0,0 @@ -kind: Pod -apiVersion: v1 -metadata: - name: test-pod -spec: - containers: - - name: test-pod - image: gcr.io/google_containers/busybox:1.24 - command: - - "/bin/sh" - args: - - "-c" - - "touch /mnt/SUCCESS && exit 0 || exit 1" - volumeMounts: - - name: nfs-pvc - mountPath: "/mnt" - restartPolicy: "Never" - volumes: - - name: nfs-pvc - persistentVolumeClaim: - claimName: test-claim diff --git a/nfs-client-provisioner/values.yaml b/nfs-client-provisioner/values.yaml deleted file mode 100644 index e918647..0000000 --- a/nfs-client-provisioner/values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# Default values for nfs-client-provisioner. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -## Deployment replica count -replicaCount: 1 - -## docker image -image: - repository: quay.io/external_storage/nfs-client-provisioner - tag: v3.1.0-k8s1.11 - pullPolicy: IfNotPresent - -## Cloud Filestore instance -nfs: - ## Set IP address - server: "" - ## Set file share name - path: "/vol1" - -## For creating the StorageClass automatically: -storageClass: - create: true - - ## Set a StorageClass name - name: nfs - - ## Set reclaim policy for PV - reclaimPolicy: Delete - -## For RBAC support: -rbac: - create: true - - ## Ignored if rbac.create is true - ## - serviceAccountName: default - -## -resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/nfs-subdir-external-provisioner/Chart.yaml b/nfs-subdir-external-provisioner/Chart.yaml new file mode 100644 index 0000000..58d3174 --- /dev/null +++ b/nfs-subdir-external-provisioner/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +appVersion: 4.0.2 +description: nfs-subdir-external-provisioner is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. +name: nfs-subdir-external-provisioner +home: https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner +version: 4.0.14 +kubeVersion: ">=1.9.0-0" +sources: +- https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner +keywords: +- nfs +- storage +- provisioner diff --git a/nfs-subdir-external-provisioner/README.md b/nfs-subdir-external-provisioner/README.md new file mode 100644 index 0000000..c131f36 --- /dev/null +++ b/nfs-subdir-external-provisioner/README.md @@ -0,0 +1,86 @@ +# NFS Subdirectory External Provisioner Helm Chart + +The [NFS subdir external provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner) is an automatic provisioner for Kubernetes that uses your *already configured* NFS server, automatically creating Persistent Volumes. + +## TL;DR; + +```console +$ helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/ +$ helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \ + --set nfs.server=x.x.x.x \ + --set nfs.path=/exported/path +``` + +## Introduction + +This charts installs custom [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/) into a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. It also installs a [NFS client provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner) into the cluster which dynamically creates persistent volumes from single NFS share. + +## Prerequisites + +- Kubernetes >=1.9 +- Existing NFS Share + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install my-release nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \ + --set nfs.server=x.x.x.x \ + --set nfs.path=/exported/path +``` + +The command deploys the given storage class in the default configuration. It can be used afterswards to provision persistent volumes. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of this chart and their default values. + +| Parameter | Description | Default | +| ----------------------------------- | ----------------------------------------------------------------------------------------------------- | -------------------------------------------------------- | +| `replicaCount` | Number of provisioner instances to deployed | `1` | +| `strategyType` | Specifies the strategy used to replace old Pods by new ones | `Recreate` | +| `image.repository` | Provisioner image | `k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner` | +| `image.tag` | Version of provisioner image | `v4.0.2` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `imagePullSecrets` | Image pull secrets | `[]` | +| `storageClass.name` | Name of the storageClass | `nfs-client` | +| `storageClass.defaultClass` | Set as the default StorageClass | `false` | +| `storageClass.allowVolumeExpansion` | Allow expanding the volume | `true` | +| `storageClass.reclaimPolicy` | Method used to reclaim an obsoleted volume | `Delete` | +| `storageClass.provisionerName` | Name of the provisionerName | null | +| `storageClass.archiveOnDelete` | Archive PVC when deleting | `true` | +| `storageClass.onDelete` | Strategy on PVC deletion. Overrides archiveOnDelete when set to lowercase values 'delete' or 'retain' | null | +| `storageClass.pathPattern` | Specifies a template for the directory name | null | +| `storageClass.accessModes` | Set access mode for PV | `ReadWriteOnce` | +| `storageClass.annotations` | Set additional annotations for the StorageClass | `{}` | +| `leaderElection.enabled` | Enables or disables leader election | `true` | +| `nfs.server` | Hostname of the NFS server (required) | null (ip or hostname) | +| `nfs.path` | Basepath of the mount point to be used | `/nfs-storage` | +| `nfs.mountOptions` | Mount options (e.g. 'nfsvers=3') | null | +| `nfs.volumeName` | Volume name used inside the pods | `nfs-subdir-external-provisioner-root` | +| `nfs.reclaimPolicy` | Reclaim policy for the main nfs volume used for subdir provisioning | `Retain` | +| `resources` | Resources required (e.g. CPU, memory) | `{}` | +| `rbac.create` | Use Role-based Access Control | `true` | +| `podSecurityPolicy.enabled` | Create & use Pod Security Policy resources | `false` | +| `podAnnotations` | Additional annotations for the Pods | `{}` | +| `priorityClassName` | Set pod priorityClassName | null | +| `serviceAccount.create` | Should we create a ServiceAccount | `true` | +| `serviceAccount.name` | Name of the ServiceAccount to use | null | +| `serviceAccount.annotations` | Additional annotations for the ServiceAccount | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `affinity` | Affinity settings | `{}` | +| `tolerations` | List of node taints to tolerate | `[]` | +| `labels` | Additional labels for any resource created | `{}` | diff --git a/nfs-subdir-external-provisioner/ci/test-values.yaml b/nfs-subdir-external-provisioner/ci/test-values.yaml new file mode 100644 index 0000000..4237de5 --- /dev/null +++ b/nfs-subdir-external-provisioner/ci/test-values.yaml @@ -0,0 +1,5 @@ +nfs: + server: 127.0.0.1 +podSecurityPolicy: + enabled: true +buildMode: true diff --git a/nfs-subdir-external-provisioner/templates/_helpers.tpl b/nfs-subdir-external-provisioner/templates/_helpers.tpl new file mode 100644 index 0000000..c6c4f79 --- /dev/null +++ b/nfs-subdir-external-provisioner/templates/_helpers.tpl @@ -0,0 +1,92 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "nfs-subdir-external-provisioner.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nfs-subdir-external-provisioner.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nfs-subdir-external-provisioner.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "nfs-subdir-external-provisioner.provisionerName" -}} +{{- if .Values.storageClass.provisionerName -}} +{{- printf .Values.storageClass.provisionerName -}} +{{- else -}} +cluster.local/{{ template "nfs-subdir-external-provisioner.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "nfs-subdir-external-provisioner.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "nfs-subdir-external-provisioner.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for podSecurityPolicy. +*/}} +{{- define "podSecurityPolicy.apiVersion" -}} +{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "extensions/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "nfs-subdir-external-provisioner.labels" -}} +chart: {{ template "nfs-subdir-external-provisioner.chart" . }} +heritage: {{ .Release.Service }} +{{ include "nfs-subdir-external-provisioner.selectorLabels" . }} +{{- with .Values.labels }} +{{- toYaml . | nindent 0 }} +{{- end }} +{{- end }} + +{{/* +Pod template labels +*/}} +{{- define "nfs-subdir-external-provisioner.podLabels" -}} +{{ include "nfs-subdir-external-provisioner.selectorLabels" . }} +{{- with .Values.labels }} +{{- toYaml . | nindent 0 }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "nfs-subdir-external-provisioner.selectorLabels" -}} +app: {{ template "nfs-subdir-external-provisioner.name" . }} +release: {{ .Release.Name }} +{{- end }} diff --git a/nfs-subdir-external-provisioner/templates/clusterrole.yaml b/nfs-subdir-external-provisioner/templates/clusterrole.yaml new file mode 100644 index 0000000..078cfcc --- /dev/null +++ b/nfs-subdir-external-provisioner/templates/clusterrole.yaml @@ -0,0 +1,30 @@ +{{- if .Values.rbac.create }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} + name: {{ template "nfs-subdir-external-provisioner.fullname" . }}-runner +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "nfs-subdir-external-provisioner.fullname" . }}] +{{- end }} +{{- end }} diff --git a/nfs-subdir-external-provisioner/templates/clusterrolebinding.yaml b/nfs-subdir-external-provisioner/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..c5e5582 --- /dev/null +++ b/nfs-subdir-external-provisioner/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} + name: run-{{ template "nfs-subdir-external-provisioner.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "nfs-subdir-external-provisioner.fullname" . }}-runner + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/nfs-subdir-external-provisioner/templates/deployment.yaml b/nfs-subdir-external-provisioner/templates/deployment.yaml new file mode 100644 index 0000000..a8b47fc --- /dev/null +++ b/nfs-subdir-external-provisioner/templates/deployment.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "nfs-subdir-external-provisioner.fullname" . }} + labels: + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.strategyType }} + selector: + matchLabels: + {{- include "nfs-subdir-external-provisioner.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if and (.Values.tolerations) (semverCompare "<1.6-0" .Capabilities.KubeVersion.GitVersion) }} + scheduler.alpha.kubernetes.io/tolerations: '{{ toJson .Values.tolerations }}' + {{- end }} + labels: + {{- include "nfs-subdir-external-provisioner.podLabels" . | nindent 8 }} + spec: + serviceAccountName: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: {{ .Values.nfs.volumeName }} + mountPath: /persistentvolumes + env: + - name: PROVISIONER_NAME + value: {{ template "nfs-subdir-external-provisioner.provisionerName" . }} + - name: NFS_SERVER + value: {{ .Values.nfs.server }} + - name: NFS_PATH + value: {{ .Values.nfs.path }} + {{- if eq .Values.leaderElection.enabled false }} + - name: ENABLE_LEADER_ELECTION + value: "false" + {{- end }} + {{- with .Values.resources }} + resources: +{{ toYaml . | indent 12 }} + {{- end }} + volumes: + - name: {{ .Values.nfs.volumeName }} +{{- if .Values.buildMode }} + emptyDir: {} +{{- else if .Values.nfs.mountOptions }} + persistentVolumeClaim: + claimName: pvc-{{ template "nfs-subdir-external-provisioner.fullname" . }} +{{- else }} + nfs: + server: {{ .Values.nfs.server }} + path: {{ .Values.nfs.path }} +{{- end }} + {{- if and (.Values.tolerations) (semverCompare "^1.6-0" .Capabilities.KubeVersion.GitVersion) }} + tolerations: +{{ toYaml .Values.tolerations | indent 6 }} + {{- end }} diff --git a/nfs-subdir-external-provisioner/templates/persistentvolume.yaml b/nfs-subdir-external-provisioner/templates/persistentvolume.yaml new file mode 100644 index 0000000..9d6ba4d --- /dev/null +++ b/nfs-subdir-external-provisioner/templates/persistentvolume.yaml @@ -0,0 +1,26 @@ +{{ if .Values.nfs.mountOptions -}} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-{{ template "nfs-subdir-external-provisioner.fullname" . }} + labels: + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} + nfs-subdir-external-provisioner: {{ template "nfs-subdir-external-provisioner.fullname" . }} +spec: + capacity: + storage: 10Mi + volumeMode: Filesystem + accessModes: + - {{ .Values.storageClass.accessModes }} + persistentVolumeReclaimPolicy: {{ .Values.nfs.reclaimPolicy }} + storageClassName: "" + {{- if .Values.nfs.mountOptions }} + mountOptions: + {{- range .Values.nfs.mountOptions }} + - {{ . }} + {{- end }} + {{- end }} + nfs: + server: {{ .Values.nfs.server }} + path: {{ .Values.nfs.path }} +{{ end -}} diff --git a/nfs-subdir-external-provisioner/templates/persistentvolumeclaim.yaml b/nfs-subdir-external-provisioner/templates/persistentvolumeclaim.yaml new file mode 100644 index 0000000..993dc53 --- /dev/null +++ b/nfs-subdir-external-provisioner/templates/persistentvolumeclaim.yaml @@ -0,0 +1,19 @@ +{{ if .Values.nfs.mountOptions -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: pvc-{{ template "nfs-subdir-external-provisioner.fullname" . }} + labels: + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.storageClass.accessModes }} + volumeMode: Filesystem + storageClassName: "" + selector: + matchLabels: + nfs-subdir-external-provisioner: {{ template "nfs-subdir-external-provisioner.fullname" . }} + resources: + requests: + storage: 10Mi +{{ end -}} diff --git a/nfs-subdir-external-provisioner/templates/podsecuritypolicy.yaml b/nfs-subdir-external-provisioner/templates/podsecuritypolicy.yaml new file mode 100644 index 0000000..5e3274a --- /dev/null +++ b/nfs-subdir-external-provisioner/templates/podsecuritypolicy.yaml @@ -0,0 +1,29 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: {{ template "podSecurityPolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "nfs-subdir-external-provisioner.fullname" . }} + labels: + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} +spec: + privileged: false + allowPrivilegeEscalation: false + requiredDropCapabilities: + - ALL + volumes: + - 'secret' + - 'nfs' + - 'persistentVolumeClaim' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + readOnlyRootFilesystem: false +{{- end }} diff --git a/nfs-subdir-external-provisioner/templates/role.yaml b/nfs-subdir-external-provisioner/templates/role.yaml new file mode 100644 index 0000000..9d17581 --- /dev/null +++ b/nfs-subdir-external-provisioner/templates/role.yaml @@ -0,0 +1,18 @@ +{{- if .Values.rbac.create }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} + name: leader-locking-{{ template "nfs-subdir-external-provisioner.fullname" . }} +rules: + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] +{{- if .Values.podSecurityPolicy.enabled }} + - apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: [{{ template "nfs-subdir-external-provisioner.fullname" . }}] +{{- end }} +{{- end }} diff --git a/nfs-subdir-external-provisioner/templates/rolebinding.yaml b/nfs-subdir-external-provisioner/templates/rolebinding.yaml new file mode 100644 index 0000000..6bba960 --- /dev/null +++ b/nfs-subdir-external-provisioner/templates/rolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} + name: leader-locking-{{ template "nfs-subdir-external-provisioner.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: leader-locking-{{ template "nfs-subdir-external-provisioner.fullname" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/nfs-subdir-external-provisioner/templates/serviceaccount.yaml b/nfs-subdir-external-provisioner/templates/serviceaccount.yaml new file mode 100644 index 0000000..a68ff9e --- /dev/null +++ b/nfs-subdir-external-provisioner/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{ if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + name: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }} +{{- end -}} diff --git a/nfs-subdir-external-provisioner/templates/storageclass.yaml b/nfs-subdir-external-provisioner/templates/storageclass.yaml new file mode 100644 index 0000000..698d32b --- /dev/null +++ b/nfs-subdir-external-provisioner/templates/storageclass.yaml @@ -0,0 +1,32 @@ +{{ if .Values.storageClass.create -}} +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + labels: + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} + name: {{ .Values.storageClass.name }} + annotations: + {{- if .Values.storageClass.defaultClass }} + storageclass.kubernetes.io/is-default-class: "true" + {{- end }} + {{- with .Values.storageClass.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +provisioner: {{ template "nfs-subdir-external-provisioner.provisionerName" . }} +allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }} +reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }} +parameters: + archiveOnDelete: "{{ .Values.storageClass.archiveOnDelete }}" + {{- if .Values.storageClass.pathPattern }} + pathPattern: "{{ .Values.storageClass.pathPattern }}" + {{- end }} + {{- if .Values.storageClass.onDelete }} + onDelete: "{{ .Values.storageClass.onDelete }}" + {{- end }} +{{- if .Values.nfs.mountOptions }} +mountOptions: + {{- range .Values.nfs.mountOptions }} + - {{ . }} + {{- end }} +{{- end }} +{{ end -}} diff --git a/nfs-subdir-external-provisioner/values.yaml b/nfs-subdir-external-provisioner/values.yaml new file mode 100644 index 0000000..20720b1 --- /dev/null +++ b/nfs-subdir-external-provisioner/values.yaml @@ -0,0 +1,103 @@ +replicaCount: 1 +strategyType: Recreate + +image: + repository: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner + tag: v4.0.2 + pullPolicy: IfNotPresent +imagePullSecrets: [] + +nfs: + server: + path: /nfs-storage + mountOptions: + volumeName: nfs-subdir-external-provisioner-root + # Reclaim policy for the main nfs volume + reclaimPolicy: Retain + +# For creating the StorageClass automatically: +storageClass: + create: true + + # Set a provisioner name. If unset, a name will be generated. + # provisionerName: + + # Set StorageClass as the default StorageClass + # Ignored if storageClass.create is false + defaultClass: false + + # Set a StorageClass name + # Ignored if storageClass.create is false + name: nfs-client + + # Allow volume to be expanded dynamically + allowVolumeExpansion: true + + # Method used to reclaim an obsoleted volume + reclaimPolicy: Delete + + # When set to false your PVs will not be archived by the provisioner upon deletion of the PVC. + archiveOnDelete: true + + # If it exists and has 'delete' value, delete the directory. If it exists and has 'retain' value, save the directory. + # Overrides archiveOnDelete. + # Ignored if value not set. + onDelete: + + # Specifies a template for creating a directory path via PVC metadata's such as labels, annotations, name or namespace. + # Ignored if value not set. + pathPattern: + + # Set access mode - ReadWriteOnce, ReadOnlyMany or ReadWriteMany + accessModes: ReadWriteOnce + + # Storage class annotations + annotations: {} + +leaderElection: + # When set to false leader election will be disabled + enabled: true + +## For RBAC support: +rbac: + # Specifies whether RBAC resources should be created + create: true + +# If true, create & use Pod Security Policy resources +# https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +podSecurityPolicy: + enabled: false + +# Deployment pod annotations +podAnnotations: {} + +## Set pod priorityClassName +# priorityClassName: "" + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + + # Annotations to add to the service account + annotations: {} + + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# Additional labels for any resource created +labels: {}