From 3750d99a3a793a1417c75cf8728c7db870f922cf Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Tue, 30 Apr 2024 13:01:52 +0200 Subject: [PATCH] Add proxmox-csi plugin Signed-off-by: Andrei Kvapil --- packages/system/proxmox-csi/Chart.yaml | 2 + packages/system/proxmox-csi/Makefile | 13 + packages/system/proxmox-csi/README.md | 6 + .../.helmignore | 23 ++ .../Chart.yaml | 24 ++ .../README.md | 81 +++++++ .../README.md.gotmpl | 52 ++++ .../ci/values.yaml | 27 +++ .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 69 ++++++ .../templates/deployment.yaml | 102 ++++++++ .../templates/role.yaml | 53 +++++ .../templates/rolebinding.yaml | 26 ++ .../templates/secrets.yaml | 11 + .../templates/serviceaccount.yaml | 13 + .../values.edge.yaml | 13 + .../values.talos.yaml | 8 + .../values.yaml | 125 ++++++++++ .../charts/proxmox-csi-plugin/.helmignore | 23 ++ .../charts/proxmox-csi-plugin/Chart.yaml | 26 ++ .../charts/proxmox-csi-plugin/README.md | 116 +++++++++ .../proxmox-csi-plugin/README.md.gotmpl | 68 ++++++ .../charts/proxmox-csi-plugin/ci/values.yaml | 22 ++ .../proxmox-csi-plugin/templates/NOTES.txt | 0 .../proxmox-csi-plugin/templates/_helpers.tpl | 71 ++++++ .../templates/controller-clusterrole.yaml | 37 +++ .../templates/controller-deployment.yaml | 157 +++++++++++++ .../templates/controller-role.yaml | 21 ++ .../templates/controller-rolebinding.yaml | 26 ++ .../templates/csidriver.yaml | 10 + .../templates/node-clusterrole.yaml | 14 ++ .../templates/node-deployment.yaml | 135 +++++++++++ .../templates/node-rolebinding.yaml | 12 + .../proxmox-csi-plugin/templates/secrets.yaml | 12 + .../templates/serviceaccount.yaml | 25 ++ .../templates/storageclass.yaml | 20 ++ .../proxmox-csi-plugin/values.edge.yaml | 30 +++ .../proxmox-csi-plugin/values.talos.yaml | 21 ++ .../charts/proxmox-csi-plugin/values.yaml | 222 ++++++++++++++++++ .../proxmox-csi/patches/namespace.patch | 13 + packages/system/proxmox-csi/tests/1.yaml | 30 +++ packages/system/proxmox-csi/values.yaml | 22 ++ 42 files changed, 1781 insertions(+) create mode 100644 packages/system/proxmox-csi/Chart.yaml create mode 100644 packages/system/proxmox-csi/Makefile create mode 100644 packages/system/proxmox-csi/README.md create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/.helmignore create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/Chart.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md.gotmpl create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/ci/values.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/NOTES.txt create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/_helpers.tpl create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/deployment.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/role.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/secrets.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/serviceaccount.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.edge.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.talos.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/.helmignore create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/Chart.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md.gotmpl create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/ci/values.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/NOTES.txt create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/_helpers.tpl create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-clusterrole.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-deployment.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-role.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-rolebinding.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/csidriver.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-clusterrole.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-deployment.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-rolebinding.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/secrets.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/serviceaccount.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/storageclass.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.edge.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.talos.yaml create mode 100644 packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.yaml create mode 100644 packages/system/proxmox-csi/patches/namespace.patch create mode 100644 packages/system/proxmox-csi/tests/1.yaml create mode 100644 packages/system/proxmox-csi/values.yaml diff --git a/packages/system/proxmox-csi/Chart.yaml b/packages/system/proxmox-csi/Chart.yaml new file mode 100644 index 00000000..0aa33800 --- /dev/null +++ b/packages/system/proxmox-csi/Chart.yaml @@ -0,0 +1,2 @@ +name: app +version: 0.0.0 diff --git a/packages/system/proxmox-csi/Makefile b/packages/system/proxmox-csi/Makefile new file mode 100644 index 00000000..357a739e --- /dev/null +++ b/packages/system/proxmox-csi/Makefile @@ -0,0 +1,13 @@ +include ../../hack/app-helm.mk + +update: + rm -rf charts + tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/sergelogvinov/proxmox-cloud-controller-manager | awk -F'[/^]' 'END{print $$3}') && \ + curl -sSL https://github.com/sergelogvinov/proxmox-cloud-controller-manager/archive/refs/tags/$${tag}.tar.gz | \ + tar xzvf - --strip 1 proxmox-cloud-controller-manager-$${tag#*v}/charts + sed -i 's/^ namespace: .*/ namespace: kube-system/' charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml + tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/sergelogvinov/proxmox-csi-plugin | awk -F'[/^]' 'END{print $$3}') && \ + curl -sSL https://github.com/sergelogvinov/proxmox-csi-plugin/archive/refs/tags/$${tag}.tar.gz | \ + tar xzvf - --strip 1 proxmox-csi-plugin-$${tag#*v}/charts + rm -f charts/proxmox-csi-plugin/templates/namespace.yaml + patch -p 3 < patches/namespace.patch diff --git a/packages/system/proxmox-csi/README.md b/packages/system/proxmox-csi/README.md new file mode 100644 index 00000000..d95c5324 --- /dev/null +++ b/packages/system/proxmox-csi/README.md @@ -0,0 +1,6 @@ +# Proxmox CSI Plugin + +Plugin that provides CSI interface for Proxmox + +- GitHub: https://github.com/sergelogvinov/proxmox-csi-plugin +- Telegram: https://t.me/ru_talos diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/.helmignore b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/Chart.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/Chart.yaml new file mode 100644 index 00000000..cd2b2ebd --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: proxmox-cloud-controller-manager +description: A Helm chart for Kubernetes +type: application +home: https://github.com/sergelogvinov/proxmox-cloud-controller-manager +icon: https://proxmox.com/templates/yoo_nano2/favicon.ico +sources: +- https://github.com/sergelogvinov/proxmox-cloud-controller-manager +keywords: +- ccm +maintainers: +- name: sergelogvinov + url: https://github.com/sergelogvinov + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.6 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: v0.2.0 diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md new file mode 100644 index 00000000..94a97015 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md @@ -0,0 +1,81 @@ +# proxmox-cloud-controller-manager + +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square) + +A Helm chart for Kubernetes + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| sergelogvinov | | | + +## Source Code + +* + +Example: + +```yaml +# proxmox-ccm.yaml + +config: + clusters: + - url: https://cluster-api-1.exmple.com:8006/api2/json + insecure: false + token_id: "kubernetes@pve!csi" + token_secret: "key" + region: cluster-1 + +enabledControllers: + # Remove `cloud-node` if you use it with Talos CCM + - cloud-node + - cloud-node-lifecycle + +# Deploy CCM only on control-plane nodes +nodeSelector: + node-role.kubernetes.io/control-plane: "" +tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule +``` + +Deploy chart: + +```shell +helm upgrade -i --namespace=kube-system -f proxmox-ccm.yaml \ + proxmox-cloud-controller-manager charts/proxmox-cloud-controller-manager +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| replicaCount | int | `1` | | +| image.repository | string | `"ghcr.io/sergelogvinov/proxmox-cloud-controller-manager"` | Proxmox CCM image. | +| image.pullPolicy | string | `"IfNotPresent"` | Always or IfNotPresent | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. | +| imagePullSecrets | list | `[]` | | +| nameOverride | string | `""` | | +| fullnameOverride | string | `""` | | +| extraArgs | list | `[]` | Any extra arguments for talos-cloud-controller-manager | +| enabledControllers | list | `["cloud-node","cloud-node-lifecycle"]` | List of controllers should be enabled. Use '*' to enable all controllers. Support only `cloud-node,cloud-node-lifecycle` controllers. | +| logVerbosityLevel | int | `2` | Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md for description of individual verbosity levels. | +| existingConfigSecret | string | `nil` | Proxmox cluster config stored in secrets. | +| existingConfigSecretKey | string | `"config.yaml"` | Proxmox cluster config stored in secrets key. | +| config | object | `{"clusters":[]}` | Proxmox cluster config. | +| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Pods Service Account. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | +| priorityClassName | string | `"system-cluster-critical"` | CCM pods' priorityClassName. | +| podAnnotations | object | `{}` | Annotations for data pods. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | +| podSecurityContext | object | `{"fsGroup":10258,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":10258,"runAsNonRoot":true,"runAsUser":10258}` | Pods Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | +| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"seccompProfile":{"type":"RuntimeDefault"}}` | Container Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | +| resources | object | `{"requests":{"cpu":"10m","memory":"32Mi"}}` | Resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ | +| updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | Deployment update stategy type. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment | +| nodeSelector | object | `{}` | Node labels for data pods assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ | +| tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane","operator":"Exists"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","operator":"Exists"}]` | Tolerations for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | +| affinity | object | `{}` | Affinity for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md.gotmpl b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md.gotmpl new file mode 100644 index 00000000..b07e90dc --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md.gotmpl @@ -0,0 +1,52 @@ +{{ template "chart.header" . }} + +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +Example: + +```yaml +# proxmox-ccm.yaml + +config: + clusters: + - url: https://cluster-api-1.exmple.com:8006/api2/json + insecure: false + token_id: "kubernetes@pve!csi" + token_secret: "key" + region: cluster-1 + +enabledControllers: + # Remove `cloud-node` if you use it with Talos CCM + - cloud-node + - cloud-node-lifecycle + +# Deploy CCM only on control-plane nodes +nodeSelector: + node-role.kubernetes.io/control-plane: "" +tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule +``` + +Deploy chart: + +```shell +helm upgrade -i --namespace=kube-system -f proxmox-ccm.yaml \ + proxmox-cloud-controller-manager charts/proxmox-cloud-controller-manager +``` + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/ci/values.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/ci/values.yaml new file mode 100644 index 00000000..8e61cb01 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/ci/values.yaml @@ -0,0 +1,27 @@ + +image: + repository: ghcr.io/sergelogvinov/proxmox-cloud-controller-manager + pullPolicy: Always + tag: edge + +nodeSelector: + node-role.kubernetes.io/control-plane: "" + +logVerbosityLevel: 4 + +enabledControllers: + - cloud-node + - cloud-node-lifecycle + +config: + clusters: + - url: https://cluster-api-1.exmple.com:8006/api2/json + insecure: false + token_id: "user!token-id" + token_secret: "secret" + region: cluster-1 + - url: https://cluster-api-2.exmple.com:8006/api2/json + insecure: false + token_id: "user!token-id" + token_secret: "secret" + region: cluster-2 diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/NOTES.txt b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/NOTES.txt new file mode 100644 index 00000000..e69de29b diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/_helpers.tpl b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/_helpers.tpl new file mode 100644 index 00000000..ee962923 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/_helpers.tpl @@ -0,0 +1,69 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "proxmox-cloud-controller-manager.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "proxmox-cloud-controller-manager.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "proxmox-cloud-controller-manager.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "proxmox-cloud-controller-manager.labels" -}} +helm.sh/chart: {{ include "proxmox-cloud-controller-manager.chart" . }} +{{ include "proxmox-cloud-controller-manager.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "proxmox-cloud-controller-manager.selectorLabels" -}} +app.kubernetes.io/name: {{ include "proxmox-cloud-controller-manager.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "proxmox-cloud-controller-manager.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "proxmox-cloud-controller-manager.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Generate string of enabled controllers. Might have a trailing comma (,) which needs to be trimmed. +*/}} +{{- define "proxmox-cloud-controller-manager.enabledControllers" }} +{{- range .Values.enabledControllers -}}{{ . }},{{- end -}} +{{- end }} diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/deployment.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/deployment.yaml new file mode 100644 index 00000000..10eea712 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/deployment.yaml @@ -0,0 +1,102 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "proxmox-cloud-controller-manager.fullname" . }} + labels: + {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.updateStrategy.type }} + selector: + matchLabels: + {{- include "proxmox-cloud-controller-manager.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if .Values.config }} + checksum/config: {{ toJson .Values.config | sha256sum }} + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "proxmox-cloud-controller-manager.selectorLabels" . | nindent 8 }} + spec: + enableServiceLinks: false + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "proxmox-cloud-controller-manager.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - --v={{ .Values.logVerbosityLevel }} + - --cloud-provider=proxmox + - --cloud-config=/etc/proxmox/config.yaml + - --controllers={{- trimAll "," (include "proxmox-cloud-controller-manager.enabledControllers" . ) }} + - --leader-elect-resource-name=cloud-controller-manager-proxmox + - --use-service-account-credentials + - --secure-port=10258 + {{- with .Values.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + livenessProbe: + httpGet: + path: /healthz + port: 10258 + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 30 + timeoutSeconds: 5 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: cloud-config + mountPath: /etc/proxmox + readOnly: true + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + {{- include "proxmox-cloud-controller-manager.selectorLabels" . | nindent 14 }} + volumes: + {{- if .Values.existingConfigSecret }} + - name: cloud-config + secret: + secretName: {{ .Values.existingConfigSecret }} + items: + - key: {{ .Values.existingConfigSecretKey }} + path: config.yaml + defaultMode: 416 + {{- else }} + - name: cloud-config + secret: + secretName: {{ include "proxmox-cloud-controller-manager.fullname" . }} + defaultMode: 416 + {{- end }} diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/role.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/role.yaml new file mode 100644 index 00000000..b35bf2b7 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/role.yaml @@ -0,0 +1,53 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:{{ include "proxmox-cloud-controller-manager.fullname" . }} + labels: + {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }} +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml new file mode 100644 index 00000000..32b065ec --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml @@ -0,0 +1,26 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:{{ include "proxmox-cloud-controller-manager.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:{{ include "proxmox-cloud-controller-manager.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "proxmox-cloud-controller-manager.fullname" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: system:{{ include "proxmox-cloud-controller-manager.fullname" . }}:extension-apiserver-authentication-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - kind: ServiceAccount + name: {{ include "proxmox-cloud-controller-manager.fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/secrets.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/secrets.yaml new file mode 100644 index 00000000..ce60f622 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/secrets.yaml @@ -0,0 +1,11 @@ +{{- if ne (len .Values.config.clusters) 0 }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "proxmox-cloud-controller-manager.fullname" . }} + labels: + {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }} + namespace: {{ .Release.Namespace }} +data: + config.yaml: {{ toYaml .Values.config | b64enc | quote }} +{{- end }} diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/serviceaccount.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/serviceaccount.yaml new file mode 100644 index 00000000..b9ecfcc2 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "proxmox-cloud-controller-manager.serviceAccountName" . }} + labels: + {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.edge.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.edge.yaml new file mode 100644 index 00000000..b90cc003 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.edge.yaml @@ -0,0 +1,13 @@ + +image: + pullPolicy: Always + tag: edge + +nodeSelector: + node-role.kubernetes.io/control-plane: "" + +logVerbosityLevel: 4 + +enabledControllers: + - cloud-node + - cloud-node-lifecycle diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.talos.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.talos.yaml new file mode 100644 index 00000000..2730ddf5 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.talos.yaml @@ -0,0 +1,8 @@ + +nodeSelector: + node-role.kubernetes.io/control-plane: "" + +logVerbosityLevel: 4 + +enabledControllers: + - cloud-node-lifecycle diff --git a/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.yaml b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.yaml new file mode 100644 index 00000000..cf98befa --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.yaml @@ -0,0 +1,125 @@ +# Default values for proxmox-cloud-controller-manager. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + # -- Proxmox CCM image. + repository: ghcr.io/sergelogvinov/proxmox-cloud-controller-manager + # -- Always or IfNotPresent + pullPolicy: IfNotPresent + # -- Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +# -- Any extra arguments for talos-cloud-controller-manager +extraArgs: [] + # - --cluster-name=kubernetes + +# -- List of controllers should be enabled. +# Use '*' to enable all controllers. +# Support only `cloud-node,cloud-node-lifecycle` controllers. +enabledControllers: + - cloud-node + - cloud-node-lifecycle + # - route + # - service + +# -- Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md +# for description of individual verbosity levels. +logVerbosityLevel: 2 + +# -- Proxmox cluster config stored in secrets. +existingConfigSecret: ~ +# -- Proxmox cluster config stored in secrets key. +existingConfigSecretKey: config.yaml + +# -- Proxmox cluster config. +config: + clusters: [] + # - url: https://cluster-api-1.exmple.com:8006/api2/json + # insecure: false + # token_id: "login!name" + # token_secret: "secret" + # region: cluster-1 + +# -- Pods Service Account. +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# -- CCM pods' priorityClassName. +priorityClassName: system-cluster-critical + +# -- Annotations for data pods. +# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +podAnnotations: {} + +# -- Pods Security Context. +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +podSecurityContext: + runAsNonRoot: true + runAsUser: 10258 + runAsGroup: 10258 + fsGroup: 10258 + fsGroupChangePolicy: "OnRootMismatch" + +# -- Container Security Context. +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + +# -- Resource requests and limits. +# ref: https://kubernetes.io/docs/user-guide/compute-resources/ +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + requests: + cpu: 10m + memory: 32Mi + +# -- Deployment update stategy type. +# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment +updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + +# -- Node labels for data pods assignment. +# ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + # node-role.kubernetes.io/control-plane: "" + +# -- Tolerations for data pods assignment. +# ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + operator: Exists + +# -- Affinity for data pods assignment. +# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: {} diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/.helmignore b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/Chart.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/Chart.yaml new file mode 100644 index 00000000..fd34e387 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/Chart.yaml @@ -0,0 +1,26 @@ +apiVersion: v2 +name: proxmox-csi-plugin +description: A CSI plugin for Proxmox +type: application +home: https://github.com/sergelogvinov/proxmox-csi-plugin +icon: https://proxmox.com/templates/yoo_nano2/favicon.ico +sources: +- https://github.com/sergelogvinov/proxmox-csi-plugin +keywords: +- storage +- block-storage +- volume +maintainers: +- name: sergelogvinov + url: https://github.com/sergelogvinov + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.6 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: v0.3.0 diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md new file mode 100644 index 00000000..c951a316 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md @@ -0,0 +1,116 @@ +# proxmox-csi-plugin + +![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.0](https://img.shields.io/badge/AppVersion-v0.3.0-informational?style=flat-square) + +A CSI plugin for Proxmox + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| sergelogvinov | | | + +## Source Code + +* + +Example: + +```yaml +# proxmox-csi.yaml + +config: + clusters: + - url: https://cluster-api-1.exmple.com:8006/api2/json + insecure: false + token_id: "kubernetes-csi@pve!csi" + token_secret: "key" + region: cluster-1 + +# Deploy Node CSI driver only on proxmox nodes +node: + nodeSelector: + # It will work only with Talos CCM, remove it overwise + node.cloudprovider.kubernetes.io/platform: nocloud + tolerations: + - operator: Exists + +# Deploy CSI controller only on control-plane nodes +nodeSelector: + node-role.kubernetes.io/control-plane: "" +tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + +# Define storage classes +# See https://pve.proxmox.com/wiki/Storage +storageClass: + - name: proxmox-data-xfs + storage: data + reclaimPolicy: Delete + fstype: xfs + - name: proxmox-data + storage: data + reclaimPolicy: Delete + fstype: ext4 + cache: writethrough +``` + +Deploy chart: + +```shell +helm upgrade -i --namespace=csi-proxmox -f proxmox-csi.yaml \ + proxmox-csi-plugin charts/proxmox-csi-plugin/ +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| replicaCount | int | `1` | | +| imagePullSecrets | list | `[]` | | +| nameOverride | string | `""` | | +| fullnameOverride | string | `""` | | +| priorityClassName | string | `"system-cluster-critical"` | Controller pods priorityClassName. | +| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Pods Service Account. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ | +| provisionerName | string | `"csi.proxmox.sinextra.dev"` | CSI Driver provisioner name. Currently, cannot be customized. | +| clusterID | string | `"kubernetes"` | Cluster name. Currently, cannot be customized. | +| logVerbosityLevel | int | `5` | Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md for description of individual verbosity levels. | +| timeout | string | `"3m"` | Connection timeout between sidecars. | +| existingConfigSecret | string | `nil` | Proxmox cluster config stored in secrets. | +| existingConfigSecretKey | string | `"config.yaml"` | Proxmox cluster config stored in secrets key. | +| configFile | string | `"/etc/proxmox/config.yaml"` | Proxmox cluster config path. | +| config | object | `{"clusters":[]}` | Proxmox cluster config. | +| storageClass | list | `[]` | Storage class defenition. | +| controller.plugin.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/sergelogvinov/proxmox-csi-controller","tag":""}` | Controller CSI Driver. | +| controller.plugin.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Controller resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ | +| controller.attacher.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-attacher","tag":"v4.3.0"}` | CSI Attacher. | +| controller.attacher.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Attacher resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ | +| controller.provisioner.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-provisioner","tag":"v3.5.0"}` | CSI Provisioner. | +| controller.provisioner.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Provisioner resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ | +| controller.resizer.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-resizer","tag":"v1.8.0"}` | CSI Resizer. | +| controller.resizer.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Resizer resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ | +| node.plugin.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/sergelogvinov/proxmox-csi-node","tag":""}` | Node CSI Driver. | +| node.plugin.resources | object | `{}` | Node CSI Driver resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ | +| node.driverRegistrar.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-node-driver-registrar","tag":"v2.8.0"}` | Node CSI driver registrar. | +| node.driverRegistrar.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Node registrar resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ | +| node.nodeSelector | object | `{}` | Node labels for node-plugin assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ | +| node.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/unschedulable","operator":"Exists"},{"effect":"NoSchedule","key":"node.kubernetes.io/disk-pressure","operator":"Exists"}]` | Tolerations for node-plugin assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | +| livenessprobe.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/livenessprobe","tag":"v2.10.0"}` | Common livenessprobe sidecar. | +| livenessprobe.failureThreshold | int | `5` | Failure threshold for livenessProbe | +| livenessprobe.initialDelaySeconds | int | `10` | Initial delay seconds for livenessProbe | +| livenessprobe.timeoutSeconds | int | `10` | Timeout seconds for livenessProbe | +| livenessprobe.periodSeconds | int | `60` | Period seconds for livenessProbe | +| livenessprobe.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Liveness probe resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ | +| podAnnotations | object | `{}` | Annotations for controller pod. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ | +| podSecurityContext | object | `{"fsGroup":65532,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532}` | Controller Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | +| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Controller Container Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | +| updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | Controller deployment update stategy type. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment | +| nodeSelector | object | `{}` | Node labels for controller assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ | +| tolerations | list | `[]` | Tolerations for controller assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | +| affinity | object | `{}` | Affinity for controller assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md.gotmpl b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md.gotmpl new file mode 100644 index 00000000..da7ee0ce --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md.gotmpl @@ -0,0 +1,68 @@ +{{ template "chart.header" . }} + +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +Example: + +```yaml +# proxmox-csi.yaml + +config: + clusters: + - url: https://cluster-api-1.exmple.com:8006/api2/json + insecure: false + token_id: "kubernetes-csi@pve!csi" + token_secret: "key" + region: cluster-1 + +# Deploy Node CSI driver only on proxmox nodes +node: + nodeSelector: + # It will work only with Talos CCM, remove it overwise + node.cloudprovider.kubernetes.io/platform: nocloud + tolerations: + - operator: Exists + +# Deploy CSI controller only on control-plane nodes +nodeSelector: + node-role.kubernetes.io/control-plane: "" +tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + +# Define storage classes +# See https://pve.proxmox.com/wiki/Storage +storageClass: + - name: proxmox-data-xfs + storage: data + reclaimPolicy: Delete + fstype: xfs + - name: proxmox-data + storage: data + reclaimPolicy: Delete + fstype: ext4 + cache: writethrough +``` + +Deploy chart: + +```shell +helm upgrade -i --namespace=csi-proxmox -f proxmox-csi.yaml \ + proxmox-csi-plugin charts/proxmox-csi-plugin/ +``` + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/ci/values.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/ci/values.yaml new file mode 100644 index 00000000..7c834140 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/ci/values.yaml @@ -0,0 +1,22 @@ + +node: + nodeSelector: + node.cloudprovider.kubernetes.io/platform: nocloud + tolerations: + - operator: Exists + +nodeSelector: + node-role.kubernetes.io/control-plane: "" +tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + +storageClass: + - name: proxmox-data-xfs + storage: data + reclaimPolicy: Delete + fstype: xfs + - name: proxmox-data + storage: data + reclaimPolicy: Delete + ssd: true diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/NOTES.txt b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/NOTES.txt new file mode 100644 index 00000000..e69de29b diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/_helpers.tpl b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/_helpers.tpl new file mode 100644 index 00000000..2a7f8027 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/_helpers.tpl @@ -0,0 +1,71 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "proxmox-csi-plugin.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "proxmox-csi-plugin.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "proxmox-csi-plugin.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "proxmox-csi-plugin.labels" -}} +helm.sh/chart: {{ include "proxmox-csi-plugin.chart" . }} +app.kubernetes.io/name: {{ include "proxmox-csi-plugin.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "proxmox-csi-plugin.selectorLabels" -}} +app.kubernetes.io/name: {{ include "proxmox-csi-plugin.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: controller +{{- end }} + +{{- define "proxmox-csi-plugin-node.selectorLabels" -}} +app.kubernetes.io/name: {{ include "proxmox-csi-plugin.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: node +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "proxmox-csi-plugin.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "proxmox-csi-plugin.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-clusterrole.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-clusterrole.yaml new file mode 100644 index 00000000..6737e23c --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-clusterrole.yaml @@ -0,0 +1,37 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "proxmox-csi-plugin.fullname" . }}-controller + namespace: {{ .Release.Namespace }} + labels: + {{- include "proxmox-csi-plugin.labels" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "patch", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get","list", "watch", "create", "update", "patch"] + + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-deployment.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-deployment.yaml new file mode 100644 index 00000000..605a1f08 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-deployment.yaml @@ -0,0 +1,157 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "proxmox-csi-plugin.fullname" . }}-controller + namespace: {{ .Release.Namespace }} + labels: + {{- include "proxmox-csi-plugin.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.updateStrategy.type }} + rollingUpdate: + {{- toYaml .Values.updateStrategy.rollingUpdate | nindent 6 }} + selector: + matchLabels: + {{- include "proxmox-csi-plugin.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ toJson .Values.config | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "proxmox-csi-plugin.selectorLabels" . | nindent 8 }} + spec: + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + enableServiceLinks: false + serviceAccountName: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-controller + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ include "proxmox-csi-plugin.fullname" . }}-controller + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.controller.plugin.image.repository }}:{{ .Values.controller.plugin.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.controller.plugin.image.pullPolicy }} + args: + - "-v={{ .Values.logVerbosityLevel }}" + - "--csi-address=unix:///csi/csi.sock" + - "--cloud-config={{ .Values.configFile }}" + resources: + {{- toYaml .Values.controller.plugin.resources | nindent 12 }} + volumeMounts: + - name: socket-dir + mountPath: /csi + - name: cloud-config + mountPath: /etc/proxmox/ + - name: csi-attacher + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.controller.attacher.image.repository }}:{{ .Values.controller.attacher.image.tag }}" + imagePullPolicy: {{ .Values.controller.attacher.image.pullPolicy }} + args: + - "-v={{ .Values.logVerbosityLevel }}" + - "--csi-address=unix:///csi/csi.sock" + - "--timeout={{ .Values.timeout }}" + - "--leader-election" + - "--default-fstype=ext4" + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: {{ toYaml .Values.controller.attacher.resources | nindent 12 }} + - name: csi-provisioner + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.controller.provisioner.image.repository }}:{{ .Values.controller.provisioner.image.tag }}" + imagePullPolicy: {{ .Values.controller.provisioner.image.pullPolicy }} + args: + - "-v={{ .Values.logVerbosityLevel }}" + - "--csi-address=unix:///csi/csi.sock" + - "--timeout={{ .Values.timeout }}" + - "--leader-election" + - "--default-fstype=ext4" + - "--feature-gates=Topology=True" + - "--enable-capacity" + - "--capacity-ownerref-level=2" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: {{ toYaml .Values.controller.provisioner.resources | nindent 12 }} + - name: csi-resizer + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.controller.resizer.image.repository }}:{{ .Values.controller.resizer.image.tag }}" + imagePullPolicy: {{ .Values.controller.resizer.image.pullPolicy }} + args: + - "-v={{ .Values.logVerbosityLevel }}" + - "--csi-address=unix:///csi/csi.sock" + - "--timeout={{ .Values.timeout }}" + - "--handle-volume-inuse-error=false" + - "--leader-election" + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: {{ toYaml .Values.controller.resizer.resources | nindent 12 }} + - name: liveness-probe + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.livenessprobe.image.repository }}:{{ .Values.livenessprobe.image.tag }}" + imagePullPolicy: {{ .Values.livenessprobe.image.pullPolicy }} + args: + - "-v={{ .Values.logVerbosityLevel }}" + - "--csi-address=unix:///csi/csi.sock" + volumeMounts: + - name: socket-dir + mountPath: /csi + resources: {{ toYaml .Values.livenessprobe.resources | nindent 12 }} + volumes: + - name: socket-dir + emptyDir: {} + {{- if .Values.existingConfigSecret }} + - name: cloud-config + secret: + secretName: {{ .Values.existingConfigSecret }} + items: + - key: {{ .Values.existingConfigSecretKey }} + path: config.yaml + {{- else }} + - name: cloud-config + secret: + secretName: {{ include "proxmox-csi-plugin.fullname" . }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + {{- include "proxmox-csi-plugin.selectorLabels" . | nindent 14 }} diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-role.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-role.yaml new file mode 100644 index 00000000..b69d223f --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-role.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "proxmox-csi-plugin.fullname" . }}-controller + namespace: {{ .Release.Namespace }} + labels: + {{- include "proxmox-csi-plugin.labels" . | nindent 4 }} +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-rolebinding.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-rolebinding.yaml new file mode 100644 index 00000000..478e0f6f --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-rolebinding.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "proxmox-csi-plugin.fullname" . }}-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "proxmox-csi-plugin.fullname" . }}-controller +subjects: + - kind: ServiceAccount + name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "proxmox-csi-plugin.fullname" . }}-controller + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "proxmox-csi-plugin.fullname" . }}-controller +subjects: + - kind: ServiceAccount + name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-controller + namespace: {{ .Release.Namespace }} diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/csidriver.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/csidriver.yaml new file mode 100644 index 00000000..5d0652e8 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/csidriver.yaml @@ -0,0 +1,10 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: {{ .Values.provisionerName }} +spec: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-clusterrole.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-clusterrole.yaml new file mode 100644 index 00000000..02af491f --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-clusterrole.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "proxmox-csi-plugin.fullname" . }}-node + namespace: {{ .Release.Namespace }} + labels: + {{- include "proxmox-csi-plugin.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-deployment.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-deployment.yaml new file mode 100644 index 00000000..deba6833 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-deployment.yaml @@ -0,0 +1,135 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "proxmox-csi-plugin.fullname" . }}-node + namespace: {{ .Release.Namespace }} + labels: + {{- include "proxmox-csi-plugin.labels" . | nindent 4 }} +spec: + updateStrategy: + type: {{ .Values.updateStrategy.type }} + selector: + matchLabels: + {{- include "proxmox-csi-plugin-node.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "proxmox-csi-plugin-node.selectorLabels" . | nindent 8 }} + spec: + priorityClassName: system-node-critical + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + enableServiceLinks: false + serviceAccountName: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-node + securityContext: + runAsUser: 0 + runAsGroup: 0 + containers: + - name: {{ include "proxmox-csi-plugin.fullname" . }}-node + securityContext: + privileged: true + capabilities: + drop: + - ALL + add: + - SYS_ADMIN + - CHOWN + - DAC_OVERRIDE + seccompProfile: + type: RuntimeDefault + image: "{{ .Values.node.plugin.image.repository }}:{{ .Values.node.plugin.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.node.plugin.image.pullPolicy }} + args: + - "-v={{ .Values.logVerbosityLevel }}" + - "--csi-address=unix:///csi/csi.sock" + - "--node-id=$(NODE_NAME)" + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + resources: {{- toYaml .Values.node.plugin.resources | nindent 12 }} + volumeMounts: + - name: socket + mountPath: /csi + - name: kubelet + mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + - name: dev + mountPath: /dev + - name: sys + mountPath: /sys + - name: csi-node-driver-registrar + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + # readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + image: "{{ .Values.node.driverRegistrar.image.repository }}:{{ .Values.node.driverRegistrar.image.tag }}" + imagePullPolicy: {{ .Values.node.driverRegistrar.image.pullPolicy }} + args: + - "-v={{ .Values.logVerbosityLevel }}" + - "--csi-address=unix:///csi/csi.sock" + - "--kubelet-registration-path=/var/lib/kubelet/plugins/{{ .Values.provisionerName }}/csi.sock" + volumeMounts: + - name: socket + mountPath: /csi + - name: registration + mountPath: /registration + resources: {{- toYaml .Values.node.driverRegistrar.resources | nindent 12 }} + - name: liveness-probe + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault + image: "{{ .Values.livenessprobe.image.repository }}:{{ .Values.livenessprobe.image.tag }}" + imagePullPolicy: {{ .Values.livenessprobe.image.pullPolicy }} + args: + - "-v={{ .Values.logVerbosityLevel }}" + - "--csi-address=unix:///csi/csi.sock" + volumeMounts: + - name: socket + mountPath: /csi + resources: {{- toYaml .Values.livenessprobe.resources | nindent 12 }} + volumes: + - name: socket + hostPath: + path: /var/lib/kubelet/plugins/{{ .Values.provisionerName }}/ + type: DirectoryOrCreate + - name: registration + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + - name: kubelet + hostPath: + path: /var/lib/kubelet + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory + {{- with .Values.node.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.node.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-rolebinding.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-rolebinding.yaml new file mode 100644 index 00000000..4585dd66 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-rolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "proxmox-csi-plugin.fullname" . }}-node +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "proxmox-csi-plugin.fullname" . }}-node +subjects: + - kind: ServiceAccount + name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-node + namespace: {{ .Release.Namespace }} diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/secrets.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/secrets.yaml new file mode 100644 index 00000000..f96f5d57 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/secrets.yaml @@ -0,0 +1,12 @@ +{{- if ne (len .Values.config.clusters) 0 }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "proxmox-csi-plugin.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "proxmox-csi-plugin.labels" . | nindent 4 }} +type: Opaque +data: + config.yaml: {{ toYaml .Values.config | b64enc | quote }} +{{- end }} diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/serviceaccount.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/serviceaccount.yaml new file mode 100644 index 00000000..d6a45548 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/serviceaccount.yaml @@ -0,0 +1,25 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-controller + namespace: {{ .Release.Namespace }} + labels: + {{- include "proxmox-csi-plugin.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-node + namespace: {{ .Release.Namespace }} + labels: + {{- include "proxmox-csi-plugin.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/storageclass.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/storageclass.yaml new file mode 100644 index 00000000..2049f620 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/storageclass.yaml @@ -0,0 +1,20 @@ +{{- range $storage := .Values.storageClass }} +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: {{ $storage.name }} +provisioner: {{ $.Values.provisionerName }} +allowVolumeExpansion: true +volumeBindingMode: WaitForFirstConsumer +reclaimPolicy: {{ default "Delete" $storage.reclaimPolicy }} +parameters: + csi.storage.k8s.io/fstype: {{ default "ext4" $storage.fstype }} + storage: {{ $storage.storage }} + {{- if $storage.cache }} + cache: {{ $storage.cache }} + {{- end }} + {{- if $storage.ssd }} + ssd: "true" + {{- end }} +--- +{{- end }} diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.edge.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.edge.yaml new file mode 100644 index 00000000..1b3c37b6 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.edge.yaml @@ -0,0 +1,30 @@ + +controller: + plugin: + image: + pullPolicy: Always + tag: edge + +node: + plugin: + image: + pullPolicy: Always + tag: edge + + nodeSelector: + node.cloudprovider.kubernetes.io/platform: nocloud + +nodeSelector: + node-role.kubernetes.io/control-plane: "" +tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + +storageClass: + - name: proxmox-data-xfs + storage: data + reclaimPolicy: Delete + fstype: xfs + - name: proxmox-data + storage: data + ssd: true diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.talos.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.talos.yaml new file mode 100644 index 00000000..76224192 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.talos.yaml @@ -0,0 +1,21 @@ + +node: + nodeSelector: + node.cloudprovider.kubernetes.io/platform: nocloud + tolerations: + - operator: Exists + +nodeSelector: + node-role.kubernetes.io/control-plane: "" +tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + +storageClass: + - name: proxmox-data-xfs + storage: data + reclaimPolicy: Delete + fstype: xfs + - name: proxmox-data + storage: data + reclaimPolicy: Delete diff --git a/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.yaml b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.yaml new file mode 100644 index 00000000..1637be82 --- /dev/null +++ b/packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.yaml @@ -0,0 +1,222 @@ +# Default values for proxmox-csi-plugin. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +# -- Controller pods priorityClassName. +priorityClassName: system-cluster-critical + +# -- Pods Service Account. +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# -- CSI Driver provisioner name. +# Currently, cannot be customized. +provisionerName: csi.proxmox.sinextra.dev + +# -- Cluster name. +# Currently, cannot be customized. +clusterID: kubernetes + +# -- Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md +# for description of individual verbosity levels. +logVerbosityLevel: 5 + +# -- Connection timeout between sidecars. +timeout: 3m + +# -- Proxmox cluster config stored in secrets. +existingConfigSecret: ~ +# -- Proxmox cluster config stored in secrets key. +existingConfigSecretKey: config.yaml + +# -- Proxmox cluster config path. +configFile: /etc/proxmox/config.yaml + +# -- Proxmox cluster config. +config: + clusters: [] + # - url: https://cluster-api-1.exmple.com:8006/api2/json + # insecure: false + # token_id: "login!name" + # token_secret: "secret" + # region: cluster-1 + +# -- Storage class defenition. +storageClass: [] + # - name: proxmox-data-xfs + # storage: data + # reclaimPolicy: Delete + # fstype: ext4|xfs + # + # # https://pve.proxmox.com/wiki/Performance_Tweaks + # cache: directsync|none|writeback|writethrough + # ssd: true + +controller: + plugin: + # -- Controller CSI Driver. + image: + repository: ghcr.io/sergelogvinov/proxmox-csi-controller + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # -- Controller resource requests and limits. + # ref: https://kubernetes.io/docs/user-guide/compute-resources/ + resources: + requests: + cpu: 10m + memory: 16Mi + attacher: + # -- CSI Attacher. + image: + repository: registry.k8s.io/sig-storage/csi-attacher + pullPolicy: IfNotPresent + tag: v4.3.0 + # -- Attacher resource requests and limits. + # ref: https://kubernetes.io/docs/user-guide/compute-resources/ + resources: + requests: + cpu: 10m + memory: 16Mi + provisioner: + # -- CSI Provisioner. + image: + repository: registry.k8s.io/sig-storage/csi-provisioner + pullPolicy: IfNotPresent + tag: v3.5.0 + # -- Provisioner resource requests and limits. + # ref: https://kubernetes.io/docs/user-guide/compute-resources/ + resources: + requests: + cpu: 10m + memory: 16Mi + resizer: + # -- CSI Resizer. + image: + repository: registry.k8s.io/sig-storage/csi-resizer + pullPolicy: IfNotPresent + tag: v1.8.0 + # -- Resizer resource requests and limits. + # ref: https://kubernetes.io/docs/user-guide/compute-resources/ + resources: + requests: + cpu: 10m + memory: 16Mi + +node: + plugin: + # -- Node CSI Driver. + image: + repository: ghcr.io/sergelogvinov/proxmox-csi-node + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # -- Node CSI Driver resource requests and limits. + # ref: https://kubernetes.io/docs/user-guide/compute-resources/ + resources: {} + driverRegistrar: + # -- Node CSI driver registrar. + image: + repository: registry.k8s.io/sig-storage/csi-node-driver-registrar + pullPolicy: IfNotPresent + tag: v2.8.0 + # -- Node registrar resource requests and limits. + # ref: https://kubernetes.io/docs/user-guide/compute-resources/ + resources: + requests: + cpu: 10m + memory: 16Mi + + # -- Node labels for node-plugin assignment. + # ref: https://kubernetes.io/docs/user-guide/node-selection/ + nodeSelector: {} + + # -- Tolerations for node-plugin assignment. + # ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: + - key: node.kubernetes.io/unschedulable + operator: Exists + effect: NoSchedule + - key: node.kubernetes.io/disk-pressure + operator: Exists + effect: NoSchedule + +livenessprobe: + # -- Common livenessprobe sidecar. + image: + repository: registry.k8s.io/sig-storage/livenessprobe + pullPolicy: IfNotPresent + tag: v2.10.0 + # -- Failure threshold for livenessProbe + failureThreshold: 5 + # -- Initial delay seconds for livenessProbe + initialDelaySeconds: 10 + # -- Timeout seconds for livenessProbe + timeoutSeconds: 10 + # -- Period seconds for livenessProbe + periodSeconds: 60 + # -- Liveness probe resource requests and limits. + # ref: https://kubernetes.io/docs/user-guide/compute-resources/ + resources: + requests: + cpu: 10m + memory: 16Mi + +# -- Annotations for controller pod. +# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +podAnnotations: {} + +# -- Controller Security Context. +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +podSecurityContext: + runAsNonRoot: true + runAsUser: 65532 + runAsGroup: 65532 + fsGroup: 65532 + fsGroupChangePolicy: OnRootMismatch + +# -- Controller Container Security Context. +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + readOnlyRootFilesystem: true + +# -- Controller deployment update stategy type. +# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment +updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + +# -- Node labels for controller assignment. +# ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + # node-role.kubernetes.io/control-plane: "" + +# -- Tolerations for controller assignment. +# ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + # - key: node-role.kubernetes.io/control-plane + # effect: NoSchedule + +# -- Affinity for controller assignment. +# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: {} diff --git a/packages/system/proxmox-csi/patches/namespace.patch b/packages/system/proxmox-csi/patches/namespace.patch new file mode 100644 index 00000000..c0648576 --- /dev/null +++ b/packages/system/proxmox-csi/patches/namespace.patch @@ -0,0 +1,13 @@ +diff --git a/apps/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml b/apps/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml +index 0ed037f..32b065e 100644 +--- a/apps/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml ++++ b/apps/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml +@@ -9,7 +9,7 @@ roleRef: + subjects: + - kind: ServiceAccount + name: {{ include "proxmox-cloud-controller-manager.fullname" . }} +- namespace: kube-system ++ namespace: {{ .Release.Namespace }} + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding diff --git a/packages/system/proxmox-csi/tests/1.yaml b/packages/system/proxmox-csi/tests/1.yaml new file mode 100644 index 00000000..e8a19fc9 --- /dev/null +++ b/packages/system/proxmox-csi/tests/1.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: task-pv-claim +spec: + storageClassName: proxmox-lvm + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi +--- +apiVersion: v1 +kind: Pod +metadata: + name: task-pv-pod +spec: + volumes: + - name: task-pv-storage + persistentVolumeClaim: + claimName: task-pv-claim + containers: + - name: task-pv-container + image: nginx + ports: + - containerPort: 80 + name: "http-server" + volumeMounts: + - mountPath: "/usr/share/nginx/html" + name: task-pv-storage diff --git a/packages/system/proxmox-csi/values.yaml b/packages/system/proxmox-csi/values.yaml new file mode 100644 index 00000000..19a5f9f1 --- /dev/null +++ b/packages/system/proxmox-csi/values.yaml @@ -0,0 +1,22 @@ +proxmox-cloud-controller-manager: + fullnameOverride: proxmox-cloud-controller-manager + + enabledControllers: + - cloud-node + - cloud-node-lifecycle + + # Deploy CCM only on control-plane nodes + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + +proxmox-csi-plugin: + fullnameOverride: proxmox-csi-plugin + + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule