diff --git a/deploy/charts/templates/_helpers.tpl b/deploy/charts/templates/_helpers.tpl index f6e673af..4a2f1d9b 100644 --- a/deploy/charts/templates/_helpers.tpl +++ b/deploy/charts/templates/_helpers.tpl @@ -1,3 +1,83 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "harvester-csi-driver-lvm.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "harvester-csi-driver-lvm.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +CSI-plugin labels +*/}} +{{- define "harvester-csi-driver-lvm.labels" -}} +helm.sh/chart: {{ include "harvester-csi-driver-lvm.chart" . }} +{{ include "harvester-csi-driver-lvm.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: storage +{{- end }} + +{{/* +CSI-plugin Selector labels +*/}} +{{- define "harvester-csi-driver-lvm.selectorLabels" -}} +app.kubernetes.io/name: {{ include "harvester-csi-driver-lvm.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +CSI-controller labels +*/}} +{{- define "harvester-csi-driver-lvm-controller.labels" -}} +helm.sh/chart: {{ include "harvester-csi-driver-lvm.chart" . }} +{{ include "harvester-csi-driver-lvm-controller.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: storage +{{- end }} + +{{/* +CSI-controller Selector labels +*/}} +{{- define "harvester-csi-driver-lvm-controller.selectorLabels" -}} +app.kubernetes.io/name: {{ include "harvester-csi-driver-lvm.name" . }}-controller +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +CSI-webhook labels +*/}} +{{- define "harvester-csi-driver-lvm-webhook.labels" -}} +helm.sh/chart: {{ include "harvester-csi-driver-lvm.chart" . }} +{{ include "harvester-csi-driver-lvm-webhook.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: webhook +{{- end }} + +{{/* +CSI-webhook Selector labels +*/}} +{{- define "harvester-csi-driver-lvm-webhook.selectorLabels" -}} +app.kubernetes.io/name: {{ include "harvester-csi-driver-lvm.name" . }}-webhook +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +CSI components +*/}} {{- define "externalImages.csiAttacher" -}} {{- if .Values.customCSISidecars.enabled -}} {{- print .Values.customCSISidecars.attacher -}} diff --git a/deploy/charts/templates/controller.yaml b/deploy/charts/templates/controller.yaml index 423dcc83..f090502f 100644 --- a/deploy/charts/templates/controller.yaml +++ b/deploy/charts/templates/controller.yaml @@ -4,28 +4,27 @@ apiVersion: apps/v1 metadata: name: harvester-csi-driver-lvm-controller labels: - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "harvester-csi-driver-lvm-controller.labels" . | nindent 4 }} spec: serviceName: harvester-csi-driver-lvm-controller replicas: 1 selector: matchLabels: - app: harvester-csi-driver-lvm-controller + {{- include "harvester-csi-driver-lvm-controller.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: harvester-csi-driver-lvm-controller + {{- include "harvester-csi-driver-lvm-controller.labels" . | nindent 8 }} spec: affinity: podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - - key: app + - key: app.kubernetes.io/name operator: In values: - - harvester-csi-driver-lvm-plugin + - harvester-csi-driver-lvm topologyKey: kubernetes.io/hostname {{- if .Values.nodeSelector.provisioner }} nodeSelector: diff --git a/deploy/charts/templates/csi.yaml b/deploy/charts/templates/csi.yaml index d1ae0ce1..d37865f6 100644 --- a/deploy/charts/templates/csi.yaml +++ b/deploy/charts/templates/csi.yaml @@ -4,17 +4,16 @@ kind: DaemonSet metadata: name: harvester-csi-driver-lvm-plugin labels: - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "harvester-csi-driver-lvm.labels" . | nindent 4 }} spec: revisionHistoryLimit: 10 selector: matchLabels: - app: harvester-csi-driver-lvm-plugin + {{- include "harvester-csi-driver-lvm.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: harvester-csi-driver-lvm-plugin + {{- include "harvester-csi-driver-lvm.labels" . | nindent 8 }} spec: serviceAccountName: harvester-csi-driver-lvm {{- if .Values.tolerations.plugin }} diff --git a/deploy/charts/templates/rbac.yaml b/deploy/charts/templates/rbac.yaml index a43ec3f6..00966619 100644 --- a/deploy/charts/templates/rbac.yaml +++ b/deploy/charts/templates/rbac.yaml @@ -49,4 +49,43 @@ roleRef: kind: ClusterRole name: harvester-csi-driver-lvm apiGroup: rbac.authorization.k8s.io ---- \ No newline at end of file +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: harvester-csi-driver-lvm-webhook + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: harvester-csi-driver-lvm-webhook +rules: + - apiGroups: [ "" ] + resources: [ "secrets", "configmaps" ] + verbs: [ "*" ] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "storageclasses" ] + verbs: [ "*" ] + - apiGroups: [ "apiregistration.k8s.io" ] + resources: [ "apiservices" ] + verbs: [ "get", "watch", "list" ] + - apiGroups: [ "apiextensions.k8s.io" ] + resources: [ "customresourcedefinitions" ] + verbs: [ "get", "watch", "list" ] + - apiGroups: [ "admissionregistration.k8s.io" ] + resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: harvester-csi-driver-lvm-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: harvester-csi-driver-lvm-webhook +subjects: + - kind: ServiceAccount + name: harvester-csi-driver-lvm-webhook + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/deploy/charts/templates/webhook.yaml b/deploy/charts/templates/webhook.yaml new file mode 100644 index 00000000..716cc4f0 --- /dev/null +++ b/deploy/charts/templates/webhook.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{ .Release.Namespace }} + labels: + {{- include "harvester-csi-driver-lvm-webhook.labels" . | nindent 4 }} + {{- if .Values.webhook.replicas }} + # The annotation does not support 0 replicas. + annotations: + management.cattle.io/scale-available: "{{ .Values.webhook.replicas }}" + {{- end }} + name: harvester-csi-driver-lvm-webhook +spec: + {{- if not .Values.webhook.replicas }} + # Use this field instead of the scale-available annotation when it is 0 replicas. + replicas: {{ .Values.webhook.replicas }} + {{- end }} + selector: + matchLabels: + {{- include "harvester-csi-driver-lvm-webhook.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "harvester-csi-driver-lvm-webhook.labels" . | nindent 8 }} + spec: + serviceAccountName: harvester-csi-driver-lvm-webhook +{{- if .Values.tolerations.webhook }} + tolerations: +{{ toYaml .Values.tolerations.webhook | indent 8 }} +{{- end }} + containers: + - name: harvester-csi-driver-lvm-webhook + image: "{{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.webhook.image.pullPolicy }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: + - csi-driver-lvm-webhook +--- +apiVersion: v1 +kind: Service +metadata: + name: harvester-csi-driver-lvm-webhook + namespace: {{ .Release.Namespace }} +spec: + type: ClusterIP + selector: + {{- include "harvester-csi-driver-lvm-webhook.selectorLabels" . | nindent 4 }} + ports: + - name: https + port: 443 + protocol: TCP + targetPort: {{ .Values.webhook.httpsPort }} \ No newline at end of file diff --git a/deploy/charts/values.yaml b/deploy/charts/values.yaml index d6954101..a9a42ae7 100644 --- a/deploy/charts/values.yaml +++ b/deploy/charts/values.yaml @@ -14,6 +14,8 @@ provisionerImage: # Overrides the image tag whose default is the chart appVersion. tag: "main-head" +nameOverride: "" + lvm: # You will want to change this for read-only filesystems # For example, in Talos OS, set this to "/var/etc/lvm" @@ -21,6 +23,15 @@ lvm: driverName: lvm.driver.harvesterhci.io +webhook: + replicas: 1 + image: + repository: rancher/harvester-lvm-csi-driver-webhook + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "main-head" + httpsPort: 8443 + rbac: create: true @@ -86,4 +97,11 @@ tolerations: # effect: NoSchedule # - key: node-role.kubernetes.io/control-plane # operator: Exists + # effect: NoSchedule + webhook: + # - key: node-role.kubernetes.io/master + # operator: Exists + # effect: NoSchedule + # - key: node-role.kubernetes.io/control-plane + # operator: Exists # effect: NoSchedule \ No newline at end of file diff --git a/package/Dockerfile.webhook b/package/Dockerfile.webhook new file mode 100644 index 00000000..47c7f3c8 --- /dev/null +++ b/package/Dockerfile.webhook @@ -0,0 +1,19 @@ +# syntax=docker/dockerfile:1.7.0 + +FROM registry.suse.com/bci/bci-base:15.6 + +RUN zypper -n rm container-suseconnect && \ + zypper -n install util-linux-systemd lvm2 e2fsprogs nvme-cli device-mapper xfsprogs && \ + zypper -n clean -a && rm -rf /tmp/* /var/tmp/* /usr/share/doc/packages/* + +ARG TARGETPLATFORM + +RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \ + echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \ + exit 1; \ + fi + +ENV ARCH=${TARGETPLATFORM#linux/} + +COPY bin/csi-driver-lvm-webhook-${ARCH} /usr/bin/csi-driver-lvm-webhook +ENTRYPOINT ["csi-driver-lvm-webhook"] diff --git a/scripts/build b/scripts/build index fe489d44..447dc236 100755 --- a/scripts/build +++ b/scripts/build @@ -24,4 +24,5 @@ for arch in "amd64" "arm64"; do fi GOARCH="$arch" CGO_ENABLED=1 CC=$CC CGO_CFLAGS=$CGO_CFLAGS CGO_LDFLAGS=$CGO_LDFLAGS go build -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/lvmplugin-"$arch" GOARCH="$arch" CGO_ENABLED=1 CC=$CC CGO_CFLAGS=$CGO_CFLAGS CGO_LDFLAGS=$CGO_LDFLAGS go build -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/csi-lvmplugin-provisioner-"$arch" cmd/provisioner/*.go + GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/csi-driver-lvm-webhook-"$arch" cmd/webhook/*.go done diff --git a/scripts/package b/scripts/package index 9e18843f..807b36b3 100755 --- a/scripts/package +++ b/scripts/package @@ -2,4 +2,5 @@ set -e ./package_lvmplugin -./package_lvm_provisioner \ No newline at end of file +./package_lvm_provisioner +./package_lvm_webhook \ No newline at end of file diff --git a/scripts/package_lvm_webhook b/scripts/package_lvm_webhook new file mode 100755 index 00000000..777daeac --- /dev/null +++ b/scripts/package_lvm_webhook @@ -0,0 +1,15 @@ +#!/bin/bash +set -e + +source $(dirname $0)/version + +cd $(dirname $0)/.. + +IMAGE=${REPO}/harvester-lvm-csi-driver-webhook:${TAG} +DOCKERFILE=package/Dockerfile.webhook +if [ -e ${DOCKERFILE}.${ARCH} ]; then + DOCKERFILE=${DOCKERFILE}.${ARCH} +fi + +buildx build --load -f ${DOCKERFILE} -t ${IMAGE} . +echo Built ${IMAGE}