From 0869cb9ec6a8039f77835d20e9317589bfa2b051 Mon Sep 17 00:00:00 2001 From: John Call Date: Thu, 4 Mar 2021 12:26:13 -0700 Subject: [PATCH 01/11] Fix README.md The previous `oc adm policy add-role-to-user use-scc-hostmount-anyuid` command was incorrect. Replacing it with the correct one --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8159dea..6582dd8 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,7 @@ $ NAMESPACE=`oc project -q` $ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml $ oc create -f deploy/rbac.yaml $ oc create role use-scc-hostmount-anyuid --verb=use --resource=scc --resource-name=hostmount-anyuid -n $NAMESPACE -$ oc adm policy add-role-to-user use-scc-hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner +$ oc adm policy add-scc-to-user hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner ``` **Step 4: Configure the NFS subdir external provisioner** From 74123487f2409b5e62f4838afdbaa5e73f9f999f Mon Sep 17 00:00:00 2001 From: Yonatan Kahana Date: Wed, 10 Mar 2021 23:15:12 +0200 Subject: [PATCH 02/11] Helm chart labels and annotations support Signed-off-by: Yonatan Kahana --- .github/workflows/helm-chart-lint.yml | 2 +- .../Chart.yaml | 2 +- .../nfs-subdir-external-provisioner/README.md | 58 ++++++++++--------- .../templates/_helpers.tpl | 21 ++++++- .../templates/clusterrole.yaml | 5 +- .../templates/clusterrolebinding.yaml | 5 +- .../templates/deployment.yaml | 18 +++--- .../templates/persistentvolume.yaml | 1 + .../templates/persistentvolumeclaim.yaml | 2 + .../templates/podsecuritypolicy.yaml | 5 +- .../templates/role.yaml | 5 +- .../templates/rolebinding.yaml | 5 +- .../templates/serviceaccount.yaml | 9 +-- .../templates/storageclass.yaml | 8 +-- .../values.yaml | 15 ++++- 15 files changed, 92 insertions(+), 69 deletions(-) diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml index 949b121..bb8dcaa 100644 --- a/.github/workflows/helm-chart-lint.yml +++ b/.github/workflows/helm-chart-lint.yml @@ -15,4 +15,4 @@ jobs: uses: helm/chart-testing-action@v2.0.1 - name: Run chart-testing (lint) - run: ct lint + run: ct lint --validate-maintainers=false diff --git a/charts/nfs-subdir-external-provisioner/Chart.yaml b/charts/nfs-subdir-external-provisioner/Chart.yaml index 05bb5ba..5da18dd 100644 --- a/charts/nfs-subdir-external-provisioner/Chart.yaml +++ b/charts/nfs-subdir-external-provisioner/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 4.0.0 description: nfs-subdir-external-provisioner is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. name: nfs-subdir-external-provisioner home: https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner -version: 4.0.3 +version: 4.0.5 kubeVersion: ">=1.9.0-0" sources: - https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner diff --git a/charts/nfs-subdir-external-provisioner/README.md b/charts/nfs-subdir-external-provisioner/README.md index d097e7f..0d5c388 100644 --- a/charts/nfs-subdir-external-provisioner/README.md +++ b/charts/nfs-subdir-external-provisioner/README.md @@ -48,31 +48,35 @@ The command removes all the Kubernetes components associated with the chart and The following tables lists the configurable parameters of this chart and their default values. -| Parameter | Description | Default | -| ----------------------------------- | ----------------------------------------------------------- | ------------------------------------------------- | -| `replicaCount` | Number of provisioner instances to deployed | `1` | -| `strategyType` | Specifies the strategy used to replace old Pods by new ones | `Recreate` | +| Parameter | Description | Default | +| ----------------------------------- | ----------------------------------------------------------- | ---------------------------------------------------------------- | +| `replicaCount` | Number of provisioner instances to deployed | `1` | +| `strategyType` | Specifies the strategy used to replace old Pods by new ones | `Recreate` | | `image.repository` | Provisioner image | `gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner` | -| `image.tag` | Version of provisioner image | `v4.0.0` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `storageClass.name` | Name of the storageClass | `nfs-client` | -| `storageClass.defaultClass` | Set as the default StorageClass | `false` | -| `storageClass.allowVolumeExpansion` | Allow expanding the volume | `true` | -| `storageClass.reclaimPolicy` | Method used to reclaim an obsoleted volume | `Delete` | -| `storageClass.provisionerName` | Name of the provisionerName | null | -| `storageClass.archiveOnDelete` | Archive pvc when deleting | `true` | -| `storageClass.pathPattern` | Specifies a template for the directory name | null | -| `storageClass.accessModes` | Set access mode for PV | `ReadWriteOnce` | -| `leaderElection.enabled` | Enables or disables leader election | `true` | -| `nfs.server` | Hostname of the NFS server (required) | null (ip or hostname) | -| `nfs.path` | Basepath of the mount point to be used | `/nfs-storage` | -| `nfs.mountOptions` | Mount options (e.g. 'nfsvers=3') | null | -| `resources` | Resources required (e.g. CPU, memory) | `{}` | -| `rbac.create` | Use Role-based Access Control | `true` | -| `podSecurityPolicy.enabled` | Create & use Pod Security Policy resources | `false` | -| `priorityClassName` | Set pod priorityClassName | null | -| `serviceAccount.create` | Should we create a ServiceAccount | `true` | -| `serviceAccount.name` | Name of the ServiceAccount to use | null | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `affinity` | Affinity settings | `{}` | -| `tolerations` | List of node taints to tolerate | `[]` | +| `image.tag` | Version of provisioner image | `v4.0.0` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `storageClass.name` | Name of the storageClass | `nfs-client` | +| `storageClass.defaultClass` | Set as the default StorageClass | `false` | +| `storageClass.allowVolumeExpansion` | Allow expanding the volume | `true` | +| `storageClass.reclaimPolicy` | Method used to reclaim an obsoleted volume | `Delete` | +| `storageClass.provisionerName` | Name of the provisionerName | null | +| `storageClass.archiveOnDelete` | Archive pvc when deleting | `true` | +| `storageClass.pathPattern` | Specifies a template for the directory name | null | +| `storageClass.accessModes` | Set access mode for PV | `ReadWriteOnce` | +| `storageClass.annotations` | Set additional annotations for the StorageClass | `{}` | +| `leaderElection.enabled` | Enables or disables leader election | `true` | +| `nfs.server` | Hostname of the NFS server (required) | null (ip or hostname) | +| `nfs.path` | Basepath of the mount point to be used | `/nfs-storage` | +| `nfs.mountOptions` | Mount options (e.g. 'nfsvers=3') | null | +| `resources` | Resources required (e.g. CPU, memory) | `{}` | +| `rbac.create` | Use Role-based Access Control | `true` | +| `podSecurityPolicy.enabled` | Create & use Pod Security Policy resources | `false` | +| `podAnnotations` | Additional annotations for the Pods | `{}` | +| `priorityClassName` | Set pod priorityClassName | null | +| `serviceAccount.create` | Should we create a ServiceAccount | `true` | +| `serviceAccount.name` | Name of the ServiceAccount to use | null | +| `serviceAccount.annotations` | Additional annotations for the ServiceAccount | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `affinity` | Affinity settings | `{}` | +| `tolerations` | List of node taints to tolerate | `[]` | +| `labels` | Additional labels for any resource created | `{}` | diff --git a/charts/nfs-subdir-external-provisioner/templates/_helpers.tpl b/charts/nfs-subdir-external-provisioner/templates/_helpers.tpl index b5eaabf..4df4c9a 100644 --- a/charts/nfs-subdir-external-provisioner/templates/_helpers.tpl +++ b/charts/nfs-subdir-external-provisioner/templates/_helpers.tpl @@ -59,4 +59,23 @@ Return the appropriate apiVersion for podSecurityPolicy. {{- else -}} {{- print "extensions/v1beta1" -}} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "nfs-subdir-external-provisioner.labels" -}} +chart: {{ template "nfs-subdir-external-provisioner.chart" . }} +heritage: {{ .Release.Service }} +{{- with .Values.labels }} +{{- toYaml . | nindent 0 }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "nfs-subdir-external-provisioner.selectorLabels" -}} +app: {{ template "nfs-subdir-external-provisioner.name" . }} +release: {{ .Release.Name }} +{{- end }} diff --git a/charts/nfs-subdir-external-provisioner/templates/clusterrole.yaml b/charts/nfs-subdir-external-provisioner/templates/clusterrole.yaml index c80d5de..3a00936 100644 --- a/charts/nfs-subdir-external-provisioner/templates/clusterrole.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/clusterrole.yaml @@ -3,10 +3,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: - app: {{ template "nfs-subdir-external-provisioner.name" . }} - chart: {{ template "nfs-subdir-external-provisioner.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} name: {{ template "nfs-subdir-external-provisioner.fullname" . }}-runner rules: - apiGroups: [""] diff --git a/charts/nfs-subdir-external-provisioner/templates/clusterrolebinding.yaml b/charts/nfs-subdir-external-provisioner/templates/clusterrolebinding.yaml index 528c6de..c5e5582 100644 --- a/charts/nfs-subdir-external-provisioner/templates/clusterrolebinding.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/clusterrolebinding.yaml @@ -3,10 +3,7 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: - app: {{ template "nfs-subdir-external-provisioner.name" . }} - chart: {{ template "nfs-subdir-external-provisioner.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} name: run-{{ template "nfs-subdir-external-provisioner.fullname" . }} subjects: - kind: ServiceAccount diff --git a/charts/nfs-subdir-external-provisioner/templates/deployment.yaml b/charts/nfs-subdir-external-provisioner/templates/deployment.yaml index d8107f3..3bf77e2 100644 --- a/charts/nfs-subdir-external-provisioner/templates/deployment.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/deployment.yaml @@ -3,27 +3,25 @@ kind: Deployment metadata: name: {{ template "nfs-subdir-external-provisioner.fullname" . }} labels: - app: {{ template "nfs-subdir-external-provisioner.name" . }} - chart: {{ template "nfs-subdir-external-provisioner.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} strategy: type: {{ .Values.strategyType }} selector: matchLabels: - app: {{ template "nfs-subdir-external-provisioner.name" . }} - release: {{ .Release.Name }} + {{- include "nfs-subdir-external-provisioner.selectorLabels" . | nindent 6 }} template: metadata: annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- if and (.Values.tolerations) (semverCompare "<1.6-0" .Capabilities.KubeVersion.GitVersion) }} scheduler.alpha.kubernetes.io/tolerations: '{{ toJson .Values.tolerations }}' {{- end }} labels: - app: {{ template "nfs-subdir-external-provisioner.name" . }} - release: {{ .Release.Name }} + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 8 }} spec: serviceAccountName: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }} {{- if .Values.nodeSelector }} @@ -37,9 +35,9 @@ spec: {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName | quote }} {{- end }} - {{- if .Values.imagePullSecrets }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }} diff --git a/charts/nfs-subdir-external-provisioner/templates/persistentvolume.yaml b/charts/nfs-subdir-external-provisioner/templates/persistentvolume.yaml index 6dc31bc..88eb04d 100644 --- a/charts/nfs-subdir-external-provisioner/templates/persistentvolume.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/persistentvolume.yaml @@ -4,6 +4,7 @@ kind: PersistentVolume metadata: name: pv-{{ template "nfs-subdir-external-provisioner.fullname" . }} labels: + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} nfs-subdir-external-provisioner: {{ template "nfs-subdir-external-provisioner.fullname" . }} spec: capacity: diff --git a/charts/nfs-subdir-external-provisioner/templates/persistentvolumeclaim.yaml b/charts/nfs-subdir-external-provisioner/templates/persistentvolumeclaim.yaml index 29d8544..993dc53 100644 --- a/charts/nfs-subdir-external-provisioner/templates/persistentvolumeclaim.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/persistentvolumeclaim.yaml @@ -3,6 +3,8 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: pvc-{{ template "nfs-subdir-external-provisioner.fullname" . }} + labels: + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} spec: accessModes: - {{ .Values.storageClass.accessModes }} diff --git a/charts/nfs-subdir-external-provisioner/templates/podsecuritypolicy.yaml b/charts/nfs-subdir-external-provisioner/templates/podsecuritypolicy.yaml index ff07ee7..540492b 100644 --- a/charts/nfs-subdir-external-provisioner/templates/podsecuritypolicy.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/podsecuritypolicy.yaml @@ -4,10 +4,7 @@ kind: PodSecurityPolicy metadata: name: {{ template "nfs-subdir-external-provisioner.fullname" . }} labels: - app: {{ template "nfs-subdir-external-provisioner.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} spec: privileged: false allowPrivilegeEscalation: false diff --git a/charts/nfs-subdir-external-provisioner/templates/role.yaml b/charts/nfs-subdir-external-provisioner/templates/role.yaml index 7953efe..9d17581 100644 --- a/charts/nfs-subdir-external-provisioner/templates/role.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/role.yaml @@ -3,10 +3,7 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: - app: {{ template "nfs-subdir-external-provisioner.name" . }} - chart: {{ template "nfs-subdir-external-provisioner.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} name: leader-locking-{{ template "nfs-subdir-external-provisioner.fullname" . }} rules: - apiGroups: [""] diff --git a/charts/nfs-subdir-external-provisioner/templates/rolebinding.yaml b/charts/nfs-subdir-external-provisioner/templates/rolebinding.yaml index 1203bba..6bba960 100644 --- a/charts/nfs-subdir-external-provisioner/templates/rolebinding.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/rolebinding.yaml @@ -3,10 +3,7 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: - app: {{ template "nfs-subdir-external-provisioner.name" . }} - chart: {{ template "nfs-subdir-external-provisioner.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} name: leader-locking-{{ template "nfs-subdir-external-provisioner.fullname" . }} subjects: - kind: ServiceAccount diff --git a/charts/nfs-subdir-external-provisioner/templates/serviceaccount.yaml b/charts/nfs-subdir-external-provisioner/templates/serviceaccount.yaml index 5fc184d..a68ff9e 100644 --- a/charts/nfs-subdir-external-provisioner/templates/serviceaccount.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/serviceaccount.yaml @@ -3,9 +3,10 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - app: {{ template "nfs-subdir-external-provisioner.name" . }} - chart: {{ template "nfs-subdir-external-provisioner.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }} {{- end -}} diff --git a/charts/nfs-subdir-external-provisioner/templates/storageclass.yaml b/charts/nfs-subdir-external-provisioner/templates/storageclass.yaml index 22576c5..5f2edcb 100644 --- a/charts/nfs-subdir-external-provisioner/templates/storageclass.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/storageclass.yaml @@ -3,14 +3,14 @@ apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: labels: - app: {{ template "nfs-subdir-external-provisioner.name" . }} - chart: {{ template "nfs-subdir-external-provisioner.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} + {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} name: {{ .Values.storageClass.name }} {{- if .Values.storageClass.defaultClass }} annotations: storageclass.kubernetes.io/is-default-class: "true" + {{- with .Values.storageClass.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} provisioner: {{ template "nfs-subdir-external-provisioner.provisionerName" . }} allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }} diff --git a/charts/nfs-subdir-external-provisioner/values.yaml b/charts/nfs-subdir-external-provisioner/values.yaml index cd03acc..564fdb2 100644 --- a/charts/nfs-subdir-external-provisioner/values.yaml +++ b/charts/nfs-subdir-external-provisioner/values.yaml @@ -5,6 +5,7 @@ image: repository: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner tag: v4.0.0 pullPolicy: IfNotPresent +imagePullSecrets: [] nfs: server: @@ -37,11 +38,14 @@ storageClass: # Specifies a template for creating a directory path via PVC metadata's such as labels, annotations, name or namespace. # Ignored if value not set. - pathPattern: + pathPattern: # Set access mode - ReadWriteOnce, ReadOnlyMany or ReadWriteMany accessModes: ReadWriteOnce + # Storage class annotations + annotations: {} + leaderElection: # When set to false leader election will be disabled enabled: true @@ -56,6 +60,9 @@ rbac: podSecurityPolicy: enabled: false +# Deployment pod annotations +podAnnotations: {} + ## Set pod priorityClassName # priorityClassName: "" @@ -63,6 +70,9 @@ serviceAccount: # Specifies whether a ServiceAccount should be created create: true + # Annotations to add to the service account + annotations: {} + # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: @@ -80,3 +90,6 @@ nodeSelector: {} tolerations: [] affinity: {} + +# Additional labels for any resource created +labels: {} From a5117cbedb48801c8edbfcda9f4c6d9204d03f5d Mon Sep 17 00:00:00 2001 From: Yonatan Kahana Date: Fri, 12 Mar 2021 00:34:22 +0200 Subject: [PATCH 03/11] Helm chart labels and annotations and add missing image pull secrets in documentation Signed-off-by: Yonatan Kahana --- charts/nfs-subdir-external-provisioner/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/nfs-subdir-external-provisioner/README.md b/charts/nfs-subdir-external-provisioner/README.md index 0d5c388..7671ee3 100644 --- a/charts/nfs-subdir-external-provisioner/README.md +++ b/charts/nfs-subdir-external-provisioner/README.md @@ -55,6 +55,7 @@ The following tables lists the configurable parameters of this chart and their d | `image.repository` | Provisioner image | `gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner` | | `image.tag` | Version of provisioner image | `v4.0.0` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `imagePullSecrets` | Image pull secrets | `[]` | | `storageClass.name` | Name of the storageClass | `nfs-client` | | `storageClass.defaultClass` | Set as the default StorageClass | `false` | | `storageClass.allowVolumeExpansion` | Allow expanding the volume | `true` | From c53f80160ad851589b5ba357e0503b168a147a59 Mon Sep 17 00:00:00 2001 From: Yonatan Kahana Date: Wed, 17 Mar 2021 19:03:49 +0200 Subject: [PATCH 04/11] Use selectorLabels in deployment pod template Signed-off-by: Yonatan Kahana --- .../nfs-subdir-external-provisioner/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/nfs-subdir-external-provisioner/templates/deployment.yaml b/charts/nfs-subdir-external-provisioner/templates/deployment.yaml index 3bf77e2..6999b74 100644 --- a/charts/nfs-subdir-external-provisioner/templates/deployment.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/deployment.yaml @@ -21,7 +21,7 @@ spec: scheduler.alpha.kubernetes.io/tolerations: '{{ toJson .Values.tolerations }}' {{- end }} labels: - {{- include "nfs-subdir-external-provisioner.labels" . | nindent 8 }} + {{- include "nfs-subdir-external-provisioner.selectorLabels" . | nindent 8 }} spec: serviceAccountName: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }} {{- if .Values.nodeSelector }} From 012a0164719ff5a4fef819330535dbd63baf2373 Mon Sep 17 00:00:00 2001 From: yonatankahana Date: Mon, 22 Mar 2021 16:48:19 +0200 Subject: [PATCH 05/11] Update charts/nfs-subdir-external-provisioner/templates/_helpers.tpl Co-authored-by: Marco Kilchhofer --- charts/nfs-subdir-external-provisioner/templates/_helpers.tpl | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/nfs-subdir-external-provisioner/templates/_helpers.tpl b/charts/nfs-subdir-external-provisioner/templates/_helpers.tpl index 4df4c9a..4b9d8fa 100644 --- a/charts/nfs-subdir-external-provisioner/templates/_helpers.tpl +++ b/charts/nfs-subdir-external-provisioner/templates/_helpers.tpl @@ -67,6 +67,7 @@ Common labels {{- define "nfs-subdir-external-provisioner.labels" -}} chart: {{ template "nfs-subdir-external-provisioner.chart" . }} heritage: {{ .Release.Service }} +{{ include "nfs-subdir-external-provisioner.selectorLabels" . }} {{- with .Values.labels }} {{- toYaml . | nindent 0 }} {{- end }} From 466cf8be7354cfb95a6db71619941b54e5e2caef Mon Sep 17 00:00:00 2001 From: yonatankahana Date: Tue, 13 Apr 2021 18:04:36 +0300 Subject: [PATCH 06/11] Update storageclass.yaml to include annotations even when defaultClass is false Co-authored-by: Marco Kilchhofer --- .../templates/storageclass.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/nfs-subdir-external-provisioner/templates/storageclass.yaml b/charts/nfs-subdir-external-provisioner/templates/storageclass.yaml index 59c5bee..698d32b 100644 --- a/charts/nfs-subdir-external-provisioner/templates/storageclass.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/storageclass.yaml @@ -5,13 +5,13 @@ metadata: labels: {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} name: {{ .Values.storageClass.name }} -{{- if .Values.storageClass.defaultClass }} annotations: + {{- if .Values.storageClass.defaultClass }} storageclass.kubernetes.io/is-default-class: "true" + {{- end }} {{- with .Values.storageClass.annotations }} {{- toYaml . | nindent 4 }} {{- end }} -{{- end }} provisioner: {{ template "nfs-subdir-external-provisioner.provisionerName" . }} allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }} reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }} From 9a5d46634995ae2c16ddaa1158668f523b2b410d Mon Sep 17 00:00:00 2001 From: Yonatan Kahana Date: Wed, 14 Apr 2021 15:01:34 +0300 Subject: [PATCH 07/11] Update image location after v4.0.2 promoted from the temporary staging repository Signed-off-by: Yonatan Kahana --- README.md | 2 +- charts/nfs-subdir-external-provisioner/Chart.yaml | 2 +- charts/nfs-subdir-external-provisioner/README.md | 2 +- charts/nfs-subdir-external-provisioner/values.yaml | 2 +- deploy/deployment.yaml | 2 +- deploy/objects/deployment.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index f57b09a..1d46f16 100644 --- a/README.md +++ b/README.md @@ -90,7 +90,7 @@ spec: serviceAccountName: nfs-client-provisioner containers: - name: nfs-client-provisioner - image: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:v4.0.2 + image: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2 volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes diff --git a/charts/nfs-subdir-external-provisioner/Chart.yaml b/charts/nfs-subdir-external-provisioner/Chart.yaml index 7ec28c9..20e24e4 100644 --- a/charts/nfs-subdir-external-provisioner/Chart.yaml +++ b/charts/nfs-subdir-external-provisioner/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 4.0.2 description: nfs-subdir-external-provisioner is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. name: nfs-subdir-external-provisioner home: https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner -version: 4.0.7 +version: 4.0.8 kubeVersion: ">=1.9.0-0" sources: - https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner diff --git a/charts/nfs-subdir-external-provisioner/README.md b/charts/nfs-subdir-external-provisioner/README.md index 48270e5..d2fe26b 100644 --- a/charts/nfs-subdir-external-provisioner/README.md +++ b/charts/nfs-subdir-external-provisioner/README.md @@ -52,7 +52,7 @@ The following tables lists the configurable parameters of this chart and their d | ----------------------------------- | ----------------------------------------------------------- | ------------------------------------------------- | | `replicaCount` | Number of provisioner instances to deployed | `1` | | `strategyType` | Specifies the strategy used to replace old Pods by new ones | `Recreate` | -| `image.repository` | Provisioner image | `gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner` | +| `image.repository` | Provisioner image | `k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner` | | `image.tag` | Version of provisioner image | `v4.0.2` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `storageClass.name` | Name of the storageClass | `nfs-client` | diff --git a/charts/nfs-subdir-external-provisioner/values.yaml b/charts/nfs-subdir-external-provisioner/values.yaml index 02eda6e..ece01a4 100644 --- a/charts/nfs-subdir-external-provisioner/values.yaml +++ b/charts/nfs-subdir-external-provisioner/values.yaml @@ -2,7 +2,7 @@ replicaCount: 1 strategyType: Recreate image: - repository: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner + repository: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner tag: v4.0.2 pullPolicy: IfNotPresent diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index 1b45fe2..26d2a23 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -21,7 +21,7 @@ spec: serviceAccountName: nfs-client-provisioner containers: - name: nfs-client-provisioner - image: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:v4.0.2 + image: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2 volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes diff --git a/deploy/objects/deployment.yaml b/deploy/objects/deployment.yaml index b45e71d..df10aa3 100644 --- a/deploy/objects/deployment.yaml +++ b/deploy/objects/deployment.yaml @@ -14,7 +14,7 @@ spec: serviceAccountName: nfs-client-provisioner containers: - name: nfs-client-provisioner - image: gcr.io/k8s-staging-sig-storage/nfs-subdir-external-provisioner:v4.0.2 + image: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2 volumeMounts: - name: nfs-client-root mountPath: /persistentvolumes From d8db2d111e5b81e7a3538e5ac2a1a5c4cecdcc6f Mon Sep 17 00:00:00 2001 From: Yonatan Kahana Date: Sun, 25 Apr 2021 22:43:05 +0300 Subject: [PATCH 08/11] Update the README file with stable image repository Signed-off-by: Yonatan Kahana --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1d46f16..b8be8ee 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ **NFS subdir external provisioner** is an automatic provisioner that use your _existing and already configured_ NFS server to support dynamic provisioning of Kubernetes Persistent Volumes via Persistent Volume Claims. Persistent volumes are provisioned as `${namespace}-${pvcName}-${pvName}`. Note: This repository is migrated from https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client. As part of the migration: -- The container image name and repository has changed to `gcr.io/k8s-staging-sig-storage` and `nfs-subdir-external-provisioner` respectively. +- The container image name and repository has changed to `k8s.gcr.io/sig-storage` and `nfs-subdir-external-provisioner` respectively. - To maintain backward compatibility with earlier deployment files, the naming of NFS Client Provisioner is retained as `nfs-client-provisioner` in the deployment YAMLs. - One of the pending areas for development on this repository is to add automated e2e tests. If you would like to contribute, please raise an issue or reach us on the Kubernetes slack #sig-storage channel. From 2cad8da61c271f166e8a53c5c6866560e0466413 Mon Sep 17 00:00:00 2001 From: Ravikiran Singh Date: Wed, 10 Mar 2021 10:54:41 +0530 Subject: [PATCH 09/11] PV provisioning fails when storageclass has volumeBindingMode as 'WaitForFirstConsumer': 1. Adds RBAC permissions to get nodes in the cluster. 2. Bumps the chart version --- charts/nfs-subdir-external-provisioner/Chart.yaml | 2 +- .../nfs-subdir-external-provisioner/templates/clusterrole.yaml | 3 +++ deploy/objects/clusterrole.yaml | 3 +++ deploy/rbac.yaml | 3 +++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/charts/nfs-subdir-external-provisioner/Chart.yaml b/charts/nfs-subdir-external-provisioner/Chart.yaml index 41cf550..609562c 100644 --- a/charts/nfs-subdir-external-provisioner/Chart.yaml +++ b/charts/nfs-subdir-external-provisioner/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 4.0.2 description: nfs-subdir-external-provisioner is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. name: nfs-subdir-external-provisioner home: https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner -version: 4.0.9 +version: 4.0.10 kubeVersion: ">=1.9.0-0" sources: - https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner diff --git a/charts/nfs-subdir-external-provisioner/templates/clusterrole.yaml b/charts/nfs-subdir-external-provisioner/templates/clusterrole.yaml index 3a00936..078cfcc 100644 --- a/charts/nfs-subdir-external-provisioner/templates/clusterrole.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/clusterrole.yaml @@ -6,6 +6,9 @@ metadata: {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }} name: {{ template "nfs-subdir-external-provisioner.fullname" . }}-runner rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] diff --git a/deploy/objects/clusterrole.yaml b/deploy/objects/clusterrole.yaml index d8564a7..1b5c2ef 100644 --- a/deploy/objects/clusterrole.yaml +++ b/deploy/objects/clusterrole.yaml @@ -3,6 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nfs-client-provisioner-runner rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml index 85a76d0..28dbb68 100644 --- a/deploy/rbac.yaml +++ b/deploy/rbac.yaml @@ -10,6 +10,9 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: nfs-client-provisioner-runner rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] From 09a32a7aad7405e7c6f4b0ca9c16fc24cc0a1e30 Mon Sep 17 00:00:00 2001 From: John Call Date: Tue, 11 May 2021 10:43:59 -0600 Subject: [PATCH 10/11] also remove the command that creates an unnecessary SCC --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 6582dd8..c870c1f 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,6 @@ On OpenShift the service account used to bind volumes does not have the necessar $ NAMESPACE=`oc project -q` $ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml $ oc create -f deploy/rbac.yaml -$ oc create role use-scc-hostmount-anyuid --verb=use --resource=scc --resource-name=hostmount-anyuid -n $NAMESPACE $ oc adm policy add-scc-to-user hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner ``` From 23c664fd5466c117a5373a7becfd986b2013d48f Mon Sep 17 00:00:00 2001 From: Robin Elfrink Date: Wed, 2 Jun 2021 13:11:21 +0200 Subject: [PATCH 11/11] chart: Add option to set nfs root volume name. Signed-off-by: Robin Elfrink --- charts/nfs-subdir-external-provisioner/Chart.yaml | 2 +- charts/nfs-subdir-external-provisioner/README.md | 1 + .../nfs-subdir-external-provisioner/templates/deployment.yaml | 4 ++-- charts/nfs-subdir-external-provisioner/values.yaml | 1 + 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/nfs-subdir-external-provisioner/Chart.yaml b/charts/nfs-subdir-external-provisioner/Chart.yaml index 609562c..a6547ab 100644 --- a/charts/nfs-subdir-external-provisioner/Chart.yaml +++ b/charts/nfs-subdir-external-provisioner/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 4.0.2 description: nfs-subdir-external-provisioner is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. name: nfs-subdir-external-provisioner home: https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner -version: 4.0.10 +version: 4.0.11 kubeVersion: ">=1.9.0-0" sources: - https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner diff --git a/charts/nfs-subdir-external-provisioner/README.md b/charts/nfs-subdir-external-provisioner/README.md index 61ea627..0055e79 100644 --- a/charts/nfs-subdir-external-provisioner/README.md +++ b/charts/nfs-subdir-external-provisioner/README.md @@ -70,6 +70,7 @@ The following tables lists the configurable parameters of this chart and their d | `nfs.server` | Hostname of the NFS server (required) | null (ip or hostname) | | `nfs.path` | Basepath of the mount point to be used | `/nfs-storage` | | `nfs.mountOptions` | Mount options (e.g. 'nfsvers=3') | null | +| `nfs.volumeName` | Volume name used inside the pods | `nfs-subdir-external-provisioner-root` | | `resources` | Resources required (e.g. CPU, memory) | `{}` | | `rbac.create` | Use Role-based Access Control | `true` | | `podSecurityPolicy.enabled` | Create & use Pod Security Policy resources | `false` | diff --git a/charts/nfs-subdir-external-provisioner/templates/deployment.yaml b/charts/nfs-subdir-external-provisioner/templates/deployment.yaml index 6999b74..12ba9b7 100644 --- a/charts/nfs-subdir-external-provisioner/templates/deployment.yaml +++ b/charts/nfs-subdir-external-provisioner/templates/deployment.yaml @@ -44,7 +44,7 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - - name: nfs-subdir-external-provisioner-root + - name: {{ .Values.nfs.volumeName }} mountPath: /persistentvolumes env: - name: PROVISIONER_NAME @@ -62,7 +62,7 @@ spec: {{ toYaml . | indent 12 }} {{- end }} volumes: - - name: nfs-subdir-external-provisioner-root + - name: {{ .Values.nfs.volumeName }} {{- if .Values.buildMode }} emptyDir: {} {{- else if .Values.nfs.mountOptions }} diff --git a/charts/nfs-subdir-external-provisioner/values.yaml b/charts/nfs-subdir-external-provisioner/values.yaml index 211d675..0a4f03d 100644 --- a/charts/nfs-subdir-external-provisioner/values.yaml +++ b/charts/nfs-subdir-external-provisioner/values.yaml @@ -11,6 +11,7 @@ nfs: server: path: /nfs-storage mountOptions: + volumeName: nfs-subdir-external-provisioner-root # For creating the StorageClass automatically: storageClass: