Merge pull request #100 from yonatankahana/podlabels

Use podLabels with user defined labels in deployment pod template

.cloudbuild.sh

@@ -1 +0,0 @@
-./release-tools/cloudbuild.sh

.cloudbuild.sh

@@ -0,0 +1,21 @@
+#! /bin/bash
+
+# Copyright 2020 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+: ${CSI_PROW_BUILD_PLATFORMS:="linux amd64; linux arm -arm; linux arm64 -arm64; linux ppc64le -ppc64le; linux s390x -s390x"}
+
+# shellcheck disable=SC1091
+. release-tools/cloudbuild.sh

.github/workflows/helm-chart-lint.yml

@@ -0,0 +1,18 @@
+name: Lint Helm Charts
+
+on: pull_request
+
+jobs:
+  lint-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.0.1
+
+      - name: Run chart-testing (lint)
+        run: ct lint --validate-maintainers=false

CHANGELOG.md

@@ -1,4 +1,10 @@
-# Unreleased
+# v4.0.2
+- Add arm7 (32bit) support (https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/pull/58)
+
+# v4.0.1
+- Preserve name of the PV directory name during archiving (https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/pull/59)
+
+# v4.0.0
 - Remove redundant field in the rbac.yaml (https://github.com/kubernetes-retired/external-storage/pull/970)
 - Use `kubernetes-sigs/sig-storage-lib-external-provisioner` instead of `incubator/external-storage/lib` (https://github.com/kubernetes-retired/external-storage/pull/1026)
 - Fill in rbac.yaml with ServiceAccount manifest (https://github.com/kubernetes-retired/external-storage/pull/1060, https://github.com/kubernetes-retired/external-storage/pull/1179)
@@ -42,4 +48,4 @@
 - Fix issue 149 - nfs-client-provisioner create folder with 755, not 777 (https://github.com/kubernetes-incubator/external-storage/pull/150)
 
 # v1
-- Initial release
+- Initial release

Makefile

@@ -17,4 +17,4 @@ all: build
 
 include release-tools/build.make
 
-BUILD_PLATFORMS=linux amd64; linux arm64 -arm64; linux ppc64le -ppc64le; linux s390x -s390x
+BUILD_PLATFORMS=linux amd64; linux arm -arm; linux arm64 -arm64; linux ppc64le -ppc64le; linux s390x -s390x

OWNERS

@@ -6,3 +6,4 @@ approvers:
   - kmova
   - jackielii
   - ashishranjan738
+  - yonatankahana

README.md

@@ -1,21 +1,13 @@
-# Kubernetes NFS-Client Provisioner
+# Kubernetes NFS Subdir External Provisioner
 
-NFS subdir external provisioner is an automatic provisioner that use your _existing and already configured_ NFS server to support dynamic provisioning of Kubernetes Persistent Volumes via Persistent Volume Claims. Persistent volumes are provisioned as `${namespace}-${pvcName}-${pvName}`.
+**NFS subdir external provisioner** is an automatic provisioner that use your _existing and already configured_ NFS server to support dynamic provisioning of Kubernetes Persistent Volumes via Persistent Volume Claims. Persistent volumes are provisioned as `${namespace}-${pvcName}-${pvName}`.
 
-Note: This repository is being migrated from https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client. Some of the following instructions will be updated once the migration is completed. To test container image built from this repository, you will have to build and push the nfs-client-provisioner image using the following instructions.
+Note: This repository is migrated from https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client. As part of the migration:
+- The container image name and repository has changed to `k8s.gcr.io/sig-storage` and `nfs-subdir-external-provisioner` respectively.
+- To maintain backward compatibility with earlier deployment files, the naming of NFS Client Provisioner is retained as `nfs-client-provisioner` in the deployment YAMLs.
+- One of the pending areas for development on this repository is to add automated e2e tests. If you would like to contribute, please raise an issue or reach us on the Kubernetes slack #sig-storage channel.
 
-```sh
-make build
-make container
-# `nfs-subdir-external-provisioner:latest` will be created. 
-# To upload this to your customer registry, say `quay.io/myorg`, you can use
-# docker tag nfs-subdir-external-provisioner:latest quay.io/myorg/nfs-subdir-external-provisioner:latest
-# docker push quay.io/myorg/nfs-subdir-external-provisioner:latest
-```
-
-## How to deploy nfs-client to your cluster
-
-**nfs-client** is an automatic provisioner that use your _existing and already configured_ NFS server to support dynamic provisioning of Kubernetes Persistent Volumes via Persistent Volume Claims. Persistent volumes are provisioned as `${namespace}-${pvcName}-${pvName}`.
+## How to deploy NFS Subdir External Provisioner to your cluster
 
 To note again, you must _already_ have an NFS Server.
 
@@ -38,7 +30,7 @@ $ helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/n
 
 Make sure your NFS server is accessible from your Kubernetes cluster and get the information you need to connect to it. At a minimum you will need its hostname.
 
-**Step 2: Get the NFS-Client Provisioner files**
+**Step 2: Get the NFS Subdir External Provisioner files**
 
 To setup the provisioner you will download a set of YAML files, edit them to add your NFS server's connection information and then apply each with the `kubectl` / `oc` command.
 
@@ -68,15 +60,12 @@ On OpenShift the service account used to bind volumes does not have the necessar
 $ NAMESPACE=`oc project -q`
 $ sed -i'' "s/namespace:.*/namespace: $NAMESPACE/g" ./deploy/rbac.yaml
 $ oc create -f deploy/rbac.yaml
-$ oc create role use-scc-hostmount-anyuid --verb=use --resource=scc --resource-name=hostmount-anyuid -n $NAMESPACE
-$ oc adm policy add-role-to-user use-scc-hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner
+$ oc adm policy add-scc-to-user hostmount-anyuid system:serviceaccount:$NAMESPACE:nfs-client-provisioner
 ```
 
-**Step 4: Configure the NFS-Client provisioner**
+**Step 4: Configure the NFS subdir external provisioner**
 
-Note: To deploy to an ARM-based environment, use: `deploy/deployment-arm.yaml` instead, otherwise use `deploy/deployment.yaml`.
-
-You must edit the provisioner's deployment file to specify the correct location of your nfs-client-provisioner container image.
+If you would like to use a custom built nfs-subdir-external-provisioner image, you must edit the provisioner's deployment file to specify the correct location of your `nfs-client-provisioner` container image.
 
 Next you must edit the provisioner's deployment file to add connection information for your NFS server. Edit `deploy/deployment.yaml` and replace the two occurences of <YOUR NFS SERVER HOSTNAME> with your server's hostname.
 
@@ -100,7 +89,7 @@ spec:
       serviceAccountName: nfs-client-provisioner
       containers:
         - name: nfs-client-provisioner
-          image: quay.io/external_storage/nfs-client-provisioner:latest
+          image: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
           volumeMounts:
             - name: nfs-client-root
               mountPath: /persistentvolumes
@@ -118,7 +107,7 @@ spec:
             path: /var/nfs
 ```
 
-You may also want to change the PROVISIONER_NAME above from `k8s-sigs.io/nfs-subdir-external-provisioner` to something more descriptive like `nfs-storage`, but if you do remember to also change the PROVISIONER_NAME in the storage class definition below.
+Note: If you want to change the PROVISIONER_NAME above from `k8s-sigs.io/nfs-subdir-external-provisioner` to something else like `myorg/nfs-storage`, remember to also change the PROVISIONER_NAME in the storage class definition below.
 
 To disable leader election, define an env variable named ENABLE_LEADER_ELECTION and set its value to false.
 
@@ -130,9 +119,9 @@ To disable leader election, define an env variable named ENABLE_LEADER_ELECTION
 | --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------------------------------------------------: |
 | onDelete        | If it exists and has a delete value, delete the directory, if it exists and has a retain value, save the directory.                                                          | will be archived with name on the share: `archived-<volume.Name>` |
 | archiveOnDelete | If it exists and has a false value, delete the directory. if `onDelete` exists, `archiveOnDelete` will be ignored.                                                           | will be archived with name on the share: `archived-<volume.Name>` |
-| pathPattern     | Specifies a template for creating a directory path via PVC metadata's such as labels, annotations, name or namespace. To specify metadata use `${.PVC.}`: `${PVC.namespace}` |                               n/a                                |
+| pathPattern     | Specifies a template for creating a directory path via PVC metadata's such as labels, annotations, name or namespace. To specify metadata use `${.PVC.<metadata>}`. Example: If folder should be named like `<pvc-namespace>-<pvc-name>`, use `${.PVC.namespace}-${.PVC.name}` as pathPattern. |                               n/a                                |
 
-This is `deploy/class.yaml` which defines the NFS-Client's Kubernetes Storage Class:
+This is `deploy/class.yaml` which defines the NFS subdir external provisioner's Kubernetes Storage Class:
 
 ```yaml
 apiVersion: storage.k8s.io/v1
@@ -147,7 +136,7 @@ parameters:
 
 **Step 6: Finally, test your environment!**
 
-Now we'll test your NFS provisioner.
+Now we'll test your NFS subdir external provisioner.
 
 Deploy:
 
@@ -185,6 +174,20 @@ spec:
       storage: 1Mi
 ```
 
+# Build and publish your own container image
+
+To build your own custom container image from this repository, you will have to build and push the nfs-subdir-external-provisioner image using the following instructions.
+
+```sh
+make build
+make container
+# `nfs-subdir-external-provisioner:latest` will be created. 
+# Note: This will build a single-arch image that matches the machine on which container is built.
+# To upload this to your custom registry, say `quay.io/myorg` and arch as amd64, you can use
+# docker tag nfs-subdir-external-provisioner:latest quay.io/myorg/nfs-subdir-external-provisioner-amd64:latest
+# docker push quay.io/myorg/nfs-subdir-external-provisioner-amd64:latest
+```
+
 # Build and publish with GitHub Actions
 
 In a forked repository you can use GitHub Actions pipeline defined in [.github/workflows/release.yml](.github/workflows/release.yml). The pipeline builds Docker images for `linux/amd64`, `linux/arm64`, and `linux/arm/v7` platforms and publishes them using a multi-arch manifest. The pipeline is triggered when you add a tag like `gh-v{major}.{minor}.{patch}` to your commit and push it to GitHub. The tag is used for generating Docker image tags: `latest`, `{major}`, `{major}:{minor}`, `{major}:{minor}:{patch}`.
@@ -201,3 +204,6 @@ The pipeline adds several labels:
 **Important:**
 * The pipeline performs the docker login command using `REGISTRY_USERNAME` and `REGISTRY_TOKEN` secrets, which have to be provided.
 * You also need to provide the `DOCKER_IMAGE` secret specifying your Docker image name, e.g., `quay.io/[username]/nfs-subdir-external-provisioner`.
+
+
+

charts/nfs-subdir-external-provisioner/Chart.yaml

@@ -1,10 +1,10 @@
 apiVersion: v1
-appVersion: 3.1.0
+appVersion: 4.0.2
 description: nfs-subdir-external-provisioner is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes.
 name: nfs-subdir-external-provisioner
 home: https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner
-version: 3.0.0
-kubeVersion: ">=1.9.0-0 <1.20.0-0"
+version: 4.0.12
+kubeVersion: ">=1.9.0-0"
 sources:
 - https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner
 keywords:

charts/nfs-subdir-external-provisioner/README.md

@@ -11,15 +11,13 @@ $ helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/n
     --set nfs.path=/exported/path
 ```
 
-For **arm** deployments set `image.repository` to `--set image.repository=quay.io/external_storage/nfs-client-provisioner-arm`
-
 ## Introduction
 
 This charts installs custom [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/) into a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. It also installs a [NFS client provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner) into the cluster which dynamically creates persistent volumes from single NFS share.
 
 ## Prerequisites
 
-- Kubernetes >=1.9, <1.20
+- Kubernetes >=1.9
 - Existing NFS Share
 
 ## Installing the Chart
@@ -50,29 +48,38 @@ The command removes all the Kubernetes components associated with the chart and
 
 The following tables lists the configurable parameters of this chart and their default values.
 
-| Parameter                           | Description                                                 | Default                                           |
-| ----------------------------------- | ----------------------------------------------------------- | ------------------------------------------------- |
-| `replicaCount`                      | Number of provisioner instances to deployed                 | `1`                                               |
-| `strategyType`                      | Specifies the strategy used to replace old Pods by new ones | `Recreate`                                        |
-| `image.repository`                  | Provisioner image                                           | `quay.io/external_storage/nfs-client-provisioner` |
-| `image.tag`                         | Version of provisioner image                                | `v3.1.0-k8s1.11`                                  |
-| `image.pullPolicy`                  | Image pull policy                                           | `IfNotPresent`                                    |
-| `storageClass.name`                 | Name of the storageClass                                    | `nfs-client`                                      |
-| `storageClass.defaultClass`         | Set as the default StorageClass                             | `false`                                           |
-| `storageClass.allowVolumeExpansion` | Allow expanding the volume                                  | `true`                                            |
-| `storageClass.reclaimPolicy`        | Method used to reclaim an obsoleted volume                  | `Delete`                                          |
-| `storageClass.provisionerName`      | Name of the provisionerName                                 | null                                              |
-| `storageClass.archiveOnDelete`      | Archive pvc when deleting                                   | `true`                                            |
-| `storageClass.accessModes`          | Set access mode for PV                                      | `ReadWriteOnce`                                   |
-| `nfs.server`                        | Hostname of the NFS server (required)                       | null (ip or hostname)                             |
-| `nfs.path`                          | Basepath of the mount point to be used                      | `/nfs-storage`                                 |
-| `nfs.mountOptions`                  | Mount options (e.g. 'nfsvers=3')                            | null                                              |
-| `resources`                         | Resources required (e.g. CPU, memory)                       | `{}`                                              |
-| `rbac.create`                       | Use Role-based Access Control                               | `true`                                            |
-| `podSecurityPolicy.enabled`         | Create & use Pod Security Policy resources                  | `false`                                           |
-| `priorityClassName`                 | Set pod priorityClassName                                   | null                                              |
-| `serviceAccount.create`             | Should we create a ServiceAccount                           | `true`                                            |
-| `serviceAccount.name`               | Name of the ServiceAccount to use                           | null                                              |
-| `nodeSelector`                      | Node labels for pod assignment                              | `{}`                                              |
-| `affinity`                          | Affinity settings                                           | `{}`                                              |
-| `tolerations`                       | List of node taints to tolerate                             | `[]`                                              |
+| Parameter                           | Description                                                                                           | Default                                                  |
+| ----------------------------------- | ----------------------------------------------------------------------------------------------------- | -------------------------------------------------------- |
+| `replicaCount`                      | Number of provisioner instances to deployed                                                           | `1`                                                      |
+| `strategyType`                      | Specifies the strategy used to replace old Pods by new ones                                           | `Recreate`                                               |
+| `image.repository`                  | Provisioner image                                                                                     | `k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner` |
+| `image.tag`                         | Version of provisioner image                                                                          | `v4.0.2`                                                 |
+| `image.pullPolicy`                  | Image pull policy                                                                                     | `IfNotPresent`                                           |
+| `imagePullSecrets`                  | Image pull secrets                                                                                    | `[]`                                                     |
+| `storageClass.name`                 | Name of the storageClass                                                                              | `nfs-client`                                             |
+| `storageClass.defaultClass`         | Set as the default StorageClass                                                                       | `false`                                                  |
+| `storageClass.allowVolumeExpansion` | Allow expanding the volume                                                                            | `true`                                                   |
+| `storageClass.reclaimPolicy`        | Method used to reclaim an obsoleted volume                                                            | `Delete`                                                 |
+| `storageClass.provisionerName`      | Name of the provisionerName                                                                           | null                                                     |
+| `storageClass.archiveOnDelete`      | Archive PVC when deleting                                                                             | `true`                                                   |
+| `storageClass.onDelete`             | Strategy on PVC deletion. Overrides archiveOnDelete when set to lowercase values 'delete' or 'retain' | null                                                     |
+| `storageClass.pathPattern`          | Specifies a template for the directory name                                                           | null                                                     |
+| `storageClass.accessModes`          | Set access mode for PV                                                                                | `ReadWriteOnce`                                          |
+| `storageClass.annotations`          | Set additional annotations for the StorageClass                                                       | `{}`                                                     |
+| `leaderElection.enabled`            | Enables or disables leader election                                                                   | `true`                                                   |
+| `nfs.server`                        | Hostname of the NFS server (required)                                                                 | null (ip or hostname)                                    |
+| `nfs.path`                          | Basepath of the mount point to be used                                                                | `/nfs-storage`                                           |
+| `nfs.mountOptions`                  | Mount options (e.g. 'nfsvers=3')                                                                      | null                                                     |
+| `nfs.volumeName`                    | Volume name used inside the pods                                                                      | `nfs-subdir-external-provisioner-root`                   |
+| `resources`                         | Resources required (e.g. CPU, memory)                                                                 | `{}`                                                     |
+| `rbac.create`                       | Use Role-based Access Control                                                                         | `true`                                                   |
+| `podSecurityPolicy.enabled`         | Create & use Pod Security Policy resources                                                            | `false`                                                  |
+| `podAnnotations`                    | Additional annotations for the Pods                                                                   | `{}`                                                     |
+| `priorityClassName`                 | Set pod priorityClassName                                                                             | null                                                     |
+| `serviceAccount.create`             | Should we create a ServiceAccount                                                                     | `true`                                                   |
+| `serviceAccount.name`               | Name of the ServiceAccount to use                                                                     | null                                                     |
+| `serviceAccount.annotations`        | Additional annotations for the ServiceAccount                                                         | `{}`                                                     |
+| `nodeSelector`                      | Node labels for pod assignment                                                                        | `{}`                                                     |
+| `affinity`                          | Affinity settings                                                                                     | `{}`                                                     |
+| `tolerations`                       | List of node taints to tolerate                                                                       | `[]`                                                     |
+| `labels`                            | Additional labels for any resource created                                                            | `{}`                                                     |

charts/nfs-subdir-external-provisioner/templates/_helpers.tpl

@@ -59,4 +59,34 @@ Return the appropriate apiVersion for podSecurityPolicy.
 {{- else -}}
 {{- print "extensions/v1beta1" -}}
 {{- end -}}
-{{- end -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "nfs-subdir-external-provisioner.labels" -}}
+chart: {{ template "nfs-subdir-external-provisioner.chart" . }}
+heritage: {{ .Release.Service }}
+{{ include "nfs-subdir-external-provisioner.selectorLabels" . }}
+{{- with .Values.labels }}
+{{- toYaml . | nindent 0 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Pod template labels
+*/}}
+{{- define "nfs-subdir-external-provisioner.podLabels" -}}
+{{ include "nfs-subdir-external-provisioner.selectorLabels" . }}
+{{- with .Values.labels }}
+{{- toYaml . | nindent 0 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "nfs-subdir-external-provisioner.selectorLabels" -}}
+app: {{ template "nfs-subdir-external-provisioner.name" . }}
+release: {{ .Release.Name }}
+{{- end }}

charts/nfs-subdir-external-provisioner/templates/clusterrole.yaml

@@ -3,12 +3,12 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   labels:
-    app: {{ template "nfs-subdir-external-provisioner.name" . }}
-    chart: {{ template "nfs-subdir-external-provisioner.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
   name: {{ template "nfs-subdir-external-provisioner.fullname" . }}-runner
 rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["persistentvolumes"]
     verbs: ["get", "list", "watch", "create", "delete"]

charts/nfs-subdir-external-provisioner/templates/clusterrolebinding.yaml

@@ -3,10 +3,7 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   labels:
-    app: {{ template "nfs-subdir-external-provisioner.name" . }}
-    chart: {{ template "nfs-subdir-external-provisioner.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
   name: run-{{ template "nfs-subdir-external-provisioner.fullname" . }}
 subjects:
   - kind: ServiceAccount

charts/nfs-subdir-external-provisioner/templates/deployment.yaml

@@ -3,27 +3,25 @@ kind: Deployment
 metadata:
   name: {{ template "nfs-subdir-external-provisioner.fullname" . }}
   labels:
-    app: {{ template "nfs-subdir-external-provisioner.name" . }}
-    chart: {{ template "nfs-subdir-external-provisioner.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
 spec:
   replicas: {{ .Values.replicaCount }}
   strategy:
     type: {{ .Values.strategyType }}
   selector:
     matchLabels:
-      app: {{ template "nfs-subdir-external-provisioner.name" . }}
-      release: {{ .Release.Name }}
+      {{- include "nfs-subdir-external-provisioner.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       annotations:
+      {{- with .Values.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- if and (.Values.tolerations) (semverCompare "<1.6-0" .Capabilities.KubeVersion.GitVersion) }}
         scheduler.alpha.kubernetes.io/tolerations: '{{ toJson .Values.tolerations }}'
       {{- end }}
       labels:
-        app: {{ template "nfs-subdir-external-provisioner.name" . }}
-        release: {{ .Release.Name }}
+        {{- include "nfs-subdir-external-provisioner.podLabels" . | nindent 8 }}
     spec:
       serviceAccountName: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }}
       {{- if .Values.nodeSelector }}
@@ -37,16 +35,16 @@ spec:
       {{- if .Values.priorityClassName }}
       priorityClassName: {{ .Values.priorityClassName | quote }}
       {{- end }}
-      {{- if .Values.imagePullSecrets }}
+      {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
-{{ toYaml .Values.imagePullSecrets | indent 8 }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           volumeMounts:
-            - name: nfs-subdir-external-provisioner-root
+            - name: {{ .Values.nfs.volumeName }}
               mountPath: /persistentvolumes
           env:
             - name: PROVISIONER_NAME
@@ -55,12 +53,16 @@ spec:
               value: {{ .Values.nfs.server }}
             - name: NFS_PATH
               value: {{ .Values.nfs.path }}
+            {{- if eq .Values.leaderElection.enabled false }}
+            - name: ENABLE_LEADER_ELECTION
+              value: "false"
+            {{- end }}
           {{- with .Values.resources }}
           resources:
 {{ toYaml . | indent 12 }}
           {{- end }}
       volumes:
-        - name: nfs-subdir-external-provisioner-root
+        - name: {{ .Values.nfs.volumeName }}
 {{- if .Values.buildMode }}
           emptyDir: {}
 {{- else if .Values.nfs.mountOptions }}

charts/nfs-subdir-external-provisioner/templates/persistentvolume.yaml

@@ -4,6 +4,7 @@ kind: PersistentVolume
 metadata:
   name: pv-{{ template "nfs-subdir-external-provisioner.fullname" . }}
   labels: 
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
     nfs-subdir-external-provisioner: {{ template "nfs-subdir-external-provisioner.fullname" . }}
 spec:
   capacity:

charts/nfs-subdir-external-provisioner/templates/persistentvolumeclaim.yaml

@@ -3,6 +3,8 @@ kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
   name: pvc-{{ template "nfs-subdir-external-provisioner.fullname" . }}
+  labels:
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
 spec:
   accessModes:
     - {{ .Values.storageClass.accessModes }}

charts/nfs-subdir-external-provisioner/templates/podsecuritypolicy.yaml

@@ -4,10 +4,7 @@ kind: PodSecurityPolicy
 metadata:
   name: {{ template "nfs-subdir-external-provisioner.fullname" . }}
   labels:
-    app: {{ template "nfs-subdir-external-provisioner.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
 spec:
   privileged: false
   allowPrivilegeEscalation: false

charts/nfs-subdir-external-provisioner/templates/role.yaml

@@ -3,10 +3,7 @@ kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   labels:
-    app: {{ template "nfs-subdir-external-provisioner.name" . }}
-    chart: {{ template "nfs-subdir-external-provisioner.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
   name: leader-locking-{{ template "nfs-subdir-external-provisioner.fullname" . }}
 rules:
   - apiGroups: [""]

charts/nfs-subdir-external-provisioner/templates/rolebinding.yaml

@@ -3,10 +3,7 @@ kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   labels:
-    app: {{ template "nfs-subdir-external-provisioner.name" . }}
-    chart: {{ template "nfs-subdir-external-provisioner.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
   name: leader-locking-{{ template "nfs-subdir-external-provisioner.fullname" . }}
 subjects:
   - kind: ServiceAccount

charts/nfs-subdir-external-provisioner/templates/serviceaccount.yaml

@@ -3,9 +3,10 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
-    app: {{ template "nfs-subdir-external-provisioner.name" . }}
-    chart: {{ template "nfs-subdir-external-provisioner.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
   name: {{ template "nfs-subdir-external-provisioner.serviceAccountName" . }}
 {{- end -}}

charts/nfs-subdir-external-provisioner/templates/storageclass.yaml

@@ -3,20 +3,26 @@ apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
   labels:
-    app: {{ template "nfs-subdir-external-provisioner.name" . }}
-    chart: {{ template "nfs-subdir-external-provisioner.chart" . }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+    {{- include "nfs-subdir-external-provisioner.labels" . | nindent 4 }}
   name: {{ .Values.storageClass.name }}
-{{- if .Values.storageClass.defaultClass }}
   annotations:
+  {{- if .Values.storageClass.defaultClass }}
     storageclass.kubernetes.io/is-default-class: "true"
-{{- end }}
+  {{- end }}
+  {{- with .Values.storageClass.annotations }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 provisioner: {{ template "nfs-subdir-external-provisioner.provisionerName" . }}
 allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }}
 reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }}
 parameters:
   archiveOnDelete: "{{ .Values.storageClass.archiveOnDelete }}"
+  {{- if .Values.storageClass.pathPattern }}
+  pathPattern: "{{ .Values.storageClass.pathPattern }}"
+  {{- end }}
+  {{- if .Values.storageClass.onDelete }}
+  onDelete: "{{ .Values.storageClass.onDelete }}"
+  {{- end }}
 {{- if .Values.nfs.mountOptions }}
 mountOptions:
   {{- range .Values.nfs.mountOptions }}

charts/nfs-subdir-external-provisioner/values.yaml

@@ -2,14 +2,16 @@ replicaCount: 1
 strategyType: Recreate
 
 image:
-  repository: quay.io/external_storage/nfs-client-provisioner
-  tag: v3.1.0-k8s1.11
+  repository: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner
+  tag: v4.0.2
   pullPolicy: IfNotPresent
+imagePullSecrets: []
 
 nfs:
   server:
   path: /nfs-storage
   mountOptions:
+  volumeName: nfs-subdir-external-provisioner-root
 
 # For creating the StorageClass automatically:
 storageClass:
@@ -35,9 +37,25 @@ storageClass:
   # When set to false your PVs will not be archived by the provisioner upon deletion of the PVC.
   archiveOnDelete: true
 
+  # If it exists and has 'delete' value, delete the directory. If it exists and has 'retain' value, save the directory.
+  # Overrides archiveOnDelete.
+  # Ignored if value not set.
+  onDelete:
+
+  # Specifies a template for creating a directory path via PVC metadata's such as labels, annotations, name or namespace.
+  # Ignored if value not set.
+  pathPattern:
+
   # Set access mode - ReadWriteOnce, ReadOnlyMany or ReadWriteMany
   accessModes: ReadWriteOnce
 
+  # Storage class annotations
+  annotations: {}
+
+leaderElection:
+  # When set to false leader election will be disabled
+  enabled: true
+
 ## For RBAC support:
 rbac:
   # Specifies whether RBAC resources should be created
@@ -48,6 +66,9 @@ rbac:
 podSecurityPolicy:
   enabled: false
 
+# Deployment pod annotations
+podAnnotations: {}
+
 ## Set pod priorityClassName
 # priorityClassName: ""
 
@@ -55,6 +76,9 @@ serviceAccount:
   # Specifies whether a ServiceAccount should be created
   create: true
 
+  # Annotations to add to the service account
+  annotations: {}
+
   # The name of the ServiceAccount to use.
   # If not set and create is true, a name is generated using the fullname template
   name:
@@ -72,3 +96,6 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+# Additional labels for any resource created
+labels: {}

cmd/nfs-subdir-external-provisioner/provisioner.go

@@ -104,8 +104,10 @@ func (p *nfsProvisioner) Provision(ctx context.Context, options controller.Provi
 	pathPattern, exists := options.StorageClass.Parameters["pathPattern"]
 	if exists {
 		customPath := metadata.stringParser(pathPattern)
-		path = filepath.Join(p.path, customPath)
-		fullPath = filepath.Join(mountPath, customPath)
+		if customPath != "" {
+			path = filepath.Join(p.path, customPath)
+			fullPath = filepath.Join(mountPath, customPath)
+		}
 	}
 
 	glog.V(4).Infof("creating path %s", fullPath)
@@ -139,8 +141,8 @@ func (p *nfsProvisioner) Provision(ctx context.Context, options controller.Provi
 
 func (p *nfsProvisioner) Delete(ctx context.Context, volume *v1.PersistentVolume) error {
 	path := volume.Spec.PersistentVolumeSource.NFS.Path
-	relativePath := strings.Replace(path, p.path, "", 1)
-	oldPath := filepath.Join(mountPath, relativePath)
+	basePath := filepath.Base(path)
+	oldPath := filepath.Join(mountPath, basePath)
 
 	if _, err := os.Stat(oldPath); os.IsNotExist(err) {
 		glog.Warningf("path %s does not exist, deletion skipped", oldPath)
@@ -179,7 +181,7 @@ func (p *nfsProvisioner) Delete(ctx context.Context, volume *v1.PersistentVolume
 		}
 	}
 
-	archivePath := filepath.Join(mountPath, "archived-"+volume.Name)
+	archivePath := filepath.Join(mountPath, "archived-"+basePath)
 	glog.V(4).Infof("archiving path %s to %s", oldPath, archivePath)
 	return os.Rename(oldPath, archivePath)
 }

deploy/deployment-arm.yaml

@@ -1,39 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nfs-client-provisioner
-  labels:
-    app: nfs-client-provisioner
-  # replace with namespace where provisioner is deployed
-  namespace: default
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      app: nfs-client-provisioner
-  template:
-    metadata:
-      labels:
-        app: nfs-client-provisioner
-    spec:
-      serviceAccountName: nfs-client-provisioner
-      containers:
-        - name: nfs-client-provisioner
-          image: quay.io/external_storage/nfs-client-provisioner-arm:latest
-          volumeMounts:
-            - name: nfs-client-root
-              mountPath: /persistentvolumes
-          env:
-            - name: PROVISIONER_NAME
-              value: k8s-sigs.io/nfs-subdir-external-provisioner
-            - name: NFS_SERVER
-              value: 10.10.10.60
-            - name: NFS_PATH
-              value: /ifs/kubernetes
-      volumes:
-        - name: nfs-client-root
-          nfs:
-            server: 10.10.10.60
-            path: /ifs/kubernetes

deploy/deployment.yaml

@@ -21,7 +21,7 @@ spec:
       serviceAccountName: nfs-client-provisioner
       containers:
         - name: nfs-client-provisioner
-          image: quay.io/external_storage/nfs-client-provisioner:latest
+          image: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
           volumeMounts:
             - name: nfs-client-root
               mountPath: /persistentvolumes
@@ -29,11 +29,11 @@ spec:
             - name: PROVISIONER_NAME
               value: k8s-sigs.io/nfs-subdir-external-provisioner
             - name: NFS_SERVER
-              value: 10.10.10.60
+              value: 10.3.243.101
             - name: NFS_PATH
               value: /ifs/kubernetes
       volumes:
         - name: nfs-client-root
           nfs:
-            server: 10.10.10.60
+            server: 10.3.243.101
             path: /ifs/kubernetes

deploy/objects/clusterrole.yaml

@@ -3,6 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: nfs-client-provisioner-runner
 rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["persistentvolumes"]
     verbs: ["get", "list", "watch", "create", "delete"]

deploy/objects/deployment-arm.yaml

@@ -1,32 +0,0 @@
-kind: Deployment
-apiVersion: extensions/v1beta1
-metadata:
-  name: nfs-client-provisioner
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: nfs-client-provisioner
-    spec:
-      serviceAccountName: nfs-client-provisioner
-      containers:
-        - name: nfs-client-provisioner
-          image: quay.io/external_storage/nfs-client-provisioner-arm:latest
-          volumeMounts:
-            - name: nfs-client-root
-              mountPath: /persistentvolumes
-          env:
-            - name: PROVISIONER_NAME
-              value: k8s-sigs.io/nfs-subdir-external-provisioner
-            - name: NFS_SERVER
-              value: 10.10.10.60
-            - name: NFS_PATH
-              value: /ifs/kubernetes
-      volumes:
-        - name: nfs-client-root
-          nfs:
-            server: 10.10.10.60
-            path: /ifs/kubernetes

deploy/objects/deployment.yaml

@@ -14,7 +14,7 @@ spec:
       serviceAccountName: nfs-client-provisioner
       containers:
         - name: nfs-client-provisioner
-          image: quay.io/external_storage/nfs-client-provisioner:latest
+          image: k8s.gcr.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
           volumeMounts:
             - name: nfs-client-root
               mountPath: /persistentvolumes

deploy/rbac.yaml

@@ -10,6 +10,9 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: nfs-client-provisioner-runner
 rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: [""]
     resources: ["persistentvolumes"]
     verbs: ["get", "list", "watch", "create", "delete"]