feat: storage slasses

Can set priority for storage classes.

Signed-off-by: Serge Logvinov <[email protected]>

.github/helm.yml

@@ -0,0 +1,9 @@
+helm-extra-args: --timeout 300s
+check-version-increment: true
+debug: true
+chart-dirs:
+  - charts
+validate-maintainers: true
+namespace: default
+release-label: test
+target-branch: main

.github/workflows/charts.yaml

@@ -23,6 +23,6 @@ jobs:
         uses: helm/[email protected]
 
       - name: Run helm chart linter
-        run: ct --config hack/ct.yml lint
+        run: ct --config .github/helm.yml lint
       - name: Run helm template
         run: make helm-unit

Dockerfile

@@ -24,13 +24,13 @@ RUN make build-all-archs
 
 ########################################
 
-FROM --platform=${TARGETARCH} scratch AS hybrid-csi-controller
+FROM --platform=${TARGETARCH} scratch AS hybrid-csi-provisioner
 LABEL org.opencontainers.image.source="https://github.com/sergelogvinov/hybrid-csi-plugin" \
       org.opencontainers.image.licenses="Apache-2.0" \
       org.opencontainers.image.description="Hybrid CSI plugin"
 
 COPY --from=gcr.io/distroless/static-debian12:nonroot . .
 ARG TARGETARCH
-COPY --from=builder /src/bin/hybrid-csi-controller-${TARGETARCH} /bin/hybrid-csi-controller
+COPY --from=builder /src/bin/hybrid-csi-provisioner-${TARGETARCH} /bin/hybrid-csi-provisioner
 
-ENTRYPOINT ["/bin/hybrid-csi-controller"]
+ENTRYPOINT ["/bin/hybrid-csi-provisioner"]

Makefile

@@ -59,14 +59,14 @@ clean: ## Clean
 
 build-%:
 	CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build $(GO_LDFLAGS) \
-		-o bin/hybrid-csi-$*-$(ARCH) ./cmd/$*
+		-o bin/hybrid-$*-$(ARCH) ./cmd/$*
 
 .PHONY: build
-build: build-controller ## Build
+build: build-csi-provisioner ## Build
 
 .PHONY: run
-run: build-controller ## Run
-	./bin/hybrid-csi-controller-$(ARCH) -v=5 --metrics-address=:8080
+run: build-provisioner ## Run
+	./bin/hybrid-csi-provisioner-$(ARCH) -v=5 --metrics-address=:8080
 
 .PHONY: lint
 lint: ## Lint Code
@@ -112,9 +112,6 @@ docs:
 		charts/hybrid-csi-plugin > docs/deploy/hybrid-csi-plugin-release.yml
 	helm-docs --sort-values-order=file charts/hybrid-csi-plugin
 
-release-update:
-	git-chglog --config hack/chglog-config.yml -o CHANGELOG.md
-
 ############
 #
 # Docker Abstractions
@@ -139,11 +136,11 @@ image-%:
 
 .PHONY: images-checks
 images-checks: images
-	trivy image --exit-code 1 --ignore-unfixed --severity HIGH,CRITICAL --no-progress $(OCIREPO)/hybrid-csi-controller:$(TAG)
+	trivy image --exit-code 1 --ignore-unfixed --severity HIGH,CRITICAL --no-progress $(OCIREPO)/hybrid-csi-provisioner:$(TAG)
 
 .PHONY: images-cosign
 images-cosign:
-	@cosign sign --yes $(COSING_ARGS) --recursive $(OCIREPO)/hybrid-csi-controller:$(TAG)
+	@cosign sign --yes $(COSING_ARGS) --recursive $(OCIREPO)/hybrid-csi-provisioner:$(TAG)
 
 .PHONY: images
-images: image-hybrid-csi-controller ## Build images
+images: image-hybrid-csi-provisioner ## Build images

charts/hybrid-csi-plugin/Chart.yaml

@@ -17,7 +17,7 @@ maintainers:
     url: https://github.com/sergelogvinov
 #
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.1.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

charts/hybrid-csi-plugin/README.md

@@ -1,6 +1,6 @@
 # hybrid-csi-plugin
 
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.1](https://img.shields.io/badge/AppVersion-v0.0.1-informational?style=flat-square)
+![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.1](https://img.shields.io/badge/AppVersion-v0.0.1-informational?style=flat-square)
 
 Container Storage Interface plugin
 
@@ -34,41 +34,19 @@ helm upgrade -i --namespace=csi-hybrid -f hybrid-csi.yaml \
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | replicaCount | int | `1` |  |
+| image.repository | string | `"ghcr.io/sergelogvinov/hybrid-csi-controller"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.tag | string | `""` |  |
 | imagePullSecrets | list | `[]` |  |
 | nameOverride | string | `""` |  |
 | fullnameOverride | string | `""` |  |
 | createNamespace | bool | `false` | Create namespace. Very useful when using helm template. |
 | priorityClassName | string | `"system-cluster-critical"` | Controller pods priorityClassName. |
 | serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Pods Service Account. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
 | provisionerName | string | `"csi.hybrid.sinextra.dev"` | CSI Driver provisioner name. Currently, cannot be customized. |
-| clusterID | string | `"kubernetes"` | Cluster name. Currently, cannot be customized. |
 | logVerbosityLevel | int | `5` | Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md for description of individual verbosity levels. |
-| timeout | string | `"3m"` | Connection timeout between sidecars. |
 | storageClass | list | `[]` | Storage class definition. |
-| controller.podAnnotations | object | `{}` | Annotations for controller pod. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
-| controller.plugin.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/sergelogvinov/hybrid-csi-controller","tag":""}` | Controller CSI Driver. |
-| controller.plugin.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Controller resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| controller.attacher.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-attacher","tag":"v4.4.4"}` | CSI Attacher. |
-| controller.attacher.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Attacher resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| controller.provisioner.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-provisioner","tag":"v3.6.4"}` | CSI Provisioner. |
-| controller.provisioner.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Provisioner resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| controller.resizer.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-resizer","tag":"v1.9.4"}` | CSI Resizer. |
-| controller.resizer.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Resizer resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| node.plugin.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/sergelogvinov/hybrid-csi-node","tag":""}` | Node CSI Driver. |
-| node.plugin.resources | object | `{}` | Node CSI Driver resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| node.driverRegistrar.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-node-driver-registrar","tag":"v2.9.4"}` | Node CSI driver registrar. |
-| node.driverRegistrar.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Node registrar resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| node.kubeletDir | string | `"/var/lib/kubelet"` | Location of the /var/lib/kubelet directory as some k8s distribution differ from the standard. Standard: /var/lib/kubelet, k0s: /var/lib/k0s/kubelet, microk8s: /var/snap/microk8s/common/var/lib/kubelet |
-| node.nodeSelector | object | `{}` | Node labels for node-plugin assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ |
-| node.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/unschedulable","operator":"Exists"},{"effect":"NoSchedule","key":"node.kubernetes.io/disk-pressure","operator":"Exists"}]` | Tolerations for node-plugin assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
-| livenessprobe.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/livenessprobe","tag":"v2.11.0"}` | Common livenessprobe sidecar. |
-| livenessprobe.failureThreshold | int | `5` | Failure threshold for livenessProbe |
-| livenessprobe.initialDelaySeconds | int | `10` | Initial delay seconds for livenessProbe |
-| livenessprobe.timeoutSeconds | int | `10` | Timeout seconds for livenessProbe |
-| livenessprobe.periodSeconds | int | `60` | Period seconds for livenessProbe |
-| livenessprobe.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Liveness probe resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
 | initContainers | list | `[]` | Add additional init containers for the CSI controller pods. ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ |
-| hostAliases | list | `[]` | hostAliases Deployment pod host aliases ref: https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ |
 | podAnnotations | object | `{}` | Annotations for controller pod. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
 | podSecurityContext | object | `{"fsGroup":65532,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532}` | Controller Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
 | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Controller Container Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
@@ -79,5 +57,3 @@ helm upgrade -i --namespace=csi-hybrid -f hybrid-csi.yaml \
 | nodeSelector | object | `{}` | Node labels for controller assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ |
 | tolerations | list | `[]` | Tolerations for controller assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
 | affinity | object | `{}` | Affinity for controller assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
-| extraVolumes | list | `[]` | Additional volumes for Pods |
-| extraVolumeMounts | list | `[]` |  |

charts/hybrid-csi-plugin/ci/values.yaml

@@ -6,3 +6,5 @@ node:
 
 storageClass:
   - name: hybrid
+    default: true
+    storageClasses: proxmox

charts/hybrid-csi-plugin/templates/_helpers.tpl

@@ -52,13 +52,6 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/component: controller
 {{- end }}
 
-{{- define "hybrid-csi-plugin-node.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "hybrid-csi-plugin.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/component: node
-{{- end }}
-
-
 {{/*
 Create the name of the service account to use
 */}}

charts/hybrid-csi-plugin/templates/controller-clusterrole.yaml

@@ -11,7 +11,7 @@ rules:
     verbs: ["get", "list", "watch", "create", "patch", "delete"]
   - apiGroups: [""]
     resources: ["persistentvolumeclaims"]
-    verbs: ["get", "list", "watch", "update"]
+    verbs: ["get", "list", "watch", "create", "patch", "delete"]
   - apiGroups: [""]
     resources: ["persistentvolumeclaims/status"]
     verbs: ["patch"]

charts/hybrid-csi-plugin/templates/controller-deployment.yaml

@@ -18,7 +18,7 @@ spec:
     metadata:
       annotations:
         checksum/config: {{ toJson .Values.config | sha256sum }}
-      {{- with default .Values.podAnnotations .Values.controller.podAnnotations }}
+      {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- if and .Values.metrics.enabled (eq .Values.metrics.type "annotation") }}
@@ -39,18 +39,14 @@ spec:
       serviceAccountName: {{ include "hybrid-csi-plugin.serviceAccountName" . }}-controller
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      hostAliases: {{- toYaml .Values.hostAliases | nindent 8 }}
-      initContainers: {{- toYaml .Values.initContainers | nindent 8 }}
       containers:
         - name: {{ include "hybrid-csi-plugin.fullname" . }}-controller
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.controller.plugin.image.repository }}:{{ .Values.controller.plugin.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.controller.plugin.image.pullPolicy }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
             - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-            - "--cloud-config={{ .Values.configFile }}"
             {{- if .Values.metrics.enabled }}
             - "--metrics-address=:{{ .Values.metrics.port }}"
             {{- end }}
@@ -61,102 +57,7 @@ spec:
               protocol: TCP
             {{- end }}
           resources:
-            {{- toYaml .Values.controller.plugin.resources | nindent 12 }}
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
-            - name: cloud-config
-              mountPath: /etc/hybrid/
-            {{- with .Values.extraVolumeMounts }}
-            {{- toYaml . | nindent 12 }}
-            {{- end }}
-        - name: csi-attacher
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.controller.attacher.image.repository }}:{{ .Values.controller.attacher.image.tag }}"
-          imagePullPolicy: {{ .Values.controller.attacher.image.pullPolicy }}
-          args:
-            - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-            - "--timeout={{ .Values.timeout }}"
-            - "--leader-election"
-            - "--default-fstype=ext4"
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
-          resources: {{ toYaml .Values.controller.attacher.resources | nindent 12 }}
-        - name: csi-provisioner
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.controller.provisioner.image.repository }}:{{ .Values.controller.provisioner.image.tag }}"
-          imagePullPolicy: {{ .Values.controller.provisioner.image.pullPolicy }}
-          args:
-            - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-            - "--timeout={{ .Values.timeout }}"
-            - "--leader-election"
-            - "--default-fstype=ext4"
-            - "--feature-gates=Topology=True"
-            - "--enable-capacity"
-            - "--capacity-ownerref-level=2"
-          env:
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
-          resources: {{ toYaml .Values.controller.provisioner.resources | nindent 12 }}
-        - name: csi-resizer
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.controller.resizer.image.repository }}:{{ .Values.controller.resizer.image.tag }}"
-          imagePullPolicy: {{ .Values.controller.resizer.image.pullPolicy }}
-          args:
-            - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-            - "--timeout={{ .Values.timeout }}"
-            - "--handle-volume-inuse-error=false"
-            - "--leader-election"
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
-          resources: {{ toYaml .Values.controller.resizer.resources | nindent 12 }}
-        - name: liveness-probe
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.livenessprobe.image.repository }}:{{ .Values.livenessprobe.image.tag }}"
-          imagePullPolicy: {{ .Values.livenessprobe.image.pullPolicy }}
-          args:
-            - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
-          resources: {{ toYaml .Values.livenessprobe.resources | nindent 12 }}
-      volumes:
-        - name: socket-dir
-          emptyDir: {}
-        {{- if .Values.existingConfigSecret }}
-        - name: cloud-config
-          secret:
-            secretName: {{ .Values.existingConfigSecret }}
-            items:
-              - key: {{ .Values.existingConfigSecretKey }}
-                path: config.yaml
-        {{- else }}
-        - name: cloud-config
-          secret:
-            secretName: {{ include "hybrid-csi-plugin.fullname" . }}
-        {{- end }}
-        {{- with .Values.extraVolumes }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
+            {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/hybrid-csi-plugin/templates/csidriver.yaml

@@ -5,6 +5,6 @@ metadata:
 spec:
   attachRequired: true
   podInfoOnMount: true
-  storageCapacity: true
+  storageCapacity: false
   volumeLifecycleModes:
-  - Persistent
+    - Persistent

charts/hybrid-csi-plugin/templates/namespace.yaml

@@ -4,7 +4,7 @@ kind: Namespace
 metadata:
   name: {{ .Release.Namespace }}
   labels:
-    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/enforce: baseline
     pod-security.kubernetes.io/audit: baseline
     pod-security.kubernetes.io/warn: baseline
 {{- end }}