[SEBA-83]
Create charts/docs for Persistent Storage
- Ceph (block volumes, and shared filesystem) using Rook
- Local mounted volumes with local-provisioner
- Local directories with local-directory
Change-Id: I65e8a55ca4fbdb6c9754beec6b7ce5ea010ad642
diff --git a/storage/local-provisioner/Chart.yaml b/storage/local-provisioner/Chart.yaml
new file mode 100644
index 0000000..d99ade5
--- /dev/null
+++ b/storage/local-provisioner/Chart.yaml
@@ -0,0 +1,29 @@
+---
+# Copyright 2018-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# NOTE: this Apache v2 licensed code originally came from:
+# https://github.com/kubernetes-incubator/external-storage/tree/master/local-volume/helm/provisioner
+# at commit: fc25fd337b15a413b1162f76b59b2cac7ff39126
+#
+# Minimal changes have been applied to align it with CORD/SEBA
+
+apiVersion: v1
+version: 2.0.0
+description: local provisioner chart
+name: local-provisioner
+keywords:
+ - storage
+ - local
+engine: gotpl
diff --git a/storage/local-provisioner/provisioner-namespace.yaml b/storage/local-provisioner/provisioner-namespace.yaml
new file mode 100644
index 0000000..5923b16
--- /dev/null
+++ b/storage/local-provisioner/provisioner-namespace.yaml
@@ -0,0 +1,21 @@
+---
+# Copyright 2018-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.common.rbac }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: {{ .Values.common.namespace }}
+{{- end }}
diff --git a/storage/local-provisioner/templates/00_provisioner_rbac.yaml b/storage/local-provisioner/templates/00_provisioner_rbac.yaml
new file mode 100644
index 0000000..7ddedd9
--- /dev/null
+++ b/storage/local-provisioner/templates/00_provisioner_rbac.yaml
@@ -0,0 +1,101 @@
+---
+# Copyright 2018-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{- if .Values.common.rbac }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: {{ .Values.common.namespace }}
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.daemonset.serviceAccount }}
+ namespace: {{ .Values.common.namespace }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: local-storage-provisioner-pv-binding
+ namespace: {{ .Values.common.namespace }}
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.daemonset.serviceAccount }}
+ namespace: {{ .Values.common.namespace }}
+roleRef:
+ kind: ClusterRole
+ name: system:persistent-volume-provisioner
+ apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: local-storage-provisioner-node-clusterrole
+ namespace: {{ .Values.common.namespace }}
+rules:
+- apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: local-storage-provisioner-node-binding
+ namespace: {{ .Values.common.namespace }}
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.daemonset.serviceAccount }}
+ namespace: {{ .Values.common.namespace }}
+roleRef:
+ kind: ClusterRole
+ name: local-storage-provisioner-node-clusterrole
+ apiGroup: rbac.authorization.k8s.io
+
+{{- if .Values.common.useJobForCleaning }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: local-storage-provisioner-jobs-role
+ namespace: {{ .Values.common.namespace }}
+rules:
+- apiGroups:
+ - 'batch'
+ resources:
+ - jobs
+ verbs:
+ - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: local-storage-provisioner-jobs-rolebinding
+ namespace: {{ .Values.common.namespace }}
+subjects:
+- kind: ServiceAccount
+ name: {{ .Values.daemonset.serviceAccount }}
+ namespace: {{ .Values.common.namespace }}
+roleRef:
+ kind: Role
+ name: local-storage-provisioner
+ apiGroup: rbac.authorization.k8s.io
+
+{{- end }} # if .Values.common.useJobForCleaning
+{{- end }} # if .Values.common.rbac
diff --git a/storage/local-provisioner/templates/provisioner.yaml b/storage/local-provisioner/templates/provisioner.yaml
new file mode 100644
index 0000000..1e15e3d
--- /dev/null
+++ b/storage/local-provisioner/templates/provisioner.yaml
@@ -0,0 +1,133 @@
+---
+# Copyright 2018-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Values.common.configMapName }}
+ namespace: {{ .Values.common.namespace }}
+data:
+{{- if .Values.daemonset.nodeLabels }}
+ nodeLabelsForPV: |
+ {{- range $label := .Values.daemonset.nodeLabels }}
+ - {{$label}}
+ {{- end }}
+{{- end }}
+{{- if .Values.common.useAlphaAPI }}
+ useAlphaAPI: "true"
+{{- end }}
+{{- if .Values.common.useJobForCleaning }}
+ useJobForCleaning: "yes"
+{{- end}}
+{{- if .Values.common.minResyncPeriod }}
+ minResyncPeriod: {{ .Values.common.minResyncPeriod | quote }}
+{{- end}}
+ storageClassMap: |
+ {{- range $classConfig := .Values.classes }}
+ {{ $classConfig.name }}:
+ hostDir: {{ $classConfig.hostDir }}
+ mountDir: {{ if $classConfig.mountDir }} {{- $classConfig.mountDir -}} {{ else }} {{- $classConfig.hostDir -}} {{ end }}
+ {{- if $classConfig.blockCleanerCommand }}
+ blockCleanerCommand:
+ {{- range $val := $classConfig.blockCleanerCommand }}
+ - "{{ $val -}}"{{- end}}
+ {{- end }}
+ {{- end }}
+---
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+ name: {{ .Values.daemonset.name }}
+ namespace: {{ .Values.common.namespace }}
+ labels:
+ app: local-volume-provisioner
+spec:
+ selector:
+ matchLabels:
+ app: local-volume-provisioner
+ template:
+ metadata:
+ labels:
+ app: local-volume-provisioner
+ spec:
+ serviceAccountName: {{.Values.daemonset.serviceAccount}}
+{{- if .Values.daemonset.tolerations }}
+ tolerations:
+{{ .Values.daemonset.tolerations | toYaml | trim | indent 8 }}
+{{- end }}
+ containers:
+ - image: "{{ .Values.daemonset.image }}"
+ {{- if .Values.daemonset.imagePullPolicy }}
+ imagePullPolicy: {{ .Values.daemonset.imagePullPolicy | quote }}
+ {{- end }}
+ name: provisioner
+ securityContext:
+ privileged: true
+{{- if .Values.daemonset.resources }}
+ resources:
+{{ .Values.daemonset.resources | toYaml | trim | indent 12 }}
+{{- end }}
+ env:
+ - name: MY_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: MY_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: JOB_CONTAINER_IMAGE
+ value: "{{ .Values.daemonset.image }}"
+ {{- if .Values.daemonset.kubeConfigEnv }}
+ - name: KUBECONFIG
+ value: {{.Values.daemonset.kubeConfigEnv}}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /etc/provisioner/config
+ name: provisioner-config
+ readOnly: true
+ - mountPath: /dev
+ name: provisioner-dev
+ {{- range $classConfig := .Values.classes }}
+ - mountPath: {{ if $classConfig.mountDir }} {{- $classConfig.mountDir -}} {{ else }} {{- $classConfig.hostDir -}} {{ end }}
+ name: {{ $classConfig.name }}
+ mountPropagation: "HostToContainer"
+ {{- end }}
+ volumes:
+ - name: provisioner-config
+ configMap:
+ name: {{ .Values.common.configMapName }}
+ - name: provisioner-dev
+ hostPath:
+ path: /dev
+ {{- range $classConfig := .Values.classes }}
+ - name: {{ $classConfig.name }}
+ hostPath:
+ path: {{ $classConfig.hostDir }}
+ {{- end }}
+
+{{- range $val := .Values.classes }}
+{{- if $val.storageClass }}
+{{- $reclaimPolicy := $val.reclaimPolicy | default "Delete" }}
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: {{ $val.name }}
+provisioner: kubernetes.io/no-provisioner
+volumeBindingMode: WaitForFirstConsumer
+reclaimPolicy: {{ $reclaimPolicy }}
+{{- end }}
+{{- end }}
diff --git a/storage/local-provisioner/values.yaml b/storage/local-provisioner/values.yaml
new file mode 100644
index 0000000..a7e2883
--- /dev/null
+++ b/storage/local-provisioner/values.yaml
@@ -0,0 +1,133 @@
+---
+# Copyright 2018-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Common options.
+common:
+ # Defines whether to generate service account and role bindings.
+ rbac: true
+
+ # Defines the namespace where provisioner runs
+ namespace: "local-storage"
+
+ # Beta PV.NodeAffinity field is used by default. If running against pre-1.10
+ # k8s version, the `useAlphaAPI` flag must be enabled in the configMap.
+ useAlphaAPI: false
+
+ # Provisioner clean volumes in process by default. If set to true, provisioner
+ # will use Jobs to clean.
+ useJobForCleaning: false
+
+ # Resync period in reflectors will be random between minResyncPeriod and
+ # 2*minResyncPeriod. Default: 5m0s.
+ minResyncPeriod: "5m0s"
+
+ # Defines the name of configmap used by Provisioner
+ configMapName: "local-provisioner-config"
+
+# Configure storage classes.
+classes:
+ - name: "local-hdd" # hard disk volumes
+
+ # Path on the host where local volumes of this storage class are mounted
+ # under.
+ hostDir: "/mnt/local-storage/hdd"
+
+ # Optionally specify mount path of local volumes. By default, we use same
+ # path as hostDir in container.
+ mountDir: false
+
+ blockCleanerCommand:
+ # Do a quick reset of the block device during its cleanup.
+ - "/scripts/quick_reset.sh"
+ # or use dd to zero out block dev in two iterations by uncommenting these lines
+ # - "/scripts/dd_zero.sh"
+ # - "2"
+ # or run shred utility for 2 iterations
+ # - "/scripts/shred.sh"
+ # - "2"
+ # or blkdiscard utility by uncommenting the line below.
+ # - "/scripts/blkdiscard.sh"
+
+ # Uncomment to create storage class object with default configuration.
+ storageClass: true
+
+ # Avaiable reclaim policies: Delete/Retain, defaults: Delete.
+ reclaimPolicy: "Delete"
+
+ - name: "local-ssd" # solid state disk volumes
+
+ # Path on the host where local volumes of this storage class are mounted
+ # under.
+ hostDir: "/mnt/local-storage/ssd"
+
+ # Optionally specify mount path of local volumes. By default, we use same
+ # path as hostDir in container.
+ mountDir: false
+
+ blockCleanerCommand:
+ # Do a quick reset of the block device during its cleanup.
+ - "/scripts/quick_reset.sh"
+ # or use dd to zero out block dev in two iterations by uncommenting these lines
+ # - "/scripts/dd_zero.sh"
+ # - "2"
+ # or run shred utility for 2 iterations
+ # - "/scripts/shred.sh"
+ # - "2"
+ # or blkdiscard utility by uncommenting the line below.
+ # - "/scripts/blkdiscard.sh"
+
+ # Uncomment to create storage class object with default configuration.
+ storageClass: true
+
+ # Avaiable reclaim policies: Delete/Retain, defaults: Delete.
+ reclaimPolicy: "Delete"
+
+
+# Configure DaemonSet for provisioner.
+daemonset:
+
+ # Defines the name of a Provisioner
+ name: "local-volume-provisioner"
+
+ # Defines Provisioner's image name including container registry.
+ image: "quay.io/external_storage/local-volume-provisioner:v2.1.0"
+
+ # Defines Image download policy, see kubernetes documentation for available values.
+ imagePullPolicy: 'IfNotPresent'
+
+ # Defines a name of the service account which Provisioner will use to communicate with API server.
+ serviceAccount: "local-storage-admin"
+
+ # If configured KubeConfigEnv will (optionally) specify the location of kubeconfig file on the node.
+ # kubeConfigEnv: KUBECONFIG
+ kubeConfigEnv: false
+
+ # List of node labels to be copied to the PVs created by the provisioner in a format:
+ #
+ # nodeLabels:
+ # - failure-domain.beta.kubernetes.io/zone
+ # - failure-domain.beta.kubernetes.io/region
+ nodeLabels: []
+
+ # If configured, tolerations will add a toleration field to the DaemonSet PodSpec.
+ #
+ # Node tolerations for local-volume-provisioner scheduling to nodes with taints.
+ # Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ tolerations: []
+
+ # If configured, resources will set the requests/limits field to the Daemonset PodSpec.
+ # Ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+ resources: {}
+