Initial commit

.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+

Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+appVersion: "0.2.4"
+name: irods-csi-driver
+description: A Helm chart for iRODS CSI Driver
+version: 0.2.4
+kubeVersion: ">=1.14.0-0"
+home: https://github.com/cyverse/irods-csi-driver
+sources:
+  - https://github.com/cyverse/irods-csi-driver
+keywords:
+  - irods
+  - cyverse
+  - csi
+maintainers:
+  - name: "Illyoung Choi"

LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2010-2020, The Arizona Board of Regents on behalf of The University of Arizona
+
+All rights reserved.
+
+Developed by: CyVerse as a collaboration between participants at BIO5 at The University of Arizona (the primary hosting institution), Cold Spring Harbor Laboratory, The University of Texas at Austin, and individual contributors. Find out more at http://www.cyverse.org/.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+ * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+ * Neither the name of CyVerse, BIO5, The University of Arizona, Cold Spring Harbor Laboratory, The University of Texas at Austin, nor the names of other contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -1,2 +1,50 @@
-# irods-csi-driver-helm
-Helm Chart Repository for iRODS CSI Driver
+## iRODS CSI Driver Helm Chart
+This script enables easy installation of iRODS CSI Driver using Helm Chart.
+
+### Compatibility
+- Helm 3+
+- Kubernetes > 1.17.x, can be deployed to any namespace.
+- Kubernetes < 1.17.x, namespace **must** be `kube-system`, as `system-cluster-critical` hard coded to this namespace.
+
+### Install
+#### Install with default configuration
+
+Kubernetes > 1.17.x
+```shell script
+helm install irods-csi-driver .
+```
+
+Kubernetes < 1.17.x
+```shell script
+helm install irods-csi-driver --namespace kube-system .
+```
+
+
+
+#### Install with global configuration for proxy authentication
+Edit `user_values.yaml` file for configuration.
+
+Kubernetes > 1.17.x
+```shell script
+helm install irods-csi-driver -f user_values.yaml .
+```
+
+Kubernetes < 1.17.x
+```shell script
+helm install irods-csi-driver -f user_values.yaml --namespace kube-system .
+```
+
+### Upgrade
+```shell script
+helm upgrade irods-csi-driver \
+    --install . \
+    --version 0.2.4 \
+    --namespace kube-system \
+    -f values.yaml
+```
+
+### Uninstall
+```shell script
+helm delete irods-csi-driver
+```
+

templates/_helpers.tpl

@@ -0,0 +1,74 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "helm.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "helm.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "helm.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "helm.labels" -}}
+helm.sh/chart: {{ include "helm.chart" . }}
+{{ include "helm.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "helm.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "helm.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "helm.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "helm.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for CSIDriver.
+*/}}
+{{- define "csidriver.apiVersion" -}}
+{{- if semverCompare ">=1.18-0" .Capabilities.KubeVersion.Version }}
+{{- print "storage.k8s.io/v1" -}}
+{{- else -}}
+{{- print "storage.k8s.io/v1beta1" -}}
+{{- end -}}
+{{- end -}}

templates/controller.yaml

@@ -0,0 +1,75 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: {{ include "helm.fullname" . }}-controller
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "helm.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.controllerService.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "helm.selectorLabels" . | nindent 6 }}-controller
+  template:
+    metadata:
+      labels:
+        {{- include "helm.selectorLabels" . | nindent 8 }}-controller
+    spec:
+      serviceAccount: {{ include "helm.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.controllerService.podSecurityContext | nindent 8 }}
+      priorityClassName: system-cluster-critical
+      tolerations:
+          - key: CriticalAddonsOnly
+            operator: Exists
+      containers:
+        - name: irods-plugin
+          securityContext:
+            {{- toYaml .Values.controllerService.irodsPlugin.securityContext | nindent 12 }}
+          image: "{{ .Values.controllerService.irodsPlugin.image.repository }}:{{ .Values.controllerService.irodsPlugin.image.tag }}"
+          imagePullPolicy: {{ .Values.controllerService.irodsPlugin.image.pullPolicy }}
+          args:
+            - --endpoint=$(CSI_ENDPOINT)
+            - --nodeid=$(NODE_ID)
+            - --secretpath=$(SECRET_VOLUME_PATH)
+            {{- toYaml .Values.controllerService.irodsPlugin.extraArgs | nindent 12 }}
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
+            - name: SECRET_VOLUME_PATH
+              value: /secrets
+            - name: NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy
+            - name: secret-volume
+              mountPath: /secrets
+          resources:
+            {{- toYaml .Values.controllerService.irodsPlugin.resources | nindent 12 }}
+        - name: csi-provisioner
+          image: "{{ .Values.controllerService.csiProvisioner.image.repository }}:{{ .Values.controllerService.csiProvisioner.image.tag }}"
+          args:
+            - --csi-address=$(ADDRESS)
+            {{- toYaml .Values.controllerService.csiProvisioner.extraArgs | nindent 12 }}
+          env:
+            - name: ADDRESS
+              value: /var/lib/csi/sockets/pluginproxy/csi.sock
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy
+          resources:
+            {{- toYaml .Values.controllerService.csiProvisioner.resources | nindent 12 }}
+
+      volumes:
+        - name: plugin-dir
+          emptyDir: {}
+        - name: secret-volume
+          secret:
+            secretName: {{ include "helm.fullname" . }}-global-secret
+      {{- with .Values.controllerService.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

templates/csidriver.yaml

@@ -0,0 +1,6 @@
+apiVersion: {{ template "csidriver.apiVersion" . }}
+kind: CSIDriver
+metadata:
+  name: irods.csi.cyverse.org
+spec:
+  attachRequired: false

templates/node.yaml

@@ -0,0 +1,127 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ include "helm.fullname" . }}-node
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "helm.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "helm.selectorLabels" . | nindent 6 }}-node
+  template:
+    metadata:
+      labels:
+        {{- include "helm.selectorLabels" . | nindent 8 }}-node
+    spec:
+      securityContext:
+        {{- toYaml .Values.nodeService.podSecurityContext | nindent 8 }}
+      hostNetwork: true
+      priorityClassName: system-node-critical
+      tolerations:
+        - operator: Exists
+      containers:
+        - name: irods-plugin
+          securityContext:
+            {{- toYaml .Values.nodeService.irodsPlugin.securityContext | nindent 12 }}
+          image: "{{ .Values.nodeService.irodsPlugin.image.repository }}:{{ .Values.nodeService.irodsPlugin.image.tag }}"
+          imagePullPolicy: {{ .Values.nodeService.irodsPlugin.image.pullPolicy }}
+          args:
+            - --endpoint=$(CSI_ENDPOINT)
+            - --nodeid=$(NODE_ID)
+            - --secretpath=$(SECRET_VOLUME_PATH)
+            {{- toYaml .Values.nodeService.irodsPlugin.extraArgs | nindent 12 }}
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:/csi/csi.sock
+            - name: SECRET_VOLUME_PATH
+              value: /secrets
+            - name: NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: mountpoint-dir
+              mountPath: /var/lib/kubelet/pods
+              mountPropagation: Bidirectional
+            - name: plugin-dir
+              mountPath: /var/lib/kubelet/plugins
+              mountPropagation: Bidirectional
+            - name: socket-dir
+              mountPath: /csi
+            - name: secret-volume
+              mountPath: /secrets
+          ports:
+            - containerPort: 9810
+              name: healthz
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: healthz
+            initialDelaySeconds: 10
+            timeoutSeconds: 3
+            periodSeconds: 2
+            failureThreshold: 5
+          resources:
+            {{- toYaml .Values.nodeService.irodsPlugin.resources | nindent 12 }}
+        - name: csi-driver-registrar
+          securityContext:
+            {{- toYaml .Values.nodeService.csiDriverRegistrar.securityContext | nindent 12 }}
+          image: "{{ .Values.nodeService.csiDriverRegistrar.image.repository }}:{{ .Values.nodeService.csiDriverRegistrar.image.tag }}"
+          imagePullPolicy: {{ .Values.nodeService.csiDriverRegistrar.image.pullPolicy }}
+          args:
+            - --csi-address=$(ADDRESS)
+            - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+            {{- toYaml .Values.nodeService.csiDriverRegistrar.extraArgs | nindent 12 }}
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: /var/lib/kubelet/plugins/irods.csi.cyverse.org/csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+            - name: registration-dir
+              mountPath: /registration
+          resources:
+            {{- toYaml .Values.nodeService.csiDriverRegistrar.resources | nindent 12 }}
+        - name: liveness-probe
+          imagePullPolicy: {{ .Values.nodeService.livenessProbe.image.pullPolicy }}
+          image: "{{ .Values.nodeService.livenessProbe.image.repository }}:{{ .Values.nodeService.livenessProbe.image.tag }}"
+          args:
+            - --csi-address=/csi/csi.sock
+            - --health-port=9810
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+          resources:
+            {{- toYaml .Values.nodeService.livenessProbe.resources | nindent 12 }}
+      volumes:
+        - name: mountpoint-dir
+          hostPath:
+            path: /var/lib/kubelet/pods
+            type: DirectoryOrCreate
+        - name: plugin-dir
+          hostPath:
+            path: /var/lib/kubelet/plugins
+            type: Directory
+        - name: registration-dir
+          hostPath:
+            path: /var/lib/kubelet/plugins_registry
+            type: Directory
+        - name: socket-dir
+          hostPath:
+            path: /var/lib/kubelet/plugins/irods.csi.cyverse.org
+            type: DirectoryOrCreate
+        - name: secret-volume
+          secret:
+            secretName: {{ include "helm.fullname" . }}-global-secret
+      {{- with .Values.nodeService.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}