PWX-20255: porx-2.7 update (#265)

* added autopilot * removed lighthouse * synced CSI, portworx-ds, stork Signed-off-by: Zoran Rajic <[email protected]>
portworx · Jun 29, 2021 · dc63c9a · dc63c9a
1 parent 93642a2
commit dc63c9a
Show file tree

Hide file tree

Showing 8 changed files with 315 additions and 241 deletions.
diff --git a/charts/portworx/README.md b/charts/portworx/README.md
@@ -48,14 +48,14 @@ The following tables lists the configurable parameters of the Portworx chart and
 | `drives` | Semi-colon seperated list of drives to be used for storage (example: "/dev/sda;/dev/sdb") |
 | `dataInterface` | Name of the interface <ethX> |
 | `managementInterface` | Name of the interface <ethX> |
-| `envVars` | semi-colon-separated list of environment variables that will be exported to portworx. (example: API_SERVER=http://lighthouse-new.portworx.com;MYENV1=val1;MYENV2=val2) |
+| `envVars` | semi-colon-separated list of environment variables that will be exported to portworx. (example: MYENV1=val1;MYENV2=val2) |
 | `stork` | [Storage Orchestration for Hyperconvergence](https://github.com/libopenstorage/stork). |
 | `storkVersion` | The version of stork |
-| `lighthouse` | Whether to install Lighthouse (Portworx GUI) |
 | `customRegistryURL` | Custom Docker registry |
 | `registrySecret` | Registry secret |
 | `journalDevice` | Journal device for Portworx metadata |
-| `csi` | Enable CSI (Tech Preview only) |
+| `aut` | Enable AutoPilot (Tech Preview) |
+| `csi` | Enable CSI (Tech Preview) |
 | `internalKVDB` | Internal KVDB store |
 | `etcd.credentials` | Username and password for ETCD authentication in the form user:password |
 | `etcd.certPath` | Base path where the certificates are placed. (example: if the certificates ca,.crt and the .key are in /etc/pwx/etcdcerts the value should be provided as /etc/pwx/etcdcerts Refer: https://docs.portworx.com/scheduler/kubernetes/etcd-certs-using-secrets.html) |

diff --git a/charts/portworx/templates/portworx-autopilot.yaml b/charts/portworx/templates/portworx-autopilot.yaml
@@ -0,0 +1,129 @@
+{{- if (and (.Values.aut) (eq .Values.aut true))}}
+{{- $varImages := .Values.images | default dict }}
+{{- $pullPolicy := $varImages.pullPolicy | default "Always" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: autopilot-config
+  namespace: kube-system
+data:
+  config.yaml: |-
+    providers:
+       - name: default
+         type: prometheus
+         params: url=http://prometheus:9090
+    min_poll_interval: 2
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: autopilot-account
+  namespace: kube-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    scheduler.alpha.kubernetes.io/critical-pod: ""
+  labels:
+    tier: control-plane
+  name: autopilot
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      name: autopilot
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
+  replicas: 1
+  template:
+    metadata:
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ""
+      labels:
+        name: autopilot
+        tier: control-plane
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: "name"
+                    operator: In
+                    values:
+                    - autopilot
+              topologyKey: "kubernetes.io/hostname"
+      hostPID: false
+      {{- if not (empty .Values.registrySecret) }}
+      imagePullSecrets:
+        - name: {{ .Values.registrySecret }}
+      {{- end }}
+      containers:
+      - command:
+        - /autopilot
+        - -f
+        - ./etc/config/config.yaml
+        - -log-level
+        - debug
+        imagePullPolicy: {{ $pullPolicy }}
+        image: "portworx/autopilot:1.3.0"
+        resources:
+          requests:
+            cpu: '0.1'
+        securityContext:
+          privileged: false
+        name: autopilot
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/config
+      serviceAccountName: autopilot-account
+      volumes:
+        - name: config-volume
+          configMap:
+            name: autopilot-config
+            items:
+            - key: config.yaml
+              path: config.yaml
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: autopilot
+  namespace: kube-system
+  labels:
+    name: autopilot-service
+spec:
+  ports:
+    - name: autopilot
+      protocol: TCP
+      port: 9628
+  selector:
+    name: autopilot
+    tier: control-plane
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: autopilot-role
+rules:
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["*"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: autopilot-role-binding
+subjects:
+- kind: ServiceAccount
+  name: autopilot-account
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: autopilot-role
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
diff --git a/charts/portworx/templates/portworx-csi.yaml b/charts/portworx/templates/portworx-csi.yaml
@@ -1,5 +1,7 @@
 {{- if (and (.Values.csi) (eq .Values.csi true))}}
 {{- $customRegistryURL := .Values.customRegistryURL | default "none" }}
+{{- $varImages := .Values.images | default dict }}
+{{- $pullPolicy := $varImages.pullPolicy | default "Always" }}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -11,21 +13,70 @@ apiVersion: {{ template "rbac.apiVersion" . }}
 metadata:
    name: px-csi-role
 rules:
+- apiGroups: ["extensions"]
+  resources: ["podsecuritypolicies"]
+  resourceNames: ["privileged"]
+  verbs: ["use"]
+- apiGroups: ["apiextensions.k8s.io"]
+  resources: ["customresourcedefinitions"]
+  verbs: ["*"]
 - apiGroups: [""]
   resources: ["nodes"]
   verbs: ["get", "list", "watch"]
 - apiGroups: [""]
   resources: ["persistentvolumes"]
-  verbs: ["get", "list", "watch", "create", "delete", "update"]
+  verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
 - apiGroups: [""]
   resources: ["persistentvolumeclaims"]
   verbs: ["get", "list", "watch", "update"]
+- apiGroups: [""]
+  resources: ["persistentvolumeclaims/status"]
+  verbs: ["update", "patch"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch"]
 - apiGroups: ["storage.k8s.io"]
   resources: ["storageclasses"]
   verbs: ["get", "list", "watch"]
 - apiGroups: ["storage.k8s.io"]
   resources: ["volumeattachments"]
+  verbs: ["get", "list", "watch", "update", "patch"]
+- apiGroups: ["storage.k8s.io"]
+  resources: ["csistoragecapacities"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+- apiGroups: ["apps"]
+  resources: ["replicasets"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["list", "watch", "create", "update", "patch"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "list"]
+- apiGroups: ["snapshot.storage.k8s.io"]
+  resources: ["volumesnapshots", "volumesnapshotcontents", "volumesnapshotclasses", "volumesnapshots/status", "volumesnapshotcontents/status"]
+  verbs: ["create", "get", "list", "watch", "update", "delete"]
+- apiGroups: ["csi.storage.k8s.io"]
+  resources: ["csinodeinfos"]
+  verbs: ["get", "list", "watch", "update"]
+- apiGroups: ["storage.k8s.io"]
+  resources: ["csinodes"]
   verbs: ["get", "list", "watch", "update"]
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["csi.storage.k8s.io"]
+  resources: ["csidrivers"]
+  verbs: ["create", "delete"]
+- apiGroups: [""]
+  resources: ["endpoints"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["*"]
 ---
 kind: ClusterRoleBinding
 apiVersion: {{ template "rbac.apiVersion" . }}
@@ -48,7 +99,7 @@ metadata:
 spec:
   clusterIP: None
 ---
-kind: StatefulSet
+kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: px-csi-ext
@@ -57,8 +108,7 @@ spec:
   selector:
     matchLabels:
       app: px-csi-driver
-  serviceName: "px-csi-service"
-  replicas: 1
+  replicas: 3
   template:
     metadata:
       labels:
@@ -67,34 +117,70 @@ spec:
       serviceAccount: px-csi-account
       containers:
         - name: csi-external-provisioner
-          imagePullPolicy: Always
-          image: "{{ template "px.getcsiImages" . }}/csi-provisioner:v0.2.0"
+          imagePullPolicy: {{ $pullPolicy }}
+          image: "docker.io/openstorage/csi-provisioner:v1.6.1-1"
+          args:
+            - "--v=3"
+            - "--provisioner=pxd.portworx.com"
+            - "--csi-address=$(ADDRESS)"
+            - "--enable-leader-election"
+            - "--leader-election-type=leases"
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+        - name: csi-snapshotter
+          imagePullPolicy: {{ $pullPolicy }}
+          image: k8s.gcr.io/sig-storage/csi-snapshotter:v4.0.0
           args:
-            - "--v=5"
-            - "--provisioner=com.openstorage.pxd"
+            - "--v=3"
             - "--csi-address=$(ADDRESS)"
+            - "--leader-election=true"
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+        - name: csi-snapshot-controller
+          imagePullPolicy: {{ $pullPolicy }}
+          image: k8s.gcr.io/sig-storage/snapshot-controller:v4.0.0
+          args:
+            - "--v=3"
+            - "--leader-election=true"
           env:
             - name: ADDRESS
               value: /csi/csi.sock
+          securityContext:
+            privileged: true
           volumeMounts:
             - name: socket-dir
               mountPath: /csi
-        - name: csi-attacher
-          imagePullPolicy: Always
-          image: "{{ template "px.getcsiImages" . }}/csi-attacher:v0.2.0"
+        - name: csi-resizer
+          imagePullPolicy: {{ $pullPolicy }}
+          image: k8s.gcr.io/sig-storage/csi-resizer:v1.1.0
           args:
-            - "--v=5"
+            - "--v=3"
             - "--csi-address=$(ADDRESS)"
+            - "--leader-election=true"
           env:
             - name: ADDRESS
               value: /csi/csi.sock
+          securityContext:
+            privileged: true
           volumeMounts:
             - name: socket-dir
               mountPath: /csi
       volumes:
         - name: socket-dir
           hostPath:
-            path: /var/lib/kubelet/plugins/com.openstorage.pxd
+            path: /var/lib/kubelet/plugins/pxd.portworx.com
             type: DirectoryOrCreate
     {{- with .Values.tolerations }}
       tolerations:
@@ -109,4 +195,8 @@ spec:
                 operator: {{ template "px.affinityPxEnabledOperator" . }}
                 values:
                 - {{ template "px.affinityPxEnabledValue" . }}
+              {{- if (or (not .Values.deployOnMaster) (eq .Values.deployOnMaster false))}}
+              - key: node-role.kubernetes.io/master
+                operator: DoesNotExist
+              {{- end }}
 {{- end }}