Podmon helmchart commits (#75)

* podmon initial helm changes
dell · Apr 18, 2022 · 6979a6c · 6979a6c
1 parent 9b518c6
commit 6979a6c
Show file tree

Hide file tree

Showing 4 changed files with 151 additions and 0 deletions.
diff --git a/helm/csi-isilon/templates/controller.yaml b/helm/csi-isilon/templates/controller.yaml
@@ -14,7 +14,13 @@ rules:
     verbs: ["list", "watch", "create", "update", "patch"]
   - apiGroups: [""]
     resources: ["nodes"]
+  {{- if hasKey .Values "podmon" }}
+  {{- if eq .Values.podmon.enabled true }}
+    verbs: ["get", "list", "watch", "patch"]
+  {{- else }}
     verbs: ["get", "list", "watch"]
+  {{- end }}
+  {{- end }}
   - apiGroups: [""]
     resources: ["persistentvolumes"]
     verbs: ["get", "list", "watch", "create", "delete", "update"]
@@ -23,13 +29,25 @@ rules:
     verbs: ["get", "list", "watch", "update"]
   - apiGroups: [""]
     resources: ["pods"]
+  {{- if hasKey .Values "podmon" }}
+  {{- if eq .Values.podmon.enabled true }}
+    verbs: ["get", "list", "watch", "update", "delete"]
+  {{- else }}
     verbs: ["get", "list", "watch"]
+  {{- end }}
+  {{- end }}
   - apiGroups: ["storage.k8s.io"]
     resources: ["storageclasses"]
     verbs: ["get", "list", "watch"]
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments"]
+  {{- if hasKey .Values "podmon" }}
+  {{- if eq .Values.podmon.enabled true }}
+    verbs: ["get", "list", "watch", "update", "patch", "delete"]
+  {{- else }}
     verbs: ["get", "list", "watch", "update", "patch"]
+  {{- end }}
+  {{- end }}
   - apiGroups: ["storage.k8s.io"]
     resources: ["volumeattachments/status"]
     verbs: ["patch"]
@@ -148,6 +166,33 @@ spec:
       {{- toYaml .Values.controller.tolerations | nindent 8 }}
       {{ end }}
       containers:
+        {{- if hasKey .Values "podmon" }}
+        {{- if eq .Values.podmon.enabled true }}
+        - name: podmon
+          image: {{ required "Must provide the podmon container image." .Values.podmon.image }}
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          args:
+            {{- toYaml .Values.podmon.controller.args | nindent 12 }}
+          env:
+            - name: MY_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: MY_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: MY_POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/run/csi
+            - name: csi-isilon-config-params
+              mountPath: /csi-isilon-config-params
+        {{- end }}
+        {{- end }}
         {{- if hasKey .Values.controller "replication" }}
         {{- if eq .Values.controller.replication.enabled true}}
         - name: dell-csi-replicator

diff --git a/helm/csi-isilon/templates/driver-config-params.yaml b/helm/csi-isilon/templates/driver-config-params.yaml
@@ -6,3 +6,9 @@ metadata:
 data:
   driver-config-params.yaml: |
     CSI_LOG_LEVEL: "{{ .Values.logLevel }}"
+    {{ if .Values.podmon.enabled }}
+    PODMON_CONTROLLER_LOG_LEVEL: "{{ .Values.logLevel }}"
+    PODMON_CONTROLLER_LOG_FORMAT: "{{ .Values.logFormat }}"
+    PODMON_NODE_LOG_LEVEL: "{{ .Values.logLevel }}"
+    PODMON_NODE_LOG_FORMAT: "{{ .Values.logFormat }}"
+    {{ end }}
diff --git a/helm/csi-isilon/templates/node.yaml b/helm/csi-isilon/templates/node.yaml
@@ -34,6 +34,16 @@ rules:
     resourceNames: [ "privileged" ]
     resources: [ "securitycontextconstraints" ]
     verbs: [ "use" ]
+  {{- if hasKey .Values "podmon" }}
+  {{- if eq .Values.podmon.enabled true }}
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch", "update", "delete"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  {{ end }}
+  {{ end }}
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -80,6 +90,59 @@ spec:
       hostNetwork: true
       dnsPolicy: {{ .Values.node.dnsPolicy }}
       containers:
+      {{- if hasKey .Values "podmon" }}
+      {{- if eq .Values.podmon.enabled true }}
+        - name: podmon
+          securityContext:
+            privileged: true
+            capabilities:
+              add: ["SYS_ADMIN"]
+            allowPrivilegeEscalation: true
+          image: {{ required "Must provide the podmon container image." .Values.podmon.image }}
+          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          args:
+            {{- toYaml .Values.podmon.node.args | nindent 12 }}
+          env:
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+            - name: X_CSI_PRIVATE_MOUNT_DIR
+              value: "{{ .Values.kubeletConfigDir }}/plugins/csi-isilon/disks"
+            - name: MY_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: MY_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: MY_POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          volumeMounts:
+            - name: kubelet-pods
+              mountPath: {{ .Values.kubeletConfigDir }}/pods
+              mountPropagation: "Bidirectional"
+            - name: driver-path
+              mountPath: {{ .Values.kubeletConfigDir }}/plugins/csi-isilon
+              mountPropagation: "Bidirectional"
+            - name: volumedevices-path
+              mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi/volumeDevices
+              mountPropagation: "Bidirectional"
+            - name: dev
+              mountPath: /dev
+              mountPropagation: "Bidirectional"
+            - name: usr-bin
+              mountPath: /usr-bin
+            - name: var-run
+              mountPath: /var/run
+            - name: csi-isilon-config-params
+              mountPath: /csi-isilon-config-params
+      {{- end }}
+      {{- end }}
         - name: driver
           command: ["/csi-isilon"]
           args:
@@ -249,3 +312,19 @@ spec:
             secretName: proxy-server-root-certificate
         {{ end }}
         {{ end }}
+        {{- if hasKey .Values "podmon" }}
+        {{- if eq .Values.podmon.enabled true }}
+        - name: usr-bin
+          hostPath:
+            path: /usr/bin
+            type: Directory
+        - name: kubelet-pods
+          hostPath:
+            path: /var/lib/kubelet/pods
+            type: Directory
+        - name: var-run
+          hostPath:
+            path: /var/run
+            type: Directory
+        {{ end }}
+        {{ end }}
diff --git a/helm/csi-isilon/values.yaml b/helm/csi-isilon/values.yaml
@@ -311,3 +311,24 @@ authorization:
   #   "false" - TLS certificate will be verified 
   # Default value: "true" 
   skipCertificateValidation: true
+
+# Enable this feature only after contact support for additional information
+podmon:
+  enabled: false
+  image: dellemc/podmon:v1.1.0
+  #controller:
+  #  args:
+  #    - "--csisock=unix:/var/run/csi/csi.sock"
+  #    - "--labelvalue=csi-isilon"
+  #    - "--driverPath=csi-isilon.dellemc.com"
+  #    - "--mode=controller"
+  #    - "--skipArrayConnectionValidation=false"
+  #    - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml"
+  #node:
+  #  args:
+  #    - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock"
+  #    - "--labelvalue=csi-isilon"
+  #    - "--driverPath=csi-isilon.dellemc.com"
+  #    - "--mode=node"
+  #    - "--leaderelection=false"
+  #    - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml"