Helm chart

README.md

@@ -36,6 +36,8 @@ The plugin was tested on the following Kubernetes installation:
 | SbecCloud Self Managed |   1.22.1       |  true          |   ok  |
 | SbecCloud Self Managed |   1.22.2       |  true          |   ok  |
 | SbecCloud Self Managed |   1.22.3       |  true          |   ok  | 
+
+## Manual installation
 ### 1. Create a secret with your S3 credentials
 
 ```yaml
@@ -107,6 +109,20 @@ kubectl create -f examples/create_backet/storageclass.yaml
 
 If something does not work as expected, check the troubleshooting section below.
 
+## Helm installation
+
+### 1. Get AK/SK Keys
+
+You need to create AK/SK keys according to the following instructions: https://support.hc.sbercloud.ru/en-us/sdk-java-devg/obs/obs_21_0103.html
+
+### 2. Deploy the controller plugin
+
+```bash
+$ git clone git@github.com:obsessionsys/sbercloud-csi-obs.git
+$ cd sbercloud-csi-obs
+$ helm upgrade --install csi -n kube-system --set secretKey.create=true,secretKey.data.accessKeyID=<YOUR_ACCESS_KEY_ID_FROM_CREDENTIAL_CSV>,secretKey.data.secretAccessKey=<YOUR_SECRET_ACCESS_KEY_FROM_CREDENTIAL_CSV>,secretKey.data.endpoint=https://obs.ru-moscow-1.hc.sbercloud.ru --set storageClass.create=true ./helm
+```
+
 ## Additional configuration
 
 ### Bucket

helm/Chart.yaml

@@ -0,0 +1,19 @@
+annotations:
+  category: SberCloud CSI
+apiVersion: v2
+appVersion: 1.2.0
+description: A Helm chart for a SberCloud OBS 
+engine: gotpl
+name: s3
+version: 1.2.0
+keywords:
+- csi
+- s3
+- cluster
+maintainers:
+- email: obsessionsys@gmail.com
+  name: Fedorov Vitaly
+dependencies:
+  - name: obs-attacher
+  - name: obs-provisioner
+  - name: obs-node

helm/charts/obs-attacher/Chart.yaml

@@ -0,0 +1,15 @@
+annotations:
+  category: SberCloud CSI
+apiVersion: v2
+appVersion: 1.2.0
+description: A Helm chart for a SberCloud OBS 
+engine: gotpl
+name: obs-attacher
+version: 1.2.0
+keywords:
+- csi
+- s3
+- cluster
+maintainers:
+- email: v.fedorov@eapteka.ru
+  name: Fedorov Vitaly

helm/charts/obs-attacher/templates/_helpers.tpl

@@ -0,0 +1,92 @@
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "chart.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Common labels
+timestamp: {{ now | date "2006-01-02_15-04-05" | quote }}
+*/}}
+{{- define "chart.labels" -}}
+helm.sh/chart: {{ include "chart.chart" . }}
+{{ include "chart.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/part-of: {{ include "chart.name" . }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "chart.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "chart.name" . }}{{- if .name -}}-{{- .name -}}{{- end }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "chart.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "chart.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/* Expands data for image pull secret. */}}
+{{- define "imagePullSecret" }}
+{{- with .Values.imageCredentials }}
+{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
+{{- end }}
+{{- end }}
+
+{{/*
+Returns a secret if it already in Kubernetes, otherwise it creates
+it randomly.
+*/}}
+
+{{/* 
+{{- define "getOrGeneratePass" }}
+{{- $len := (default 32 .Length) | int -}}
+{{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}}
+{{- if $obj }}
+{{- index $obj .Key -}}
+{{- else -}}
+{{- randAlphaNum $len | b64enc -}}
+{{- end -}}
+{{- end }}
+*/}}

helm/charts/obs-attacher/templates/private-registry.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.imageCredentials.usePrivate -}}
+{{- $fullName := include "chart.fullname" . -}}
+{{- $name := "attr" -}}
+{{- $data := dict "name" $name "Chart" .Chart "Release" .Release "Values" .Values -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- include "chart.labels" $data | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations:
+{{ toYaml .Values.annotations | indent 4 }}
+  {{- end }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}

helm/charts/obs-attacher/templates/rbac-cr.yaml

@@ -0,0 +1,33 @@
+{{- if .Values.serviceAccount.create }}
+{{- $name := "attr" -}}
+{{- $data := dict "name" $name "Chart" .Chart "Release" .Release "Values" .Values -}}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "chart.serviceAccountName" . }}
+  labels:
+    {{- include "chart.labels" $data | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations:
+{{ toYaml .Values.annotations | indent 4 }}
+  {{- end }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments/status"]
+    verbs: ["patch"]
+{{- end }}

helm/charts/obs-attacher/templates/rbac-crb.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.serviceAccount.create }}
+{{- $name := "attr" -}}
+{{- $data := dict "name" $name "Chart" .Chart "Release" .Release "Values" .Values -}}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "chart.serviceAccountName" . }}
+  labels:
+    {{- include "chart.labels" $data | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations:
+{{ toYaml .Values.annotations | indent 4 }}
+  {{- end }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "chart.serviceAccountName" . }}
+    namespace: {{ .Values.namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "chart.serviceAccountName" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}

helm/charts/obs-attacher/templates/rbac-sa.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.serviceAccount.create }}
+{{- $name := "attr" -}}
+{{- $data := dict "name" $name "Chart" .Chart "Release" .Release "Values" .Values -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "chart.serviceAccountName" . }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- include "chart.labels" $data | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations:
+{{ toYaml .Values.annotations | indent 4 }}
+  {{- end }}
+
+{{- end }}

helm/charts/obs-attacher/templates/service.yaml

@@ -0,0 +1,20 @@
+{{- $fullName := include "chart.fullname" . -}}
+{{- $name := "attr" -}}
+{{- $data := dict "name" $name "Chart" .Chart "Release" .Release "Values" .Values -}}
+kind: Service
+apiVersion: v1
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- include "chart.labels" $data | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations:
+{{ toYaml .Values.annotations | indent 4 }}
+  {{- end }}
+spec:
+  selector:
+    {{- include "chart.selectorLabels" $data | nindent 6 }}
+  ports:
+    - name: csi-s3-dummy
+      port: {{ .Values.attacher.service.port }}

helm/charts/obs-attacher/templates/statefulset.yaml

@@ -0,0 +1,62 @@
+{{- $fullName := include "chart.fullname" . -}}
+{{- $name := "attr" -}}
+{{- $data := dict "name" $name "Chart" .Chart "Release" .Release "Values" .Values -}}
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- include "chart.labels" $data | nindent 4 }}
+  {{- if .Values.annotations }}
+  annotations:
+{{ toYaml .Values.annotations | indent 4 }}
+  {{- end }}
+spec:
+  serviceName: {{ $fullName | quote }}
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "chart.selectorLabels" $data | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.annotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "chart.selectorLabels" $data | nindent 8 }}
+    spec:
+      serviceAccount: {{ include "chart.serviceAccountName" . }}
+      {{- if .Values.imageCredentials.usePrivate }}
+      imagePullSecrets: 
+        - name: {{ $fullName }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}-{{ $name }}
+          image: "{{ .Values.attacher.image.repository }}:{{ .Values.attacher.image.tag | default .Chart.AppVersion }}" 
+          args:
+            - "--v=4"
+            - "--csi-address=$(ADDRESS)"
+          env:
+            - name: ADDRESS
+              value: /var/lib/kubelet/plugins/ch.ctrox.csi.s3-driver/csi.sock
+          imagePullPolicy: {{ .Values.attacher.image.pullPolicy | quote }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/kubelet/plugins/ch.ctrox.csi.s3-driver
+          resources:
+            {{- toYaml .Values.attacher.resources | nindent 12 }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: socket-dir
+          hostPath:
+            path: /var/lib/kubelet/plugins/ch.ctrox.csi.s3-driver
+            type: DirectoryOrCreate

helm/charts/obs-attacher/values.yaml

@@ -0,0 +1,50 @@
+# Default values for php-fpm.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  create: true
+  name: ""
+
+
+imageCredentials:
+  usePrivate: false
+  registry: gitlab.someone.ru
+  username: someone
+  password: sillyness
+  email: obsessionsys@gmail.com
+
+replicaCount: 1
+namespace: kube-system
+
+attacher:
+  image:
+    repository: quay.io/k8scsi/csi-attacher
+    tag: v3.0.2
+    pullPolicy: IfNotPresent
+  service:
+    port: 65535
+  resources:
+    limits:
+      cpu: 300m
+      memory: 300Mi
+    requests:
+      cpu: 300m
+      memory: 300Mi
+
+
+
+nodeSelector: {}
+
+tolerations: 
+  - key: node-role.kubernetes.io/master
+    operator: "Exists"
+  - key: node-role.kubernetes.io/control-plane
+    operator: "Exists"
+
+affinity: {}
+
+annotations: {}