Allow the data directory to be customized

README.md

@@ -70,6 +70,34 @@ The idea here is to use a single file as the block device, using Linux’s loop,
 - The size limit is enforced by the operating system, based on the backing file size.
 - Since volumes are backed by different files, each file could be formatted using different filesystems, and/or customized with different filesystem options.
 
+### Why use Helm hooks to install/uninstall
+
+Storage classes are one of the foundation building blocks for setting up a solution, so they need to be in place before a solution is installed and only be removed after a solution is uninstalled. This means that the Helm chart needs to be installed and removed seperatly from other Helm charts. One way to allow us to use this Helm chart as part of an umbrella Helm chart is to use Helm Hooks.
+
+In order to ensure that we have a fully functioning storage class before creating other resources we can leverage Helm hooks weight. This also allows us to specify the order of resource creation otherwise Helm views custom resources as a single bucket and simply relies on file name order.
+
+Its also important to ensure that we don't remove resources that are necessary to run storage class before we have removed the solution, as Helm will be left in a deadlock situation waiting for PVCs to be deleted which will never be deleted.
+
+### Recommended locations for data directory
+
+Docker
+---
+Recommended location:
+```
+dataDir: /var/lib/csi/rawfile
+```
+
+To view locations on Docker
+```
+docker run -it --rm --net=host --ipc=host --uts=host --pid=host --security-opt=seccomp=unconfined --privileged -v /:/host alpine /bin/ash -c "df -Th"
+```
+
+CRC
+---
+Recommended location:
+```
+dataDir: /var/lib/csi/rawfile
+```
 
 ## License
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fopenebs%2Frawfile-localpv.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fopenebs%2Frawfile-localpv?ref=badge_large)

consts.py

@@ -1,7 +1,7 @@
 import os
 
 PROVISIONER_NAME = os.getenv("PROVISIONER_NAME", "rawfile.csi.openebs.io")
-PROVISIONER_VERSION = "0.7.0"
+PROVISIONER_VERSION = "0.7.1"
 DATA_DIR = "/data"
 CONFIG = {}
 RESOURCE_EXHAUSTED_EXIT_CODE = 101

deploy/charts/rawfile-csi/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: rawfile-csi
 description: RawFile Driver Container Storage Interface
 type: application
-version: 0.7.0
-appVersion: 0.7.0
+version: 0.7.1
+appVersion: 0.7.1

deploy/charts/rawfile-csi/templates/00-security-context-constraints.yaml

@@ -0,0 +1,52 @@
+{{- if (and (eq (.Values.securityContextConstraints.enabled | default true) true ) ($.Capabilities.APIVersions.Has "security.openshift.io/v1")) }}
+kind: SecurityContextConstraints
+apiVersion: security.openshift.io/v1
+metadata:
+  name: {{ .Values.securityContextConstraints.name }}
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "{{ add (.Values.hookWeight | default 0) 0 }}"
+    "helm.sh/hook-delete-policy": before-hook-creation
+
+seLinuxContext:
+  type: RunAsAny
+runAsUser:
+  type: RunAsAny
+fsGroup:
+  type: RunAsAny
+supplementalGroups:
+  type: RunAsAny
+
+allowedCapabilities:
+  - '*'
+seccompProfiles:
+  - '*'
+allowedUnsafeSysctls:
+  - '*'
+volumes:
+  - '*'
+
+defaultAddCapabilities: null
+requiredDropCapabilities: null
+readOnlyRootFilesystem: false
+priority: null
+
+allowHostPorts: true
+allowPrivilegedContainer: true
+allowHostDirVolumePlugin: true
+allowHostIPC: true
+allowHostPID: true
+allowHostNetwork: true
+allowPrivilegeEscalation: true
+
+groups: []
+users:
+- 'system:serviceaccount:{{ .Release.Namespace }}:{{ include "rawfile-csi.fullname" . }}-driver'
+---
+{{- end -}}

deploy/charts/rawfile-csi/templates/01-driver.yaml

@@ -0,0 +1,21 @@
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: {{ .Values.provisionerName }}
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "{{ add (.Values.hookWeight | default 0) 1 }}"
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  attachRequired: false
+  podInfoOnMount: true
+  fsGroupPolicy: File
+  storageCapacity: true
+  volumeLifecycleModes:
+    - Persistent

deploy/charts/rawfile-csi/templates/01-flow-schema-control.yaml

@@ -0,0 +1,43 @@
+{{- if ($.Capabilities.APIVersions.Has "flowcontrol.apiserver.k8s.io/v1alpha1") }}
+apiVersion: flowcontrol.apiserver.k8s.io/v1alpha1
+kind: FlowSchema
+metadata:
+  name: {{ include "rawfile-csi.fullname" . }}-driver
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "{{ add (.Values.hookWeight | default 0) 1 }}"
+    "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+  priorityLevelConfiguration:
+    name: exempt
+  distinguisherMethod:
+    type: ByUser
+  rules:
+  - nonResourceRules:
+    - nonResourceURLs:
+      - '*'
+      verbs:
+      - '*'
+    resourceRules:
+    - apiGroups:
+      - '*'
+      clusterScope: true
+      namespaces:
+      - '*'
+      resources:
+      - '*'
+      verbs:
+      - '*'
+    subjects:
+    - kind: ServiceAccount
+      serviceAccount:
+        name: {{ include "rawfile-csi.fullname" . }}-driver
+        namespace: {{ .Release.Namespace }}
+---
+{{- end -}}

deploy/charts/rawfile-csi/templates/00-rbac.yaml → deploy/charts/rawfile-csi/templates/01-rbac.yaml

@@ -2,13 +2,33 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ include "rawfile-csi.fullname" . }}-driver
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "{{ add (.Values.hookWeight | default 0) 1 }}"
+    "helm.sh/hook-delete-policy": before-hook-creation
 imagePullSecrets:
   {{- toYaml .Values.imagePullSecrets | nindent 2 }}
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ include "rawfile-csi.fullname" . }}-provisioner
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "{{ add (.Values.hookWeight | default 0) 1 }}"
+    "helm.sh/hook-delete-policy": before-hook-creation
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
@@ -54,6 +74,16 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ include "rawfile-csi.fullname" . }}-provisioner
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "{{ add (.Values.hookWeight | default 0) 1 }}"
+    "helm.sh/hook-delete-policy": before-hook-creation
 subjects:
   - kind: ServiceAccount
     name: {{ include "rawfile-csi.fullname" . }}-driver
@@ -67,6 +97,16 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ include "rawfile-csi.fullname" . }}-broker
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "{{ add (.Values.hookWeight | default 0) 1 }}"
+    "helm.sh/hook-delete-policy": before-hook-creation
 rules:
   - apiGroups: [""]
     resources: ["persistentvolumes"]
@@ -79,6 +119,16 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ include "rawfile-csi.fullname" . }}-broker
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "{{ add (.Values.hookWeight | default 0) 1 }}"
+    "helm.sh/hook-delete-policy": before-hook-creation
 subjects:
   - kind: ServiceAccount
     name: {{ include "rawfile-csi.fullname" . }}-driver
@@ -92,6 +142,16 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ include "rawfile-csi.fullname" . }}-resizer
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "{{ add (.Values.hookWeight | default 0) 1 }}"
+    "helm.sh/hook-delete-policy": before-hook-creation
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
@@ -116,6 +176,16 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: {{ include "rawfile-csi.fullname" . }}-resizer
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "{{ add (.Values.hookWeight | default 0) 1 }}"
+    "helm.sh/hook-delete-policy": before-hook-creation
 subjects:
   - kind: ServiceAccount
     name: {{ include "rawfile-csi.fullname" . }}-driver

deploy/charts/rawfile-csi/templates/01-controller-plugin.yaml → deploy/charts/rawfile-csi/templates/02-controller-plugin.yaml

@@ -5,6 +5,15 @@ metadata:
   labels:
     {{- include "rawfile-csi.labels" . | nindent 4 }}
     component: controller
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "{{ add (.Values.hookWeight | default 0) 2 }}"
+    "helm.sh/hook-delete-policy": before-hook-creation
 spec:
   type: ClusterIP
   selector:
@@ -16,6 +25,16 @@ apiVersion: apps/v1
 kind: StatefulSet
 metadata:
   name: {{ include "rawfile-csi.fullname" . }}-controller
+  labels:
+    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+    app.kubernetes.io/instance: {{ .Release.Name | quote }}
+    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-install,pre-upgrade,pre-rollback
+    "helm.sh/hook-weight": "{{ add (.Values.hookWeight | default 0) 2 }}"
+    "helm.sh/hook-delete-policy": before-hook-creation
 spec:
   replicas: 1
   serviceName: {{ include "rawfile-csi.fullname" . }}