diff --git a/storage-nvme-rook-nfs/.helmignore b/storage-nvme-rook-nfs/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/storage-nvme-rook-nfs/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/storage-nvme-rook-nfs/Chart.yaml b/storage-nvme-rook-nfs/Chart.yaml new file mode 100644 index 0000000..98d4954 --- /dev/null +++ b/storage-nvme-rook-nfs/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: nvme-rook-nfs +description: Deploy rook NFS on Arcus DAC nodes +type: application +version: 0.1.0 +appVersion: "1.7" +icon: https://raw.githubusercontent.com/rook/rook/master/Documentation/media/logo.svg +dependencies: + - name: provisioner + version: ">=0-0" + repository: file://../vendor/sig-storage-local-static-provisioner/helm/provisioner diff --git a/storage-nvme-rook-nfs/crds/nfsserver.yaml b/storage-nvme-rook-nfs/crds/nfsserver.yaml new file mode 100644 index 0000000..f47ffe1 --- /dev/null +++ b/storage-nvme-rook-nfs/crds/nfsserver.yaml @@ -0,0 +1,141 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.1-0.20210420220833-f284e2e8098c + creationTimestamp: null + name: nfsservers.nfs.rook.io +spec: + group: nfs.rook.io + names: + kind: NFSServer + listKind: NFSServerList + plural: nfsservers + singular: nfsserver + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: NFS Server instance state + jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: NFSServer is the Schema for the nfsservers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NFSServerSpec represents the spec of NFS daemon + properties: + annotations: + additionalProperties: + type: string + description: The annotations-related configuration to add/set on each Pod related object. + type: object + exports: + description: The parameters to configure the NFS export + items: + description: ExportsSpec represents the spec of NFS exports + properties: + name: + description: Name of the export + type: string + persistentVolumeClaim: + description: PVC from which the NFS daemon gets storage for sharing + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + server: + description: The NFS server configuration + properties: + accessMode: + description: Reading and Writing permissions on the export Valid values are "ReadOnly", "ReadWrite" and "none" + enum: + - ReadOnly + - ReadWrite + - none + type: string + allowedClients: + description: The clients allowed to access the NFS export + items: + description: AllowedClientsSpec represents the client specs for accessing the NFS export + properties: + accessMode: + description: Reading and Writing permissions for the client to access the NFS export Valid values are "ReadOnly", "ReadWrite" and "none" Gets overridden when ServerSpec.accessMode is specified + enum: + - ReadOnly + - ReadWrite + - none + type: string + clients: + description: The clients that can access the share Values can be hostname, ip address, netgroup, CIDR network address, or all + items: + type: string + type: array + name: + description: Name of the clients group + type: string + squash: + description: Squash options for clients Valid values are "none", "rootid", "root", and "all" Gets overridden when ServerSpec.squash is specified + enum: + - none + - rootid + - root + - all + type: string + type: object + type: array + squash: + description: This prevents the root users connected remotely from having root privileges Valid values are "none", "rootid", "root", and "all" + enum: + - none + - rootid + - root + - all + type: string + type: object + type: object + type: array + replicas: + description: Replicas of the NFS daemon + type: integer + type: object + status: + description: NFSServerStatus defines the observed state of NFSServer + properties: + message: + type: string + reason: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/storage-nvme-rook-nfs/templates/NOTES.txt b/storage-nvme-rook-nfs/templates/NOTES.txt new file mode 100644 index 0000000..e69de29 diff --git a/storage-nvme-rook-nfs/templates/_helpers.tpl b/storage-nvme-rook-nfs/templates/_helpers.tpl new file mode 100644 index 0000000..ad4c3b3 --- /dev/null +++ b/storage-nvme-rook-nfs/templates/_helpers.tpl @@ -0,0 +1,67 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "storage-nvme-rook-nfs.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "storage-nvme-rook-nfs.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "storage-nvme-rook-nfs.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "storage-nvme-rook-nfs.labels" -}} +helm.sh/chart: {{ include "storage-nvme-rook-nfs.chart" . }} +{{ include "storage-nvme-rook-nfs.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "storage-nvme-rook-nfs.selectorLabels" -}} +app.kubernetes.io/name: {{ include "storage-nvme-rook-nfs.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the operator service account to use +*/}} +{{- define "storage-nvme-rook-nfs.operator.serviceAccountName" -}} +{{- $saname := default (include "storage-nvme-rook-nfs.fullname" .) .Values.operator.serviceAccount.prefix }} +{{- printf "%s-operator" $saname }} +{{- end }} + +{{/* +Create the name of the nfsserver service account to use +*/}} +{{- define "storage-nvme-rook-nfs.nfsserver.serviceAccountName" -}} +{{- $saname := default (include "storage-nvme-rook-nfs.fullname" .) .Values.nfsserver.serviceAccount.prefix }} +{{- printf "%s-operator" $saname }} +{{- end }} \ No newline at end of file diff --git a/storage-nvme-rook-nfs/templates/daemonset.yaml b/storage-nvme-rook-nfs/templates/daemonset.yaml new file mode 100644 index 0000000..342ecf7 --- /dev/null +++ b/storage-nvme-rook-nfs/templates/daemonset.yaml @@ -0,0 +1,121 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "storage-nvme-rook-nfs.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "storage-nvme-rook-nfs.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "storage-nvme-rook-nfs.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "storage-nvme-rook-nfs.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.provisioner.daemonset.podLabels }} +{{ .Values.provisioner.daemonset.podLabels | toYaml | trim | indent 8 }} +{{- end }} + annotations: +{{- if .Values.provisioner.daemonset.podAnnotations }} +{{ .Values.provisioner.daemonset.podAnnotations | toYaml | trim | indent 8 }} +{{- end }} + spec: + hostPID: true + nodeSelector: + kubernetes.io/os: linux +{{- if .Values.provisioner.daemonset.affinity }} + affinity: + {{ toYaml .Values.provisioner.daemonset.affinity | nindent 8 }} +{{- end }} + initContainers: + - name: prepare-disks + image: alpine + command: ['/bin/sh', '-c', 'nsenter -t 1 -m -u -i -n -p -- bash -c "${STARTUP_SCRIPT}"'] + {{- if .Values.provisioner.daemonset.imagePullPolicy }} + imagePullPolicy: {{ .Values.provisioner.daemonset.imagePullPolicy }} + {{- end }} + securityContext: + privileged: {{ .Values.provisioner.daemonset.privileged }} +{{- if .Values.provisioner.daemonset.resources }} + resources: + {{ toYaml .Values.provisioner.daemonset.resources | nindent 12 }} +{{- end }} + volumeMounts: + {{- if .Values.provisioner.common.mountDevVolume }} + - name: provisioner-dev + mountPath: /dev + {{- end }} + {{- range $classConfig := .Values.provisioner.classes }} + - name: {{ $classConfig.name }} + mountPath: {{ $classConfig.mountDir | default $classConfig.hostDir }} + mountPropagation: HostToContainer + {{- end }} + env: + - name: BLOCK_DEVICES + value: {{ join " " .Values.provisioner.common.blockDeviceNames | quote }} + - name: STARTUP_SCRIPT + value: | + #!/usr/bin/env bash + set -euo pipefail + set -x + + blockDevices=${BLOCK_DEVICES} + + for dev in $blockDevices; do + cleanName=$(echo ${dev} | sed 's/\//-/g') + existing=$(find /mnt/disks/ -maxdepth 1 -type l -name "*${cleanName}" | wc -l) + if [[ $existing -ge "1" ]]; then + echo "${dev} already cleaned" + else + sed -i "s|${dev}.*||" /etc/fstab + umount ${dev} || true + wipefs --all -f ${dev} + dd if=/dev/zero of=${dev} bs=1M count=10 conv=fsync + echo "${dev} cleaned" + fi + done + + mkdir -p /mnt/disks + + for dev in $blockDevices; do + existing=$(find /mnt/disks/ -maxdepth 1 -type l -name "*${cleanName}" | wc -l) + if [[ $existing -ge "1" ]]; then + echo "${dev} already linked" + else + ln -s ${dev} /mnt/disks/$(uuidgen)${cleanName} + echo "${dev} linked" + fi + done + containers: + - name: pause + image: gcr.io/google_containers/pause + resources: + limits: + cpu: 50m + memory: 50Mi + requests: + cpu: 50m + memory: 50Mi + volumes: + - name: prepare-disks-config + configMap: + name: {{ template "storage-nvme-rook-nfs.fullname" . }}-prepare-disks-config + {{- if .Values.provisioner.common.mountDevVolume }} + - name: provisioner-dev + hostPath: + path: /dev + {{- end }} + {{- range $classConfig := .Values.provisioner.classes }} + - name: {{ $classConfig.name }} + hostPath: + path: {{ $classConfig.hostDir }} + {{- end }} + {{- range $name, $path := .Values.provisioner.daemonset.additionalHostPathVolumes }} + - name: {{ quote $name }} + hostPath: + path: {{ quote $path }} + {{- end }} + diff --git a/storage-nvme-rook-nfs/templates/namespace.yaml b/storage-nvme-rook-nfs/templates/namespace.yaml new file mode 100644 index 0000000..9116a2e --- /dev/null +++ b/storage-nvme-rook-nfs/templates/namespace.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.operator.namespace }} # namespace:operator +--- +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.nfsserver.namespace }} # namespace:nfsserver \ No newline at end of file diff --git a/storage-nvme-rook-nfs/templates/nfsserver/nfsserver-nfsserver.yaml b/storage-nvme-rook-nfs/templates/nfsserver/nfsserver-nfsserver.yaml new file mode 100644 index 0000000..05629f2 --- /dev/null +++ b/storage-nvme-rook-nfs/templates/nfsserver/nfsserver-nfsserver.yaml @@ -0,0 +1,26 @@ +apiVersion: nfs.rook.io/v1alpha1 +kind: NFSServer +metadata: + name: {{ .Values.nfsserver.name }} + namespace: {{ .Values.nfsserver.namespace }} + labels: + app: rook-nfs + {{- include "storage-nvme-rook-nfs.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.nfsserver.replicaCount }} + exports: + {{- range .Values.nfsserver.exports }} + - name: {{ .name }} + server: + accessMode: {{ .server.accessMode }} + squash: {{ .server.squash | quote }} + persistentVolumeClaim: + claimName: {{ .persistentVolumeClaim.claimName }} + {{- end }} + # A key/value list of annotations +{{- with .Values.podAnnotations }} + annotations: + rook: nfs + {{- toYaml . | nindent 4 }} +{{- end }} + \ No newline at end of file diff --git a/storage-nvme-rook-nfs/templates/nfsserver/nfsserver-pvc.yaml b/storage-nvme-rook-nfs/templates/nfsserver/nfsserver-pvc.yaml new file mode 100644 index 0000000..5341e33 --- /dev/null +++ b/storage-nvme-rook-nfs/templates/nfsserver/nfsserver-pvc.yaml @@ -0,0 +1,16 @@ +{{- range .Values.nfsserver.exports }} +--- +{{- $pvc := .persistentVolumeClaim }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ $pvc.claimName }} + namespace: {{ $.Values.nfsserver.namespace }} # namespace:nfsserver +spec: + accessModes: + {{ $pvc.accessModes | toYaml }} + resources: + requests: + storage: {{ $pvc.resources.requests.storage }} + storageClassName: {{ $pvc.storageClassName }} +{{- end }} diff --git a/storage-nvme-rook-nfs/templates/nfsserver/nfsserver-rbac.yaml b/storage-nvme-rook-nfs/templates/nfsserver/nfsserver-rbac.yaml new file mode 100644 index 0000000..d9e8e0e --- /dev/null +++ b/storage-nvme-rook-nfs/templates/nfsserver/nfsserver-rbac.yaml @@ -0,0 +1,46 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rook-nfs-provisioner-runner +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + - apiGroups: [""] + resources: ["services", "endpoints"] + verbs: ["get"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["rook-nfs-policy"] + verbs: ["use"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: + - nfs.rook.io + resources: + - "*" + verbs: + - "*" +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rook-nfs-provisioner-runner +subjects: + - kind: ServiceAccount + name: rook-nfs-server + namespace: {{ .Values.nfsserver.namespace }} # namespace:nfsserver +roleRef: + kind: ClusterRole + name: rook-nfs-provisioner-runner + apiGroup: rbac.authorization.k8s.io diff --git a/storage-nvme-rook-nfs/templates/nfsserver/nfsserver-serviceaccount.yaml b/storage-nvme-rook-nfs/templates/nfsserver/nfsserver-serviceaccount.yaml new file mode 100644 index 0000000..50a624d --- /dev/null +++ b/storage-nvme-rook-nfs/templates/nfsserver/nfsserver-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rook-nfs-server + labels: + {{- include "storage-nvme-rook-nfs.labels" . | nindent 4 }} + {{- with .Values.nfsserver.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ .Values.nfsserver.namespace }} # namespace:nfsserver \ No newline at end of file diff --git a/storage-nvme-rook-nfs/templates/operator/operator-deployment.yaml b/storage-nvme-rook-nfs/templates/operator/operator-deployment.yaml new file mode 100644 index 0000000..133ab19 --- /dev/null +++ b/storage-nvme-rook-nfs/templates/operator/operator-deployment.yaml @@ -0,0 +1,39 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.operator.name }} + namespace: {{ .Values.operator.namespace }} + labels: + app: rook-nfs-operator + {{- include "storage-nvme-rook-nfs.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: rook-nfs-operator + {{- include "storage-nvme-rook-nfs.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app: rook-nfs-operator + {{- include "storage-nvme-rook-nfs.selectorLabels" . | nindent 8 }} + spec: + serviceAccountName: {{ include "storage-nvme-rook-nfs.operator.serviceAccountName" . }} + containers: + - name: rook-nfs-operator + image: {{ printf "%s:%s" .Values.operator.image .Values.operator.tag }} + imagePullPolicy: IfNotPresent + args: ["nfs", "operator"] + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace \ No newline at end of file diff --git a/storage-nvme-rook-nfs/templates/operator/operator-rbac.yaml b/storage-nvme-rook-nfs/templates/operator/operator-rbac.yaml new file mode 100644 index 0000000..2b3fb08 --- /dev/null +++ b/storage-nvme-rook-nfs/templates/operator/operator-rbac.yaml @@ -0,0 +1,92 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rook-nfs-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rook-nfs-operator +subjects: + - kind: ServiceAccount + name: {{ include "storage-nvme-rook-nfs.operator.serviceAccountName" . }} + namespace: {{ .Values.operator.namespace }} # namespace:operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: rook-nfs-operator +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - get + - watch + - create + - apiGroups: + - "" + resources: + - services + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - nfs.rook.io + resources: + - nfsservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - nfs.rook.io + resources: + - nfsservers/status + - nfsservers/finalizers + verbs: + - get + - patch + - update diff --git a/storage-nvme-rook-nfs/templates/operator/operator-serviceaccount.yaml b/storage-nvme-rook-nfs/templates/operator/operator-serviceaccount.yaml new file mode 100644 index 0000000..10ead4a --- /dev/null +++ b/storage-nvme-rook-nfs/templates/operator/operator-serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "storage-nvme-rook-nfs.operator.serviceAccountName" . }} + labels: + {{- include "storage-nvme-rook-nfs.labels" . | nindent 4 }} + {{- with .Values.operator.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ .Values.operator.namespace }} # namespace:operator \ No newline at end of file diff --git a/storage-nvme-rook-nfs/templates/psp.yaml b/storage-nvme-rook-nfs/templates/psp.yaml new file mode 100644 index 0000000..c610511 --- /dev/null +++ b/storage-nvme-rook-nfs/templates/psp.yaml @@ -0,0 +1,24 @@ +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: rook-nfs-policy +spec: + privileged: true + fsGroup: + rule: RunAsAny + allowedCapabilities: + - DAC_READ_SEARCH + - SYS_RESOURCE + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - secret + - hostPath diff --git a/storage-nvme-rook-nfs/templates/sc.yaml b/storage-nvme-rook-nfs/templates/sc.yaml new file mode 100644 index 0000000..dba4a5c --- /dev/null +++ b/storage-nvme-rook-nfs/templates/sc.yaml @@ -0,0 +1,17 @@ +{{- range .Values.nfsserver.exports }} +{{- $pvc := .persistentVolumeClaim }} +--- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + labels: + app: rook-nfs + name: {{ .nfsStorageClassName }} +parameters: + exportName: {{ .name }} + nfsServerName: {{ $.Values.nfsserver.name }} + nfsServerNamespace: {{ $.Values.nfsserver.name }} +provisioner: nfs.rook.io/rook-nfs-provisioner +reclaimPolicy: Delete +volumeBindingMode: Immediate +{{- end }} \ No newline at end of file diff --git a/storage-nvme-rook-nfs/values.yaml b/storage-nvme-rook-nfs/values.yaml new file mode 100644 index 0000000..b02eed1 --- /dev/null +++ b/storage-nvme-rook-nfs/values.yaml @@ -0,0 +1,111 @@ +# Default values for nvme-rook-nfs. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +nameOverride: "" + +fullnameOverride: "" + +affinity: {} + +operator: + name: "rook-nfs-operator" + image: "rook/nfs" + tag: "v1.7.3" + namespace: "rook-nfs-system" + serviceAccount: + # Annotations to add to the service account + annotations: {} + # The prefix of the of the service account to use. + # If not set and create is true, a name is generated using the fullname template + prefix: "" + +nfsserver: + name: "rook-nfs" + namespace: "rook-nfs" + replicaCount: 1 + serviceAccount: + # Annotations to add to the service account + annotations: {} + # The prefix of the name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + prefix: "" + exports: + - name: nvme-nfs-share + server: + accessMode: ReadWrite + squash: "none" + persistentVolumeClaim: + claimName: local-nvme-claim + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2000Gi + storageClassName: local-nvme + nfsStorageClassName: rook-nfs-nvme + +podAnnotations: {} + +provisioner: + common: + # List of names of worker node block devices to create local volumes from + blockDeviceNames: + - /dev/vdb + # Mount the host's `/dev/` by default so that block device symlinks can be + # resolved by the containers + mountDevVolume: true + additionalHostPathVolumes: + provisioner-mnt: /mnt + provisioner-fstab: /etc/fstab + classes: + # Defines name of storage class + - name: local-nvme + # Path on the host where local volumes of this storage class are mounted + # under. + hostDir: /mnt/disks + # Optionally specify mount path of local volumes. By default, we use same + # path as hostDir in container. + mountDir: /mnt/disks + # File name pattern to discover. By default, discover all file names. + namePattern: "*-dev-vd*" + # Use dd to zero out block dev in two iterations + blockCleanerCommand: + - "/scripts/quick_reset.sh" + # Uncomment to create storage class object and configure it. + storageClass: + # Available reclaim policies: Delete/Retain, defaults: Delete. + reclaimPolicy: Delete + # set as default class + isDefaultClass: false + daemonset: + podLabels: {} + podAnnotations: {} + privileged: true + additionalHostPathVolumes: [] + initContainers: + - name: wait-for-prepare-disk + image: debian + imagePullPolicy: Always + command: ['/bin/sh', '-c', 'bash -c "${CHECK_SCRIPT}"'] + env: + - name: CHECK_SCRIPT + value: | + #!/usr/bin/env bash + set -euo pipefail + set -x + while [[ $(awk '$2 == "/mnt" {print $1}' /proc/mounts | wc -l) -gt 0 ]]; do + sleep 5 + done + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + # OpenStack flavor types are available to us, so use them for scheduling + - matchExpressions: + - key: node.kubernetes.io/instance-type + operator: In + values: + - vm.iris.cpu.dac.quarter + - vm.iris.cpu.dac.half + - vm.iris.cpu.dac.full