nikdoof/helm-charts
1
0
Fork 0
mirror of https://github.com/nikdoof/helm-charts.git synced 2025-12-14 05:52:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

[nfs-client-provisioner] Import from helm/stable repo (#11)

Browse Source 
* Import nfs-client-provisioner from helm/stable repo

* Update chart testing

* Correct testing
This commit is contained in:
Andrew Williams
2021-01-01 13:46:14 +00:00
committed by GitHub
parent 343a41b2e7
commit a29c9d7cff
18 changed files with 562 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
.github/workflows/lint-test.yaml vendored
View File

@@ -7,21 +7,36 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v1 uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Helm
uses: azure/setup-helm@v1
with:
version: v3.4.0
- uses: actions/setup-python@v2
with:
python-version: 3.7
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.0.1
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed)
if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true"
fi
- name: Run chart-testing (lint) - name: Run chart-testing (lint)
id: lint run: ct lint
uses: helm/chart-testing-action@v1.0.0-alpha.3
with:
command: lint
- name: Create kind cluster - name: Create kind cluster
uses: helm/kind-action@v1.0.0-alpha.3 uses: helm/kind-action@v1.0.0
with: if: steps.list-changed.outputs.changed == 'true'
install_local_path_provisioner: true
if: steps.lint.outputs.changed == 'true'
- name: Run chart-testing (install) - name: Run chart-testing (install)
uses: helm/chart-testing-action@v1.0.0-alpha.3 run: ct install
with:
command: install

22
.github/workflows/release.yaml vendored
View File

@@ -10,29 +10,23 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v1 uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Configure Git - name: Configure Git
run: | run: |
git config user.name "$GITHUB_ACTOR" git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com" git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
# See https://github.com/helm/chart-releaser-action/issues/6
- name: Install Helm - name: Install Helm
run: | uses: azure/setup-helm@v1
curl -sSLo get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get with:
chmod 700 get_helm.sh version: v3.4.0
./get_helm.sh
helm init --client-only
- name: Add dependency chart repos
run: |
helm repo add stable https://kubernetes-charts.storage.googleapis.com/
helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/
- name: Run chart-releaser - name: Run chart-releaser
uses: helm/chart-releaser-action@v1.0.0-alpha.2 uses: helm/chart-releaser-action@v1.1.1
with: with:
charts_repo_url: https://nikdoof.github.io/helm-charts charts_repo_url: https://nikdoof.github.io/helm-charts
env: env:
CR_TOKEN: "${{ secrets.CR_TOKEN }}" CR_TOKEN: "${{ secrets.CR_TOKEN }}"

21
charts/nfs-client-provisioner/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

12
charts/nfs-client-provisioner/Chart.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
appVersion: 3.1.0
description: nfs-client is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes.
name: nfs-client-provisioner
home: https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client
version: 1.2.12
sources:
- https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client
deprecated: true
keywords:
- nfs
- storage

73
charts/nfs-client-provisioner/README.md Normal file
View File

@@ -0,0 +1,73 @@
# nfs-client-provisioner
The [NFS client provisioner](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client) is an automatic provisioner for Kubernetes that uses your *already configured* NFS server, automatically creating Persistent Volumes.
## TL;DR;
```console
$ helm install --set nfs.server=x.x.x.x --set nfs.path=/exported/path stable/nfs-client-provisioner
```
For **arm** deployments set `image.repository` to `--set image.repository=quay.io/external_storage/nfs-client-provisioner-arm`
## Introduction
This charts installs custom [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/) into a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. It also installs a [NFS client provisioner](https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client) into the cluster which dynamically creates persistent volumes from single NFS share.
## Prerequisites
- Kubernetes 1.9+
- Existing NFS Share
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm install --name my-release --set nfs.server=x.x.x.x --set nfs.path=/exported/path stable/nfs-client-provisioner
```
The command deploys the given storage class in the default configuration. It can be used afterswards to provision persistent volumes. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following tables lists the configurable parameters of this chart and their default values.
| Parameter | Description | Default |
| ----------------------------------- | ----------------------------------------------------------- | ------------------------------------------------- |
| `replicaCount` | Number of provisioner instances to deployed | `1` |
| `strategyType` | Specifies the strategy used to replace old Pods by new ones | `Recreate` |
| `image.repository` | Provisioner image | `quay.io/external_storage/nfs-client-provisioner` |
| `image.tag` | Version of provisioner image | `v3.1.0-k8s1.11` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `storageClass.name` | Name of the storageClass | `nfs-client` |
| `storageClass.defaultClass` | Set as the default StorageClass | `false` |
| `storageClass.allowVolumeExpansion` | Allow expanding the volume | `true` |
| `storageClass.reclaimPolicy` | Method used to reclaim an obsoleted volume | `Delete` |
| `storageClass.provisionerName` | Name of the provisionerName | null |
| `storageClass.archiveOnDelete` | Archive pvc when deleting | `true` |
| `storageClass.accessModes` | Set access mode for PV | `ReadWriteOnce` |
| `nfs.server` | Hostname of the NFS server | null (ip or hostname) |
| `nfs.path` | Basepath of the mount point to be used | `/ifs/kubernetes` |
| `nfs.mountOptions` | Mount options (e.g. 'nfsvers=3') | null |
| `resources` | Resources required (e.g. CPU, memory) | `{}` |
| `rbac.create` | Use Role-based Access Control | `true` |
| `podSecurityPolicy.enabled` | Create & use Pod Security Policy resources | `false` |
| `priorityClassName` | Set pod priorityClassName | null |
| `serviceAccount.create` | Should we create a ServiceAccount | `true` |
| `serviceAccount.name` | Name of the ServiceAccount to use | null |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `affinity` | Affinity settings | `{}` |
| `tolerations` | List of node taints to tolerate | `[]` |

5
charts/nfs-client-provisioner/ci/test-values.yaml Normal file
View File

@@ -0,0 +1,5 @@
nfs:
server: 127.0.0.1
podSecurityPolicy:
enabled: true
buildMode: true

62
charts/nfs-client-provisioner/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,62 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "nfs-client-provisioner.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "nfs-client-provisioner.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "nfs-client-provisioner.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "nfs-client-provisioner.provisionerName" -}}
{{- if .Values.storageClass.provisionerName -}}
{{- printf .Values.storageClass.provisionerName -}}
{{- else -}}
cluster.local/{{ template "nfs-client-provisioner.fullname" . -}}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "nfs-client-provisioner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "nfs-client-provisioner.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for podSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiVersion" -}}
{{- if semverCompare ">=1.10-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "extensions/v1beta1" -}}
{{- end -}}
{{- end -}}

30
charts/nfs-client-provisioner/templates/clusterrole.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app: {{ template "nfs-client-provisioner.name" . }}
chart: {{ template "nfs-client-provisioner.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nfs-client-provisioner.fullname" . }}-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ template "nfs-client-provisioner.fullname" . }}]
{{- end }}
{{- end }}

19
charts/nfs-client-provisioner/templates/clusterrolebinding.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app: {{ template "nfs-client-provisioner.name" . }}
chart: {{ template "nfs-client-provisioner.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: run-{{ template "nfs-client-provisioner.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "nfs-client-provisioner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ template "nfs-client-provisioner.fullname" . }}-runner
apiGroup: rbac.authorization.k8s.io
{{- end }}

77
charts/nfs-client-provisioner/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,77 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "nfs-client-provisioner.fullname" . }}
labels:
app: {{ template "nfs-client-provisioner.name" . }}
chart: {{ template "nfs-client-provisioner.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
replicas: {{ .Values.replicaCount }}
strategy:
type: {{ .Values.strategyType }}
selector:
matchLabels:
app: {{ template "nfs-client-provisioner.name" . }}
release: {{ .Release.Name }}
template:
metadata:
annotations:
{{- if and (.Values.tolerations) (semverCompare "<1.6-0" .Capabilities.KubeVersion.GitVersion) }}
scheduler.alpha.kubernetes.io/tolerations: '{{ toJson .Values.tolerations }}'
{{- end }}
labels:
app: {{ template "nfs-client-provisioner.name" . }}
release: {{ .Release.Name }}
spec:
serviceAccountName: {{ template "nfs-client-provisioner.serviceAccountName" . }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: {{ template "nfs-client-provisioner.provisionerName" . }}
- name: NFS_SERVER
value: {{ .Values.nfs.server }}
- name: NFS_PATH
value: {{ .Values.nfs.path }}
{{- with .Values.resources }}
resources:
{{ toYaml . | indent 12 }}
{{- end }}
volumes:
- name: nfs-client-root
{{- if .Values.buildMode }}
emptyDir: {}
{{- else if .Values.nfs.mountOptions }}
persistentVolumeClaim:
claimName: pvc-{{ template "nfs-client-provisioner.fullname" . }}
{{- else }}
nfs:
server: {{ .Values.nfs.server }}
path: {{ .Values.nfs.path }}
{{- end }}
{{- if and (.Values.tolerations) (semverCompare "^1.6-0" .Capabilities.KubeVersion.GitVersion) }}
tolerations:
{{ toYaml .Values.tolerations | indent 6 }}
{{- end }}

25
charts/nfs-client-provisioner/templates/persistentvolume.yaml Normal file
View File

@@ -0,0 +1,25 @@
{{ if .Values.nfs.mountOptions -}}
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-{{ template "nfs-client-provisioner.fullname" . }}
labels:
nfs-client-provisioner: {{ template "nfs-client-provisioner.fullname" . }}
spec:
capacity:
storage: 10Mi
volumeMode: Filesystem
accessModes:
- {{ .Values.storageClass.accessModes }}
persistentVolumeReclaimPolicy: {{ .Values.storageClass.reclaimPolicy }}
storageClassName: ""
{{- if .Values.nfs.mountOptions }}
mountOptions:
{{- range .Values.nfs.mountOptions }}
- {{ . }}
{{- end }}
{{- end }}
nfs:
server: {{ .Values.nfs.server }}
path: {{ .Values.nfs.path }}
{{ end -}}

17
charts/nfs-client-provisioner/templates/persistentvolumeclaim.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{ if .Values.nfs.mountOptions -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-{{ template "nfs-client-provisioner.fullname" . }}
spec:
accessModes:
- {{ .Values.storageClass.accessModes }}
volumeMode: Filesystem
storageClassName: ""
selector:
matchLabels:
nfs-client-provisioner: {{ template "nfs-client-provisioner.fullname" . }}
resources:
requests:
storage: 10Mi
{{ end -}}

31
charts/nfs-client-provisioner/templates/podsecuritypolicy.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if .Values.podSecurityPolicy.enabled }}
apiVersion: {{ template "podSecurityPolicy.apiVersion" . }}
kind: PodSecurityPolicy
metadata:
name: {{ template "nfs-client-provisioner.fullname" . }}
labels:
app: {{ template "nfs-client-provisioner.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
privileged: false
allowPrivilegeEscalation: false
requiredDropCapabilities:
- ALL
volumes:
- 'secret'
- 'nfs'
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'
readOnlyRootFilesystem: false
{{- end }}

21
charts/nfs-client-provisioner/templates/role.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app: {{ template "nfs-client-provisioner.name" . }}
chart: {{ template "nfs-client-provisioner.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: leader-locking-{{ template "nfs-client-provisioner.fullname" . }}
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
{{- if .Values.podSecurityPolicy.enabled }}
- apiGroups: ['extensions']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ template "nfs-client-provisioner.fullname" . }}]
{{- end }}
{{- end }}

19
charts/nfs-client-provisioner/templates/rolebinding.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- if .Values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels:
app: {{ template "nfs-client-provisioner.name" . }}
chart: {{ template "nfs-client-provisioner.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: leader-locking-{{ template "nfs-client-provisioner.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "nfs-client-provisioner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: leader-locking-{{ template "nfs-client-provisioner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}

11
charts/nfs-client-provisioner/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,11 @@
{{ if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "nfs-client-provisioner.name" . }}
chart: {{ template "nfs-client-provisioner.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "nfs-client-provisioner.serviceAccountName" . }}
{{- end -}}

26
charts/nfs-client-provisioner/templates/storageclass.yaml Normal file
View File

@@ -0,0 +1,26 @@
{{ if .Values.storageClass.create -}}
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
labels:
app: {{ template "nfs-client-provisioner.name" . }}
chart: {{ template "nfs-client-provisioner.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ .Values.storageClass.name }}
{{- if .Values.storageClass.defaultClass }}
annotations:
storageclass.kubernetes.io/is-default-class: "true"
{{- end }}
provisioner: {{ template "nfs-client-provisioner.provisionerName" . }}
allowVolumeExpansion: {{ .Values.storageClass.allowVolumeExpansion }}
reclaimPolicy: {{ .Values.storageClass.reclaimPolicy }}
parameters:
archiveOnDelete: "{{ .Values.storageClass.archiveOnDelete }}"
{{- if .Values.nfs.mountOptions }}
mountOptions:
{{- range .Values.nfs.mountOptions }}
- {{ . }}
{{- end }}
{{- end }}
{{ end -}}

78
charts/nfs-client-provisioner/values.yaml Normal file
View File

@@ -0,0 +1,78 @@
# Default values for nfs-client-provisioner.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
strategyType: Recreate
image:
repository: quay.io/external_storage/nfs-client-provisioner
tag: v3.1.0-k8s1.11
pullPolicy: IfNotPresent
nfs:
server:
path: /ifs/kubernetes
mountOptions:
# For creating the StorageClass automatically:
storageClass:
create: true
# Set a provisioner name. If unset, a name will be generated.
# provisionerName:
# Set StorageClass as the default StorageClass
# Ignored if storageClass.create is false
defaultClass: false
# Set a StorageClass name
# Ignored if storageClass.create is false
name: nfs-client
# Allow volume to be expanded dynamically
allowVolumeExpansion: true
# Method used to reclaim an obsoleted volume
reclaimPolicy: Delete
# When set to false your PVs will not be archived by the provisioner upon deletion of the PVC.
archiveOnDelete: true
# Set access mode - ReadWriteOnce, ReadOnlyMany or ReadWriteMany
accessModes: ReadWriteOnce
## For RBAC support:
rbac:
# Specifies whether RBAC resources should be created
create: true
# If true, create & use Pod Security Policy resources
# https://kubernetes.io/docs/concepts/policy/pod-security-policy/
podSecurityPolicy:
enabled: false
## Set pod priorityClassName
# priorityClassName: ""
serviceAccount:
# Specifies whether a ServiceAccount should be created
create: true
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}