add manila nfs/cephfs

CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## 3.1.1 - 2024-06-08
+
+### Fixed
+- missing secret/storageclass additional helm charts for manila
+
 ## 3.1.0 - 2024-06-03
 
 ### Added

charts/apps/templates/ingresscontroller/traefik.yaml

@@ -69,7 +69,7 @@ spec:
           initContainers:
           # The "volume-permissions" init container is required if you run into permission issues.
           # Related issue: https://github.com/traefik/traefik/issues/6972
-          {{- if .Values.ingresscontroller.traefik.acme }}
+          {{- if .Values.ingresscontroller.traefik.acme.permissions }}
             - name: volume-permissions
               image: busybox:1.31.1
               command: ["sh", "-c", "if [ -e /data/acme.json ]; then chmod -Rv 600 /data/*; fi"]

charts/apps/templates/storage/manila.yaml

 {{- if and .Values.manila .Values.manila.enabled }}
+{{- range .Values.manila.protocols }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: {{ .Values.cluster.name }}-manila
+  name: {{ $.Values.cluster.name }}-manila-{{ .name | lower }}
   labels:
-    cluster: {{ .Values.cluster.name | quote }}
+    cluster: {{ $.Values.cluster.name | quote }}
     app: manila
-  namespace: {{ .Values.cluster.namespace | default "argocd" | quote }}
+  namespace: {{ $.Values.cluster.namespace | default "argocd" | quote }}
   annotations:
-  {{- toYaml .Values.notifications | nindent 4 }}
+  {{- toYaml $.Values.notifications | nindent 4 }}
 spec:
-  project: {{ .Values.cluster.name }}
+  project: {{ $.Values.cluster.name }}
   destination:
-    server: {{ .Values.cluster.url }}
+    server: {{ $.Values.cluster.url }}
     namespace: manila-csi
   syncPolicy:
-    {{- if .Values.sync }}
+    {{- if $.Values.sync }}
     automated:
       prune: true
       selfHeal: true
@@ -31,20 +32,110 @@ spec:
   source:
     repoURL: https://kubernetes.github.io/cloud-provider-openstack
     chart: openstack-manila-csi
-    targetRevision: {{ .Values.manila.version | quote }}
+    targetRevision: {{ $.Values.manila.version | quote }}
     helm:
       version: v3
-      releaseName: manila-csi
+      releaseName: manila-csi-{{ .name | lower }}
+      values: |
+        shareProtocols:
+          - protocolSelector: {{ .name | upper }}
+            fsGroupPolicy: {{ .fsGroupPolicy | quote }}
+            fwdNodePluginEndpoint:
+              dir: /var/lib/kubelet/plugins/cephfs.csi.ceph.com
+              sockFile: csi.sock
   ignoreDifferences:
     - group: rbac.authorization.k8s.io
       kind: ClusterRole
       jsonPointers:
         - /rules
+{{ if .name | lower | eq "nfs" }}
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ .Values.cluster.name }}-manila-nfs-csi
+  labels:
+    cluster: {{ $.Values.cluster.name | quote }}
+    app: manila
+  namespace: {{ $.Values.cluster.namespace | default "argocd" | quote }}
+  annotations:
+  {{- toYaml $.Values.notifications | nindent 4 }}
+spec:
+  project: {{ $.Values.cluster.name }}
+  destination:
+    server: {{ $.Values.cluster.url }}
+    namespace: manila-csi
+  syncPolicy:
+    {{- if $.Values.sync }}
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    {{- end }}
+    syncOptions:
+      - CreateNamespace=true
+    managedNamespaceMetadata:
+      labels:
+        pod-security.kubernetes.io/enforce: privileged
+        pod-security.kubernetes.io/audit: privileged
+        pod-security.kubernetes.io/warn: privileged
+  source:
+    repoURL: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
+    chart: csi-driver-nfs
+    targetRevision: {{ .csiVersion | default '*' | quote }}
+    helm:
+      version: v3
+      releaseName: csi-driver-nfs
+{{- end }}
+{{ if .name | lower | eq "cephfs" }}
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ .Values.cluster.name }}-manila-cephfs-csi
+  labels:
+    cluster: {{ $.Values.cluster.name | quote }}
+    app: manila
+  namespace: {{ $.Values.cluster.namespace | default "argocd" | quote }}
+  annotations:
+  {{- toYaml $.Values.notifications | nindent 4 }}
+spec:
+  project: {{ $.Values.cluster.name }}
+  destination:
+    server: {{ $.Values.cluster.url }}
+    namespace: manila-csi
+  syncPolicy:
+    {{- if $.Values.sync }}
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    {{- end }}
+    syncOptions:
+      - CreateNamespace=true
+    managedNamespaceMetadata:
+      labels:
+        pod-security.kubernetes.io/enforce: privileged
+        pod-security.kubernetes.io/audit: privileged
+        pod-security.kubernetes.io/warn: privileged
+  source:
+    repoURL: https://ceph.github.io/csi-charts
+    chart: ceph-csi-cephfs
+    targetRevision: {{ .csiVersion | default '*' | quote }}
+    helm:
+      version: v3
+      releaseName: ceph-csi-cephfs
+      values: |
+        provisioner:
+          replicaCount: 1
+{{- end }}
 ---
+{{- end }}
+{{- end }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: {{ .Values.cluster.name }}-manila-raw
+  name: {{ $.Values.cluster.name }}-manila-raw
   labels:
     cluster: {{ .Values.cluster.name | quote }}
     app: manila
@@ -82,15 +173,17 @@ spec:
               os-region: {{ .Values.openstack.region | quote }}
               os-applicationCredentialID: {{ .Values.openstack.credential_id | quote }}
               os-applicationCredentialSecret: {{ .Values.openstack.credential_secret | quote }}
+{{- range .Values.manila.protocols }}
+{{- if .storageClass }}
           - apiVersion: storage.k8s.io/v1
             kind: StorageClass
             metadata:
-              name: csi-manila-nfs
+              name: csi-manila-{{ .name | lower }}
             provisioner: nfs.manila.csi.openstack.org
             allowVolumeExpansion: true
             parameters:
               # Manila share type
-              type: default
+              type: {{ .type | quote }}
               csi.storage.k8s.io/provisioner-secret-name: csi-manila-secrets
               csi.storage.k8s.io/provisioner-secret-namespace: manila-csi
               csi.storage.k8s.io/controller-expand-secret-name: csi-manila-secrets
@@ -100,3 +193,4 @@ spec:
               csi.storage.k8s.io/node-publish-secret-name: csi-manila-secrets
               csi.storage.k8s.io/node-publish-secret-namespace: manila-csi
 {{- end }}
+{{- end }}

charts/apps/values.yaml

@@ -39,6 +39,7 @@ ingresscontroller:
     storageClass: ""
     #acme:
     #  email: acme@exmaple.com
+    #  permissions: false
     ports: {}
       # postgres:
       #   port: 5432
@@ -92,6 +93,17 @@ cinder:
 manila:
   enabled: false
   version: "2.*"
+  protocols:
+    - name: CEPFS
+      enabled: false
+      storageclass: true
+      fsGroupPolicy: None
+      type: default # cephfsnativetype
+    - name: NFS
+      enabled: true
+      storageclass: true
+      fsGroupPolicy: None
+      type: default
 
 # ----------------------------------------------------------------------
 # MISC RESOURCES

terraform/modules/argocd/argocd.tf

@@ -35,7 +35,10 @@ locals {
     longhorn_replicas           = var.longhorn_replicas
     nfs_enabled                 = var.nfs_enabled
     cinder_enabled              = var.cinder_enabled
-    manila_enabled              = var.manila_enabled
+    manila_enabled              = var.manila_nfs_enabled || var.manila_cephfs_enabled
+    manila_nfs_enabled          = var.manila_nfs_enabled
+    manila_cephfs_enabled       = var.manila_cephfs_enabled
+    manila_cephfs_type          = var.manila_cephfs_type
     metallb_enabled             = var.metallb_enabled
     floating_ip                 = var.floating_ip
     ingress_controller_enabled  = var.ingress_controller_enabled

terraform/modules/argocd/templates/argocd.yaml.tmpl

@@ -125,3 +125,16 @@ spec:
 
         manila:
           enabled: ${manila_enabled}
+          protocols:
+          %{~ if manila_nfs_enabled ~}
+            - name: NFS
+              storageClass: true
+              fsGroupPolicy: None
+              type: default
+          %{~ endif ~}
+          %{~ if manila_cephfs_enabled ~}
+            - name: CEPFS
+              storageClass: true
+              fsGroupPolicy: None
+              type: ${manila_cephfs_type}
+          %{~ endif ~}

terraform/modules/argocd/variables.tf

@@ -117,16 +117,28 @@ variable "cinder_enabled" {
   default     = true
 }
 
-variable "manila_enabled" {
+variable "manila_nfs_enabled" {
   type        = bool
-  description = "Enable manila storage"
+  description = "Enable manila nfs storage"
   default     = false
 }
 
+variable "manila_cephfs_enabled" {
+  type        = bool
+  description = "Enable manila cephfs storage"
+  default     = false
+}
+
+variable "manila_cephfs_type" {
+  type        = string
+  description = "Manila cephfs type"
+  default     = "default"
+}
+
 variable "longhorn_enabled" {
   type        = bool
   description = "Enable longhorn storage"
-  default     = true
+  default     = false
 }
 
 variable "longhorn_replicas" {
@@ -144,7 +156,7 @@ variable "nfs_enabled" {
 variable "healthmonitor_enabled" {
   type        = bool
   description = "Enable healthmonitor"
-  default     = true
+  default     = false
 }
 
 variable "healthmonitor_nfs" {

terraform/modules/rke1/variables.tf

@@ -145,12 +145,12 @@ variable "openstack_os_image" {
   description = "Map from short OS name to image"
   default = {
     "ubuntu" = {
-      "imagename": "Ubuntu Jammy (22.04) latest"
-      "username": "ubuntu"
+      "imagename" : "Ubuntu Jammy (22.04) latest"
+      "username" : "ubuntu"
     }
     "ubuntu22" = {
-      "imagename": "Ubuntu Jammy (22.04) latest"
-      "username": "ubuntu"
+      "imagename" : "Ubuntu Jammy (22.04) latest"
+      "username" : "ubuntu"
     }
   }
 }