Merge pull request #113 from dasmeta/DMVP-nfs-provisioner

feat(DMVP-5127): Created helm chart for nfs-provisioner
dasmeta · Aug 29, 2024 · 419190b · 419190b
2 parents 148f16b + afbd93e
commit 419190b
Show file tree

Hide file tree

Showing 10 changed files with 341 additions and 0 deletions.
diff --git a/charts/nfs-provisioner/.helmignore b/charts/nfs-provisioner/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/nfs-provisioner/Chart.yaml b/charts/nfs-provisioner/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+name: nfs-provisioner
+home: https://github.com/kubernetes-incubator/nfs-provisioner
+version: 1.0.0
+description: nfs-provisioner Chart for Kubernetes.
+sources:
+  - https://github.com/kubernetes-incubator/nfs-provisioner
+maintainers:
+  - name: Maxime FRANCK
+    email: [email protected]
diff --git a/charts/nfs-provisioner/README.md b/charts/nfs-provisioner/README.md
@@ -0,0 +1,25 @@
+# nfs-provisioner
+This Helm chart deploys an NFS Provisioner on a Kubernetes cluster. The NFS Provisioner enables dynamic provisioning of Persistent Volumes using an existing NFS server.
+
+## Installation
+```
+helm repo add dasmeta https://dasmeta.github.io/helm/
+helm install nfs-provisioner dasmeta/nfs-provisioner -f custom-values.yaml --version 1.0.0 --create-namespace -n nfs-provisioner
+```
+
+## Persistent Volumes
+When deploying the NFS Provisioner, you can create Persistent Volumes (PVs) dynamically. Here is an example Persistent Volume Claim (PVC) that requests storage from the NFS Provisioner:
+```
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: my-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: cluster-local-nfs
+```
+
diff --git a/charts/nfs-provisioner/templates/_helpers.tpl b/charts/nfs-provisioner/templates/_helpers.tpl
@@ -0,0 +1,16 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 24 -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 24 -}}
+{{- end -}}
diff --git a/charts/nfs-provisioner/templates/clusterRole.yaml b/charts/nfs-provisioner/templates/clusterRole.yaml
@@ -0,0 +1,69 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "fullname" . }}
+rules:
+  - apiGroups:
+    - ""
+    resources:
+    - persistentvolumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - delete
+  - apiGroups:
+    - ""
+    resources:
+    - persistentvolumeclaims
+    verbs:
+    - get
+    - list
+    - watch
+    - update
+  - apiGroups:
+    - storage.k8s.io
+    resources:
+    - storageclasses
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - ""
+    resources:
+    - events
+    verbs:
+    - list
+    - watch
+    - create
+    - update
+    - patch
+  - apiGroups:
+    - ""
+    resources:
+    - services
+    - endpoints
+    verbs:
+    - get
+  - apiGroups:
+    - extensions
+    resourceNames:
+    - nfs-provisioner
+    resources:
+    - podsecuritypolicies
+    verbs:
+    - use
+  - apiGroups:
+    - ""
+    resources:
+    - endpoints
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - delete
+    - update
+    - patch
diff --git a/charts/nfs-provisioner/templates/clusterRoleBinding.yaml b/charts/nfs-provisioner/templates/clusterRoleBinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
diff --git a/charts/nfs-provisioner/templates/service.yaml b/charts/nfs-provisioner/templates/service.yaml
@@ -0,0 +1,65 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: {{ template "fullname" . }}
+  labels:
+    app: {{ template "fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+spec:
+  {{ if .Values.serviceIp }}
+  clusterIP: {{ .Values.serviceIp }}
+  {{ end }}
+  type: ClusterIP
+  ports:
+    - name: nfs
+      port: 2049
+      protocol: TCP
+      targetPort: nfs
+    - name: nfs-udp
+      port: 2049
+      protocol: UDP
+      targetPort: nfs-udp
+    - name: nlockmgr
+      port: 32803
+      protocol: TCP
+      targetPort: nlockmgr
+    - name: nlockmgr-udp
+      port: 32803
+      protocol: UDP
+      targetPort: nlockmgr-udp
+    - name: mountd
+      port: 20048
+      protocol: TCP
+      targetPort: mountd
+    - name: mountd-udp
+      port: 20048
+      protocol: UDP
+      targetPort: mountd-udp
+    - name: rquotad
+      port: 875
+      protocol: TCP
+      targetPort: rquotad
+    - name: rquotad-udp
+      port: 875
+      protocol: UDP
+      targetPort: rquotad-udp
+    - name: rpcbind
+      port: 111
+      protocol: TCP
+      targetPort: rpcbind
+    - name: rpcbind-udp
+      port: 111
+      protocol: UDP
+      targetPort: rpcbind-udp
+    - name: statd
+      port: 662
+      protocol: TCP
+      targetPort: statd
+    - name: statd-udp
+      port: 662
+      protocol: UDP
+      targetPort: statd-udp
+  selector:
+    app: {{ template "fullname" . }}
diff --git a/charts/nfs-provisioner/templates/statefulSet.yaml b/charts/nfs-provisioner/templates/statefulSet.yaml
@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "fullname" . }}
+  labels:
+    app: {{ template "fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+spec:
+  serviceName: "nfs-provisioner"
+  replicas: 1
+  selector:  # Add this section
+    matchLabels:
+      app: {{ template "fullname" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "fullname" . }}
+      annotations:
+        pod.alpha.kubernetes.io/initialized: "true"
+    spec:
+      terminationGracePeriodSeconds: 0
+      containers:
+        - name: {{ template "fullname" . }}
+          image: {{ .Values.image.name }}:{{ .Values.image.tag }}
+          ports:
+            - containerPort: 2049
+              name: nfs
+              protocol: TCP
+            - containerPort: 2049
+              name: nfs-udp
+              protocol: UDP
+            - containerPort: 32803
+              name: nlockmgr
+              protocol: TCP
+            - containerPort: 32803
+              name: nlockmgr-udp
+              protocol: UDP
+            - containerPort: 20048
+              name: mountd
+              protocol: TCP
+            - containerPort: 20048
+              name: mountd-udp
+              protocol: UDP
+            - containerPort: 875
+              name: rquotad
+              protocol: TCP
+            - containerPort: 875
+              name: rquotad-udp
+              protocol: UDP
+            - containerPort: 111
+              name: rpcbind
+              protocol: TCP
+            - containerPort: 111
+              name: rpcbind-udp
+              protocol: UDP
+            - containerPort: 662
+              name: statd
+              protocol: TCP
+            - containerPort: 662
+              name: statd-udp
+              protocol: UDP
+          securityContext:
+            capabilities:
+              add:
+                - DAC_READ_SEARCH
+          args:
+            - "-provisioner={{ .Values.provisionerName }}"
+          env:
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: SERVICE_NAME
+              value: {{ template "fullname" . }}
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          imagePullPolicy: "IfNotPresent"
+          volumeMounts:
+            - name: export-volume
+              mountPath: /export
+      volumes:
+        - name: export-volume
+          hostPath:
+            path: {{ .Values.hostPath }}
diff --git a/charts/nfs-provisioner/templates/storageClass.yaml b/charts/nfs-provisioner/templates/storageClass.yaml
@@ -0,0 +1,9 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: {{ .Values.storageClass }}
+  {{ if .Values.defaultClass }}
+  labels:
+    storageclass.beta.kubernetes.io/is-default-class: true
+  {{ end }}
+provisioner: {{ .Values.provisionerName }}
diff --git a/charts/nfs-provisioner/values.yaml b/charts/nfs-provisioner/values.yaml
@@ -0,0 +1,26 @@
+image:
+  name: quay.io/kubernetes_incubator/nfs-provisioner
+  tag: v2.3.0
+
+provisionerName: "cluster.local/nfs"
+storageClass: cluster-local-nfs
+defaultClass: false
+hostPath: /srv
+
+clusterRole:
+  apiGroups:
+    - ""
+    - storage.k8s.io
+  resources:
+    - persistentvolumes
+    - persistentvolumeclaims
+    - storageclasses
+  verbs:
+    - get
+    - list
+    - watch
+    - create
+    - delete
+
+serviceAccount:
+  name: default