From 493123d9c0db082031505dd955488a52783b831f Mon Sep 17 00:00:00 2001 From: Michael Mattsson Date: Mon, 29 Jul 2024 09:28:05 -0700 Subject: [PATCH] Chart and manifests 2.5.0 (#392) Signed-off-by: Michael Mattsson --- docs/hpe-csi-driver-2.5.0.tgz | Bin 0 -> 17511 bytes docs/index.yaml | 40 +- helm/charts/hpe-csi-driver/Chart.yaml | 6 +- helm/charts/hpe-csi-driver/values.yaml | 4 +- helm/values/csi-driver/v2.5.0/values.yaml | 119 ++ yaml/csi-driver/edge/hpe-csi-k8s-1.27.yaml | 6 +- yaml/csi-driver/edge/hpe-csi-k8s-1.28.yaml | 6 +- yaml/csi-driver/edge/hpe-csi-k8s-1.29.yaml | 6 +- yaml/csi-driver/edge/hpe-csi-k8s-1.30.yaml | 6 +- yaml/csi-driver/v2.5.0/3par-primera-crd.yaml | 436 +++++++ yaml/csi-driver/v2.5.0/3par-primera-csp.yaml | 86 ++ yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.27.yaml | 1100 +++++++++++++++++ yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.28.yaml | 1100 +++++++++++++++++ yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.29.yaml | 1100 +++++++++++++++++ yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.30.yaml | 1100 +++++++++++++++++ yaml/csi-driver/v2.5.0/hpe-linux-config.yaml | 414 +++++++ .../hpe-volumegroup-snapshotgroup-crds.yaml | 502 ++++++++ yaml/csi-driver/v2.5.0/nimble-csp.yaml | 96 ++ 18 files changed, 6109 insertions(+), 18 deletions(-) create mode 100644 docs/hpe-csi-driver-2.5.0.tgz create mode 100644 helm/values/csi-driver/v2.5.0/values.yaml create mode 100644 yaml/csi-driver/v2.5.0/3par-primera-crd.yaml create mode 100644 yaml/csi-driver/v2.5.0/3par-primera-csp.yaml create mode 100644 yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.27.yaml create mode 100644 yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.28.yaml create mode 100644 yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.29.yaml create mode 100644 yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.30.yaml create mode 100644 yaml/csi-driver/v2.5.0/hpe-linux-config.yaml create mode 100644 yaml/csi-driver/v2.5.0/hpe-volumegroup-snapshotgroup-crds.yaml create mode 100644 yaml/csi-driver/v2.5.0/nimble-csp.yaml diff --git a/docs/hpe-csi-driver-2.5.0.tgz b/docs/hpe-csi-driver-2.5.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..b1036c7d68ad0ec6c585e4f970a243f529deba70 GIT binary patch literal 17511 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYMd)qkDAo_ldeg%#^b2{!dCE3oU+t10Kb=&T=-$@*=m1NFr z-d+VJAqiuWU<05WO_KB5_rZlENP-vLeCZKCBr*vUstScdRiOY(BjmUYJ08U|MEfUG zNO^A#1OGqP_Y4Mu!HZ|lYkv3pWlu^rbiDfxqJm z9QlYUh}Kpv2uIciCRk$WlAtd}kLFC@7)6{S)DIxzi1u|8PMCsA8agFz9H3Bfe<4b8 zVC0YmLlRRLErKp_JQVq4E>K|Q9*8K?s2_pu82ZfCmlU}q2vF#02}(OGhd~iCbZ_7U zu|DyGzNjCEn9m&&AqqL6te@zl5r^wIKnE=D#m^cCA6uWF?fRIu+chHxJP>yH^ zM))J543qE(%=SAliqbz1de3`s2`#5oI0hipG+H6yElfB*Y9+Q4EE= zK`0Ut_K3^+kTJw%-w1Jx!b#@_&2I_y*ipw3ICmT{)Jnn;_;&(`6J$gY6hQ1B0T0cb zDRweM|A(fb1GGSUki!6S&KLQ#Q0>M$wn5^C!~*_q|LFjWZ@x zj8)`;G4@ffBjC9{qzKF)#qiok3~&Oj5r~8a@c<4v0do>lz)=v%dAQf!h#8LAbtTkWpx0EC=L*X*$e3V zh*S7tFc_3x{%m`xwc6Xu~kDJJ_ULrNtC>r z>@~g@#6u?}lspVwv=n@%dF7IDj3+U*HjsWWnh@V!BmR;2aex?yoPk^H`=YB{LAeL6 z=fG3Ku?HC9Kp1qQGc|BIS&5=%YbnH`fM_)Leu`w1;4KL;ClsKN#Z&{;(c zZ@(y%SE@Q}0Z9yXEpHA@tIZC2`-22-j?qoo@zAm|^D`L;6gucKa@>NJO`7Hn?r8(w466I@S zoGRd;;@bZ?e0KqcxhDBMk}$~iKatCmx7t(f9sxb~0q`~brAjDgu6tDYAU~?bCPchrnHSfw(u(acpHoTw=1vZz834Kr1g_->I7 z!>;TK!_p=|+Rm&3p-gZ6^~sZNYKO{KwQSB@`o~Iv!0-{_{sg4ss!%|~?g~EuQzTUJ zr}Sg0@b*ftiYlVIM5Y(YWpc{E_*~Qg<|jGYjTh;dHQp7*sU5k(aI_an#-Q<43_SDC zOqh+gQb6`PPZFlfFS?_<5hW3#9IMVKv%4r*$sD=U&uaF|eFJh6)coG%A zhVBgtJ%GNre$4W`SBPY*jRMrM@27RlXu1JYg+X|Vq{T8hZPl9~FNCYnT;0QEqAwfDZjRdgU|NmhdciGI zeXPoZ=YzqZUt4SA^#8m@`YT3eHT|^}Hcq;!^VULt25=E3=vttr+L~BVYcoR6!(v8- z{-voJ^Ps*rn_7!l2i0a;o?Uv?Q>~-A)fEbcfvSeXNvWc6$c0rPS9tYeB=iCt%1|07 z6mXK53m}>4lBI5CSs2T^E};~;T(!bXi-U1UIr0Rwm?40^a707sgKM9-H_0M!r3qs1 z@5+9z=^WGhUA%j2HgZD;RaR;4qO@wOPSV{V`l-zR1RU~Ym)&=76oL!wJEFo7vG+kP zGoTgw*OgAN3D%XPEiKqq?Vy2z6LJpB)Qfh-iD2xMPFbk*U z7S36BuUH;*FVGCpF8JNf4r?^Y&V+(1nkO9(1@SWBg2@n+Oio>#y;PqV?PzKROh@kIRK6bfqtbZ;RI#s7#>QaMOVao84&sf-Eb*<(*v zYS8lULVph2DGVpVUcn6Dak{c^0+T6f*9e6G`W#UeClLjWrHjaiTv$q!R>C zIKz~LGHSJ_vkz6WJZ4~wAQu)+0OvAcb0#KU5K+XW;X}e?s@|{}nT7io<7+uYS%pa5>C*qwqPW*h{9?*K}8KQNv0Bzr+L z84*vXM>BVdyx2#c5?QF+C2Om-R!5;X8dgH`YZ=Qi--J=edpUJwWm6uwEE0TRi}Cus z0SPN7$j6M!>9D4eT87GPJ@x$j^n1N|U@ZJB#mp2yqZB74C5e(eKc3)lL6JR`e_kV| z+`|;87Du6GY3!q%#BN$Bv(>SsSg5PlF|fKwfjw{3aOFfMcgv(eJ)P7`(sEo-3w^o8 zz@<2lL1=^GlQMr20BM4uoHA5$Vy;G=Ic#a$bXK|vIQ3ez(zUInmUJviH+^NPmpx3> zHZ_-oE{eGPk%db70Sw^;IVod|{b$8Bf6&4gl4UghRp0H*t}a>Peai02IyqT-Vt%rO zbwSbrlG7W*I&GmP-UWXPls&M{lkfHg+jZFzDa5Twac?GtwGURcEOhKDZ(OY3wlJD` zc;f?7Gm1>S0|P@c>*1LeMNVvuimg%c zsErEyU!|mumP>RM3%zL`gY|Pk?5^UF;~?1;ykN?ALjr=ih0`XCmMz4#V(D&SyFi=! zfUVVYdwVPJ$ae5n6tHj9Z7yu=^sFtcx7b#cNp{j!e75YAtti=yyWZGZ@zo?JS770c zlALfXmQW%^H6H`7moxy1sZG-6Xeggwt1pk{mJ+=>Z7l{#nZm5n2I$O&OawTAjKYqbg6>@cebEZ3Tgi6_+E;X2q@3 zFsic+>j~D0rOg1ABYeG@Y7zBRBy@9{DKV>8r?1*Tucxi4-g0!USIsV>TZ{CqL#@_D z{U<)ThJF^{N;crvriFihz=sVN&i_fzWbI$Pdw(|U@h^P!HX6?VmA{MU|Lh-Z&;PlL zr?US?Q{+d8vL26CJqo&^|DQb@6wiNp@$6uG{?na2U%&Q$1T!2Q$rFCZ*hfM?z6u0e z+$lN&KlZJvoDcwJ>^mX3{bN1L>>&?>*#V0@X#2C2y_$4O7;!PZ9BlpO372F zd+NrK3jwhAQJp>}O1_&RO0kE)H^6Bey5Pm3{E35MJRajOpzCD7Q0U3u3eOXYAV&bE zZH!~zpMyVQ=;JX)9)M9KDd=_njudoRo{KgFH4I!M7sd<$MuOb#4oUYIBi~ay{bUqd z?UI`Z@&#B)K+2UjrcDVV<7A95aC@15hHbv2A3r zD4S<99;aMQKBk;a%2XC;#d@D*kp3dcIC|B-cMUvKjwmQSeN?5YoZ^~$yD)+g#UUSq z?q8YnSJo{+Q|&GyZ&kl@a%gn07(V(M0@1m$leNUCQgR8eMMulh-Ab}duB+erJ__&+ zP!##lMWFlNx}ZDiE;GK2y?8U|V|DpQE2Q<7zmI9HoTP??gQqBn_&gOBxo@zS-z>Nb zz6;|^3Ytf|JTl6 z{`z$H$N#qH^!i8t&wu}a|HtU-_iz9I?_c*1_V! zbbvlj;|(4ockcS=E%DSjrYJxZ`v1m*c!j5O{3jo>%hgN ze<{X%Zu}n%p1pjr9shUni1A-m0Ci8UG%!;P^gb9+S-KgvRwCIkl{uXQqlgJjQ`RhH zY1N;kMSTRmezo}m-@m77NVrAVh3p9IcR-p_txj%{mWxW7OpbDaQB=`rGJ;6F=FrEH1-+M%)|3Szo29N0fY-i}yY8z9WqFfJ0aN`g|>~%Yc&f)4?I<&k3Uk}^a(CK zo!6yS`gW~FjMG1pV!PD+o99Dexb6Q`9B%~$ub%BlXfqOwYgk$i z24h9~agT?sfD}=;N{GJdr=@i0e2j-78Oz!MTghlr9fkX=+sQ^TB;bXbarui`R@GUy-iNWKAaKyD%;6qDH9RT3G|U>wO<_^aztm)e|0!$C4DA# zb`gw2{N7sqc~AhZJT;pOp3O$%1{y+~)tta)r2 z!vyS;NgJqSVy%7i6RW9-xNGb%v;vq$NbNIh0At*@Z-qk%Y2uE&Y`IuZD9rrDf-Mzi zE@L_A)ve8y(`UwAl#g_hwVPj67g{bPI>i+Khhd&=h3H;{Xz>7_eVfcyi2l8VC?l(- z*kt>`9D~Ya=o{<`mQ1c^%c(r?Ao_IypQeyD4fn zLu)})*rav#Xd^tEaav=T*22^8s#o94bDJ_L$Xz^Nzb=;pU|XFl`8d_cn1=?X#myV( z>rpYQuZT%{08d&ry#>D>hqPh?0{6X${)nH({116-*DBdxP5B=O`-6jL#r&^>!)^Z8 zoji-=e-tu5F0%8Ymdp7_vppaRNH|1`CVL3cTrkaJvBVDDzzQiH8iIOSC3DE}R+q+M z7FcTnhXC9rbwieW@Oc|z;y9_v-N;cb3b(Y4*RxJ23pNP1U9;q{@)5qIS>t$nYt=hnRv{R1zWl<`W7QAuw_Es zYw$9KH)UPi`TEt=$@c3w<<0?H`={r_<6qvKjV|7uo{di4UHtm)>h1AG)!Ih4oW5jT z$!I_-yB4xFTIa7nTphnZe|NDl#FER0TA}pz-NpI)cUP+-^I$xGhTK@rpd{qz3op2o z6wk1aCdkXpm+En01h27=IWA5k06@<>0-w6We+);*r*F?My7}W338Fd$#{8V+!2G=K9GFIpv%Wl+ zHIK{|1MlBF31(~0K4N=zp=sQl0pFaxA6>nB_kMJGUV%j2T)z^Z3OByCV%O`l_oI*R z-h6m_Hhh2lzQQnS%eFtU@eVd`2h_Os3mTP1YYR%7)pTqdR;Z9y0Cqr#kcT|Lh`N;o zhI0j#0fu-S0UR>y>3g74KM6pJN{}KQ#6ljphVD&rjlz`3Yf{`P4pGmF|DwUKM-ymU zEn#u}0XG4$BFS;#Y{=z;hz~C0=i@N`;;40WXN>)#Seqb8#7!3KbGmsPB7Ffx@1M-D z{?)_cYgN5mq%t|7#_zB#$mge>dR?NH?%O!EBaOv8*OFZmMOGEm2&t@*_&gHxU~*A? zi8EF;es?@EeespqQU|P&Gw-N6POHqJs<~?OTw0nV_0+GJp3mbIsfZ$oBwqekK;Hx3u~B54eAuu zJK7w%qmqZ(q+@lmW_4Q774cE7O(}OU=2JrPzofD>jvA}R#@MalPytik^r%h_gAtaS zGT0IL)YYMvY*hh#>ZH#p{^UR_;i`n|L&jQmcuSU|nT@U**~tiss@h3* z8TOh9(;}=ZEIN{xZb+zT8{JE24&iP$bjT__ukcpq4OvC7S@5FdRf>mww)q8z9u6n# zo^-A?SQg9MGWFDBonrGImHiC0HnXXi=k(fWc}{JdAVJzkHS}+A#!e2GT70@*dTMAf zsF#|3>$K4w%Kmy4Ch4Zaq%&#^*g#fj{)AuQb^#F#GK!_b!4UX7a`p zD9`vL;Fi!EaEtjATz))Zd*JdT+XKTB)?5FKDFlj!&`(Y%+{l!C9vjgxLJcXeLNa)W2 z9`6DlK@U+j#SxIJteAuVGk`(?+|zxwn&N5VVJ(~7@uX5axr9&;hi3aW`ISw!^CN9D zpc$(+*>XT(Gi z>qLQS8&JYp!UC%cVXlZxn*i|LBelSUbyqko8uhx<-n$#z?r=HtfksX?x1zUh4aY{noqC$xv|RF@{-wb%@atG+?2A=kvpc0&%@1DJbq z_&gljA&=HWu^#fB_h9S?Yaebch^+;&wICk31#u^y>D{`Vcj`;t?Q+>YuR}eK<+4p> z8a{>v*JjDpPQ#rn#XSzc!D4d3MDBArPLQF|*sjE_yb^bxt7MPFB-?o4A(7@a zD~}y{H?z^u@&XN*7dxyKbhI%C-!umnHcgh>$sV;AtNY%xzs9Hb{0H-pmle){s6YQ< zFgPfl|8OwaKYX!0|KTnkLqR4-{xy0d;iy+Jo;#< zknrL;zCGysh*S7tFc_q^)XvThI9Bh$^TA-ymtRkYm&v3Hc6N61({QsoF&a|y@XT!; ziZXBCk~eSJfF(CzMT91{nfQ4Gej5BVkX0i}IB|)81m2%qmhK6YfI&7QI>upHof;0R z8lqIfy9@PZMTTXVtj4PXoVBp2f=daT2nA0Ygl*SeLIK`2xhdF~9amy-@-%(f@=7@a z>rGrJmjkauFzg8IFL$|I4w`z3mv6GD_6|AY`x>v1i`v{Cr<3-I7s%CJNn@e6<|+wQ zT8PG~w~=6V-ovH+(-jJ$rMu`f>QFHZWUD zyX!KqAao0j$CEF5Qgr3f!7H6kY8f?4Ug2A;xzvrhEL!f;-a@@)+g|XRUb99+liRZ; zAM8_U|3?%#IAk39zB47{W^?}k{^8+^lK=nwU~B*1#bcUB*TQ<~r!m?8B-a*8sarIO z!1wQtAuQdpq1nrhS?*!duZAP)!Z0MrSnRs;UWnALt2fKqvjW(SxP@4fx4$S763Y`~ z;{s(@Y?Y0u^px}rs}v1wL0!jeeoelluU!%ZFqHR{^sjN)XL7;HadnIzSnk<#z_;9F zi`*#z-H*`69^^Qj0Cf*iuh%Qu8vuu{AA1ON)6_1#`jB0pl)xcj7xapTPrfM<0@;;} zjbp#p-Oe_RPmTV^0iw`3j38Yx3e=$gpT8WG^#9=bv#tKWi>EpMGgJfe?WO5?Cov%X z5xl)zQxHfG{~%ghB&ZB=EpZM#K9b?lX&V#LSpBS{Y6XV=yuNVS&+81Q{k-;Y+Oqu9 z^-SJfW}sH(T>-1rcxMB)5#Cu?*AQn*2X#fT&FJ=u5*mlyTxfWG0l6ZH&FtMs;I7=p z%F(+r$V!j=&lAF{BDyAyXHMG@9OOM^zB(M@Yd;L)cb!2FZU0h71sX` z4_|EWf4P%q2mE$<22O_OK;OMSCKUWF4NigIkRJed3Mub&-cJ$uR9pP_r&G=&cGT}P zmw3Htggi9sVbXUQ9%&I1GX14D<$=Eod^AJC4i)X(`iOII3Edk=J#ZFsL?enBlC}e+ zbD$kLAPlZCp#cM&0C}9fhk(2*_u5AQh91archgD&PsSlf#ucfDdO7tIi^!5~ze9C+UT|@2ERP@=j1f!6|WL;XBAa zs+6%^@N{_c?sT`;all8+FbAJR`!bxx0ac7yOhR{5<&mzuD-afK2+8viq#?MSLjD5- zA-V-P)VBr;J_;lR-*rvl%2x9PQgv-G@+3!IWByxwonbn`d>UV;x6>upv6^8!icmj* z!Yc3U79H8*u9AvNiYWRc7ED1*bk$oTS>lQzV#tAq8K?LeZ%&Xtd-l$z_m^0uZffCyVE(xNTBRR{0F^Pq5}G-6B0y_ zV|fYp9Q@y4sAyQQ>s=Gd2!`HB^I}(aqifLBdsCxiudWs@N!p-#cL#*j2ZIw0O3J%V>bS#OLWk11kOIefC}Iaw~R;g%t78ljO6 zS&XFmG-xfhZR+0Sozk|ZRuvj`RZNnPL6pNs3`mu18!O{dHmFx;_*u zm8FjvSIXH#p%@4a zVCbSe4`9qm06BJZnnDbDJUkhm?|~rpITjAN(y6}=lgX6z7RDe`O&JDE&0Vg6pqki> z;=Rv5eqNmiuMz(!BNIaoIWu@*`RGF57n8oQrqmqX+zrhbyd|M9KC%ia4}^XdB|uVy zPay{Z45b$%ItHclVQLGPP^!lu7m_MrAPhy|C7-Y75+xysw^I~?kR(wZX}&?mh>M{x zPUL|DqO1VWtH7Wb;xth{59A~t`#w-972xUTWB(S;+2=j*`Fwmq_$5UQg5Mh2`xl%3ZqNN*e#)+w9(|qsFQ~_4ftg8 z2F;LftMGYDMdHUTq~T|Y;AccBp@yRP z21Kq2}4x~ypIFn z6H0$6Lm*oy%Fj%{QW7La>Kq2X!XR7cDxqwbM4<~CWNxuuD2Abp3Pnjw+HRD&g)u0I zV8#QxBreN@8Vm{|nCC%_Brb?bl_cgC@CrOwND>7;b`eYgS|w55p>Gw%mO4?|Ppvpn z(F+m-t0*?=#I)^}l39m=RTSIm#MVrx!@w$v3+u!tR4ODd$*%h>$G(DS%-N{j8xBaGR)}j<=DJsnDJRHWI)_Ibgeh=`*#A zKyMs+h%&C@DWY{I`ZIK8Eaja4zyL)q2?7*)D!!?XegP1CGWgaU&n1p=_jdoz;6+}QQlK1bHZf^eFvPYrer)WL7~%mPZAsq#-*-S zD4dti!Q9C&vwlA6bdEi>bR$TX;qIeO=kw>!o%C-2Jr5Xs0|{G=cRkHw8I#O$)qtap zACka3=LW8NVML;AHlEPqs3dvhWXJ3|VGg4bVdmF<{*!87b>oje9)Vxx3FG%nY?z95 zCVcdL;bWz}+ym!hfW?TDGhNc{pJmKiio0^OAn0Br4!cQ29&k9>lMMarILW*JulJAM z|8hjR&w5cJ$$bYt4&_OG2`f@~dTmDv#0R9!$<5l3%$g_NGcI1z)0B8KP;c_|H9TLxg&J!bzL^aj0w!0n*7-y3u~zsQXs zsc@*zm}TIQr-U*K!AnGhK9DqCBR#6T9uPu(9tgI;kP8KME)_0CQiUwG@<6Bz?}957 z5RSkJiRM5Z%#==gYK>6xPNm`PX)Kk@h3JbIL?~jvKiyF{I@FywI2@B*y#pqrQw8l5 zzXZcXad36=8k~n?(&@aPVkUtJ=Ex%`L*ydHAe{?kd6!i7@@x%Bi1vh?;G%R%(I7sf z-KCyf1U;F;aH1k7F88I;B?{wE*Ugg2Ze=6(m1{#0iD@VxLVuDVP{Q9ev|qQUG^)|y z7*7C0+)3JYoaDq$CsVPn3>Zpfo+x8NAoQQ)T2Ei%uWKZFU8^j%rxy+7U(=&Jg9PoJw;^6HkO)kwm)xNv?r9Ru{M``Zhxpk8wJym)KIE|zr0S1$$wCR*#8d8-L}31%V3q0;uBl&~qg_Ue=s#7_@U zl?L)D9elZ&LsT(7IDCp6`C+#>JVgVk3ZtmF8X(oE6xco8bxCK7iks|PX}n3CSz+$) z3pVugr(up}2P2nys;}=CpX_YM`$wvL-sJt`WE>lcyis;+Xbv+uD3qL91zeiSdE3BZ z7?-WltV-G1%$uV{3sak7&@jOO4rMOMo|@0qOrlp)kOv?Gk+4T{E>nttN~QTA6^$js zOd2s+)<>svrrnEq2m|b@Of{xGTr#$SxSlK5QIvq-vz|$10{&-ke0dItJYG<(IZ-6d zHy1HkRxXWv){{U0Bc^E2l2gQNR!pV4hVBgty&g!DXZTuj{4ya^4mb3?5gbh;l;%X} zmUn??=5{4+cMlxe~SEQ9Q)et8p8nl7*fUWPZln^By>^44Mg*sZI#un3-yzs zp;yiNyFx~c zi_JvCDh)@#L(rYdcCwl$!%G41Q!d3$aI~`5d^CZ6KS^!sfe#F+G`2BxRRWc0YMe)e zjKQ45D#(~-|4`z^E@yi>IWigj8L2&;`Vs_ji21zJxl|Df8O4C%9AL&`#P)!UmZ?N4 znmF)T5N%Fk8BLnPnRK$~!XXFM&MtWBDOV}B(wq>B!#`q7F=BOO?*WDo__P44%{F#> z;2)YQ=raQTNpJ{6OG6*JH`17qER(?{G5DqM3pB>WzhS`j3DbTj79vZ8n&^SQBOuIP zKw^2o{O28QkAL0+pLbMRi`FsnjkI#K#q)Vjtyu14Li@P~hIkT!I0BG^PfVbeQD;z{ z|Ipu6VNWu_p{%ICsA4V&48OSWrJp8C>8!+X(&_visc57O_KXqogepk_j#>7ibQpxF zjB)50(j`Rd7KSqXl~xeGgqB5wd@!a+a+5?T1Ta)Jr7TKG1(#Pn@K%^#9^w%D!Y=@y zPTpO-zdHZr!~64#*S)}7B@9*orMU10yC`Hxdu75Q6WHlsGb3YuE2cAFl`;+D;|RJ_ zl+>5rF3=-S%Iur-le3HA*(wNY5K5*sQ+nIo_mAMIu=kwg6n!T#@K$J}VgLW(%a`Tz zAD?aa|KG`@ckZ@-a;1SvkR%?G5hGz$15jDI8FqeeaQVK!>~NYB86dsV@zK*XJeqAK z1|0yBQ(oTV05J}O=m>$Tqz$qF1;OKEd_2-&ht&&b0pR@=S0; zhR?*?$d4)X^9^+XU@nPJdIEL_q`_AWEZK)Q+t=H^cEFi1_L7LDj(+GRjlRwslZN9^ zMM%d!ob-(CzQ{WQoW>}H_bybcbTX_*!Ymq^+*T7ndZTpj_KQC+{VYvWbY*&KkD6qq?VVU_EQVQp#uOZ^X(^~}dq{;)pK8|r& zRLhtPpY_9s^V1~wQHf?PDz~@MLOuNVzh6FpE>3n4S>QU7f0oxt4_im38o-^#792TX zI~CPcs9RQnu8Sg$yo=I|)9vOa8u@1$+h#}L)9)RnrjhqCon$`!p3MKt#`_krG3xEV z{lWhJLE-$TgYEf$cl4~&;%aAb*>9k-TVKt_SKjuz%3z;L*fvAVj(|EOWlAW&fX0~! zj;!I~POa7UNR2kR1t4#=RT^zoN-BH3^To*mtxmF7@5JFvNNz)CjFIoL96=y&FXU9? zG(y(iEEFqDEXlkg%$BQEhXGYx`Y1F|TkKk?ZII45r5T{6Mm15oDx?!sJj0`wocFQ@ zI2LmkI92hLnkldXs~T!7ZMSZ-MXOC5(O_hY>Zqa0LUt_WE)i|H*v+6Kwv}driOWee zsYch1$;svG4InZMVYCD?qS~e~k_%3)5zW0U2dkTFn~^sRy;#bsy&f$Z zf2&7tx=Gq(W3#7ZDUqbG>l@{pQ5fn9N!Q8rW|hnq-Xz<5Fl)xF)H<1ZK|YpZrSqjLk^HF7EK0jRK*2SlEIm}SvG4CqAQWcj z%ZP;{GNEl{u~2X>mKBa1HXD_V66YUh_;2lV>2@mJPNlhLJC$yyQuS=7QX8$?sWh)a zHW&EY#`pf5&te<3musVO|HuBb;{A^Y2iyBU?&P_z_}|(?f7MaH%1swL@*Y*|V6pCuqz@M0cbC~#4?Wf_O%PO}&uu`ko?#em1_&aZDIEHDtZBjHav5^Uce zo`t^n88nNx(P00*JUl3^|Lz}d_kY~UbNBXNS-RF^1`f?wnavt3H!Mq3tpc+@^D6KI zHu_5a*nZYyh3Ka`zjQnG6`ltW(5|p&EI6bQ?O8FdnH|-IS(|X|Y8k$33UM;(eq27v zsrfHipf76F`^HOrSXU%8MR@68=)y>^ji$aXriFkm|!ZKtCJ@K|6vsxI~Lq9Fgik2U_2_qRtm$JzBEWBN*ymTfe| zf1Vw_EUy0@9=zPff9~XQ9A~YkuBDM4tI$*hdejN<5(5>J;S_Q-nIC}*5~777K{7a94QYa1#5F+KMyvyhZi$r89ym@KbE}xF9?ax@;=-j+7387Gm@{=9 z4h{hXMrL9<#ppBGEWnWoUSI!^U73(gjdqL25bsXqM7P>0a)l`|ccxsYYJ%*TsHjU0 z)UB&EXyyw7PxN;nvAvxld3`%9@K2otUqCSNMEI1Fc%trJu?g3d#J(q7y5xj(DJhs2 zw=-XpIP~%mgc#^rz2szUHVpB$wFZq zA-IuM{>*uDMY+P8K8UAxAWXzM9U|B^Uvm1BxV*;?RJnFLzZ}LEvyqj(~B6 zLNa#J%RBn%brXcLzK3SW@52Z?64Ov!S`m0V>CM7Ftijy*VT1Ng%5lLT9LfuXTGT6DAul7(ZQP656&thxq1zt&gCqT(d>50o^RoKil@>q znk0TvEvHN@=$SSx;`%Nds$ApQ&3xVSy9L&9r*Z_Nu9?UyRE^{Y`quE!H9}wG6b) zO^OQJ%0(opjUtMi^tRqohu3SL3b^v7BDv%)FHa4ESl;fu(1Nk~(YoBpN)ZG53RjMG zW`x2L_~Jxgq?cO{RLrFtE+mSY>7A9PH3OsI{3DFWBn!&KeL4}EZr)!p{$D!>`^ z@q$XGei&BSu+~mGzC2GeU(&<*)Q#Fp2)NCXvo@r3~rza#%!nwFXq3CjefhY@a?D$x$>FGW;h z>9-g6ABM@|PoZu>&!hvtVot!qU+~Z#z`}c*uUm2j|KzRO?p$89O^GkB$ahJo?g@40 zOEIindejd_YSd=sImSy3&6;^sE&3%|+EDZsRhc6?-9%Xl06@lwi{+A&zU#j@t(FhS zt-I5v`WBc<>g}g`RtA{WM~ge`R2Uq~g|~CpzuZUodg1u*LYW`xX~_S0aWL2~-v2Uq z@nReQy^H5=@;~lA?pqh|t&jB9hIq5s?uD6tu*vYQir&Qx(I3)4S$;hZmT*+hqfLjn zzo6#YV}6Yn>{UhOfu1pn_w5ymEE@J(E(Fpp`eB)lDcJSawXBhp(DOEE>Q?LQb{x}oRvT+@{fQAIkGoaBgWAbvL=F6R-732 z1;MoM6{=bnxkNG+YF!wCUfE}Mz^@SdmUXU5avqNtyM2~@+W7xQI`|U1KbrS{JUcAi z|N8Rq`PToxi)VBBUlyskgCKxmjoLPU6hD_j0cETU;ecX+m9o8RH#l2PbzNoS$HH4b zayve(d`+GOcYLHNTScHK54L8fN44!yy@t2B07qSjqc&^1E(K@deIF(_D>6=O`##E& z)pplMvhTy}+EsRawAuGjCbBtyWoC-rx^{hlw&+whUxK*!t`EC;SdlbSkup;$pP5HW zYlYJ&w}u@cpd^vi#8;wjiwmuNA4t2MAax9`*bUNlKS-@BvY9<0)w@CrF<)*^NTo+> zbFXU_?i^DfJ2lX^j>+Qo|Khtpn(u#m{_;g}|HuBb?fK7l^4yL6e}}t2Dy$&83sAB1 z!-9H^7qEt1AItdxE%$vGiaDom7v1;qr?9ynhhb1&VO(Tifkj5_y9$=yS5Ut$*R;1_ zx!naV{2O4)sW(qESblFo-R^=$2gnL<`P~Jpabm^21=YI?mhsKNqW)RU-h#Ts->Nuz z%?^W_Jq8UciB*g23+*&8xzc{0LG!U+2Hd)x1_fM8wW=3~>kg|b?=&cM{!;r47Tjsj zxJF)kxZ14XomQQvRk;*g3b^DGXibJx?lov2!GK}iZBX60<=qD5z@3$;c_J*TptRS( zD5G{7lq*$UuwJ{MZ?Ni)gBBM|RVUCq$bAPbD5|^B?E&sS zXh~7c4ul802cZRNt@a^oXeYwM-HXtIah3ZK9^j6IRpwiJYE47pensw0mVHx`RkL6e zGMD=B2xE*3#{ZVc{%^DXUp)VD|M|0L+xXvIJa-cRyX(MTb;PeO)K?SZyPLHCLKvYb z=|7L3dbTP5k09m0Dj>U&g#UK#YD3;~Av-urTs9Z|%0bYYJV_x{!UWPsub=o32W>VR zR#%kKq2k)}<;N5I=0gMVszl$qt%r*_>O6V!M7(?Qr0WW^oX~mq2y`)X z8Sd_>4-Cx^#aw>4g*3$BB>7}07V-5h3}fgE?LxWQ?}mpb!*h9u3gnyx>LXqlP)M8s~k~b6sghRBk<`?(A|FA9gy$Yk5D0KM(rt_)L`TvoOd*DDAOXod2a4nj1VW!n!xFm);E-_yJ^R?C z31n6?EbDtDohWR*;!@193;l|2i74@6mjlSvS_ZPPUa*f7ebQ@6cG_ySz-i#sg#A}n z0sXJ;<|u@I3_(OO5yk$cveOM3t>dW`ZJ1OOCK}xwNkVu>-gG2M^NZXu- zw~(Td23yyK`#|8aQWw^%4jcr?!@?aE2GBKhZv;6q+P5BR6R_1(rYLN#Q`08=xug@| zK9R{V6oyP5l$^5x#fYSc)43=^WP+Ud&h}JL^ws|I%wT+k$w)Lb;z5m&H`qz5FhfpN zRBg&@Q65kMqz=ceua_jlsCrs_N`t@X47I!UMf*Q(Oz0_zL(ie)8i!zT zzwx3RDi0%El=!L3(%u|AN?O>4kM28s^caII+c4T9lntu8c8nme40W`b&2;^`p}tX_ z7KeCDXaFc3-6A}h@-=l^3a^eb-S{TyqjV(PB1}f~53s*J;!>dZ;tqL;BbO`vIY-5? z%<`Hfg<4J39I>iE?V4k-$1x`XKqOXPlRSg|eFPw0RR7IR0p;IJOThU C!M&RR literal 0 HcmV?d00001 diff --git a/docs/index.yaml b/docs/index.yaml index cf84e8bb..755c804f 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -147,6 +147,44 @@ entries: - hpe-array-exporter-1.0.0-beta.tgz version: 1.0.0-beta hpe-csi-driver: + - annotations: + artifacthub.io/category: storage + artifacthub.io/containsSecurityUpdates: "true" + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Release Highlights + url: https://scod.hpedev.io/csi_driver/index.html#latest_release + - name: Release Notes + url: https://github.com/hpe-storage/csi-driver/tree/master/release-notes + - name: Documentation + url: https://scod.hpedev.io/csi_driver + - name: Chart Source + url: https://github.com/hpe-storage/co-deployments + artifacthub.io/prerelease: "false" + artifacthub.io/recommendations: | + - url: https://artifacthub.io/packages/olm/community-operators/hpe-csi-operator + - url: https://artifacthub.io/packages/helm/hpe-storage/hpe-csi-info-metrics + - url: https://artifacthub.io/packages/helm/hpe-storage/hpe-array-exporter + apiVersion: v1 + appVersion: 2.5.0 + created: "2024-07-25T09:09:41.440784-07:00" + description: A Helm chart for installing the HPE CSI Driver for Kubernetes + digest: 108aaa715e0a53515d266ee76db3b794cb6b28b7c9de0d07710f496db092e55e + home: https://hpe.com/storage/containers + icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png + keywords: + - HPE + - Storage + - CSI + maintainers: + - email: dev-hi-containers@hpe.com + name: datamattsson + name: hpe-csi-driver + sources: + - https://github.com/hpe-storage/csi-driver + urls: + - hpe-csi-driver-2.5.0.tgz + version: 2.5.0 - annotations: artifacthub.io/category: storage artifacthub.io/containsSecurityUpdates: "true" @@ -1299,4 +1337,4 @@ entries: urls: - hpe-flexvolume-driver-3.0.0.tgz version: 3.0.0 -generated: "2024-07-15T22:48:54.683827-07:00" +generated: "2024-07-25T09:09:41.439654-07:00" diff --git a/helm/charts/hpe-csi-driver/Chart.yaml b/helm/charts/hpe-csi-driver/Chart.yaml index c86bce82..bdc87ed4 100644 --- a/helm/charts/hpe-csi-driver/Chart.yaml +++ b/helm/charts/hpe-csi-driver/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -version: "2.5.0-beta4" -appVersion: "2.5.0-beta4" +version: "2.5.0" +appVersion: "2.5.0" annotations: - artifacthub.io/prerelease: "true" + artifacthub.io/prerelease: "false" artifacthub.io/containsSecurityUpdates: "true" artifacthub.io/license: Apache-2.0 artifacthub.io/category: storage diff --git a/helm/charts/hpe-csi-driver/values.yaml b/helm/charts/hpe-csi-driver/values.yaml index 1c3d3620..8baa14b1 100644 --- a/helm/charts/hpe-csi-driver/values.yaml +++ b/helm/charts/hpe-csi-driver/values.yaml @@ -103,8 +103,8 @@ node: # Release images images: - csiNodeDriver: quay.io/hpestorage/csi-driver:v2.5.0-beta2 - csiControllerDriver: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + csiNodeDriver: quay.io/hpestorage/csi-driver:v2.5.0 + csiControllerDriver: quay.io/hpestorage/csi-driver:v2.5.0 nimbleCSP: quay.io/hpestorage/alletra-6000-and-nimble-csp:v2.5.0 primera3parCSP: quay.io/hpestorage/alletra-9000-primera-and-3par-csp:v2.5.0 nfsProvisioner: quay.io/hpestorage/nfs-provisioner:v3.0.5 diff --git a/helm/values/csi-driver/v2.5.0/values.yaml b/helm/values/csi-driver/v2.5.0/values.yaml new file mode 100644 index 00000000..8baa14b1 --- /dev/null +++ b/helm/values/csi-driver/v2.5.0/values.yaml @@ -0,0 +1,119 @@ +# Default values for hpe-csi-driver Helm chart +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Control CSP Service and Deployments for HPE storage products +disable: + nimble: false + primera: false + alletra6000: false + alletra9000: false + alletraStorageMP: false + +# For controlling automatic iscsi/multipath package installation +disableNodeConformance: false + +# For controlling automatic iscsi/multipath service configuration +disableNodeConfiguration: false + +# NodeGetVolumestats will be called by default, set true to disable the call +disableNodeGetVolumeStats: false + +# The Node Monitor ensure the node has no stale storage resources attached +disableNodeMonitor: false + +# Disables host deletion by the CSP when no volumes are associated with the host +disableHostDeletion: false + +# imagePullPolicy applied for all hpe-csi-driver images +imagePullPolicy: "IfNotPresent" + +# Cluster wide values for CHAP authentication +iscsi: + chapSecretName: "" + +# Log level for all hpe-csi-driver components +logLevel: "info" + +# Kubelet root directory path +kubeletRootDir: "/var/lib/kubelet" + +controller: + + # These values map directly to yaml in the deployment spec, see the kubernetes docs for info + labels: {} + + # These values map directly to yaml in the deployment spec, see the kubernetes docs for info + nodeSelector: {} + + # These values map directly to yaml in the deployment spec, see the kubernetes docs for info + tolerations: [] + + affinity: {} + + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + +csp: + + # These values map directly to yaml in the deployment spec, see the kubernetes docs for info + labels: {} + + # These values map directly to yaml in the deployment spec, see the kubernetes docs for info + nodeSelector: {} + + # These values map directly to yaml in the deployment spec, see the kubernetes docs for info + tolerations: [] + + affinity: {} + + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + +node: + + # These values map directly to yaml in the deployment spec, see the kubernetes docs for info + labels: {} + + # These values map directly to yaml in the deployment spec, see the kubernetes docs for info + nodeSelector: {} + + # These values map directly to yaml in the deployment spec, see the kubernetes docs for info + tolerations: [] + + affinity: {} + + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + +# Release images +images: + csiNodeDriver: quay.io/hpestorage/csi-driver:v2.5.0 + csiControllerDriver: quay.io/hpestorage/csi-driver:v2.5.0 + nimbleCSP: quay.io/hpestorage/alletra-6000-and-nimble-csp:v2.5.0 + primera3parCSP: quay.io/hpestorage/alletra-9000-primera-and-3par-csp:v2.5.0 + nfsProvisioner: quay.io/hpestorage/nfs-provisioner:v3.0.5 + csiExtensions: quay.io/hpestorage/csi-extensions:v1.2.7 + csiVolumeGroupProvisioner: quay.io/hpestorage/volume-group-provisioner:v1.0.6 + csiVolumeGroupSnapshotter: quay.io/hpestorage/volume-group-snapshotter:v1.0.6 + csiVolumeMutator: quay.io/hpestorage/volume-mutator:v1.3.6 + csiAttacher: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + csiNodeDriverRegistrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + csiProvisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + csiResizer: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + csiSnapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 diff --git a/yaml/csi-driver/edge/hpe-csi-k8s-1.27.yaml b/yaml/csi-driver/edge/hpe-csi-k8s-1.27.yaml index ff4dd792..10a0456a 100644 --- a/yaml/csi-driver/edge/hpe-csi-k8s-1.27.yaml +++ b/yaml/csi-driver/edge/hpe-csi-k8s-1.27.yaml @@ -739,7 +739,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: hpe-csi-driver - image: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + image: quay.io/hpestorage/csi-driver:v2.5.0 resources: limits: cpu: 2000m @@ -906,7 +906,7 @@ spec: value: "1" initContainers: - name: hpe-csi-node-init - image: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + image: quay.io/hpestorage/csi-driver:v2.5.0 resources: limits: cpu: 2000m @@ -980,7 +980,7 @@ spec: - name: registration-dir mountPath: /registration - name: hpe-csi-driver - image: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + image: quay.io/hpestorage/csi-driver:v2.5.0 resources: limits: cpu: 2000m diff --git a/yaml/csi-driver/edge/hpe-csi-k8s-1.28.yaml b/yaml/csi-driver/edge/hpe-csi-k8s-1.28.yaml index 72c910c7..c9ea0db0 100644 --- a/yaml/csi-driver/edge/hpe-csi-k8s-1.28.yaml +++ b/yaml/csi-driver/edge/hpe-csi-k8s-1.28.yaml @@ -739,7 +739,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: hpe-csi-driver - image: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + image: quay.io/hpestorage/csi-driver:v2.5.0 resources: limits: cpu: 2000m @@ -906,7 +906,7 @@ spec: value: "1" initContainers: - name: hpe-csi-node-init - image: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + image: quay.io/hpestorage/csi-driver:v2.5.0 resources: limits: cpu: 2000m @@ -980,7 +980,7 @@ spec: - name: registration-dir mountPath: /registration - name: hpe-csi-driver - image: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + image: quay.io/hpestorage/csi-driver:v2.5.0 resources: limits: cpu: 2000m diff --git a/yaml/csi-driver/edge/hpe-csi-k8s-1.29.yaml b/yaml/csi-driver/edge/hpe-csi-k8s-1.29.yaml index 1e3e5e32..525d345f 100644 --- a/yaml/csi-driver/edge/hpe-csi-k8s-1.29.yaml +++ b/yaml/csi-driver/edge/hpe-csi-k8s-1.29.yaml @@ -739,7 +739,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: hpe-csi-driver - image: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + image: quay.io/hpestorage/csi-driver:v2.5.0 resources: limits: cpu: 2000m @@ -906,7 +906,7 @@ spec: value: "1" initContainers: - name: hpe-csi-node-init - image: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + image: quay.io/hpestorage/csi-driver:v2.5.0 resources: limits: cpu: 2000m @@ -980,7 +980,7 @@ spec: - name: registration-dir mountPath: /registration - name: hpe-csi-driver - image: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + image: quay.io/hpestorage/csi-driver:v2.5.0 resources: limits: cpu: 2000m diff --git a/yaml/csi-driver/edge/hpe-csi-k8s-1.30.yaml b/yaml/csi-driver/edge/hpe-csi-k8s-1.30.yaml index 89e6db98..79072628 100644 --- a/yaml/csi-driver/edge/hpe-csi-k8s-1.30.yaml +++ b/yaml/csi-driver/edge/hpe-csi-k8s-1.30.yaml @@ -739,7 +739,7 @@ spec: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ - name: hpe-csi-driver - image: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + image: quay.io/hpestorage/csi-driver:v2.5.0 resources: limits: cpu: 2000m @@ -906,7 +906,7 @@ spec: value: "1" initContainers: - name: hpe-csi-node-init - image: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + image: quay.io/hpestorage/csi-driver:v2.5.0 resources: limits: cpu: 2000m @@ -980,7 +980,7 @@ spec: - name: registration-dir mountPath: /registration - name: hpe-csi-driver - image: quay.io/hpestorage/csi-driver:v2.5.0-beta2 + image: quay.io/hpestorage/csi-driver:v2.5.0 resources: limits: cpu: 2000m diff --git a/yaml/csi-driver/v2.5.0/3par-primera-crd.yaml b/yaml/csi-driver/v2.5.0/3par-primera-crd.yaml new file mode 100644 index 00000000..adf50e3c --- /dev/null +++ b/yaml/csi-driver/v2.5.0/3par-primera-crd.yaml @@ -0,0 +1,436 @@ +#################################################### +############ HpeVolumeInfos Crd ############ +#################################################### + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpevolumeinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPEVolumeInfo + plural: hpevolumeinfos + scope: Cluster + # list of versions supported by this CustomResourceDefinition + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: false + schema: + openAPIV3Schema: + type: object + #x-kubernetes-preserve-unknown-fields: true + properties: + hpeVolumes: + description: List of HPE volumes configured for 3PAR/Primera arrays. + type: object + items: + type: object + properties: + uuid: + description: The UUID of the node. + type: string + + record: + description: Metadata for the volume + type: object + - name: v2 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + + properties: + hpeVolumes: + description: List of HPE volumes configured for 3PAR/Primera arrays. + type: object + items: + type: object + properties: + uuid: + description: The UUID of the node. + type: string + + record: + description: Metadata for the volume + type: object + +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- + +#################################################### +############ HpeVolumeGroupInfos Crd ############ +#################################################### + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpevolumegroupinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPEVolumeGroupInfo + plural: hpevolumegroupinfos + shortNames: + - hpevgi + scope: Cluster + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: false + schema: + openAPIV3Schema: + type: object + #x-kubernetes-preserve-unknown-fields: true + properties: + hpeVolumeGroupInfos: + description: List of HPE volume groups configured for 3PAR/Primera arrays. + items: + type: object + properties: + uuid: + description: The UUID of the node. + type: string + + record: + description: Metadata for the volume group + type: object + + snapshotGroups: + description: Snapshot groups that are linked to this volume group + items: + type: object + properties: + id: + description: ID of the snapshot group + type: string + + name: + description: Name of the snapshot group + type: string + type: object + volumes: + description: Volumes that are members in this volume group + + items: + type: object + properties: + volumeId: + description: ID of the member volume + type: string + + volumeName: + description: Name of the member volume + type: string + type: object + type: object + - name: v2 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + hpeVolumeGroupInfos: + description: List of HPE volume groups configured for 3PAR/Primera arrays. + items: + type: object + properties: + uuid: + description: The UUID of the node. + type: string + + record: + description: Metadata for the volume group + type: object + + snapshotGroups: + description: Snapshot groups that are linked to this volume group + items: + type: object + properties: + id: + description: ID of the snapshot group + type: string + + name: + description: Name of the snapshot group + type: string + type: object + volumes: + description: Volumes that are members in this volume group + + items: + type: object + properties: + volumeId: + description: ID of the member volume + type: string + + volumeName: + description: Name of the member volume + type: string + type: object + type: object + +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- + +#################################################### +############ SnapshotGroupInfos Crd ############ +#################################################### + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpesnapshotgroupinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPESnapshotGroupInfo + plural: hpesnapshotgroupinfos + shortNames: + - hpesgi + scope: Cluster + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: false + schema: + openAPIV3Schema: + type: object + #x-kubernetes-preserve-unknown-fields: true + properties: + hpeSnapshotGroupInfos: + description: List of HPE snapshot groups created for 3PAR/Primera arrays. + type: object + items: + type: object + properties: + uuid: + description: The UUID of the node. + type: string + + record: + description: Metadata for the volume group + type: object + + snapshotVolumes: + description: Snapshot volumes that are part of this snapshot group + type: object + items: + type: object + properties: + srcVolumeId: + description: ID of the volume that is the source of this snapshot volume + type: string + + srcVolumeName: + description: Name of the volume that is the source of this snapshot volume + type: string + + snapshotId: + description: Snapshot volume Id + type: string + + snapshotName: + description: Snapshot volume name + type: string + - name: v2 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + hpeSnapshotGroupInfos: + description: List of HPE snapshot groups created for 3PAR/Primera arrays. + type: object + items: + type: object + properties: + uuid: + description: The UUID of the node. + type: string + + record: + description: Metadata for the volume group + type: object + + snapshotVolumes: + description: Snapshot volumes that are part of this snapshot group + type: object + items: + type: object + properties: + srcVolumeId: + description: ID of the volume that is the source of this snapshot volume + type: string + + srcVolumeName: + description: Name of the volume that is the source of this snapshot volume + type: string + + snapshotId: + description: Snapshot volume Id + type: string + + snapshotName: + description: Snapshot volume name + type: string + +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- + +#################################################### +############ HpeReplicatedDeviceInfos Crd ############ +#################################################### + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpereplicationdeviceinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPEReplicationDeviceInfo + plural: hpereplicationdeviceinfos + shortNames: + - hperdi + + scope: Cluster + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: false + schema: + openAPIV3Schema: + type: object + #x-kubernetes-preserve-unknown-fields: true + properties: + hpeReplicationDeviceInfos: + description: List of HPE Replicated Device Information + type: object + items: + type: object + properties: + targets: + description: List of Target Array Details + type: object + items: + description: Target Array Details + type: object + properties: + targetName: + description: Target Name of the array + type: string + targetCpg: + description: Target CPG of the array + type: string + targetSnapCpg: + description: Target Snap CPG of the array + type: string + targetSecret: + description: Secret of the replicated array + type: string + targetMode: + description: Replication Mode + type: string + targetSecretNamespace: + description: Namespace of secret + type: string + required: + - targetName + - targetCpg + - targetSecret + - targetSecretNamespace + - name: v2 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + hpeReplicationDeviceInfos: + description: List of HPE Replicated Device Information + type: object + items: + type: object + properties: + targets: + description: List of Target Array Details + type: object + items: + description: Target Array Details + type: object + properties: + targetName: + description: Target Name of the array + type: string + targetCpg: + description: Target CPG of the array + type: string + targetSnapCpg: + description: Target Snap CPG of the array + type: string + targetSecret: + description: Secret of the replicated array + type: string + targetMode: + description: Replication Mode + type: string + targetSecretNamespace: + description: Namespace of secret + type: string + required: + - targetName + - targetCpg + - targetSecret + - targetSecretNamespace +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/yaml/csi-driver/v2.5.0/3par-primera-csp.yaml b/yaml/csi-driver/v2.5.0/3par-primera-csp.yaml new file mode 100644 index 00000000..4d7b3be9 --- /dev/null +++ b/yaml/csi-driver/v2.5.0/3par-primera-csp.yaml @@ -0,0 +1,86 @@ +# Configuration to deploy the HPE 3PAR Primera Storage CSP service +# +# example usage: kubectl create -f + + +#################################################### +############ Primera3Par CSP Service ############ +#################################################### + +kind: Service +apiVersion: v1 +metadata: + name: primera3par-csp-svc + namespace: hpe-storage + labels: + app: primera3par-csp-svc +spec: + ports: + - port: 8080 + protocol: TCP + selector: + app: primera3par-csp + +--- + +########################################## +############ CSP Deployment ############ +########################################## + +kind: Deployment +apiVersion: apps/v1 +metadata: + name: primera3par-csp + namespace: hpe-storage +spec: + selector: + matchLabels: + app: primera3par-csp + replicas: 1 + template: + metadata: + labels: + app: primera3par-csp + spec: + serviceAccountName: hpe-csp-sa + priorityClassName: system-cluster-critical + containers: + - name: primera3par-csp + image: quay.io/hpestorage/alletra-9000-primera-and-3par-csp:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + imagePullPolicy: IfNotPresent + env: + - name: CRD_CLIENT_CONFIG_QPS + value: "35" + - name: CRD_CLIENT_CONFIG_BURST + value: "20" + - name: CHAP_SECRET_NAME + value: "" + - name: CHAP_SECRET_NAMESPACE + value: hpe-storage + - name: DISABLE_HOST_DELETION + value: "false" + ports: + - containerPort: 8080 + volumeMounts: + - name: log-dir + mountPath: /var/log + volumes: + - name: log-dir + hostPath: + path: /var/log + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 diff --git a/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.27.yaml b/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.27.yaml new file mode 100644 index 00000000..10a0456a --- /dev/null +++ b/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.27.yaml @@ -0,0 +1,1100 @@ +# Configuration to deploy the HPE CSI driver compatible with +# Kubernetes = v1.27 +# +# example usage: kubectl create -f + +--- +############################################# +############ HPE RBAC ##################### +############################################# +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csi-controller-sa + namespace: hpe-storage + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["services"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-attacher-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "update", "delete", "get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "update", "delete", "get", "list", "watch", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-snapshotter-role + apiGroup: rbac.authorization.k8s.io + +--- +# Resizer must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-external-resizer-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-resizer-role +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-external-resizer-role + apiGroup: rbac.authorization.k8s.io + +--- + +# Resizer must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: hpe-storage + name: hpe-external-resizer-cfg +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-resizer-role-cfg + namespace: hpe-storage +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: Role + name: hpe-external-resizer-cfg + apiGroup: rbac.authorization.k8s.io + +--- +# cluster role to support volumegroup +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-volumegroup-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupclasses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-volumegroup-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-volumegroup-role + apiGroup: rbac.authorization.k8s.io + +--- +# cluster role to support snapshotgroup +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotgroup-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroups"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupcontents"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupclasses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroups/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupcontents/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotgroup-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-snapshotgroup-role + apiGroup: rbac.authorization.k8s.io + +--- +# mutator must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-mutator-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-mutator-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + # replace with non-default namespace name + namespace: hpe-storage + +roleRef: + kind: ClusterRole + name: hpe-csi-mutator-role + apiGroup: rbac.authorization.k8s.io + +--- +# mutator must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: hpe-storage + name: hpe-csi-mutator-cfg +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-mutator-role-cfg + namespace: hpe-storage +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage + +roleRef: + kind: Role + name: hpe-csi-mutator-cfg + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["hpenodeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpevolumeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpereplicationdeviceinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpevolumegroupinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpesnapshotgroupinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch"] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hpe-csi-node-sa + namespace: hpe-storage + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage + - kind: ServiceAccount + name: hpe-csi-node-sa + namespace: hpe-storage + - kind: ServiceAccount + name: hpe-csp-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-driver-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csp-sa + namespace: hpe-storage + +--- +############################################# +############ HPE Node Info CRD ############ +############################################# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpenodeinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPENodeInfo + plural: hpenodeinfos + scope: Cluster + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object." + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents" + type: string + spec: + description: "spec defines the desired characteristics of a HPE nodeinfo requested by a user." + properties: + iqns: + description: "List of IQNs configured on the node." + items: + type: string + type: array + networks: + description: "List of networks configured on the node." + items: + type: string + type: array + uuid: + description: "The UUID of the node." + type: string + wwpns: + description: "List of WWPNs configured on the node." + items: + type: string + type: array + required: + - uuid + - networks + type: object + required: + - spec + type: object +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +################# CSI Driver CRD ########### +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.hpe.com +spec: + podInfoOnMount: true + volumeLifecycleModes: + - Persistent + - Ephemeral + +--- +############################################# +############ Controller driver ############ +############################################# + +kind: Deployment +apiVersion: apps/v1 +metadata: + name: hpe-csi-controller + namespace: hpe-storage +spec: + replicas: 1 + selector: + matchLabels: + app: hpe-csi-controller + template: + metadata: + labels: + app: hpe-csi-controller + role: hpe-csi + spec: + priorityClassName: system-cluster-critical + serviceAccountName: hpe-csi-controller-sa + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + containers: + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--timeout=30s" + - "--worker-threads=16" + - "--extra-create-metadata" + - "--feature-gates=Topology=true" + - "--immediate-topology=false" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + - name: RUNTIME_NFS_IMAGE + value: quay.io/hpestorage/nfs-provisioner:v3.0.5 + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: hpe-csi-driver + image: quay.io/hpestorage/csi-driver:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--endpoint=$(CSI_ENDPOINT)" + - "--flavor=kubernetes" + - "--pod-monitor" + - "--pod-monitor-interval=30" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: LOG_LEVEL + value: info + - name: CHAP_SECRET_NAME + value: "" + - name: CHAP_SECRET_NAMESPACE + value: hpe-storage + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: log-dir + mountPath: /var/log + - name: k8s + mountPath: /etc/kubernetes + - name: hpeconfig + mountPath: /etc/hpe-storage + - name: root-dir + mountPath: /host + - name: csi-volume-mutator + image: quay.io/hpestorage/volume-mutator:v1.3.6 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-volume-group-snapshotter + image: quay.io/hpestorage/volume-group-snapshotter:v1.0.6 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-volume-group-provisioner + image: quay.io/hpestorage/volume-group-provisioner:v1.0.6 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-extensions + image: quay.io/hpestorage/csi-extensions:v1.2.7 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi-extensions.sock + - name: LOG_LEVEL + value: info + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} + - name: log-dir + hostPath: + path: /var/log + - name: k8s + hostPath: + path: /etc/kubernetes/ + - name: hpeconfig + hostPath: + path: /etc/hpe-storage/ + - name: root-dir + hostPath: + path: / + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 + +--- +####################################### +############ Node driver ############ +####################################### + +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: hpe-csi-node + namespace: hpe-storage +spec: + selector: + matchLabels: + app: hpe-csi-node + template: + metadata: + labels: + app: hpe-csi-node + role: hpe-csi + spec: + priorityClassName: system-node-critical + serviceAccountName: hpe-csi-node-sa + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + initContainers: + - name: hpe-csi-node-init + image: quay.io/hpestorage/csi-driver:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - --node-init + - --endpoint=$(CSI_ENDPOINT) + - --flavor=kubernetes + volumeMounts: + - name: root-dir + mountPath: /host + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: sys + mountPath: /sys + - name: etc-hpe-storage-dir + mountPath: /etc/hpe-storage + - name: runsystemd + mountPath: /run/systemd + - name: etcsystemd + mountPath: /etc/systemd/system + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + - name: log-dir + mountPath: /var/log + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: DISABLE_NODE_CONFORMANCE + value: "false" + - name: DISABLE_NODE_CONFIGURATION + value: "false" + - name: DISABLE_NODE_MONITOR + value: "false" + - name: LOG_LEVEL + value: info + imagePullPolicy: "IfNotPresent" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + containers: + - name: csi-node-driver-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + - "--v=5" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/csi.hpe.com/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: hpe-csi-driver + image: quay.io/hpestorage/csi-driver:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--endpoint=$(CSI_ENDPOINT)" + - "--node-service" + - "--flavor=kubernetes" + - "--node-monitor" + - "--node-monitor-interval=90" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: LOG_LEVEL + value: info + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DISABLE_NODE_CONFORMANCE + value: "false" + - name: DISABLE_NODE_CONFIGURATION + value: "false" + - name: DISABLE_NODE_MONITOR + value: "false" + - name: CHAP_SECRET_NAME + value: "" + - name: CHAP_SECRET_NAMESPACE + value: hpe-storage + imagePullPolicy: "IfNotPresent" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: root-dir + mountPath: /host + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: log-dir + mountPath: /var/log + - name: etc-hpe-storage-dir + mountPath: /etc/hpe-storage + - name: etc-kubernetes + mountPath: /etc/kubernetes + - name: sys + mountPath: /sys + - name: runsystemd + mountPath: /run/systemd + - name: etcsystemd + mountPath: /etc/systemd/system + - name: linux-config-file + mountPath: /opt/hpe-storage/nimbletune/config.json + subPath: config.json + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hpe.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + - name: root-dir + hostPath: + path: / + - name: device-dir + hostPath: + path: /dev + - name: log-dir + hostPath: + path: /var/log + - name: etc-hpe-storage-dir + hostPath: + path: /etc/hpe-storage + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes + - name: runsystemd + hostPath: + path: /run/systemd + - name: etcsystemd + hostPath: + path: /etc/systemd/system + - name: sys + hostPath: + path: /sys + - name: linux-config-file + configMap: + name: hpe-linux-config + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 + - effect: NoSchedule + key: csi.hpe.com/hpe-nfs + operator: Exists diff --git a/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.28.yaml b/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.28.yaml new file mode 100644 index 00000000..c9ea0db0 --- /dev/null +++ b/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.28.yaml @@ -0,0 +1,1100 @@ +# Configuration to deploy the HPE CSI driver compatible with +# Kubernetes = v1.28 +# +# example usage: kubectl create -f + +--- +############################################# +############ HPE RBAC ##################### +############################################# +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csi-controller-sa + namespace: hpe-storage + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["services"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-attacher-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "update", "delete", "get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "update", "delete", "get", "list", "watch", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-snapshotter-role + apiGroup: rbac.authorization.k8s.io + +--- +# Resizer must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-external-resizer-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-resizer-role +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-external-resizer-role + apiGroup: rbac.authorization.k8s.io + +--- + +# Resizer must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: hpe-storage + name: hpe-external-resizer-cfg +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-resizer-role-cfg + namespace: hpe-storage +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: Role + name: hpe-external-resizer-cfg + apiGroup: rbac.authorization.k8s.io + +--- +# cluster role to support volumegroup +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-volumegroup-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupclasses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-volumegroup-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-volumegroup-role + apiGroup: rbac.authorization.k8s.io + +--- +# cluster role to support snapshotgroup +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotgroup-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroups"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupcontents"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupclasses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroups/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupcontents/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotgroup-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-snapshotgroup-role + apiGroup: rbac.authorization.k8s.io + +--- +# mutator must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-mutator-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-mutator-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + # replace with non-default namespace name + namespace: hpe-storage + +roleRef: + kind: ClusterRole + name: hpe-csi-mutator-role + apiGroup: rbac.authorization.k8s.io + +--- +# mutator must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: hpe-storage + name: hpe-csi-mutator-cfg +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-mutator-role-cfg + namespace: hpe-storage +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage + +roleRef: + kind: Role + name: hpe-csi-mutator-cfg + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["hpenodeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpevolumeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpereplicationdeviceinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpevolumegroupinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpesnapshotgroupinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch"] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hpe-csi-node-sa + namespace: hpe-storage + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage + - kind: ServiceAccount + name: hpe-csi-node-sa + namespace: hpe-storage + - kind: ServiceAccount + name: hpe-csp-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-driver-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csp-sa + namespace: hpe-storage + +--- +############################################# +############ HPE Node Info CRD ############ +############################################# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpenodeinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPENodeInfo + plural: hpenodeinfos + scope: Cluster + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object." + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents" + type: string + spec: + description: "spec defines the desired characteristics of a HPE nodeinfo requested by a user." + properties: + iqns: + description: "List of IQNs configured on the node." + items: + type: string + type: array + networks: + description: "List of networks configured on the node." + items: + type: string + type: array + uuid: + description: "The UUID of the node." + type: string + wwpns: + description: "List of WWPNs configured on the node." + items: + type: string + type: array + required: + - uuid + - networks + type: object + required: + - spec + type: object +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +################# CSI Driver CRD ########### +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.hpe.com +spec: + podInfoOnMount: true + volumeLifecycleModes: + - Persistent + - Ephemeral + +--- +############################################# +############ Controller driver ############ +############################################# + +kind: Deployment +apiVersion: apps/v1 +metadata: + name: hpe-csi-controller + namespace: hpe-storage +spec: + replicas: 1 + selector: + matchLabels: + app: hpe-csi-controller + template: + metadata: + labels: + app: hpe-csi-controller + role: hpe-csi + spec: + priorityClassName: system-cluster-critical + serviceAccountName: hpe-csi-controller-sa + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + containers: + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--timeout=30s" + - "--worker-threads=16" + - "--extra-create-metadata" + - "--feature-gates=Topology=true" + - "--immediate-topology=false" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + - name: RUNTIME_NFS_IMAGE + value: quay.io/hpestorage/nfs-provisioner:v3.0.5 + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: hpe-csi-driver + image: quay.io/hpestorage/csi-driver:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--endpoint=$(CSI_ENDPOINT)" + - "--flavor=kubernetes" + - "--pod-monitor" + - "--pod-monitor-interval=30" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: LOG_LEVEL + value: info + - name: CHAP_SECRET_NAME + value: "" + - name: CHAP_SECRET_NAMESPACE + value: hpe-storage + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: log-dir + mountPath: /var/log + - name: k8s + mountPath: /etc/kubernetes + - name: hpeconfig + mountPath: /etc/hpe-storage + - name: root-dir + mountPath: /host + - name: csi-volume-mutator + image: quay.io/hpestorage/volume-mutator:v1.3.6 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-volume-group-snapshotter + image: quay.io/hpestorage/volume-group-snapshotter:v1.0.6 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-volume-group-provisioner + image: quay.io/hpestorage/volume-group-provisioner:v1.0.6 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-extensions + image: quay.io/hpestorage/csi-extensions:v1.2.7 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi-extensions.sock + - name: LOG_LEVEL + value: info + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} + - name: log-dir + hostPath: + path: /var/log + - name: k8s + hostPath: + path: /etc/kubernetes/ + - name: hpeconfig + hostPath: + path: /etc/hpe-storage/ + - name: root-dir + hostPath: + path: / + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 + +--- +####################################### +############ Node driver ############ +####################################### + +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: hpe-csi-node + namespace: hpe-storage +spec: + selector: + matchLabels: + app: hpe-csi-node + template: + metadata: + labels: + app: hpe-csi-node + role: hpe-csi + spec: + priorityClassName: system-node-critical + serviceAccountName: hpe-csi-node-sa + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + initContainers: + - name: hpe-csi-node-init + image: quay.io/hpestorage/csi-driver:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - --node-init + - --endpoint=$(CSI_ENDPOINT) + - --flavor=kubernetes + volumeMounts: + - name: root-dir + mountPath: /host + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: sys + mountPath: /sys + - name: etc-hpe-storage-dir + mountPath: /etc/hpe-storage + - name: runsystemd + mountPath: /run/systemd + - name: etcsystemd + mountPath: /etc/systemd/system + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + - name: log-dir + mountPath: /var/log + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: DISABLE_NODE_CONFORMANCE + value: "false" + - name: DISABLE_NODE_CONFIGURATION + value: "false" + - name: DISABLE_NODE_MONITOR + value: "false" + - name: LOG_LEVEL + value: info + imagePullPolicy: "IfNotPresent" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + containers: + - name: csi-node-driver-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + - "--v=5" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/csi.hpe.com/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: hpe-csi-driver + image: quay.io/hpestorage/csi-driver:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--endpoint=$(CSI_ENDPOINT)" + - "--node-service" + - "--flavor=kubernetes" + - "--node-monitor" + - "--node-monitor-interval=90" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: LOG_LEVEL + value: info + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DISABLE_NODE_CONFORMANCE + value: "false" + - name: DISABLE_NODE_CONFIGURATION + value: "false" + - name: DISABLE_NODE_MONITOR + value: "false" + - name: CHAP_SECRET_NAME + value: "" + - name: CHAP_SECRET_NAMESPACE + value: hpe-storage + imagePullPolicy: "IfNotPresent" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: root-dir + mountPath: /host + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: log-dir + mountPath: /var/log + - name: etc-hpe-storage-dir + mountPath: /etc/hpe-storage + - name: etc-kubernetes + mountPath: /etc/kubernetes + - name: sys + mountPath: /sys + - name: runsystemd + mountPath: /run/systemd + - name: etcsystemd + mountPath: /etc/systemd/system + - name: linux-config-file + mountPath: /opt/hpe-storage/nimbletune/config.json + subPath: config.json + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hpe.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + - name: root-dir + hostPath: + path: / + - name: device-dir + hostPath: + path: /dev + - name: log-dir + hostPath: + path: /var/log + - name: etc-hpe-storage-dir + hostPath: + path: /etc/hpe-storage + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes + - name: runsystemd + hostPath: + path: /run/systemd + - name: etcsystemd + hostPath: + path: /etc/systemd/system + - name: sys + hostPath: + path: /sys + - name: linux-config-file + configMap: + name: hpe-linux-config + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 + - effect: NoSchedule + key: csi.hpe.com/hpe-nfs + operator: Exists diff --git a/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.29.yaml b/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.29.yaml new file mode 100644 index 00000000..525d345f --- /dev/null +++ b/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.29.yaml @@ -0,0 +1,1100 @@ +# Configuration to deploy the HPE CSI driver compatible with +# Kubernetes = v1.29 +# +# example usage: kubectl create -f + +--- +############################################# +############ HPE RBAC ##################### +############################################# +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csi-controller-sa + namespace: hpe-storage + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["services"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-attacher-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "update", "delete", "get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "update", "delete", "get", "list", "watch", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-snapshotter-role + apiGroup: rbac.authorization.k8s.io + +--- +# Resizer must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-external-resizer-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-resizer-role +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-external-resizer-role + apiGroup: rbac.authorization.k8s.io + +--- + +# Resizer must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: hpe-storage + name: hpe-external-resizer-cfg +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-resizer-role-cfg + namespace: hpe-storage +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: Role + name: hpe-external-resizer-cfg + apiGroup: rbac.authorization.k8s.io + +--- +# cluster role to support volumegroup +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-volumegroup-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupclasses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-volumegroup-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-volumegroup-role + apiGroup: rbac.authorization.k8s.io + +--- +# cluster role to support snapshotgroup +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotgroup-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroups"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupcontents"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupclasses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroups/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupcontents/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotgroup-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-snapshotgroup-role + apiGroup: rbac.authorization.k8s.io + +--- +# mutator must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-mutator-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-mutator-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + # replace with non-default namespace name + namespace: hpe-storage + +roleRef: + kind: ClusterRole + name: hpe-csi-mutator-role + apiGroup: rbac.authorization.k8s.io + +--- +# mutator must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: hpe-storage + name: hpe-csi-mutator-cfg +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-mutator-role-cfg + namespace: hpe-storage +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage + +roleRef: + kind: Role + name: hpe-csi-mutator-cfg + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["hpenodeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpevolumeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpereplicationdeviceinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpevolumegroupinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpesnapshotgroupinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch"] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hpe-csi-node-sa + namespace: hpe-storage + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage + - kind: ServiceAccount + name: hpe-csi-node-sa + namespace: hpe-storage + - kind: ServiceAccount + name: hpe-csp-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-driver-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csp-sa + namespace: hpe-storage + +--- +############################################# +############ HPE Node Info CRD ############ +############################################# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpenodeinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPENodeInfo + plural: hpenodeinfos + scope: Cluster + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object." + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents" + type: string + spec: + description: "spec defines the desired characteristics of a HPE nodeinfo requested by a user." + properties: + iqns: + description: "List of IQNs configured on the node." + items: + type: string + type: array + networks: + description: "List of networks configured on the node." + items: + type: string + type: array + uuid: + description: "The UUID of the node." + type: string + wwpns: + description: "List of WWPNs configured on the node." + items: + type: string + type: array + required: + - uuid + - networks + type: object + required: + - spec + type: object +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +################# CSI Driver CRD ########### +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.hpe.com +spec: + podInfoOnMount: true + volumeLifecycleModes: + - Persistent + - Ephemeral + +--- +############################################# +############ Controller driver ############ +############################################# + +kind: Deployment +apiVersion: apps/v1 +metadata: + name: hpe-csi-controller + namespace: hpe-storage +spec: + replicas: 1 + selector: + matchLabels: + app: hpe-csi-controller + template: + metadata: + labels: + app: hpe-csi-controller + role: hpe-csi + spec: + priorityClassName: system-cluster-critical + serviceAccountName: hpe-csi-controller-sa + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + containers: + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--timeout=30s" + - "--worker-threads=16" + - "--extra-create-metadata" + - "--feature-gates=Topology=true" + - "--immediate-topology=false" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + - name: RUNTIME_NFS_IMAGE + value: quay.io/hpestorage/nfs-provisioner:v3.0.5 + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: hpe-csi-driver + image: quay.io/hpestorage/csi-driver:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--endpoint=$(CSI_ENDPOINT)" + - "--flavor=kubernetes" + - "--pod-monitor" + - "--pod-monitor-interval=30" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: LOG_LEVEL + value: info + - name: CHAP_SECRET_NAME + value: "" + - name: CHAP_SECRET_NAMESPACE + value: hpe-storage + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: log-dir + mountPath: /var/log + - name: k8s + mountPath: /etc/kubernetes + - name: hpeconfig + mountPath: /etc/hpe-storage + - name: root-dir + mountPath: /host + - name: csi-volume-mutator + image: quay.io/hpestorage/volume-mutator:v1.3.6 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-volume-group-snapshotter + image: quay.io/hpestorage/volume-group-snapshotter:v1.0.6 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-volume-group-provisioner + image: quay.io/hpestorage/volume-group-provisioner:v1.0.6 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-extensions + image: quay.io/hpestorage/csi-extensions:v1.2.7 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi-extensions.sock + - name: LOG_LEVEL + value: info + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} + - name: log-dir + hostPath: + path: /var/log + - name: k8s + hostPath: + path: /etc/kubernetes/ + - name: hpeconfig + hostPath: + path: /etc/hpe-storage/ + - name: root-dir + hostPath: + path: / + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 + +--- +####################################### +############ Node driver ############ +####################################### + +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: hpe-csi-node + namespace: hpe-storage +spec: + selector: + matchLabels: + app: hpe-csi-node + template: + metadata: + labels: + app: hpe-csi-node + role: hpe-csi + spec: + priorityClassName: system-node-critical + serviceAccountName: hpe-csi-node-sa + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + initContainers: + - name: hpe-csi-node-init + image: quay.io/hpestorage/csi-driver:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - --node-init + - --endpoint=$(CSI_ENDPOINT) + - --flavor=kubernetes + volumeMounts: + - name: root-dir + mountPath: /host + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: sys + mountPath: /sys + - name: etc-hpe-storage-dir + mountPath: /etc/hpe-storage + - name: runsystemd + mountPath: /run/systemd + - name: etcsystemd + mountPath: /etc/systemd/system + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + - name: log-dir + mountPath: /var/log + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: DISABLE_NODE_CONFORMANCE + value: "false" + - name: DISABLE_NODE_CONFIGURATION + value: "false" + - name: DISABLE_NODE_MONITOR + value: "false" + - name: LOG_LEVEL + value: info + imagePullPolicy: "IfNotPresent" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + containers: + - name: csi-node-driver-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + - "--v=5" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/csi.hpe.com/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: hpe-csi-driver + image: quay.io/hpestorage/csi-driver:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--endpoint=$(CSI_ENDPOINT)" + - "--node-service" + - "--flavor=kubernetes" + - "--node-monitor" + - "--node-monitor-interval=90" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: LOG_LEVEL + value: info + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DISABLE_NODE_CONFORMANCE + value: "false" + - name: DISABLE_NODE_CONFIGURATION + value: "false" + - name: DISABLE_NODE_MONITOR + value: "false" + - name: CHAP_SECRET_NAME + value: "" + - name: CHAP_SECRET_NAMESPACE + value: hpe-storage + imagePullPolicy: "IfNotPresent" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: root-dir + mountPath: /host + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: log-dir + mountPath: /var/log + - name: etc-hpe-storage-dir + mountPath: /etc/hpe-storage + - name: etc-kubernetes + mountPath: /etc/kubernetes + - name: sys + mountPath: /sys + - name: runsystemd + mountPath: /run/systemd + - name: etcsystemd + mountPath: /etc/systemd/system + - name: linux-config-file + mountPath: /opt/hpe-storage/nimbletune/config.json + subPath: config.json + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hpe.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + - name: root-dir + hostPath: + path: / + - name: device-dir + hostPath: + path: /dev + - name: log-dir + hostPath: + path: /var/log + - name: etc-hpe-storage-dir + hostPath: + path: /etc/hpe-storage + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes + - name: runsystemd + hostPath: + path: /run/systemd + - name: etcsystemd + hostPath: + path: /etc/systemd/system + - name: sys + hostPath: + path: /sys + - name: linux-config-file + configMap: + name: hpe-linux-config + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 + - effect: NoSchedule + key: csi.hpe.com/hpe-nfs + operator: Exists diff --git a/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.30.yaml b/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.30.yaml new file mode 100644 index 00000000..79072628 --- /dev/null +++ b/yaml/csi-driver/v2.5.0/hpe-csi-k8s-1.30.yaml @@ -0,0 +1,1100 @@ +# Configuration to deploy the HPE CSI driver compatible with +# Kubernetes = v1.30 +# +# example usage: kubectl create -f + +--- +############################################# +############ HPE RBAC ##################### +############################################# +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csi-controller-sa + namespace: hpe-storage + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["services"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-provisioner-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-provisioner-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["get", "list", "watch", "update", "create", "delete", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-attacher-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-attacher-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "update", "delete", "get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "update", "delete", "get", "list", "watch", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotter-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-snapshotter-role + apiGroup: rbac.authorization.k8s.io + +--- +# Resizer must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-external-resizer-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-resizer-role +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-external-resizer-role + apiGroup: rbac.authorization.k8s.io + +--- + +# Resizer must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: hpe-storage + name: hpe-external-resizer-cfg +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-resizer-role-cfg + namespace: hpe-storage +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: Role + name: hpe-external-resizer-cfg + apiGroup: rbac.authorization.k8s.io + +--- +# cluster role to support volumegroup +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-volumegroup-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupclasses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-volumegroup-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-volumegroup-role + apiGroup: rbac.authorization.k8s.io + +--- +# cluster role to support snapshotgroup +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotgroup-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroups"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupcontents"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupclasses"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroups/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["snapshotgroupcontents/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "create"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "get", "update"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroups"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupcontents"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.hpe.com"] + resources: ["volumegroupclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list"] + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-snapshotgroup-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-snapshotgroup-role + apiGroup: rbac.authorization.k8s.io + +--- +# mutator must be able to work with PVCs, PVs, SCs. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-mutator-role +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-mutator-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + # replace with non-default namespace name + namespace: hpe-storage + +roleRef: + kind: ClusterRole + name: hpe-csi-mutator-role + apiGroup: rbac.authorization.k8s.io + +--- +# mutator must be able to work with end point in current namespace +# if (and only if) leadership election is enabled +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: hpe-storage + name: hpe-csi-mutator-cfg +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-mutator-role-cfg + namespace: hpe-storage +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage + +roleRef: + kind: Role + name: hpe-csi-mutator-cfg + apiGroup: rbac.authorization.k8s.io + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-role +rules: + - apiGroups: ["storage.hpe.com"] + resources: ["hpenodeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpevolumeinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpereplicationdeviceinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpevolumegroupinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["storage.hpe.com"] + resources: ["hpesnapshotgroupinfos"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch"] + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hpe-csi-node-sa + namespace: hpe-storage + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: hpe-csi-driver-binding +subjects: + - kind: ServiceAccount + name: hpe-csi-controller-sa + namespace: hpe-storage + - kind: ServiceAccount + name: hpe-csi-node-sa + namespace: hpe-storage + - kind: ServiceAccount + name: hpe-csp-sa + namespace: hpe-storage +roleRef: + kind: ClusterRole + name: hpe-csi-driver-role + apiGroup: rbac.authorization.k8s.io + +--- +kind: ServiceAccount +apiVersion: v1 +metadata: + name: hpe-csp-sa + namespace: hpe-storage + +--- +############################################# +############ HPE Node Info CRD ############ +############################################# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + creationTimestamp: null + name: hpenodeinfos.storage.hpe.com +spec: + group: storage.hpe.com + names: + kind: HPENodeInfo + plural: hpenodeinfos + scope: Cluster + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + schema: + openAPIV3Schema: + properties: + apiVersion: + description: "APIVersion defines the versioned schema of this representation of an object." + type: string + kind: + description: "Kind is a string value representing the REST resource this object represents" + type: string + spec: + description: "spec defines the desired characteristics of a HPE nodeinfo requested by a user." + properties: + iqns: + description: "List of IQNs configured on the node." + items: + type: string + type: array + networks: + description: "List of networks configured on the node." + items: + type: string + type: array + uuid: + description: "The UUID of the node." + type: string + wwpns: + description: "List of WWPNs configured on the node." + items: + type: string + type: array + required: + - uuid + - networks + type: object + required: + - spec + type: object +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + +--- +################# CSI Driver CRD ########### +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.hpe.com +spec: + podInfoOnMount: true + volumeLifecycleModes: + - Persistent + - Ephemeral + +--- +############################################# +############ Controller driver ############ +############################################# + +kind: Deployment +apiVersion: apps/v1 +metadata: + name: hpe-csi-controller + namespace: hpe-storage +spec: + replicas: 1 + selector: + matchLabels: + app: hpe-csi-controller + template: + metadata: + labels: + app: hpe-csi-controller + role: hpe-csi + spec: + priorityClassName: system-cluster-critical + serviceAccountName: hpe-csi-controller-sa + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + containers: + - name: csi-provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--timeout=30s" + - "--worker-threads=16" + - "--extra-create-metadata" + - "--feature-gates=Topology=true" + - "--immediate-topology=false" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + - name: RUNTIME_NFS_IMAGE + value: quay.io/hpestorage/nfs-provisioner:v3.0.5 + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.6.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.11.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: hpe-csi-driver + image: quay.io/hpestorage/csi-driver:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--endpoint=$(CSI_ENDPOINT)" + - "--flavor=kubernetes" + - "--pod-monitor" + - "--pod-monitor-interval=30" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock + - name: LOG_LEVEL + value: info + - name: CHAP_SECRET_NAME + value: "" + - name: CHAP_SECRET_NAMESPACE + value: hpe-storage + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: log-dir + mountPath: /var/log + - name: k8s + mountPath: /etc/kubernetes + - name: hpeconfig + mountPath: /etc/hpe-storage + - name: root-dir + mountPath: /host + - name: csi-volume-mutator + image: quay.io/hpestorage/volume-mutator:v1.3.6 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-volume-group-snapshotter + image: quay.io/hpestorage/volume-group-snapshotter:v1.0.6 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-volume-group-provisioner + image: quay.io/hpestorage/volume-group-provisioner:v1.0.6 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi-extensions.sock + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + - name: csi-extensions + image: quay.io/hpestorage/csi-extensions:v1.2.7 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--v=5" + - "--endpoint=$(CSI_ENDPOINT)" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/csi/sockets/pluginproxy/csi-extensions.sock + - name: LOG_LEVEL + value: info + imagePullPolicy: "IfNotPresent" + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + volumes: + - name: socket-dir + emptyDir: {} + - name: log-dir + hostPath: + path: /var/log + - name: k8s + hostPath: + path: /etc/kubernetes/ + - name: hpeconfig + hostPath: + path: /etc/hpe-storage/ + - name: root-dir + hostPath: + path: / + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 + +--- +####################################### +############ Node driver ############ +####################################### + +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: hpe-csi-node + namespace: hpe-storage +spec: + selector: + matchLabels: + app: hpe-csi-node + template: + metadata: + labels: + app: hpe-csi-node + role: hpe-csi + spec: + priorityClassName: system-node-critical + serviceAccountName: hpe-csi-node-sa + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + dnsConfig: + options: + - name: ndots + value: "1" + initContainers: + - name: hpe-csi-node-init + image: quay.io/hpestorage/csi-driver:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - --node-init + - --endpoint=$(CSI_ENDPOINT) + - --flavor=kubernetes + volumeMounts: + - name: root-dir + mountPath: /host + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: sys + mountPath: /sys + - name: etc-hpe-storage-dir + mountPath: /etc/hpe-storage + - name: runsystemd + mountPath: /run/systemd + - name: etcsystemd + mountPath: /etc/systemd/system + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + - name: log-dir + mountPath: /var/log + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: DISABLE_NODE_CONFORMANCE + value: "false" + - name: DISABLE_NODE_CONFIGURATION + value: "false" + - name: DISABLE_NODE_MONITOR + value: "false" + - name: LOG_LEVEL + value: info + imagePullPolicy: "IfNotPresent" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + containers: + - name: csi-node-driver-registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--csi-address=$(ADDRESS)" + - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)" + - "--v=5" + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: /var/lib/kubelet/plugins/csi.hpe.com/csi.sock + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: hpe-csi-driver + image: quay.io/hpestorage/csi-driver:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + args: + - "--endpoint=$(CSI_ENDPOINT)" + - "--node-service" + - "--flavor=kubernetes" + - "--node-monitor" + - "--node-monitor-interval=90" + env: + - name: CSI_ENDPOINT + value: unix:///csi/csi.sock + - name: LOG_LEVEL + value: info + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: DISABLE_NODE_CONFORMANCE + value: "false" + - name: DISABLE_NODE_CONFIGURATION + value: "false" + - name: DISABLE_NODE_MONITOR + value: "false" + - name: CHAP_SECRET_NAME + value: "" + - name: CHAP_SECRET_NAMESPACE + value: hpe-storage + imagePullPolicy: "IfNotPresent" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: pods-mount-dir + mountPath: /var/lib/kubelet + # needed so that any mounts setup inside this container are + # propagated back to the host machine. + mountPropagation: "Bidirectional" + - name: root-dir + mountPath: /host + mountPropagation: "Bidirectional" + - name: device-dir + mountPath: /dev + - name: log-dir + mountPath: /var/log + - name: etc-hpe-storage-dir + mountPath: /etc/hpe-storage + - name: etc-kubernetes + mountPath: /etc/kubernetes + - name: sys + mountPath: /sys + - name: runsystemd + mountPath: /run/systemd + - name: etcsystemd + mountPath: /etc/systemd/system + - name: linux-config-file + mountPath: /opt/hpe-storage/nimbletune/config.json + subPath: config.json + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry + type: Directory + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.hpe.com + type: DirectoryOrCreate + - name: pods-mount-dir + hostPath: + path: /var/lib/kubelet + - name: root-dir + hostPath: + path: / + - name: device-dir + hostPath: + path: /dev + - name: log-dir + hostPath: + path: /var/log + - name: etc-hpe-storage-dir + hostPath: + path: /etc/hpe-storage + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes + - name: runsystemd + hostPath: + path: /run/systemd + - name: etcsystemd + hostPath: + path: /etc/systemd/system + - name: sys + hostPath: + path: /sys + - name: linux-config-file + configMap: + name: hpe-linux-config + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30 + - effect: NoSchedule + key: csi.hpe.com/hpe-nfs + operator: Exists diff --git a/yaml/csi-driver/v2.5.0/hpe-linux-config.yaml b/yaml/csi-driver/v2.5.0/hpe-linux-config.yaml new file mode 100644 index 00000000..e2759581 --- /dev/null +++ b/yaml/csi-driver/v2.5.0/hpe-linux-config.yaml @@ -0,0 +1,414 @@ + +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: hpe-linux-config + namespace: hpe-storage +data: + config.json: | + { + "Nimble": { + "Default": [ + { + "category": "iscsi", + "severity": "warning", + "description": "Manual startup of iSCSI nodes on boot. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "startup", + "recommendation": "manual" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Replacement_timeout of 10 seconds is recommended for faster failover of I/O by multipath on path failures. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "replacement_timeout", + "recommendation": "10" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum login timeout of 15 seconds is recommended with iSCSI. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "login_timeout", + "recommendation": "15" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum timeout of 10 seconds is recommended with noop requests. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "noop_out_timeout", + "recommendation": "10" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum cmds_max of 512 is recommended for each session if handling multiple LUN's. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "cmds_max", + "recommendation": "512" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum queue_depth of 256 is recommended for each iSCSI session/path. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "queue_depth", + "recommendation": "256" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum number of sessions per iSCSI login is recommended to be 1 by default. If additional sessions are needed this can be set in /etc/iscsi/iscsid.conf. If NCM is running, please change min_session_per_array in /etc/ncm.conf and restart nlt service instead", + "parameter": "nr_sessions", + "recommendation": "1" + }, + { + "category": "multipath", + "severity": "critical", + "description": "product attribute recommended to be set to Server in /etc/multipath.conf", + "parameter": "product", + "recommendation": "\"Server\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "alua prioritizer is recommended. Can be set in /etc/multipath.conf", + "parameter": "prio", + "recommendation": "alua" + }, + { + "category": "multipath", + "severity": "critical", + "description": "scsi_dh_alua device handler is recommended. Can be set in /etc/multipath.conf", + "parameter": "hardware_handler", + "recommendation": "\"1 alua\"" + }, + { + "category": "multipath", + "severity": "warning", + "description": "immediate failback setting is recommended. Can be set in /etc/multipath.conf", + "parameter": "failback", + "recommendation": "immediate" + }, + { + "category": "multipath", + "severity": "critical", + "description": "immediately fail i/o on transient path failures to retry on other paths, value=1. Can be set in /etc/multipath.conf", + "parameter": "fast_io_fail_tmo", + "recommendation": "5" + }, + { + "category": "multipath", + "severity": "critical", + "description": "queueing is recommended for 150 seconds, with no_path_retry value of 30. Can be set in /etc/multipath.conf", + "parameter": "no_path_retry", + "recommendation": "30" + }, + { + "category": "multipath", + "severity": "warning", + "description": "service-time path selector is recommended. Can be set in /etc/multipath.conf", + "parameter": "path_selector", + "recommendation": "\"service-time 0\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "vendor attribute recommended to be set to Nimble in /etc/multipath.conf", + "parameter": "vendor", + "recommendation": "\"Nimble\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "group paths according to ALUA path priority of active/standby. Recommended to be set to group_by_prio in /etc/multipath.conf", + "parameter": "path_grouping_policy", + "recommendation": "group_by_prio" + }, + { + "category": "multipath", + "severity": "critical", + "description": "tur path checker is recommended. Can be set in /etc/multipath.conf", + "parameter": "path_checker", + "recommendation": "tur" + }, + { + "category": "multipath", + "severity": "critical", + "description": "infinite value is recommended for timeout in cases of device loss for FC. Can be set in /etc/multipath.conf", + "parameter": "dev_loss_tmo", + "recommendation": "infinity" + } + ], + "Ubuntu": null + }, + "3PARdata": { + "Default": [ + { + "category": "iscsi", + "severity": "warning", + "description": "Manual startup of iSCSI nodes on boot. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "startup", + "recommendation": "manual" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Replacement_timeout of 10 seconds is recommended for faster failover of I/O by multipath on path failures. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "replacement_timeout", + "recommendation": "10" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum login timeout of 15 seconds is recommended with iSCSI. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "login_timeout", + "recommendation": "15" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum timeout of 10 seconds is recommended with noop requests. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "noop_out_timeout", + "recommendation": "10" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum cmds_max of 512 is recommended for each session if handling multiple LUN's. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "cmds_max", + "recommendation": "512" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum queue_depth of 256 is recommended for each iSCSI session/path. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "queue_depth", + "recommendation": "256" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum number of sessions per iSCSI login is recommended to be 1 by default. If additional sessions are needed this can be set in /etc/iscsi/iscsid.conf. If NCM is running, please change min_session_per_array in /etc/ncm.conf and restart nlt service instead", + "parameter": "nr_sessions", + "recommendation": "1" + }, + { + "category": "multipath", + "severity": "critical", + "description": "product attribute recommended to be set to VV in /etc/multipath.conf", + "parameter": "product", + "recommendation": "\"VV\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "alua prioritizer is recommended. Can be set in /etc/multipath.conf", + "parameter": "prio", + "recommendation": "alua" + }, + { + "category": "multipath", + "severity": "critical", + "description": "scsi_dh_alua device handler is recommended. Can be set in /etc/multipath.conf", + "parameter": "hardware_handler", + "recommendation": "\"1 alua\"" + }, + { + "category": "multipath", + "severity": "warning", + "description": "immediate failback setting is recommended. Can be set in /etc/multipath.conf", + "parameter": "failback", + "recommendation": "immediate" + }, + { + "category": "multipath", + "severity": "critical", + "description": "immediately fail i/o on transient path failures to retry on other paths, value=1. Can be set in /etc/multipath.conf", + "parameter": "fast_io_fail_tmo", + "recommendation": "10" + }, + { + "category": "multipath", + "severity": "critical", + "description": "queueing is recommended for 150 seconds, with no_path_retry value of 18. Can be set in /etc/multipath.conf", + "parameter": "no_path_retry", + "recommendation": "18" + }, + { + "category": "multipath", + "severity": "warning", + "description": "round-robin 0 path selector is recommended. Can be set in /etc/multipath.conf", + "parameter": "path_selector", + "recommendation": "\"round-robin 0\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "vendor attribute recommended to be set to 3PARdata. Can be set in /etc/multipath.conf", + "parameter": "vendor", + "recommendation": "\"3PARdata\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "group paths according to ALUA path priority of active/standby. Recommended to be set to group_by_prio in /etc/multipath.conf", + "parameter": "path_grouping_policy", + "recommendation": "group_by_prio" + }, + { + "category": "multipath", + "severity": "critical", + "description": "infinite value is recommended for timeout in cases of device loss for FC. Can be set in /etc/multipath.conf", + "parameter": "dev_loss_tmo", + "recommendation": "infinity" + }, + { + "category": "multipath", + "severity": "critical", + "description": "tur path checker is recommended. Can be set in /etc/multipath.conf", + "parameter": "path_checker", + "recommendation": "tur" + }, + { + "category": "multipath", + "severity": "critical", + "description": "0 value is recommended for features. Can be set in /etc/multipath.conf", + "parameter": "features", + "recommendation": "\"0\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "uniform rr_weight is recommended. Can be set in /etc/multipath.conf", + "parameter": "rr_weight", + "recommendation": "\"uniform\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "rr_min_io_rq 1 is recommended. Can be set in /etc/multipath.conf", + "parameter": "rr_min_io_rq", + "recommendation": "1" + }, + { + "category": "multipath", + "severity": "critical", + "description": "detect_prio yes is recommended. Can be set in /etc/multipath.conf", + "parameter": "detect_prio", + "recommendation": "yes" + } + ], + "Ubuntu": [ + { + "category": "iscsi", + "severity": "warning", + "description": "Automatic startup of iSCSI nodes on boot. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "startup", + "recommendation": "automatic" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Replacement_timeout of 10 seconds is recommended for faster failover of I/O by multipath on path failures. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "replacement_timeout", + "recommendation": "10" + }, + { + "category": "iscsi", + "severity": "warning", + "description": "Minimum interval of 10 seconds is recommended with noop requests. Can be set in /etc/iscsi/iscsid.conf", + "parameter": "noop_out_interval", + "recommendation": "10" + }, + { + "category": "multipath", + "severity": "critical", + "description": "product attribute recommended to be set to VV in /etc/multipath.conf", + "parameter": "product", + "recommendation": "\"VV\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "alua prioritizer is recommended. Can be set in /etc/multipath.conf", + "parameter": "prio", + "recommendation": "alua" + }, + { + "category": "multipath", + "severity": "critical", + "description": "scsi_dh_alua device handler is recommended. Can be set in /etc/multipath.conf", + "parameter": "hardware_handler", + "recommendation": "\"1 alua\"" + }, + { + "category": "multipath", + "severity": "warning", + "description": "immediate failback setting is recommended. Can be set in /etc/multipath.conf", + "parameter": "failback", + "recommendation": "immediate" + }, + { + "category": "multipath", + "severity": "critical", + "description": "queueing is recommended for 150 seconds, with no_path_retry value of 18. Can be set in /etc/multipath.conf", + "parameter": "no_path_retry", + "recommendation": "18" + }, + { + "category": "multipath", + "severity": "warning", + "description": "round-robin 0 path selector is recommended. Can be set in /etc/multipath.conf", + "parameter": "path_selector", + "recommendation": "\"round-robin 0\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "vendor attribute recommended to be set to 3PARdata in /etc/multipath.conf", + "parameter": "vendor", + "recommendation": "\"3PARdata\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "group paths according to ALUA path priority of active/standby. Recommended to be set to group_by_prio in /etc/multipath.conf", + "parameter": "path_grouping_policy", + "recommendation": "group_by_prio" + }, + { + "category": "multipath", + "severity": "critical", + "description": "getuid_callout whitelist is recommended. Can be set in /etc/multipath.conf", + "parameter": "getuid_callout", + "recommendation": "\"/lib/udev/scsi_id --whitelisted --device=/dev/%n\"" + }, + { + "category": "multipath", + "severity": "critical", + "description": "rr_min_io is recommended with value as 100. Can be set in /etc/multipath.conf", + "parameter": "rr_min_io", + "recommendation": "100" + }, + { + "category": "multipath", + "severity": "critical", + "description": " tur checker is recommended. Can be set in /etc/multipath.conf", + "parameter": "checker", + "recommendation": "tur" + }, + { + "category": "multipath", + "severity": "critical", + "description": " tur path checker is recommended. Can be set in /etc/multipath.conf", + "parameter": "path_checker", + "recommendation": "tur" + }, + { + "category": "multipath", + "severity": "critical", + "description": " features 0 is recommended. Can be set in /etc/multipath.conf", + "parameter": "features", + "recommendation": "\"0\"" + } + ] + } + } diff --git a/yaml/csi-driver/v2.5.0/hpe-volumegroup-snapshotgroup-crds.yaml b/yaml/csi-driver/v2.5.0/hpe-volumegroup-snapshotgroup-crds.yaml new file mode 100644 index 00000000..f1e85edc --- /dev/null +++ b/yaml/csi-driver/v2.5.0/hpe-volumegroup-snapshotgroup-crds.yaml @@ -0,0 +1,502 @@ +--- +############################################# +####### HPE Snapshot Group Class CRD ###### +############################################# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: snapshotgroupclasses.storage.hpe.com +spec: + conversion: + strategy: None + group: storage.hpe.com + names: + kind: SnapshotGroupClass + listKind: SnapshotGroupClassList + plural: snapshotgroupclasses + singular: snapshotgroupclass + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SnapshotGroupClass specifies parameters that a underlying + storage system uses when creating a volumegroup snapshot. A specific SnapshotGroupClass + is used by specifying its name in a VolumeGroupSnapshot object. SnapshotGroupClasses + are non-namespaced + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object. + type: string + deletionPolicy: + description: deletionPolicy determines whether a SnapshotGroupContent + created through the SnapshotGroupClass should be deleted when its + bound SnapshotGroup is deleted. Supported values are "Retain" and + "Delete". "Retain" means that the SnapshotGroupContent and its physical + snapshotGroup on underlying storage system are kept. "Delete" means that + the SnapshotGroupContent and its physical snapshotGroup on underlying + storage system are deleted. Required. + enum: + - Delete + - Retain + type: string + snapshotter: + description: snapshotter is the name of the storage driver that handles this + SnapshotGroupClass. Required. + type: string + kind: + description: Kind is a string value representing the REST resource + this object represents. + type: string + parameters: + additionalProperties: + type: string + description: parameters is a key-value map with storage driver specific + parameters for creating snapshotGroups. These values are opaque to Kubernetes. + type: object + required: + - deletionPolicy + - snapshotter + type: object + served: true + storage: true + +--- +############################################# +###### HPE Snapshot Group Contents CRD ###### +############################################# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: snapshotgroupcontents.storage.hpe.com +spec: + conversion: + strategy: None + group: storage.hpe.com + names: + kind: SnapshotGroupContent + listKind: SnapshotGroupContentList + plural: snapshotgroupcontents + singular: snapshotgroupcontent + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SnapshotGroupContent represents the actual "on-disk" snapshotGroup + object in the underlying storage system + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + spec: + description: spec defines properties of a SnapshotGroupContent created + by the underlying storage system. Required. + properties: + deletionPolicy: + description: deletionPolicy determines whether this SnapshotGroupContent + and its physical snapshotgroup on the underlying storage system should + be deleted when its bound SnapshotGroup is deleted. Supported + values are "Retain" and "Delete". "Retain" means that the SnapshotGroupContent + and its physical snapshotGroup on underlying storage system are kept. + "Delete" means that the SnapshotGroupContent and its physical + snapshotGroup on underlying storage system are deleted. + Required. + enum: + - Delete + - Retain + type: string + source: + description: source specifies from where a snapshotGroup will be created.Required. + properties: + snapshotGroupHandle: + description: snapshotGroupHandle specifies the snapshotGroup Id + of a pre-existing snapshotGroup on the underlying storage system. + This field is immutable. + type: string + type: object + snapshotGroupClassName: + description: name of the SnapshotGroupClass to which this snapshotGroup belongs. + type: string + snapshotGroupRef: + description: snapshotGroupRef specifies the SnapshotGroup object + to which this SnapshotGroupContent object is bound. SnapshotGroup.Spec.SnapshotGroupContentName + field must reference to this SnapshotGroupContent's name for + the bidirectional binding to be valid. + Required. + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + volumeSnapshotContentNames: + description: list of volumeSnapshotContentNames associated with this snapshotGroups + type: array + items: + type: string + required: + - deletionPolicy + - source + - snapshotGroupClassName + type: object + required: + - spec + type: object + served: true + storage: true + +--- +############################################# +########### HPE Snapshot Group CRD ########## +############################################# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: snapshotgroups.storage.hpe.com +spec: + conversion: + strategy: None + group: storage.hpe.com + names: + kind: SnapshotGroup + listKind: SnapshotGroupList + plural: snapshotgroups + singular: snapshotgroup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SnapshotGroup is a user's request for creating a snapshotgroup + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents' + type: string + spec: + description: spec defines the desired characteristics of a snapshotGroup + requested by a user. + Required. + properties: + source: + description: source specifies where a snapshotGroup will be created. + This field is immutable after creation. Required. + properties: + kind: + description: kind of the source (VolumeGroup) is the only supported one. + type: string + apiGroup: + description: apiGroup of the source. Current supported is storage.hpe.com + type: string + name: + description: name specifies the volumeGroupName of the VolumeGroup object in the same namespace as the SnapshotGroup object where the snapshotGroup should be dynamically taken from. This field is immutable. + type: string + type: object + volumeSnapshotClassName: + description: name of the volumeSnapshotClass to create pre-provisioned snapshots + type: string + snapshotGroupClassName: + description: snapshotGroupClassName is the name of the SnapshotGroupClass requested by the SnapshotGroup. + type: string + snapshotGroupContentName: + description: snapshotGroupContentName is the name of the snapshotGroupContent the snapshotGroup is bound. + type: string + required: + - source + - volumeSnapshotClassName + - snapshotGroupClassName + type: object + status: + description: status represents the current information of a snapshotGroup. + properties: + creationTime: + description: creationTime is the timestamp when the point-in-time + snapshotGroup is taken by the underlying storage system. + format: date-time + type: string + phase: + description: the state of the snapshotgroup + enum: + - Pending + - Ready + - Failed + type: string + type: object + required: + - spec + type: object + served: true + storage: true + +--- +############################################# +####### HPE Volume Group Class CRD ######## +############################################# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: volumegroupclasses.storage.hpe.com +spec: + conversion: + strategy: None + group: storage.hpe.com + names: + kind: VolumeGroupClass + listKind: VolumeGroupClassList + plural: volumegroupclasses + singular: volumegroupclass + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: VolumeGroupClass specifies parameters that a underlying + storage system uses when creating a volumegroup. A specific VolumeGroupClass + is used by specifying its name in a VolumeGroup object. VolumeGroupClasses + are non-namespaced + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object. + type: string + deletionPolicy: + description: deletionPolicy determines whether a VolumeGroupContent + created through the VolumeGroupClass should be deleted when its + bound VolumeGroup is deleted. Supported values are "Retain" and + "Delete". "Retain" means that the VolumeGroupContent and its physical + volumeGroup on underlying storage system are kept. "Delete" means that + the VolumeGroupContent and its physical volumeGroup on underlying + storage system are deleted. Required. + enum: + - Delete + - Retain + type: string + provisioner: + description: provisioner is the name of the storage driver that handles this + VolumeGroupClass. Required. + type: string + kind: + description: Kind is a string value representing the REST resource + this object represents. + type: string + parameters: + additionalProperties: + type: string + description: parameters is a key-value map with storage driver specific + parameters for creating volumeGroups. These values are opaque to Kubernetes. + type: object + required: + - deletionPolicy + - provisioner + type: object + served: true + storage: true + +--- +############################################# +##### HPE Volume Group Contents CRD ####### +############################################# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: volumegroupcontents.storage.hpe.com +spec: + conversion: + strategy: None + group: storage.hpe.com + names: + kind: VolumeGroupContent + listKind: VolumeGroupContentList + plural: volumegroupcontents + singular: volumegroupcontent + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: VolumeGroupContent represents the actual "on-disk" volumeGroup + object in the underlying storage system + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object. + type: string + kind: + description: Kind is a string value representing the REST resource + this object represents. + type: string + spec: + description: spec defines properties of a VolumeGroupContent created + by the underlying storage system. Required. + properties: + deletionPolicy: + description: deletionPolicy determines whether this VolumeGroupContent + and its physical volumegroup on the underlying storage system should + be deleted when its bound VolumeGroup is deleted. Supported + values are "Retain" and "Delete". "Retain" means that the VolumeGroupContent + and its physical volumeGroup on underlying storage system are kept. + "Delete" means that the VolumeGroupContent and its physical + volumeGroup on underlying storage system are deleted. + Required. + enum: + - Delete + - Retain + type: string + source: + description: source specifies from where a volumeGroup will be created.Required. + properties: + volumeGroupHandle: + description: volumeGroupHandle specifies the volumeGroup Id + of a pre-existing volumeGroup on the underlying storage system. + This field is immutable. + type: string + type: object + volumeGroupClassName: + description: name of the VolumeGroupClass to which this volumeGroup belongs. + type: string + volumeGroupRef: + description: volumeGroupRef specifies the VolumeGroup object + to which this VolumeGroupContent object is bound. VolumeGroup.Spec.VolumeGroupContentName + field must reference to this VolumeGroupContent's name for + the bidirectional binding to be valid. + Required. + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + required: + - deletionPolicy + - source + - volumeGroupClassName + type: object + required: + - spec + type: object + served: true + storage: true + +--- +############################################# +######## HPE Volume Groups CRD ############ +############################################# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: volumegroups.storage.hpe.com +spec: + conversion: + strategy: None + group: storage.hpe.com + names: + kind: VolumeGroup + listKind: VolumeGroupList + plural: volumegroups + singular: volumegroup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: VolumeGroup is a user's request for creating a volumegroup + properties: + apiVersion: + description: APIVersion defines the versioned schema of this representation + of an object. + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents' + type: string + spec: + description: spec defines the desired characteristics of a volumeGroup + requested by a user. + Required. + properties: + volumeGroupClassName: + description: name of the volumeGroupClassName to create volumeGroups + type: string + persistentVolumeClaimNames: + description: persistentVolumeClaimNames are the name of the PVC associated with this volumeGroup. + type: array + items: + type: string + volumeGroupContentName: + description: volumeGroupContentName is the name of the volumeGroupContent to which the volumeGroup is bound. + type: string + required: + - volumeGroupClassName + type: object + status: + description: status represents the current information of a volumeGroup. + properties: + creationTime: + description: creationTime is the timestamp when the point-in-time + volumeGroup is taken by the underlying storage system. + format: date-time + type: string + phase: + description: the state of the volumegroup + enum: + - Pending + - Ready + - Failed + type: string + type: object + required: + - spec + type: object + served: true + storage: true + diff --git a/yaml/csi-driver/v2.5.0/nimble-csp.yaml b/yaml/csi-driver/v2.5.0/nimble-csp.yaml new file mode 100644 index 00000000..36b81234 --- /dev/null +++ b/yaml/csi-driver/v2.5.0/nimble-csp.yaml @@ -0,0 +1,96 @@ +# Configuration to deploy the HPE Nimble Storage CSP service +# +# example usage: kubectl create -f + +--- +################################################### +############ Alletra 5000/6000 CSP Service ####### +################################################### + +kind: Service +apiVersion: v1 +metadata: + name: alletra6000-csp-svc + namespace: hpe-storage + labels: + app: alletra6000-csp-svc +spec: + ports: + - port: 8080 + protocol: TCP + selector: + app: nimble-csp + +--- +############################################# +############ Nimble CSP Service ############ +############################################# + +kind: Service +apiVersion: v1 +metadata: + name: nimble-csp-svc + namespace: hpe-storage + labels: + app: nimble-csp-svc +spec: + ports: + - port: 8080 + protocol: TCP + selector: + app: nimble-csp + +--- +########################################## +############ CSP Deployment ############ +########################################## + +kind: Deployment +apiVersion: apps/v1 +metadata: + name: nimble-csp + namespace: hpe-storage +spec: + selector: + matchLabels: + app: nimble-csp + replicas: 1 + template: + metadata: + labels: + app: nimble-csp + spec: + serviceAccountName: hpe-csp-sa + priorityClassName: system-cluster-critical + containers: + - name: nimble-csp + image: quay.io/hpestorage/alletra-6000-and-nimble-csp:v2.5.0 + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + imagePullPolicy: IfNotPresent + env: + - name: DISABLE_HOST_DELETION + value: "false" + ports: + - containerPort: 8080 + volumeMounts: + - name: log-dir + mountPath: /var/log + volumes: + - name: log-dir + hostPath: + path: /var/log + tolerations: + - effect: NoExecute + key: node.kubernetes.io/not-ready + operator: Exists + tolerationSeconds: 30 + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 30