diff --git a/charts/portworx/Chart.yaml b/charts/portworx/Chart.yaml index 4673b9488..e550fe806 100644 --- a/charts/portworx/Chart.yaml +++ b/charts/portworx/Chart.yaml @@ -1,8 +1,8 @@ name: portworx -version: 2.13.3 +version: 2.14.0 description: A Helm chart for installing Portworx on Kubernetes. kubeVersion: ">=1.10.0" -appVersion: "2.13.3" +appVersion: 2.13.3 apiVersion: v1 keywords: - Storage diff --git a/charts/portworx/templates/_helpers.tpl b/charts/portworx/templates/_helpers.tpl index 2211710f1..595bb6f40 100644 --- a/charts/portworx/templates/_helpers.tpl +++ b/charts/portworx/templates/_helpers.tpl @@ -25,13 +25,6 @@ release: {{ .Release.Name | quote }} {{$version := .Capabilities.KubeVersion.GitVersion | regexFind "^v\\d+\\.\\d+\\.\\d+"}}{{$version}} {{- end -}} -{{- define "px.kubectlImageTag" -}} -{{$version := .Capabilities.KubeVersion.GitVersion | regexFind "^v\\d+\\.\\d+\\.\\d+" | trimPrefix "v" | split "."}} -{{- $major := index $version "_0" -}} -{{- $minor := index $version "_1" -}} -{{printf "%s.%s" $major $minor }} -{{- end -}} - {{- define "px.getPxOperatorImage" -}} {{- if (.Values.customRegistryURL) -}} {{- if (eq "/" (.Values.customRegistryURL | regexFind "/")) -}} @@ -232,7 +225,6 @@ Generate a random token for storage provisioning {{- end -}} - {{- define "px.affinityPxEnabledValue" -}} {{- if .Values.requirePxEnabledTag -}} {{- "true" | quote }} @@ -243,19 +235,19 @@ Generate a random token for storage provisioning {{- define "px.deprecatedKvdbArgs" }} {{- $result := "" }} -{{- if ne .Values.etcd.credentials "none:none" }} +{{- if ne .Values.etcd.credentials "null" }} {{- $result = printf "%s -userpwd %s" $result .Values.etcd.credentials }} {{- end }} -{{- if ne .Values.etcd.ca "none" }} +{{- if ne .Values.etcd.ca "null" }} {{- $result = printf "%s -ca %s" $result .Values.etcd.ca }} {{- end }} -{{- if ne .Values.etcd.cert "none" }} +{{- if ne .Values.etcd.cert "null" }} {{- $result = printf "%s -cert %s" $result .Values.etcd.cert }} {{- end }} -{{- if ne .Values.etcd.key "none" }} +{{- if ne .Values.etcd.key "null" }} {{- $result = printf "%s -key %s" $result .Values.etcd.key }} {{- end }} -{{- if ne .Values.consul.token "none" }} +{{- if ne .Values.consul.token "null" }} {{- $result = printf "%s -acltoken %s" $result .Values.consul.token }} {{- end }} {{- trim $result }} @@ -266,7 +258,7 @@ Generate a random token for storage provisioning {{- if (include "px.deprecatedKvdbArgs" .) }} {{- $result = printf "%s %s" $result (include "px.deprecatedKvdbArgs" .) }} {{- end }} -{{- if ne .Values.miscArgs "none" }} +{{- if ne .Values.miscArgs "null" }} {{- $result = printf "%s %s" $result .Values.miscArgs }} {{- end }} {{- trim $result }} @@ -277,7 +269,7 @@ Generate a random token for storage provisioning {{- if (default false .Values.isTargetOSCoreOS) }} {{- $result = true }} {{- end }} -{{- if ne (default "none" .Values.etcd.certPath) "none" }} +{{- if ne (default "null" .Values.etcd.certPath) "null" }} {{- $result = true }} {{- end }} {{- if .Values.volumes }} diff --git a/charts/portworx/templates/clusterrole.yaml b/charts/portworx/templates/clusterrole.yaml new file mode 100644 index 000000000..f06460d80 --- /dev/null +++ b/charts/portworx/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: portworx-operator +rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + {{- if semverCompare "<1.25" (.Capabilities.KubeVersion.Version) }} + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["px-operator"] + verbs: ["use"] + {{- end }} \ No newline at end of file diff --git a/charts/portworx/templates/clusterrolebinding.yaml b/charts/portworx/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..12b5e7411 --- /dev/null +++ b/charts/portworx/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: portworx-operator +subjects: + - kind: ServiceAccount + name: portworx-operator + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: portworx-operator + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/charts/portworx/templates/clustertoken-serviceaccount.yaml b/charts/portworx/templates/clustertoken-serviceaccount.yaml new file mode 100644 index 000000000..8831182b8 --- /dev/null +++ b/charts/portworx/templates/clustertoken-serviceaccount.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.clusterToken.serviceAccountName }} + annotations: + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed + helm.sh/hook: post-install + labels: + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" \ No newline at end of file diff --git a/charts/portworx/templates/deployment.yaml b/charts/portworx/templates/deployment.yaml new file mode 100644 index 000000000..7a4dc3d54 --- /dev/null +++ b/charts/portworx/templates/deployment.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: portworx-operator + namespace: {{ .Release.Namespace }} +spec: + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + replicas: 1 + selector: + matchLabels: + name: portworx-operator + template: + metadata: + labels: + name: portworx-operator + spec: + containers: + - name: portworx-operator + imagePullPolicy: {{ .Values.operator.image.pullPolicy }} + image: "{{ .Values.operator.image.repository }}:{{ default .Chart.AppVersion .Values.operator.image.tag }}" + command: + - /operator + - --verbose + - --driver=portworx + - --leader-elect=true + env: + - name: OPERATOR_NAME + value: portworx-operator + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "name" + operator: In + values: + - portworx-operator + topologyKey: "kubernetes.io/hostname" + {{- if .Values.global.image.pullSecret }} + imagePullSecrets: + - name: {{ .Values.global.image.pullSecret }} + {{- end }} + serviceAccountName: portworx-operator diff --git a/charts/portworx/templates/hooks/clusterrole.yaml b/charts/portworx/templates/hooks/clusterrole.yaml new file mode 100644 index 000000000..bde5d28fa --- /dev/null +++ b/charts/portworx/templates/hooks/clusterrole.yaml @@ -0,0 +1,15 @@ +--- +kind: ClusterRole +apiVersion: {{ template "rbac.apiVersion" . }} +metadata: + annotations: + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook: post-install,pre-upgrade,pre-delete + name: {{ template "px.hookClusterRole" . }} +rules: + # for daemonset to operator migration, we need hooks for all resources deployed by daemonset, due to resources are + # different in different helm charts (GCP, IKS, Rancher and portworx), we use wild card here. After daemonset + # migration is finished for all customers we shall change this back to limited access. + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] \ No newline at end of file diff --git a/charts/portworx/templates/hooks/clusterrolebinding.yaml b/charts/portworx/templates/hooks/clusterrolebinding.yaml new file mode 100644 index 000000000..7bfaacbe0 --- /dev/null +++ b/charts/portworx/templates/hooks/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +--- +kind: ClusterRoleBinding +apiVersion: {{ template "rbac.apiVersion" . }} +metadata: + annotations: + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook: "post-install,pre-upgrade,pre-delete" + name: {{ template "px.hookClusterRoleBinding" . }} +subjects: + - kind: ServiceAccount + name: {{ template "px.hookServiceAccount" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ template "px.hookClusterRole" . }} + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/charts/portworx/templates/hooks/post-install/px-create-cluster-token.yaml b/charts/portworx/templates/hooks/post-install/px-create-cluster-token.yaml index b943fdbc9..b22a61873 100644 --- a/charts/portworx/templates/hooks/post-install/px-create-cluster-token.yaml +++ b/charts/portworx/templates/hooks/post-install/px-create-cluster-token.yaml @@ -1,42 +1,34 @@ -{{- if (.Values.clusterToken.create) }} - {{- $customRegistryURL := .Values.customRegistryURL | default "none" }} - {{- $registrySecret := .Values.registrySecret | default "none" }} - +{{- if .Values.clusterToken.create }} apiVersion: batch/v1 kind: Job metadata: - namespace: {{ template "px.getDeploymentNamespace" . }} name: px-set-cluster-token labels: - heritage: {{.Release.Service | quote }} - release: {{.Release.Name | quote }} - chart: "{{.Chart.Name}}-{{.Chart.Version}}" - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{.Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + helm.sh/hook: post-install + helm.sh/hook-weight: "10" + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded spec: backoffLimit: 0 template: spec: - {{- if not (eq $registrySecret "none") }} + {{- if .Values.global.image.pullSecret }} imagePullSecrets: - - name: {{ $registrySecret }} + - name: {{ .Values.global.image.pullSecret }} {{- end }} restartPolicy: Never serviceAccountName: {{ .Values.clusterToken.serviceAccountName }} containers: - name: post-install-job - {{- if eq $customRegistryURL "none" }} - image: "bitnami/kubectl:{{ template "px.kubectlImageTag" . }}" - {{- else}} - image: "{{ $customRegistryURL }}/bitnami/kubectl:{{ template "px.kubectlImageTag" . }}" - {{- end }} + image: "{{ .Values.kubectl.image.repository }}:{{ default .Capabilities.KubeVersion.Version .Values.kubectl.image.tag }}" env: - name: NS - value: {{ template "px.getDeploymentNamespace" . }} + value: {{ .Release.Namespace }} - name: KEY value: cluster-wide-secret-key command: ['/bin/bash', '-c'] @@ -46,14 +38,10 @@ spec: kubectl -n $NS exec -c portworx $readyPortworxPod -- /opt/pwx/bin/pxctl secrets set-cluster-key --secret $KEY initContainers: - name: post-install-job-init - {{- if eq $customRegistryURL "none" }} - image: "bitnami/kubectl:{{ template "px.kubectlImageTag" . }}" - {{- else}} - image: "{{ $customRegistryURL }}/bitnami/kubectl:{{ template "px.kubectlImageTag" . }}" - {{- end }} + image: "{{ .Values.kubectl.image.repository }}:{{ default .Capabilities.KubeVersion.Version .Values.kubectl.image.tag }}" env: - name: NS - value: {{ template "px.getDeploymentNamespace" . }} + value: {{ .Release.Namespace }} command: ['/bin/bash', '-c'] args: - | @@ -64,71 +52,4 @@ spec: sleep 5 output=$(kubectl -n $NS get pods -l name=portworx -o 'jsonpath={..status.conditions[?(@.type=="Ready")].status}') done ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.clusterToken.serviceAccountName }} - namespace: {{ template "px.getDeploymentNamespace" . }} - annotations: - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed - "helm.sh/hook": "post-install" - labels: - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{.Release.Name | quote }} - chart: "{{.Chart.Name}}-{{.Chart.Version}}" ---- -kind: Role -apiVersion: {{ template "rbac.apiVersion" . }} -metadata: - annotations: - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed - "helm.sh/hook": post-install - name: {{ .Values.clusterToken.serviceAccountName }}-role - namespace: {{ template "px.getDeploymentNamespace" . }} -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "watch", "list" ] - - apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] ---- -kind: RoleBinding -apiVersion: {{ template "rbac.apiVersion" . }} -metadata: - annotations: - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed - "helm.sh/hook": post-install - name: {{ .Values.clusterToken.serviceAccountName }}-binding - namespace: {{ template "px.getDeploymentNamespace" . }} -subjects: - - kind: ServiceAccount - name: {{ .Values.clusterToken.serviceAccountName }} - namespace: {{ template "px.getDeploymentNamespace" . }} -roleRef: - kind: Role - name: {{ .Values.clusterToken.serviceAccountName }}-role - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: Secret -metadata: - annotations: - "helm.sh/hook-delete-policy": before-hook-creation - "helm.sh/hook": post-install - name: {{ .Values.clusterToken.secretName }} - namespace: portworx - labels: - name: {{ .Values.clusterToken.secretName }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{.Release.Name | quote }} - chart: "{{.Chart.Name}}-{{.Chart.Version}}" -type: "Opaque" -data: - cluster-wide-secret-key: {{ template "portworx-cluster-key" }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/portworx/templates/hooks/pre-delete/delete-storagecluster.yaml b/charts/portworx/templates/hooks/pre-delete/delete-storagecluster.yaml index a46325fb8..14449c096 100644 --- a/charts/portworx/templates/hooks/pre-delete/delete-storagecluster.yaml +++ b/charts/portworx/templates/hooks/pre-delete/delete-storagecluster.yaml @@ -1,41 +1,33 @@ {{- if .Values.deployCluster }} -{{- $customRegistryURL := .Values.customRegistryURL | default "none" }} -{{- $registrySecret := .Values.registrySecret | default "none" }} -{{- $clusterName := .Values.clusterName }} - +--- apiVersion: batch/v1 kind: Job metadata: - namespace: {{ template "px.getDeploymentNamespace" . }} name: px-hook-delete-storagecluster labels: - heritage: {{.Release.Service | quote }} - release: {{.Release.Name | quote }} - chart: "{{.Chart.Name}}-{{.Chart.Version}}" - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{.Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation + helm.sh/hook: pre-delete + helm.sh/hook-weight: "10" + helm.sh/hook-delete-policy: before-hook-creation spec: backoffLimit: 0 template: spec: - {{- if not (eq $registrySecret "none") }} + {{- if .Values.global.image.pullSecret }} imagePullSecrets: - - name: {{ $registrySecret }} + - name: {{ .Values.global.image.pullSecret }} {{- end }} serviceAccountName: {{ template "px.hookServiceAccount" . }} restartPolicy: Never containers: - name: delete-storagecluster - {{- if eq $customRegistryURL "none" }} - image: "bitnami/kubectl:{{ template "px.kubectlImageTag" . }}" - {{- else}} - image: "{{ $customRegistryURL }}/bitnami/kubectl:{{ template "px.kubectlImageTag" . }}" - {{- end}} + image: "{{ .Values.kubectl.image.repository }}:{{ default .Capabilities.KubeVersion.Version .Values.kubectl.image.tag }}" command: ['/bin/sh', '-c', - 'kubectl -n {{ template "px.getDeploymentNamespace" . }} delete storagecluster {{ $clusterName }} --ignore-not-found'] + 'kubectl -n {{ .Release.Namespace }} delete storagecluster {{ .Values.clusterName }} --ignore-not-found'] {{- end }} diff --git a/charts/portworx/templates/hooks/pre-upgrade/retain-daemonset-install.yaml b/charts/portworx/templates/hooks/pre-upgrade/retain-daemonset-install.yaml index 69f21fdc9..d9f6a3048 100644 --- a/charts/portworx/templates/hooks/pre-upgrade/retain-daemonset-install.yaml +++ b/charts/portworx/templates/hooks/pre-upgrade/retain-daemonset-install.yaml @@ -1,58 +1,50 @@ -{{- $customRegistryURL := .Values.customRegistryURL | default "none" }} -{{- $registrySecret := .Values.registrySecret | default "none" }} - apiVersion: batch/v1 kind: Job metadata: - namespace: {{ template "px.getDeploymentNamespace" . }} name: px-hook-retain-daemonset-resources labels: - heritage: {{.Release.Service | quote }} - release: {{.Release.Name | quote }} - chart: "{{.Chart.Name}}-{{.Chart.Version}}" - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{.Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} annotations: - "helm.sh/hook": pre-upgrade - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation + helm.sh/hook: pre-upgrade + helm.sh/hook-weight: "10" + helm.sh/hook-delete-policy: before-hook-creation spec: template: spec: - {{- if not (eq $registrySecret "none") }} + {{- if .Values.global.image.pullSecret }} imagePullSecrets: - - name: {{ $registrySecret }} + - name: {{ .Values.global.image.pullSecret }} {{- end }} serviceAccountName: {{ template "px.hookServiceAccount" . }} restartPolicy: Never containers: - name: retain-px-daemonset - {{- if eq $customRegistryURL "none" }} - image: "bitnami/kubectl:{{ template "px.kubectlImageTag" . }}" - {{- else}} - image: "{{ $customRegistryURL }}/bitnami/kubectl:{{ template "px.kubectlImageTag" . }}" - {{- end}} + image: "{{ .Values.kubectl.image.repository }}:{{ default .Capabilities.KubeVersion.Version .Values.kubectl.image.tag }}" command: ['/bin/sh', '-c', - 'kubectl -n kube-system annotate DaemonSet portworx-api helm.sh/resource-policy=keep --overwrite; - kubectl -n kube-system annotate DaemonSet portworx helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Service stork-service helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Service prometheus helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Service portworx-service helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Service autopilot helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Service grafana helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Service alertmanager-portworx helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Service px-csi-service helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Service portworx-api helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Deployment stork-scheduler helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Deployment px-csi-ext helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Deployment autopilot helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Deployment grafana helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Deployment stork helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Deployment prometheus-operator helm.sh/resource-policy=keep --overwrite || true; + 'kubectl -n {{ .Release.Namespace }} annotate DaemonSet portworx-api helm.sh/resource-policy=keep --overwrite; + kubectl -n {{ .Release.Namespace }} annotate DaemonSet portworx helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Service stork-service helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Service prometheus helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Service portworx-service helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Service autopilot helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Service grafana helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Service alertmanager-portworx helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Service px-csi-service helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Service portworx-api helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Deployment stork-scheduler helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Deployment px-csi-ext helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Deployment autopilot helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Deployment grafana helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Deployment stork helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Deployment prometheus-operator helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate RoleBinding px-role-binding helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Role px-role helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate RoleBinding px-role-binding helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Role px-role helm.sh/resource-policy=keep --overwrite || true; kubectl annotate ClusterRoleBinding stork-scheduler-role-binding helm.sh/resource-policy=keep --overwrite || true; kubectl annotate ClusterRoleBinding stork-role-binding helm.sh/resource-policy=keep --overwrite || true; kubectl annotate ClusterRoleBinding node-role-binding helm.sh/resource-policy=keep --overwrite || true; @@ -75,23 +67,23 @@ spec: kubectl annotate StorageClass portworx-null-sc helm.sh/resource-policy=keep --overwrite || true; kubectl annotate StorageClass portworx-db-sc helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ConfigMap grafana-dashboard-config helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ConfigMap autopilot-config helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ConfigMap grafana-dashboards helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ConfigMap grafana-source-config helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ConfigMap stork-config helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ConfigMap grafana-dashboard-config helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ConfigMap autopilot-config helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ConfigMap grafana-dashboards helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ConfigMap grafana-source-config helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ConfigMap stork-config helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ServiceAccount stork-scheduler-account helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ServiceAccount px-account helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ServiceAccount prometheus-operator helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ServiceAccount px-csi-account helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ServiceAccount stork-account helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ServiceAccount prometheus helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ServiceAccount autopilot-account helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ServiceAccount stork-scheduler-account helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ServiceAccount px-account helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ServiceAccount prometheus-operator helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ServiceAccount px-csi-account helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ServiceAccount stork-account helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ServiceAccount prometheus helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ServiceAccount autopilot-account helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Alertmanager portworx helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Alertmanager portworx helm.sh/resource-policy=keep --overwrite || true; kubectl annotate CSIDriver pxd.portworx.com helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate Prometheus prometheus helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate PrometheusRule prometheus-portworx-rules-portworx.rules.yaml helm.sh/resource-policy=keep --overwrite || true; - kubectl -n kube-system annotate ServiceMonitor portworx-prometheus-sm helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate Prometheus prometheus helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate PrometheusRule prometheus-portworx-rules-portworx.rules.yaml helm.sh/resource-policy=keep --overwrite || true; + kubectl -n {{ .Release.Namespace }} annotate ServiceMonitor portworx-prometheus-sm helm.sh/resource-policy=keep --overwrite || true; '] diff --git a/charts/portworx/templates/hooks/secret.yaml b/charts/portworx/templates/hooks/secret.yaml new file mode 100644 index 000000000..cc41e2bcb --- /dev/null +++ b/charts/portworx/templates/hooks/secret.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + helm.sh/hook-delete-policy: before-hook-creation + helm.sh/hook: post-install + name: {{ .Values.clusterToken.secretName }} + namespace: portworx + labels: + name: {{ .Values.clusterToken.secretName }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +type: "Opaque" +data: + cluster-wide-secret-key: {{ template "portworx-cluster-key" }} \ No newline at end of file diff --git a/charts/portworx/templates/hooks/serviceaccount.yaml b/charts/portworx/templates/hooks/serviceaccount.yaml new file mode 100644 index 000000000..6c8ce5ea1 --- /dev/null +++ b/charts/portworx/templates/hooks/serviceaccount.yaml @@ -0,0 +1,16 @@ +--- +{{- if .Values.serviceAccount.hook.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "px.hookServiceAccount" . }} + annotations: + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook: post-install,pre-upgrade,pre-delete + labels: + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +{{- end }} \ No newline at end of file diff --git a/charts/portworx/templates/portworx-k8s-secrets.yaml b/charts/portworx/templates/portworx-k8s-secrets.yaml deleted file mode 100644 index c9838ef5d..000000000 --- a/charts/portworx/templates/portworx-k8s-secrets.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{- $secretType := .Values.secretType | default "k8s" }} - -{{- if eq $secretType "k8s" }} -apiVersion: v1 -kind: Namespace -metadata: - name: portworx -{{- end -}} diff --git a/charts/portworx/templates/psp.yaml b/charts/portworx/templates/psp.yaml new file mode 100644 index 000000000..b8d135dc7 --- /dev/null +++ b/charts/portworx/templates/psp.yaml @@ -0,0 +1,20 @@ +{{- if (semverCompare "<1.25" (.Capabilities.KubeVersion.GitVersion | regexFind "^v\\d+\\.\\d+\\.\\d+"| trimPrefix "v"))}} +--- +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: px-operator +spec: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: false + volumes: + - secret + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' +{{- end }} \ No newline at end of file diff --git a/charts/portworx/templates/role.yaml b/charts/portworx/templates/role.yaml new file mode 100644 index 000000000..23ed569b0 --- /dev/null +++ b/charts/portworx/templates/role.yaml @@ -0,0 +1,15 @@ +--- +kind: Role +apiVersion: {{ template "rbac.apiVersion" . }} +metadata: + annotations: + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed + helm.sh/hook: post-install + name: {{ .Values.clusterToken.serviceAccountName }}-role +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "watch", "list" ] + - apiGroups: [""] + resources: ["pods/exec"] + verbs: ["create"] \ No newline at end of file diff --git a/charts/portworx/templates/rolebinding.yaml b/charts/portworx/templates/rolebinding.yaml new file mode 100644 index 000000000..d0a86078d --- /dev/null +++ b/charts/portworx/templates/rolebinding.yaml @@ -0,0 +1,16 @@ +--- +kind: RoleBinding +apiVersion: {{ template "rbac.apiVersion" . }} +metadata: + annotations: + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded,hook-failed + helm.sh/hook: post-install + name: {{ .Values.clusterToken.serviceAccountName }}-binding +subjects: + - kind: ServiceAccount + name: {{ .Values.clusterToken.serviceAccountName }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ .Values.clusterToken.serviceAccountName }}-role + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/charts/portworx/templates/serviceaccount-hook.yaml b/charts/portworx/templates/serviceaccount-hook.yaml index 114528e26..e6f9fb99e 100644 --- a/charts/portworx/templates/serviceaccount-hook.yaml +++ b/charts/portworx/templates/serviceaccount-hook.yaml @@ -1,5 +1,4 @@ - -{{- if (.Values.serviceAccount.hook.create) }} +{{- if .Values.serviceAccount.hook.create }} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/portworx/templates/serviceaccount.yaml b/charts/portworx/templates/serviceaccount.yaml new file mode 100644 index 000000000..44ed728f1 --- /dev/null +++ b/charts/portworx/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: portworx-operator \ No newline at end of file diff --git a/charts/portworx/templates/storage-cluster.yaml b/charts/portworx/templates/storage-cluster.yaml index 5c821a35f..3532d3842 100644 --- a/charts/portworx/templates/storage-cluster.yaml +++ b/charts/portworx/templates/storage-cluster.yaml @@ -1,193 +1,84 @@ {{- if and (.Values.deployCluster) (or (not (lookup "apps/v1" "DaemonSet" "kube-system" "portworx")) (default true .Values.generateStorageClusterForMigration)) }} - - {{- $isCoreOS := .Values.isTargetOSCoreOS | default false }} - {{- $internalKVDB := .Values.internalKVDB | default false }} - {{- $etcdEndPoints := .Values.etcdEndPoint }} - {{- $etcdCertPath := .Values.etcd.certPath | default "none" }} - {{- $etcdCert := .Values.etcd.cert | default "none" }} - {{- $etcdKey := .Values.etcd.key | default "none" }} - {{- $kvdbAuthSecret := .Values.kvdb.authSecretName | default "none" }} - {{- $openshiftInstall := .Values.openshiftInstall | default false }} - {{- $EKSInstall := .Values.EKSInstall | default false }} - {{- $pksInstall := .Values.pksInstall | default false }} - {{- $AKSInstall := .Values.AKSInstall | default false }} - {{- $OKEInstall := .Values.OKEInstall | default false }} - {{- $usefileSystemDrive := .Values.usefileSystemDrive | default false }} - {{- $usedrivesAndPartitions := .Values.usedrivesAndPartitions | default false }} - {{- $secretType := .Values.secretType | default "k8s" }} - {{- $deployEnvironmentIKS := .Capabilities.KubeVersion.GitVersion | regexMatch "IKS" }} - {{- $drives := .Values.drives | default "none" }} - {{- $dataInterface := .Values.dataInterface | default "none" }} - {{- $managementInterface := .Values.managementInterface | default "none" }} - {{- $envVars := .Values.envVars | default "none" }} - {{- $customRegistryURL := .Values.customRegistryURL | default "none" }} - {{- $registrySecret := .Values.registrySecret | default "none" }} - {{- $licenseSecret := .Values.licenseSecret | default "none" }} - {{- $kvdbDevice := .Values.kvdbDevice | default "none" }} - {{- $journalDevice := .Values.journalDevice | default "none" }} - {{- $miscArgs := include "px.miscArgs" . }} - {{- $volumesPresent := include "px.volumesPresent" . }} - +--- kind: StorageCluster apiVersion: core.libopenstorage.org/v1 metadata: name: "{{ required "Clustername cannot be empty" .Values.clusterName }}" - namespace: {{ template "px.getDeploymentNamespace" . }} annotations: - {{- if eq $openshiftInstall true }} + {{- if .Values.openshiftInstall }} portworx.io/is-openshift: "true" {{- end }} - {{- if eq $pksInstall true }} + {{- if .Values.pksInstall }} portworx.io/is-pks: "true" {{- end }} - {{- if eq $EKSInstall true }} + {{- if .Values.EKSInstall }} portworx.io/is-eks: "true" {{- end }} - {{- if eq $AKSInstall true }} + {{- if .Values.AKSInstall }} portworx.io/is-aks: "true" {{- end }} - {{- if eq $OKEInstall true }} + {{- if .Values.OKEInstall }} portworx.io/is-oke: "true" {{- end }} - {{- if $miscArgs }} - portworx.io/misc-args: {{ $miscArgs | quote }} + {{- if .Values.miscArgs }} + portworx.io/misc-args: {{ .Values.miscArgs | quote }} {{- end }} - {{- if eq .Values.disableStorageClass true }} - portworx.io/disable-storage-class: "true" - {{- end }} - {{- if and (ne .Values.serviceType "") (ne .Values.serviceType "none") }} + portworx.io/disable-storage-class: {{ .Values.disableStorageClass | quote }} + {{- if .Values.serviceType }} portworx.io/service-type: {{ .Values.serviceType | quote }} {{- end }} {{- if (lookup "apps/v1" "DaemonSet" "kube-system" "portworx") }} portworx.io/migration-approved: "false" {{- end }} labels: - heritage: {{.Release.Service | quote }} - release: {{.Release.Name | quote }} - chart: "{{.Chart.Name}}-{{.Chart.Version}}" - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{.Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} spec: - image: portworx/oci-monitor:{{ required "A valid Image tag is required in the SemVer format" .Values.imageVersion }} - imagePullPolicy: Always - {{- if not (eq $customRegistryURL "none") }} - customImageRegistry: {{ $customRegistryURL }} - {{- end }} - {{- if not (eq $registrySecret "none") }} - imagePullSecret: {{ $registrySecret }} - {{- end }} - + image: "{{ .Values.ociMonitor.image.repository }}:{{ default .Chart.AppVersion .Values.ociMonitor.image.tag }}" + imagePullPolicy: {{ .Values.ociMonitor.image.pullPolicy }} + customImageRegistry: {{ .Values.customRegistryURL }} + imagePullSecret: {{ .Values.global.image.pullSecret }} kvdb: - {{- if eq $internalKVDB true }} - internal: true - {{- else }} - internal: false - {{- if empty $etcdEndPoints }} - "{{ required "A valid ETCD url in the format etcd:http:// is required. Verify that the key is correct and there isnt any typo in specifying that, also ensure it is accessible from all node of your kubernetes cluster" .etcdEndPoint}}" - {{- else }} + internal: {{ .Values.kvdb.internal }} + {{- with .Values.etcd.endpoints }} endpoints: - {{- $endpoints := $etcdEndPoints | split ";" }} - {{- range $key, $val := $endpoints }} - - {{$val}} - {{- end }} + {{- toYaml . | nindent 6 }} {{- end }} - {{- if ne $kvdbAuthSecret "none" }} authSecret: {{ .Values.kvdb.authSecretName }} - {{- end }} - {{- end }} - -{{- if and (ne $drives "none") (not (hasPrefix "/" $drives)) }} - cloudStorage: - deviceSpecs: - {{- $driveNames := $drives | split ";" }} - {{- range $index, $name := $driveNames }} - - {{ $name }} - {{- end }} - {{- if and (ne $kvdbDevice "none") (not (hasPrefix "/" $kvdbDevice)) }} - kvdbDeviceSpec: {{ $kvdbDevice }} - {{- end }} - {{- if and (ne $journalDevice "none") (not (hasPrefix "/" $journalDevice)) }} - journalDeviceSpec: {{ $journalDevice }} - {{- end }} - {{- if ne (.Values.maxStorageNodesPerZone | int) 0 }} - maxStorageNodesPerZone: {{ .Values.maxStorageNodesPerZone }} - {{- end }} -{{- else }} - {{- if $AKSInstall }} + {{- with .Values.cloudStorage }} cloudStorage: - deviceSpecs: - - type=Premium_LRS,size=150 - {{- if and (ne $kvdbDevice "none") (not (hasPrefix "/" $kvdbDevice)) }} - kvdbDeviceSpec: {{ $kvdbDevice }} - {{- end }} - {{- if and (ne $journalDevice "none") (not (hasPrefix "/" $journalDevice)) }} - journalDeviceSpec: {{ $journalDevice }} - {{- end }} - {{- if gt (.Values.maxStorageNodesPerZone | int) 0 }} - maxStorageNodesPerZone: {{ .Values.maxStorageNodesPerZone }} - {{- end }} - {{- else }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.storage }} storage: - {{- if hasPrefix "/" $drives }} - devices: - {{- $driveNames := $drives | split ";" }} - {{- range $index, $name := $driveNames }} - - {{ $name }} - {{- end }} - {{- end }} - {{- if or $usefileSystemDrive $deployEnvironmentIKS }} - forceUseDisks: true - {{- end }} - {{- if eq $usedrivesAndPartitions true }} - useAllWithPartitions: true - {{- else }} - useAll: true - {{- end }} - {{- if and (ne $kvdbDevice "none") (hasPrefix "/" $kvdbDevice) }} - kvdbDevice: {{ $kvdbDevice }} - {{- end }} - {{- if and (ne $journalDevice "none") (or (hasPrefix "/" $journalDevice) (eq "auto" $journalDevice)) }} - journalDevice: {{ $journalDevice }} - {{- end }} + {{- toYaml . | nindent 4 }} {{- end }} -{{- end }} - - {{- if or (ne $dataInterface "none") (ne $managementInterface "none") }} + kvdbDeviceSpec: {{ .Values.kvdb.device }} + journalDeviceSpec: {{ .Values.journalDevice }} + maxStorageNodesPerZone: {{ .Values.maxStorageNodesPerZone }} + forceUseDisks: {{ .Values.forceUseDisks }} + useAllWithPartitions: {{ .Values.useAllWithPartitions }} + useAll: {{ .Values.useAll }} + kvdbDevice: {{ .Values.kvdb.device }} + journalDevice: {{ .Values.journalDevice }} network: - {{- if ne $dataInterface "none" }} - dataInterface: {{ $dataInterface }} - {{- end }} - {{- if ne $managementInterface "none" }} - mgmtInterface: {{ $managementInterface }} - {{- end }} - {{- end }} - - {{- if ne $secretType "none" }} - secretsProvider: {{$secretType}} - {{- else }} - {{- if $deployEnvironmentIKS }} - secretsProvider: ibm-kp - {{- end }} - {{- end }} - + dataInterface: {{ .Values.network.dataInterface }} + mgmtInterface: {{ .Values.network.mgmtInterface }} + secretsProvider: {{ .Values.secretsProvider }} env: - {{- with .Values.envs }} + {{- with .Values.extraEnv }} {{- toYaml . | nindent 2 }} - {{- end -}} - {{- if not (eq $envVars "none") }} - {{- $vars := $envVars | split ";" }} - {{- range $key, $val := $vars }} - {{- $envVariable := $val | split "=" }} - - name: {{ $envVariable._0 | trim | quote }} - value: {{ $envVariable._1 | trim | quote }} - {{- end }} {{- end }} - {{- if ne $licenseSecret "none" }} + {{- end }} + {{- if and .Values.licenseSecret.name .Values.licenseSecret.key }} - name: SAAS_ACCOUNT_KEY_STRING valueFrom: secretKeyRef: - name: "{{ $licenseSecret }}" - key: accountKey + name: {{ .Values.licenseSecret.name }} + key: {{ .Values.licenseSecret.key }} {{- end }} {{- if .Values.AKSInstall }} - name: AZURE_CLIENT_SECRET @@ -221,32 +112,21 @@ spec: value: "/etc/pwx/oci_key/oci_api_key.pem" {{- end }} - name: PX_SECRETS_NAMESPACE - value: portworx - + value: {{ .Release.Namespace }} stork: - {{- if (and (.Values.stork) (eq .Values.stork true))}} - enabled: true - {{- if .Values.storkVersion }} - image: {{ template "px.getStorkImage" . }}:{{ required "A valid Image tag is required in the SemVer format" .Values.storkVersion }} - {{- end }} + enabled: {{ .Values.stork.enabled }} + image: "{{ .Values.stork.image.repository }}:{{ default .Chart.AppVersion .Values.stork.image.tag }}" {{- with .Values.storkSpec.volumes }} volumes: {{- toYaml . | nindent 4 }} {{- end -}} - {{- if .Values.storkSpec.args }} + {{- with .Values.storkSpec.extraArgs }} args: - {{- $args := .Values.storkSpec.args | split ";" }} - {{- range $key, $val := $args }} - {{- $arg := $val | split "=" }} - {{ $arg._0 | trim }}: {{ $arg._1 | trim | quote -}} - {{- end }} - {{- end }} - {{- else }} - enabled: false + {{- toYaml . | nindent 4 }} {{- end }} - - {{- if eq $volumesPresent "true" }} volumes: + - name: tmp + emptyDir: {} {{- if .Values.OKEInstall }} - name: ociapikey mountPath: /etc/pwx/oci_key @@ -256,67 +136,41 @@ spec: - key: oci_api_key.pem path: oci_api_key.pem {{- end }} - {{- if eq $isCoreOS true}} + {{- if .Values.isTargetOSCoreOS }} - name: src mountPath: /lib/modules hostPath: path: /lib/modules type: Directory {{- end }} - {{- if ne $etcdCertPath "none" }} + {{- if .Values.etcd.enableCerts }} - name: etcdcerts mountPath: /etc/pwx/etcdcerts secret: - secretName: px-etcd-certs + secretName: {{ .Values.etcd.secretName }} items: - key: ca.pem path: ca.pem - {{- if ne $etcdCert "none" }} - key: client.pem path: client.pem - {{- end -}} - {{- if ne $etcdKey "none" }} - key: client-key.pem path: client-key.key - {{- end -}} - {{- end}} + {{- end }} {{- with .Values.volumes }} {{- toYaml . | nindent 2 }} - {{- end}} {{- end }} - - {{- if (or (and (.Values.monitoring) (eq .Values.monitoring true)) (and (.Values.telemetry) (eq .Values.telemetry true) )) }} + {{- with .Values.monitoring }} monitoring: - {{- if (and (.Values.monitoring) (eq .Values.monitoring true)) }} - prometheus: - enabled: true - exportMetrics: true - alertManager: - enabled: true - {{- end }} - {{- if (and (.Values.telemetry) (eq .Values.telemetry true)) }} - telemetry: - enabled: true - {{- end }} + {{- toYaml . | nindent 4 }} {{- end }} - - {{- if or (eq .Values.csi true) (eq .Values.csi false) }} csi: - enabled: {{ .Values.csi }} - {{- end }} - {{- if (and (.Values.aut) (eq .Values.aut true))}} + enabled: {{ .Values.csi.enabled }} autopilot: - enabled: true - {{- end }} - + enabled: {{ .Values.autopilot.enabled }} {{- with .Values.tolerations }} placement: tolerations: {{- toYaml . | nindent 4 }} {{- end }} - - {{- if .Values.deleteStrategy.type }} deleteStrategy: type: {{ .Values.deleteStrategy.type }} - {{- end }} -{{- end }} diff --git a/charts/portworx/values.yaml b/charts/portworx/values.yaml index d251951a2..d3ac1a7f3 100644 --- a/charts/portworx/values.yaml +++ b/charts/portworx/values.yaml @@ -1,41 +1,121 @@ # Please uncomment and specify values for these options as per your requirements. -deployOperator: true # Deploy the Portworx operator -deployCluster: true # Deploy the Portworx cluster - -imageVersion: 2.13.3 # Version of the PX Image. -pxOperatorImageVersion: 23.4.0 # Version of the PX operator image. - -openshiftInstall: false # Defaults to false for installing Portworx on Openshift . -isTargetOSCoreOS: false # Is your target OS CoreOS? Defaults to false. -pksInstall: false # installation on PKS (Pivotal Container Service) -EKSInstall: false # installation on EKS. -AKSInstall: false # installation on AKS -OKEInstall: false # installation on OKE -etcdEndPoint: # The ETCD endpoint. Should be in the format etcd:http://:2379. If there are multiple etcd endpoints they need to be ";" seperated. - # the default value is empty since it requires to be explicity set using either the --set option of -f values.yaml. -clusterName: mycluster # This is the default. please change it to your cluster name. -usefileSystemDrive: false # true/false Instructs PX to use an unmounted Drive even if it has a filesystem. -usedrivesAndPartitions: false # Defaults to false. Change to true and PX will use unmounted drives and partitions. -drives: none # NOTE: This is a ";" seperated list of drives. For eg: "/dev/sda;/dev/sdb;/dev/sdc" or - # "type=gp2,size=200;type=gp3,size=500". Defaults to use -A switch. -journalDevice: -maxStorageNodesPerZone: 0 # The maximum number of storage nodes desired per zone, in case of cloud drive provisioning - -secretType: k8s # Defaults to k8s, but can be kvdb/k8s/aws-kms/vault/ibm-kp. It is autopopulated to ibm-kp - # if the environment is IKS. - -dataInterface: none # Name of the interface -managementInterface: none # Name of the interface -serviceType: none # Kubernetes service type for services deployed by the Operator. Direct Values like - # 'LoadBalancer', 'NodePort' will change all services. To change the types of specific - # services, value can be specified as 'portworx-service:LoadBalancer;portworx-api:ClusterIP' - -envVars: none # DEPRECATED: Use envs section to set env variables - # NOTE: This is a ";" seperated list of environment variables. - # For eg: MYENV1=myvalue1;MYENV2=myvalue2 - -envs: # Add environment variables to the Portworx container in all Kubernetes supported formats +global: + image: + pullSecret: null + +kubectl: + image: + repository: bitnami/kubectl + # Kubernetes cluster version + tag: null + pullPolicy: IfNotPresent + +ociMonitor: + image: + repository: portworx/oci-monitor + tag: 2.13.0 + pullPolicy: Always + +operator: + enabled: true + image: + repository: portworx/px-operator + tag: 23.3.0 + pullPolicy: IfNotPresent + +# Deploy the Portworx cluster +deployCluster: true + +# Defaults to false for installing Portworx on Openshift . +openshiftInstall: false + +# Is your target OS CoreOS? Defaults to false. +isTargetOSCoreOS: false + +# installation on PKS (Pivotal Container Service) +pksInstall: false + +# installation on EKS. +EKSInstall: false + +# installation on AKS +AKSInstall: false + +# installation on OKE +OKEInstall: false + +# List of ETCD endpoints for your cluster: Should be in the format etcd:http://:2379 +etcd: + endpoints: [] + # - etcd:http://:2379 + # - etcd:http://:2379 + certPath: null + credentials: null + ca: null + cert: null + key: null + enableCerts: false + secretName: null + +# This is the default. please change it to your cluster name. +clusterName: mycluster + +# true/false Instructs PX to use an unmounted Drive even if it has a filesystem. +usefileSystemDrive: false + +# Defaults to false. Change to true and PX will use unmounted drives and partitions. +usedrivesAndPartitions: false + +cloudStorage: + deviceSpecs: [] + ## AKS example: + # - type=Premium_LRS,size=150 + # + ## EKS example: + # - name: /dev/sda + # type: gp3 + # size: 200 + +storage: + devices: [] + # - /dev/sdb + +# List of drives +drives: [] +# - name: /dev/sda +# type: gp2 +# size: 200 + +forceUseDisks: false +useAllWithPartitions: false +useAll: false + +journalDevice: null + +# The maximum number of storage nodes desired per zone, in case of cloud drive provisioning +maxStorageNodesPerZone: 0 + +network: + dataInterface: null + mgmtInterface: null + +# Defaults to k8s, but can be kvdb / k8s / aws-kms / vault / ibm-kp +secretsProvider: k8s + +# Name of the interface +dataInterface: null + +# Name of the interface +managementInterface: null + +# Kubernetes service type for services deployed by the Operator. Direct Values like +# 'LoadBalancer', 'NodePort' will change all services. To change the types of specific +# services, value can be specified as 'portworx-service:LoadBalancer;portworx-api:ClusterIP' +serviceType: null + +# Add environment variables to the Portworx container in all Kubernetes supported formats +extraEnv: # - name: AWS_CA_BUNDLE # value: "/etc/pwx/objectstore-cert/objectstore.pem" # - name: AWS_ACCESS_KEY_ID @@ -44,48 +124,63 @@ envs: # Add environment variables to the Portwor # name: aws-creds # key: access-key -miscArgs: none # Miscellaneous arguments that will be passed to portworx verbatim. Only use this if there is - # no equivalent way to specify these options directly via a StorageCluster spec field. - -disableStorageClass: false # Instructs Operator to not install the default Portworx StorageClasses. - -stork: true # Use Stork https://docs.portworx.com/scheduler/kubernetes/stork.html for hyperconvergence. -storkVersion: # Optional: version of Stork. For eg: 2.7.0, when it's empty Portworx operator will pick up - # version according to Portworx version. - -storkSpec: # Optional Stork configurations - args: # Pass arguments to Stork container. Example: verbose='true';webhook-controller='false' - volumes: # Add volumes to Stork container. Refer the top level volumes for schema. - -customRegistryURL: +# Miscellaneous arguments that will be passed to portworx verbatim. Only use this if there is +# no equivalent way to specify these options directly via a StorageCluster spec field. +miscArgs: null + +# Instructs Operator to not install the default Portworx StorageClasses. +disableStorageClass: false + +# Use Stork https://docs.portworx.com/scheduler/kubernetes/stork.html for hyperconvergence. +stork: + enabled: true + image: + repository: portworx/stork + tag: 2.12.0 + pullPolicy: IfNotPresent + +# Optional Stork configurations +# Pass arguments to Stork container. Example: verbose='true';webhook-controller='false' +# Add volumes to Stork container. Refer the top level volumes for schema. +storkSpec: + extraArgs: [] + volumes: [] + +customRegistryURL: null registrySecret: -licenseSecret: -monitoring: false -telemetry: false +licenseSecret: + name: null + key: null -deployOnMaster: false # For POC only -csi: false # Enable CSI -aut: false # Enable AutoPilot +monitoring: + prometheus: + enabled: false + exportMetrics: false + alertManager: + enabled: false + telemetry: false -internalKVDB: false # internal KVDB -kvdbDevice: none # specify a separate device to store KVDB data, only used when internalKVDB is set to true +# For POC only +deployOnMaster: false -etcd: # DEPRECATED: Use kvdb.authSecretName for configuring secure etcd - credentials: none:none # Username and password for ETCD authentication in the form user:password - certPath: none # Base path where the certificates are placed. (example: if the certificates ca,crt and the key are in /etc/pwx/etcdcerts the value should be provided as /etc/pwx/etcdcerts) - ca: none # Location of CA file for ETCD authentication. Should be /path/to/server.ca - cert: none # Location of certificate for ETCD authentication. Should be /path/to/server.crt - key: none # Location of certificate key for ETCD authentication Should be /path/to/servery.key +# Enable CSI +csi: + enabled: false -consul: # DEPRECATED: Use kvdb.authSecretName for configuring secure consul - token: none # ACL token value used for Consul authentication. (example: 398073a8-5091-4d9c-871a-bbbeb030d1f6) +# Enable AutoPilot +autopilot: + enabled: false +# internal KVDB kvdb: - authSecretName: none # Refer https://docs.portworx.com/reference/etcd/#securing-with-certificates-in-kubernetes to - # create a kvdb secret and specify the name of the secret here + authSecretName: null + # specify a separate device to store KVDB data, only used when internalKVDB is set to true + device: null + internal: false -volumes: # Add volumes to Portworx container. Supported volume types: Host, Secret, ConfigMap +# Add volumes to Portworx container. Supported volume types: Host, Secret, ConfigMap +volumes: [] # - name: objectstore-cert # mountPath: /etc/pwx/objectstore-cert # secret: @@ -94,7 +189,8 @@ volumes: # Add volumes to Portworx container. Suppo # - key: objectstore.pem # path: objectstore.pem -tolerations: # Add tolerations +# Add tolerations +tolerations: [] # - key: "key" # operator: "Equal|Exists" # value: "value" @@ -103,14 +199,18 @@ tolerations: # Add tolerations serviceAccount: hook: create: true - name: + name: null +# Create cluster token clusterToken: - create: false # Create cluster token - secretName: px-vol-encryption # Name of kubernetes secret to be created. Requires clusterToken.create to be true. - serviceAccountName: px-create-cluster-token # Service account name to use for post-install hook to create cluster token + create: false + secretName: px-vol-encryption + serviceAccountName: px-create-cluster-token -#requirePxEnabledTag: true # if set to true, portworx will only install on nodes with px/enabled: true label. Not required in most scenarios. +# if set to true, portworx will only install on nodes with px/enabled: true label. Not required in most scenarios. +#requirePxEnabledTag: true -deleteStrategy: # Optional: Delete strategy for the portworx cluster - type: # Valid values: Uninstall, UninstallAndWipe +# Optional: Delete strategy for the portworx cluster +# Valid values: Uninstall, UninstallAndWipe +deleteStrategy: + type: null \ No newline at end of file diff --git a/repo/beta/index.yaml b/repo/beta/index.yaml new file mode 100644 index 000000000..83d44abfe --- /dev/null +++ b/repo/beta/index.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +entries: + portworx: + - apiVersion: v1 + appVersion: 2.13.3 + created: "2023-05-12T08:23:43.482567-07:00" + description: A Helm chart for installing Portworx on Kubernetes. + digest: d1df885444c262b1d61ad0fe4879343c89f66c17d5f77352ef6481da096e3a64 + home: https://portworx.com/ + icon: https://raw.githubusercontent.com/portworx/helm/master/doc/media/k8s-porx.png + keywords: + - Storage + - ICP + - IKS + - persistent disk + - pvc + - cloud native storage + - persistent storage + - portworx + - amd64 + - Commercial + kubeVersion: '>=1.10.0' + name: portworx + sources: + - https://github.com/portworx/helm + urls: + - https://raw.githubusercontent.com/portworx/helm/cabrinha:portworx-chart/repo/stable/portworx-2.14.0.tgz + version: 2.14.0 +generated: "2023-05-12T08:23:43.480841-07:00" diff --git a/repo/beta/portworx-2.14.0.tgz b/repo/beta/portworx-2.14.0.tgz new file mode 100644 index 000000000..3462d430e Binary files /dev/null and b/repo/beta/portworx-2.14.0.tgz differ