Add democratic CSI

2024-07-09 08:14:07 -05:00 · 2024-07-09 08:14:07 -05:00 · d8638eb17d
commit d8638eb17d
parent 31a7b8bdd1
6 changed files with 190 additions and 0 deletions
--- a/kubernetes/apps/democratic-csi/democratic-csi/app/externalsecret.yaml
+++ b/kubernetes/apps/democratic-csi/democratic-csi/app/externalsecret.yaml
@ -0,0 +1,25 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: democratic-csi
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-connect
+  target:
+    name: democratic-csi-secret
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        CSI_USERNAME: "{{ .dcsi_username }}"
+        CSI_PRIVATEKEY: "{{ .dcsi_privatekey }}"
+  dataFrom:
+    - extract:
+        key: democratic-csi
+      rewrite:
+        - regexp:
+            source: "(.*)"
+            target: "dcsi_$1"
--- a/kubernetes/apps/democratic-csi/democratic-csi/app/helmrelease.yaml
+++ b/kubernetes/apps/democratic-csi/democratic-csi/app/helmrelease.yaml
@ -0,0 +1,120 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: nfs-zfs-dataset
+  namespace: democratic-csi
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: democratic-csi
+      version: 0.14.6
+      sourceRef:
+        name: democratic-csi
+        kind: HelmRepository
+        namespace: flux-system
+  valuesFrom:
+    - targetPath: driver.config.driver.sshConnection.username
+      kind: Secret
+      name: zfs-nfs-csi-username
+      valuesKey: CSI_USERNAME
+    - targetPath: driver.config.driver.sshConnection.privateKey
+      kind: Secret
+      name: zfs-nfs-csi-private-key
+      valuesKey: CSI_PRIVATEKEY
+  values:
+    csiDriver:
+      # should be globally unique for a given cluster
+      name: "org.democratic-csi.nfs"
+      fsGroupPolicy: File
+
+    storageClasses:
+      - name: zfs-generic-nfs-csi
+        defaultClass: false
+        reclaimPolicy: Delete
+        volumeBindingMode: Immediate
+        allowVolumeExpansion: true
+        parameters:
+          # for block-based storage can be ext3, ext4, xfs
+          # for nfs should be nfs
+          fsType: nfs
+
+          # if true, volumes created from other snapshots will be
+          # zfs send/received instead of zfs cloned
+          # detachedVolumesFromSnapshots: "false"
+
+          # if true, volumes created from other volumes will be
+          # zfs send/received instead of zfs cloned
+          # detachedVolumesFromVolumes: "false"
+
+        mountOptions:
+          - noatime
+          - nfsvers=3
+        secrets:
+          provisioner-secret:
+          controller-publish-secret:
+          node-stage-secret:
+          node-publish-secret:
+          controller-expand-secret:
+    volumeSnapshotClasses:
+      - name: zfs-generic-nfs-csi
+        parameters:
+        # if true, snapshots will be created with zfs send/receive
+        detachedSnapshots: "true"
+        secrets:
+          snapshotter-secret:
+    driver:
+      config:
+        # please see the most up-to-date example of the corresponding config here:
+        # https://github.com/democratic-csi/democratic-csi/tree/master/examples
+        # YOU MUST COPY THE DATA HERE INLINE!
+        driver: zfs-generic-nfs
+        sshConnection:
+          host: 10.1.1.13
+          port: 22
+
+        zfs:
+          # can be used to override defaults if necessary
+          # the example below is useful for TrueNAS 12
+          #cli:
+          #  sudoEnabled: true
+          #  paths:
+          #    zfs: /usr/local/sbin/zfs
+          #    zpool: /usr/local/sbin/zpool
+          #    sudo: /usr/local/bin/sudo
+          #    chroot: /usr/sbin/chroot
+
+          # can be used to set arbitrary values on the dataset/zvol
+          # can use handlebars templates with the parameters from the storage class/CO
+          #datasetProperties:
+          #  "org.freenas:description": "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}"
+          #  "org.freenas:test": "{{ parameters.foo }}"
+          #  "org.freenas:test2": "some value"
+
+          datasetParentName: eru/k8s/homelab
+          # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
+          # they may be siblings, but neither should be nested in the other
+          # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
+          detachedSnapshotsDatasetParentName: tanks/k8s/homelab-snapshots
+
+          datasetEnableQuotas: true
+          datasetEnableReservation: false
+          datasetPermissionsMode: "0777"
+          datasetPermissionsUser: 0
+          datasetPermissionsGroup: 0
+          #datasetPermissionsAcls:
+          #- "-m everyone@:full_set:allow"
+          #- "-m u:kube:full_set:allow"
+
+        # nfs:
+        #   # https://docs.oracle.com/cd/E23824_01/html/821-1448/gayne.html
+        #   # https://www.hiroom2.com/2016/05/18/ubuntu-16-04-share-zfs-storage-via-nfs-smb/
+        #   shareStrategy: "setDatasetProperties"
+        #   shareStrategySetDatasetProperties:
+        #     properties:
+        #       #sharenfs: "rw,no_subtree_check,no_root_squash"
+        #       sharenfs: "on"
+        #       # share: ""
+        #   shareHost: "10.1.1.13"
--- a/kubernetes/apps/democratic-csi/democratic-csi/app/kustomization.yaml
+++ b/kubernetes/apps/democratic-csi/democratic-csi/app/kustomization.yaml
@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml
--- a/kubernetes/apps/democratic-csi/democratic-csi/ks.yaml
+++ b/kubernetes/apps/democratic-csi/democratic-csi/ks.yaml
@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app democratic-csi
+  namespace: flux-system
+spec:
+  targetNamespace: democratic-csi
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/democratic-csi/democratic-csi/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: homelab
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
--- a/kubernetes/apps/democratic-csi/kustomization.yaml
+++ b/kubernetes/apps/democratic-csi/kustomization.yaml
@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  # Pre Flux-Kustomizations
+  - ./namespace.yaml
+  # Flux-Kustomizations
+  - ./democratic-csi/ks.yaml
--- a/kubernetes/apps/democratic-csi/namespace.yaml
+++ b/kubernetes/apps/democratic-csi/namespace.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: democratic-csi
+  annotations:
+    kustomize.toolkit.fluxcd.io/prune: disabled
+    volsync.backube/privileged-movers: "true"