Add democratic CSI

This commit is contained in:
Joseph Hanson 2024-07-09 08:14:07 -05:00
parent 31a7b8bdd1
commit d8638eb17d
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
6 changed files with 190 additions and 0 deletions

View file

@ -0,0 +1,25 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: democratic-csi
spec:
secretStoreRef:
kind: ClusterSecretStore
name: onepassword-connect
target:
name: democratic-csi-secret
creationPolicy: Owner
template:
engineVersion: v2
data:
CSI_USERNAME: "{{ .dcsi_username }}"
CSI_PRIVATEKEY: "{{ .dcsi_privatekey }}"
dataFrom:
- extract:
key: democratic-csi
rewrite:
- regexp:
source: "(.*)"
target: "dcsi_$1"

View file

@ -0,0 +1,120 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: nfs-zfs-dataset
namespace: democratic-csi
spec:
interval: 30m
chart:
spec:
chart: democratic-csi
version: 0.14.6
sourceRef:
name: democratic-csi
kind: HelmRepository
namespace: flux-system
valuesFrom:
- targetPath: driver.config.driver.sshConnection.username
kind: Secret
name: zfs-nfs-csi-username
valuesKey: CSI_USERNAME
- targetPath: driver.config.driver.sshConnection.privateKey
kind: Secret
name: zfs-nfs-csi-private-key
valuesKey: CSI_PRIVATEKEY
values:
csiDriver:
# should be globally unique for a given cluster
name: "org.democratic-csi.nfs"
fsGroupPolicy: File
storageClasses:
- name: zfs-generic-nfs-csi
defaultClass: false
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true
parameters:
# for block-based storage can be ext3, ext4, xfs
# for nfs should be nfs
fsType: nfs
# if true, volumes created from other snapshots will be
# zfs send/received instead of zfs cloned
# detachedVolumesFromSnapshots: "false"
# if true, volumes created from other volumes will be
# zfs send/received instead of zfs cloned
# detachedVolumesFromVolumes: "false"
mountOptions:
- noatime
- nfsvers=3
secrets:
provisioner-secret:
controller-publish-secret:
node-stage-secret:
node-publish-secret:
controller-expand-secret:
volumeSnapshotClasses:
- name: zfs-generic-nfs-csi
parameters:
# if true, snapshots will be created with zfs send/receive
detachedSnapshots: "true"
secrets:
snapshotter-secret:
driver:
config:
# please see the most up-to-date example of the corresponding config here:
# https://github.com/democratic-csi/democratic-csi/tree/master/examples
# YOU MUST COPY THE DATA HERE INLINE!
driver: zfs-generic-nfs
sshConnection:
host: 10.1.1.13
port: 22
zfs:
# can be used to override defaults if necessary
# the example below is useful for TrueNAS 12
#cli:
# sudoEnabled: true
# paths:
# zfs: /usr/local/sbin/zfs
# zpool: /usr/local/sbin/zpool
# sudo: /usr/local/bin/sudo
# chroot: /usr/sbin/chroot
# can be used to set arbitrary values on the dataset/zvol
# can use handlebars templates with the parameters from the storage class/CO
#datasetProperties:
# "org.freenas:description": "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}"
# "org.freenas:test": "{{ parameters.foo }}"
# "org.freenas:test2": "some value"
datasetParentName: eru/k8s/homelab
# do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
# they may be siblings, but neither should be nested in the other
# do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value
detachedSnapshotsDatasetParentName: tanks/k8s/homelab-snapshots
datasetEnableQuotas: true
datasetEnableReservation: false
datasetPermissionsMode: "0777"
datasetPermissionsUser: 0
datasetPermissionsGroup: 0
#datasetPermissionsAcls:
#- "-m everyone@:full_set:allow"
#- "-m u:kube:full_set:allow"
# nfs:
# # https://docs.oracle.com/cd/E23824_01/html/821-1448/gayne.html
# # https://www.hiroom2.com/2016/05/18/ubuntu-16-04-share-zfs-storage-via-nfs-smb/
# shareStrategy: "setDatasetProperties"
# shareStrategySetDatasetProperties:
# properties:
# #sharenfs: "rw,no_subtree_check,no_root_squash"
# sharenfs: "on"
# # share: ""
# shareHost: "10.1.1.13"

View file

@ -0,0 +1,7 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./externalsecret.yaml
- ./helmrelease.yaml

View file

@ -0,0 +1,21 @@
---
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app democratic-csi
namespace: flux-system
spec:
targetNamespace: democratic-csi
commonMetadata:
labels:
app.kubernetes.io/name: *app
path: ./kubernetes/apps/democratic-csi/democratic-csi/app
prune: true
sourceRef:
kind: GitRepository
name: homelab
wait: false
interval: 30m
retryInterval: 1m
timeout: 5m

View file

@ -0,0 +1,9 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# Pre Flux-Kustomizations
- ./namespace.yaml
# Flux-Kustomizations
- ./democratic-csi/ks.yaml

View file

@ -0,0 +1,8 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: democratic-csi
annotations:
kustomize.toolkit.fluxcd.io/prune: disabled
volsync.backube/privileged-movers: "true"