Initial branch

Signed-off-by: v.oleynikov <[email protected]>

.werf/bundle.yaml

@@ -0,0 +1,31 @@
+# Bundle image, stored in your.registry.io/modules/<module-name>:<semver>
+---
+image: bundle
+from: registry.deckhouse.io/base_images/scratch@sha256:b054705fcc9f2205777d80a558d920c0b4209efdc3163c22b5bfcb5dda1db5fc
+fromCacheVersion: "2023-11-27.1"
+import:
+# Rendering .werf/images-digests.yaml is required!
+- image: images-digests
+  add: /images_digests.json
+  to: /images_digests.json
+  after: setup
+# Rendering .werf/python-deps.yaml is required!
+- image: python-dependencies
+  add: /lib/python/dist
+  to: /lib/python/dist
+  after: setup
+git:
+- add: /
+  to: /
+  includePaths:
+  - .helmignore
+  - charts
+  - crds
+  - docs
+  - enabled
+  - hooks
+  - monitoring
+  - module.yaml
+  - openapi
+  - templates
+  - Chart.yaml

.werf/images-digests.yaml

@@ -0,0 +1,40 @@
+{{- /* Find all images digests and save use them to compose a structure for the module values. */ -}}
+{{- $ImagesIDList := list }}
+{{- $Images := tpl (.Files.Get ".werf/images.yaml") . }}
+
+
+{{- range $ImageManifest := regexSplit "\n?---[ \t]*\n" $Images -1 }}
+  {{- $ImageManifest := $ImageManifest | fromYaml }}
+  {{- if $ImageManifest.image }}
+    {{- $ImagesIDList = append $ImagesIDList $ImageManifest.image }}
+  {{- end }}
+{{- end }}
+
+# Images Digest: a files with all image digests to be able to use them in helm templates of a module
+---
+image: images-digests
+from: registry.deckhouse.io/base_images/alpine:3.16.3
+dependencies:
+{{- range $ImageID := $ImagesIDList }}
+  {{- $ImageNameCamel  := $ImageID | splitList "/" | last  | camelcase | untitle }}
+  - image: {{ $ImageID }}
+    before: setup
+    imports:
+    - type: ImageDigest
+      targetEnv: MODULE_IMAGE_DIGEST_{{ $ImageNameCamel }}
+{{- end }}
+shell:
+  beforeInstall:
+  - apk add --no-cache jq
+  setup:
+    - |
+      env | grep MODULE_IMAGE_DIGEST | jq -Rn '
+        reduce inputs as $i (
+          {};
+          . * (
+            $i | ltrimstr("MODULE_IMAGE_DIGEST_") | sub("=";"_") |
+            split("_") as [$imageName, $digest] |
+            {($imageName): $digest}
+          )
+        )
+      ' > /images_digests.json

.werf/images.yaml

@@ -0,0 +1,17 @@
+{{- $ImagesBuildFiles := .Files.Glob "images/*/{Dockerfile,werf.inc.yaml}" }}
+
+{{- range $path, $content := $ImagesBuildFiles  }}
+  {{ $ctx := (dict "ImageName" ($path | split "/")._1) }}
+---
+  {{- /* For Dockerfile just render it from the folder. */ -}}
+  {{- if not (regexMatch "/werf.inc.yaml$" $path) }}
+image: images/{{ $ctx.ImageName }}
+context: images/{{ $ctx.ImageName }}
+dockerfile: Dockerfile
+
+  {{- /* For werf.inc.yaml render content by providing the ImageName param. */ -}}
+  {{- else }}
+{{ tpl $content $ctx }}
+
+  {{- end }}
+{{- end }}

.werf/python-deps.yaml

@@ -0,0 +1,15 @@
+# Python deps image, required to download dependencies and put it to the final module image (bundle)
+---
+image: python-dependencies
+from: registry.deckhouse.io/base_images/alpine:3.16.3
+fromCacheVersion: 2024-02-14
+git:
+  - add: /
+    to: /
+    includePaths:
+      - lib/python
+shell:
+  beforeInstall:
+    - apk add --no-cache python3 py3-pip
+  setup:
+    - pip3 install -r /lib/python/requirements.txt -t /lib/python/dist

.werf/release.yaml

@@ -0,0 +1,22 @@
+# Release image, stored in your.registry.io/modules/<module-name>/release:<semver>
+---
+artifact: release-channel-version-artifact
+from: registry.deckhouse.io/base_images/alpine:3.16.3
+shell:
+  beforeInstall:
+    - apk add --no-cache curl
+    - curl -sfL https://github.com/mikefarah/yq/releases/download/2.4.1/yq_linux_amd64 --output /usr/local/bin/yq
+    - chmod +x /usr/local/bin/yq
+  install:
+    - |
+      yq n version "{{ env "CI_COMMIT_REF_NAME" }}" | yq r - -j > version.json
+---
+image: release-channel-version
+from: registry.deckhouse.io/base_images/scratch@sha256:b054705fcc9f2205777d80a558d920c0b4209efdc3163c22b5bfcb5dda1db5fc
+import:
+  - artifact: release-channel-version-artifact
+    add: /
+    to: /
+    after: install
+    includePaths:
+      - version.json

images/csi-nfs-controller-distroless/werf.inc.yaml

@@ -0,0 +1,27 @@
+{{- $_ := set . "SOURCE_REPO" "https://github.com/kubernetes-csi/csi-driver-nfs.git" }}
+{{- $_ := set . "SOURCE_REPO_TAG" "v4.6.0" }}
+{{- $_ := set . "BASE_GOLANG_22_ALPINE" "registry.deckhouse.io/base_images/golang:1.22.1-alpine@sha256:0de6cf7cceab6ecbf0718bdfb675b08b78113c3709c5e4b99456cdb2ae8c2495" }}
+{{- $_ := set . "GOLANG_VERSION" "1.22.1" }}
+---
+image: {{ $.ModuleName }}/{{ $.ImageName }}
+fromImage: common/distroless
+import:
+  - artifact: {{ $.ModuleName }}/{{ $.ImageName }}-artifact
+    add: /nfsplugin
+    to: /nfsplugin
+    before: setup
+docker:
+  ENTRYPOINT: ["/nfsplugin"]
+---
+artifact: {{ $.ModuleName }}/{{ $.ImageName }}-artifact
+from: {{ $.BASE_GOLANG_22_ALPINE }}
+shell:
+  beforeInstall:
+    - apk add --no-cache ca-certificates make git
+  install:
+    - export GO_VERSION={{ $.GOLANG_VERSION }}
+    - export GOPROXY={{ $.GOPROXY }}
+    - git clone --depth 1 --branch {{ $.SOURCE_REPO_TAG }} {{ $.SOURCE_REPO }} /
+    - cd /csi-driver-nfs/cmd/nfsplugin
+    - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-s -w" -o /nfsplugin
+    - chmod +x /nfsplugin

images/csi-nfs-controller/werf.inc.yaml

@@ -0,0 +1,21 @@
+---
+image: csi-nfs-controller
+from: "registry.deckhouse.io/base_images/golang:1.22.1-alpine@sha256:0de6cf7cceab6ecbf0718bdfb675b08b78113c3709c5e4b99456cdb2ae8c2495"
+
+git:
+  - url: https://github.com/kubernetes-csi/csi-driver-nfs.git
+    tag: v4.6.0
+    add: /
+    to: /
+    stageDependencies:
+      setup:
+        - "**/*"
+
+shell:
+  setup:
+    - cd /cmd/nfsplugin
+    - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-s -w" -o nfsplugin
+    - mv nfsplugin /nfsplugin
+    - chmod +x /nfsplugin
+docker:
+  ENTRYPOINT: ["/nfsplugin"]

lib/python/requirements.txt

@@ -1,3 +1,3 @@
-deckhouse==0.4.7
+deckhouse==0.4.9
 dotmap==1.3.30
-PyYAML==6.0
+PyYAML==6.0.1

module.yaml

@@ -0,0 +1,2 @@
+weight: 910
+description: "CSI NFS module"

openapi/config-values.yaml

@@ -0,0 +1,7 @@
+type: object
+properties:
+  replicas:
+    type: integer
+    description: |
+      replicas count.
+    default: 1

openapi/values.yaml

@@ -0,0 +1,16 @@
+x-extend:
+  schema: config-values.yaml
+type: object
+properties:
+  internal:
+    type: object
+    default: {}
+    properties:
+      pythonVersions:
+        type: array
+        default: []
+        items:
+          type: string
+  registry:
+    type: object
+    description: "System field, overwritten by Deckhouse. Don't use"

templates/csi/controller.yaml

@@ -0,0 +1,87 @@
+###
+### controller
+###
+
+
+{{- define "csi_controller_args" }}
+- "--v=5"
+- "--nodeid=$(NODE_ID)"
+- "--endpoint=$(CSI_ENDPOINT)"
+- "--drivername=nfs.csi.k8s.io"
+- "--mount-permissions=0"
+- "--working-mount-dir=/tmp"
+- "--default-ondelete-policy=delete"
+{{- end }}
+
+{{- define "csi_controller_envs" }}
+- name: NODE_ID
+  valueFrom:
+    fieldRef:
+      fieldPath: spec.nodeName
+- name: CSI_ENDPOINT
+  value: unix:///csi/csi.sock
+{{- include "helm_lib_envs_for_proxy" . }}
+{{- end }}
+
+{{- define "csi_additional_controller_volume" }}
+- name: pods-mount-dir
+  hostPath:
+    path: /var/lib/kubelet/pods
+    type: Directory
+- name: tmp-dir
+  emptyDir: {}
+{{- end }}
+
+{{- define "csi_additional_controller_volume_mounts" }}
+- name: pods-mount-dir
+  mountPath: /var/lib/kubelet/pods
+  mountPropagation: "Bidirectional"
+- mountPath: /tmp
+  name: tmp-dir
+{{- end }}
+
+{{- $csiControllerImage := include "helm_lib_module_image" (list . "csiNfsController") }}
+
+{{- $csiControllerConfig := dict }}
+{{- $_ := set $csiControllerConfig "controllerImage" $csiControllerImage }}
+{{- $_ := set $csiControllerConfig "snapshotterEnabled" true }}
+{{- $_ := set $csiControllerConfig "resizerEnabled" false }}
+{{- $_ := set $csiControllerConfig "snapshotterTimeout" "1200s" }}
+{{- $_ := set $csiControllerConfig "livenessProbePort" 29652 }}
+{{- $_ := set $csiControllerConfig "additionalControllerArgs" (include "csi_controller_args" . | fromYamlArray) }}
+{{- $_ := set $csiControllerConfig "additionalControllerEnvs" (include "csi_controller_envs" . | fromYamlArray) }}
+{{- $_ := set $csiControllerConfig "additionalControllerVolumes" (include "csi_additional_controller_volume" . | fromYamlArray) }}
+{{- $_ := set $csiControllerConfig "additionalControllerVolumeMounts" (include "csi_additional_controller_volume_mounts" . | fromYamlArray) }}
+
+{{- include "helm_lib_csi_controller_manifests" (list . $csiControllerConfig) }}
+
+###
+### node
+###
+
+{{- define "csi_node_args" }}
+- "--v=5"
+- "--nodeid=$(NODE_ID)"
+- "--endpoint=$(CSI_ENDPOINT)"
+- "--drivername=nfs.csi.k8s.io"
+- "--mount-permissions=0"
+{{- end }}
+
+{{- define "csi_node_envs" }}
+- name: NODE_ID
+  valueFrom:
+    fieldRef:
+      fieldPath: spec.nodeName
+- name: CSI_ENDPOINT
+  value: unix:///csi/csi.sock
+{{- end }}
+
+{{- $csiNodeConfig := dict }}
+{{- $_ := set $csiNodeConfig "fullname" "csi-nfs" }}
+{{- $_ := set $csiNodeConfig "nodeImage" $csiControllerImage }}
+{{- $_ := set $csiNodeConfig "driverFQDN" "nfs.csi.k8s.io" }}
+{{- $_ := set $csiNodeConfig "livenessProbePort" 29653 }}
+{{- $_ := set $csiNodeConfig "additionalNodeArgs" (include "csi_node_args" . | fromYamlArray) }}
+{{- $_ := set $csiNodeConfig "additionalNodeEnvs" (include "csi_node_envs" . | fromYamlArray) }}
+
+{{- include "helm_lib_csi_node_manifests" (list . $csiNodeConfig) }}

templates/csi/csidriver.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: nfs.csi.k8s.io
+  {{- include "helm_lib_module_labels" (list . (dict "app" "csi-driver")) | nindent 2 }}
+spec:
+  attachRequired: false
+  volumeLifecycleModes:
+    - Persistent
+    - Ephemeral
+  fsGroupPolicy: File

templates/csi/rbac-for-us.yaml

@@ -0,0 +1 @@
+{{- include "helm_lib_csi_controller_rbac" . }}

templates/namespace.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: d8-{{ .Chart.Name }}
+  {{- include "helm_lib_module_labels" (list . (dict "extended-monitoring.deckhouse.io/enabled" "" "prometheus.deckhouse.io/rules-watcher-enabled" "true")) | nindent 2 }}
+---
+{{- include "helm_lib_kube_rbac_proxy_ca_certificate" (list . (printf "d8-%s"  .Chart.Name)) }}

templates/registry-secret.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Chart.Name }}-module-registry
+  namespace: d8-{{ .Chart.Name }}
+  {{- include "helm_lib_module_labels" (list .) | nindent 2 }}
+type: kubernetes.io/dockerconfigjson
+data:
+{{- if dig "registry" "dockercfg" false .Values.csiNfs }}
+  .dockerconfigjson: {{ .Values.csiNfs.registry.dockercfg }}
+{{- else }}
+  .dockerconfigjson: "eyJhdXRocyI6IHsgInJlZ2lzdHJ5LmRlY2tob3VzZS5pbyI6IHt9fX0="
+{{- end }}