From 11190f57c1c684bbaae41fdc3dec40cca15d5bf2 Mon Sep 17 00:00:00 2001 From: Serge Logvinov Date: Sun, 15 Dec 2024 10:16:50 +0200 Subject: [PATCH] feat: hcloud components --- README.md | 3 + .../hcloud/helmrelease.yaml | 82 ++++ .../hcloud/kustomization.yaml | 8 + apps/clouds/hcloud-ccm/app/hcloud-ccm.yaml | 159 ++++++ apps/clouds/hcloud-ccm/app/kustomization.yaml | 8 + apps/clouds/hcloud-ccm/fluxcd.yaml | 19 + apps/clouds/hcloud-ccm/generate/.gitignore | 1 + .../hcloud-ccm/generate/kustomization.yaml | 46 ++ apps/clouds/hcloud-ccm/generate/role.yaml | 51 ++ .../hcloud-ccm/generate/rolebinding.yaml | 13 + apps/clouds/hcloud-ccm/kustomization.yaml | 6 + apps/clouds/hcloud-csi/app/hcloud-csi.yaml | 457 ++++++++++++++++++ apps/clouds/hcloud-csi/app/kustomization.yaml | 8 + apps/clouds/hcloud-csi/fluxcd.yaml | 19 + apps/clouds/hcloud-csi/generate/.gitignore | 1 + .../hcloud-csi/generate/kustomization.yaml | 59 +++ apps/clouds/hcloud-csi/kustomization.yaml | 7 + apps/clouds/hcloud-csi/namespace.yaml | 10 + 18 files changed, 957 insertions(+) create mode 100644 apps/clouds/cluster-autoscaler/hcloud/helmrelease.yaml create mode 100644 apps/clouds/cluster-autoscaler/hcloud/kustomization.yaml create mode 100644 apps/clouds/hcloud-ccm/app/hcloud-ccm.yaml create mode 100644 apps/clouds/hcloud-ccm/app/kustomization.yaml create mode 100644 apps/clouds/hcloud-ccm/fluxcd.yaml create mode 100644 apps/clouds/hcloud-ccm/generate/.gitignore create mode 100644 apps/clouds/hcloud-ccm/generate/kustomization.yaml create mode 100644 apps/clouds/hcloud-ccm/generate/role.yaml create mode 100644 apps/clouds/hcloud-ccm/generate/rolebinding.yaml create mode 100644 apps/clouds/hcloud-ccm/kustomization.yaml create mode 100644 apps/clouds/hcloud-csi/app/hcloud-csi.yaml create mode 100644 apps/clouds/hcloud-csi/app/kustomization.yaml create mode 100644 apps/clouds/hcloud-csi/fluxcd.yaml create mode 100644 apps/clouds/hcloud-csi/generate/.gitignore create mode 100644 apps/clouds/hcloud-csi/generate/kustomization.yaml create mode 100644 apps/clouds/hcloud-csi/kustomization.yaml create mode 100644 apps/clouds/hcloud-csi/namespace.yaml diff --git a/README.md b/README.md index 5d1ae1f..0f6a8e4 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,8 @@ Cloud platform integrations: * [Azure CSI](apps/clouds/azure-csi) * [GCP CCM](apps/clouds/gcp-ccm) * [GCP CSI](apps/clouds/gcp-csi) +* [Hetzner Cloud CCM](apps/clouds/hcloud-ccm) +* [Hetzner Cloud CSI](apps/clouds/hcloud-csi) * [Oracle CCM](apps/clouds/oracle-ccm) * [Oracle CSI](apps/clouds/oracle-csi) * [OVHCloud CCM](apps/clouds/ovh-ccm) @@ -56,6 +58,7 @@ Cloud platform integrations: * [Cluster Node AutoScaler](apps/clouds/cluster-autoscaler) * [Azure](apps/clouds/cluster-autoscaler/azure) * [GCP](apps/clouds/cluster-autoscaler/gcp) + * [Hetzner Cloud](apps/clouds/cluster-autoscaler/hcloud) * [Oracle](apps/clouds/cluster-autoscaler/oracle) Cluster logging: diff --git a/apps/clouds/cluster-autoscaler/hcloud/helmrelease.yaml b/apps/clouds/cluster-autoscaler/hcloud/helmrelease.yaml new file mode 100644 index 0000000..63075de --- /dev/null +++ b/apps/clouds/cluster-autoscaler/hcloud/helmrelease.yaml @@ -0,0 +1,82 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cluster-autoscaler-gcp + namespace: kube-system +spec: + interval: 60h + + maxHistory: 2 + driftDetection: + mode: enabled + + chart: + spec: + chart: cluster-autoscaler + version: 9.43.2 + sourceRef: + kind: HelmRepository + name: autoscaler + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + + valuesFrom: + - kind: ConfigMap + name: cluster-autoscaler-hcloud-helm-values + + values: + fullnameOverride: cluster-autoscaler-hcloud + priorityClassName: system-cluster-critical + + image: + repository: ghcr.io/sergelogvinov/cluster-autoscaler + tag: "1.31" + + cloudProvider: hetzner + + extraArgs: + regional: true + balance-similar-node-groups: true + logtostderr: true + stderrthreshold: info + scan-interval: 15s + scale-down-delay-after-add: 5m + v: 4 + + containerSecurityContext: + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: ["ALL"] + + resources: + limits: + cpu: 100m + memory: 300Mi + requests: + cpu: 100m + memory: 300Mi + + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: node.cloudprovider.kubernetes.io/platform + operator: In + values: + - hcloud + weight: 100 + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule diff --git a/apps/clouds/cluster-autoscaler/hcloud/kustomization.yaml b/apps/clouds/cluster-autoscaler/hcloud/kustomization.yaml new file mode 100644 index 0000000..80c678b --- /dev/null +++ b/apps/clouds/cluster-autoscaler/hcloud/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +generatorOptions: + disableNameSuffixHash: true +resources: + - ./helmrelease.yaml diff --git a/apps/clouds/hcloud-ccm/app/hcloud-ccm.yaml b/apps/clouds/hcloud-ccm/app/hcloud-ccm.yaml new file mode 100644 index 0000000..8c52b0a --- /dev/null +++ b/apps/clouds/hcloud-ccm/app/hcloud-ccm.yaml @@ -0,0 +1,159 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cloud-controller-manager-hcloud + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:cloud-controller-manager-hcloud +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: system:cloud-controller-manager:extension-apiserver-authentication-reader-hcloud + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - kind: ServiceAccount + name: cloud-controller-manager-hcloud + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:cloud-controller-manager-hcloud +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:cloud-controller-manager-hcloud +subjects: + - kind: ServiceAccount + name: cloud-controller-manager-hcloud + namespace: kube-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cloud-controller-manager-hcloud + namespace: kube-system +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + app.kubernetes.io/instance: hcloud-cloud-controller-manager + app.kubernetes.io/name: cloud-controller-manager-hcloud + template: + metadata: + labels: + app.kubernetes.io/instance: hcloud-cloud-controller-manager + app.kubernetes.io/name: cloud-controller-manager-hcloud + spec: + containers: + - args: + - --allow-untagged-cloud + - --cloud-provider=hcloud + - --controllers=cloud-node-lifecycle + - --route-reconciliation-period=30s + - --webhook-secure-port=0 + - --leader-elect=false + env: + - name: HCLOUD_INSTANCES_ADDRESS_FAMILY + value: dualstack + - name: HCLOUD_TOKEN + valueFrom: + secretKeyRef: + key: token + name: hcloud + - name: ROBOT_PASSWORD + valueFrom: + secretKeyRef: + key: robot-password + name: hcloud + optional: true + - name: ROBOT_USER + valueFrom: + secretKeyRef: + key: robot-user + name: hcloud + optional: true + image: docker.io/hetznercloud/hcloud-cloud-controller-manager:v1.21.0 + name: hcloud-cloud-controller-manager + ports: + - containerPort: 8233 + name: metrics + resources: + requests: + cpu: 100m + memory: 50Mi + dnsPolicy: Default + nodeSelector: + node-role.kubernetes.io/control-plane: "" + priorityClassName: system-cluster-critical + serviceAccountName: cloud-controller-manager-hcloud + tolerations: + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoExecute + key: node.kubernetes.io/not-ready diff --git a/apps/clouds/hcloud-ccm/app/kustomization.yaml b/apps/clouds/hcloud-ccm/app/kustomization.yaml new file mode 100644 index 0000000..06f14b2 --- /dev/null +++ b/apps/clouds/hcloud-ccm/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +generatorOptions: + disableNameSuffixHash: true +resources: + - ./hcloud-ccm.yaml diff --git a/apps/clouds/hcloud-ccm/fluxcd.yaml b/apps/clouds/hcloud-ccm/fluxcd.yaml new file mode 100644 index 0000000..9a1c0f3 --- /dev/null +++ b/apps/clouds/hcloud-ccm/fluxcd.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app hcloud-ccm + namespace: flux-system +spec: + targetNamespace: kube-system + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./apps/clouds/hcloud-ccm/app + prune: true + sourceRef: + kind: GitRepository + name: gitops-clusters + wait: true + interval: 30m + retryInterval: 5m diff --git a/apps/clouds/hcloud-ccm/generate/.gitignore b/apps/clouds/hcloud-ccm/generate/.gitignore new file mode 100644 index 0000000..711a39c --- /dev/null +++ b/apps/clouds/hcloud-ccm/generate/.gitignore @@ -0,0 +1 @@ +charts/ \ No newline at end of file diff --git a/apps/clouds/hcloud-ccm/generate/kustomization.yaml b/apps/clouds/hcloud-ccm/generate/kustomization.yaml new file mode 100644 index 0000000..a64369a --- /dev/null +++ b/apps/clouds/hcloud-ccm/generate/kustomization.yaml @@ -0,0 +1,46 @@ +--- +# kubectl kustomize --enable-helm apps/clouds/hcloud-ccm/generate > apps/clouds/hcloud-ccm/app/hcloud-ccm.yaml +# +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - role.yaml + - rolebinding.yaml +helmCharts: + - name: hcloud-cloud-controller-manager + valuesInline: + nameOverride: cloud-controller-manager-hcloud + + args: + controllers: cloud-node-lifecycle + + env: + HCLOUD_TOKEN: + valueFrom: + secretKeyRef: + name: hcloud + key: token + HCLOUD_INSTANCES_ADDRESS_FAMILY: + value: dualstack + + robot: + enabled: false + + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + releaseName: hcloud-cloud-controller-manager + version: 1.21.0 + repo: https://charts.hetzner.cloud +namespace: kube-system +patches: + - patch: | + - op: replace + path: /roleRef/name + value: system:cloud-controller-manager-hcloud + target: + kind: ClusterRoleBinding + name: system:cloud-controller-manager-hcloud diff --git a/apps/clouds/hcloud-ccm/generate/role.yaml b/apps/clouds/hcloud-ccm/generate/role.yaml new file mode 100644 index 0000000..a438d9a --- /dev/null +++ b/apps/clouds/hcloud-ccm/generate/role.yaml @@ -0,0 +1,51 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:cloud-controller-manager-hcloud +rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create diff --git a/apps/clouds/hcloud-ccm/generate/rolebinding.yaml b/apps/clouds/hcloud-ccm/generate/rolebinding.yaml new file mode 100644 index 0000000..0e96c71 --- /dev/null +++ b/apps/clouds/hcloud-ccm/generate/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: system:cloud-controller-manager:extension-apiserver-authentication-reader-hcloud + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - kind: ServiceAccount + name: cloud-controller-manager-hcloud + namespace: kube-system diff --git a/apps/clouds/hcloud-ccm/kustomization.yaml b/apps/clouds/hcloud-ccm/kustomization.yaml new file mode 100644 index 0000000..123e348 --- /dev/null +++ b/apps/clouds/hcloud-ccm/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./fluxcd.yaml diff --git a/apps/clouds/hcloud-csi/app/hcloud-csi.yaml b/apps/clouds/hcloud-csi/app/hcloud-csi.yaml new file mode 100644 index 0000000..a76649d --- /dev/null +++ b/apps/clouds/hcloud-csi/app/hcloud-csi.yaml @@ -0,0 +1,457 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.11.0 + name: hcloud-csi-controller + namespace: csi-hcloud +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.11.0 + name: hcloud-csi-controller +rules: + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - csi.storage.k8s.io + resources: + - csinodeinfos + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch + - create + - delete + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + - persistentvolumeclaims/status + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.11.0 + name: hcloud-csi-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: hcloud-csi-controller +subjects: + - kind: ServiceAccount + name: hcloud-csi-controller + namespace: csi-hcloud +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: hcloud-csi-controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.11.0 + name: hcloud-csi-controller + namespace: csi-hcloud +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/name: hcloud-csi + strategy: + type: RollingUpdate + template: + metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.11.0 + spec: + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: node.cloudprovider.kubernetes.io/platform + operator: In + values: + - hcloud + weight: 100 + containers: + - args: + - --default-fstype=ext4 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 + imagePullPolicy: IfNotPresent + name: csi-attacher + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + - image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 + imagePullPolicy: IfNotPresent + name: csi-resizer + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + - args: + - --feature-gates=Topology=true + - --default-fstype=ext4 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 + imagePullPolicy: IfNotPresent + name: csi-provisioner + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + - image: registry.k8s.io/sig-storage/livenessprobe:v2.14.0 + imagePullPolicy: IfNotPresent + name: liveness-probe + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + - command: + - /bin/hcloud-csi-driver-controller + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: ENABLE_METRICS + value: "false" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: HCLOUD_TOKEN + valueFrom: + secretKeyRef: + key: token + name: hcloud + image: docker.io/hetznercloud/hcloud-csi-driver:v2.11.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + name: hcloud-csi-driver + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: socket-dir + initContainers: null + nodeSelector: + node-role.kubernetes.io/control-plane: "" + priorityClassName: system-cluster-critical + securityContext: + fsGroup: 1001 + serviceAccountName: hcloud-csi-controller + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + - effect: NoSchedule + key: node.kubernetes.io/disk-pressure + operator: Exists + volumes: + - emptyDir: {} + name: socket-dir +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: hcloud-csi + app.kubernetes.io/component: node + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.11.0 + name: hcloud-csi-node + namespace: csi-hcloud +spec: + selector: + matchLabels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/name: hcloud-csi + template: + metadata: + labels: + app.kubernetes.io/component: node + app.kubernetes.io/instance: hcloud-csi + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: hcloud-csi + helm.sh/chart: hcloud-csi-2.11.0 + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: instance.hetzner.cloud/is-root-server + operator: NotIn + values: + - "true" + - key: instance.hetzner.cloud/provided-by + operator: NotIn + values: + - robot + containers: + - args: + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 + imagePullPolicy: IfNotPresent + name: csi-node-driver-registrar + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - image: registry.k8s.io/sig-storage/livenessprobe:v2.14.0 + imagePullPolicy: IfNotPresent + name: liveness-probe + resources: + limits: {} + requests: {} + volumeMounts: + - mountPath: /run/csi + name: plugin-dir + - command: + - /bin/hcloud-csi-driver-node + env: + - name: CSI_ENDPOINT + value: unix:///run/csi/socket + - name: ENABLE_METRICS + value: "false" + image: docker.io/hetznercloud/hcloud-csi-driver:v2.11.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 3 + name: hcloud-csi-driver + ports: + - containerPort: 9808 + name: healthz + protocol: TCP + resources: + limits: {} + requests: {} + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/kubelet + mountPropagation: Bidirectional + name: kubelet-dir + - mountPath: /run/csi + name: plugin-dir + - mountPath: /dev + name: device-dir + initContainers: null + nodeSelector: + node.cloudprovider.kubernetes.io/platform: hcloud + priorityClassName: system-node-critical + securityContext: + fsGroup: 1001 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + - effect: NoSchedule + key: node.kubernetes.io/disk-pressure + operator: Exists + - effect: NoSchedule + key: node.kubernetes.io/unschedulable + operator: Exists + volumes: + - hostPath: + path: /var/lib/kubelet + type: Directory + name: kubelet-dir + - hostPath: + path: /var/lib/kubelet/plugins/csi.hetzner.cloud/ + type: DirectoryOrCreate + name: plugin-dir + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + name: registration-dir + - hostPath: + path: /dev + type: Directory + name: device-dir + updateStrategy: + type: RollingUpdate +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.hetzner.cloud +spec: + attachRequired: true + fsGroupPolicy: File + podInfoOnMount: true + seLinuxMount: true + volumeLifecycleModes: + - Persistent diff --git a/apps/clouds/hcloud-csi/app/kustomization.yaml b/apps/clouds/hcloud-csi/app/kustomization.yaml new file mode 100644 index 0000000..14525a3 --- /dev/null +++ b/apps/clouds/hcloud-csi/app/kustomization.yaml @@ -0,0 +1,8 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +generatorOptions: + disableNameSuffixHash: true +resources: + - ./hcloud-csi.yaml diff --git a/apps/clouds/hcloud-csi/fluxcd.yaml b/apps/clouds/hcloud-csi/fluxcd.yaml new file mode 100644 index 0000000..eb945f2 --- /dev/null +++ b/apps/clouds/hcloud-csi/fluxcd.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app hcloud-csi + namespace: flux-system +spec: + targetNamespace: csi-hcloud + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./apps/clouds/hcloud-csi/app + prune: true + sourceRef: + kind: GitRepository + name: gitops-clusters + wait: true + interval: 30m + retryInterval: 5m diff --git a/apps/clouds/hcloud-csi/generate/.gitignore b/apps/clouds/hcloud-csi/generate/.gitignore new file mode 100644 index 0000000..711a39c --- /dev/null +++ b/apps/clouds/hcloud-csi/generate/.gitignore @@ -0,0 +1 @@ +charts/ \ No newline at end of file diff --git a/apps/clouds/hcloud-csi/generate/kustomization.yaml b/apps/clouds/hcloud-csi/generate/kustomization.yaml new file mode 100644 index 0000000..10cf1c7 --- /dev/null +++ b/apps/clouds/hcloud-csi/generate/kustomization.yaml @@ -0,0 +1,59 @@ +--- +# kubectl kustomize --enable-helm apps/clouds/hcloud-csi/generate > apps/clouds/hcloud-csi/app/hcloud-csi.yaml +# +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +helmCharts: + - name: hcloud-csi + valuesInline: + storageClasses: [] + + controller: + priorityClassName: system-cluster-critical + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: node.cloudprovider.kubernetes.io/platform + operator: In + values: + - hcloud + weight: 100 + nodeSelector: + node-role.kubernetes.io/control-plane: "" + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + - key: node.kubernetes.io/disk-pressure + operator: Exists + effect: NoSchedule + + node: + priorityClassName: system-node-critical + nodeSelector: + node.cloudprovider.kubernetes.io/platform: hcloud + tolerations: + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + - key: node.kubernetes.io/disk-pressure + operator: Exists + effect: NoSchedule + - key: node.kubernetes.io/unschedulable + operator: Exists + effect: NoSchedule + + releaseName: hcloud-csi + version: 2.11.0 + repo: https://charts.hetzner.cloud +namespace: csi-hcloud +patches: + [] + # - patch: | + # - op: replace + # path: /roleRef/name + # value: system:cloud-controller-manager-hcloud + # target: + # kind: ClusterRoleBinding + # name: system:cloud-controller-manager-hcloud diff --git a/apps/clouds/hcloud-csi/kustomization.yaml b/apps/clouds/hcloud-csi/kustomization.yaml new file mode 100644 index 0000000..d30b004 --- /dev/null +++ b/apps/clouds/hcloud-csi/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./fluxcd.yaml + - ./namespace.yaml diff --git a/apps/clouds/hcloud-csi/namespace.yaml b/apps/clouds/hcloud-csi/namespace.yaml new file mode 100644 index 0000000..afd9f96 --- /dev/null +++ b/apps/clouds/hcloud-csi/namespace.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: csi-hcloud + annotations: + kustomize.toolkit.fluxcd.io/prune: disabled + labels: + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/enforce-version: latest