diff --git a/packs/trident-operator-26.02.0/README.md b/packs/trident-operator-26.02.0/README.md new file mode 100644 index 00000000..0f246c1a --- /dev/null +++ b/packs/trident-operator-26.02.0/README.md @@ -0,0 +1,24 @@ +NetApp Trident + +[![Support](https://img.shields.io/badge/support-official-0067C5.svg)](http://mysupport.netapp.com/info/web/ECMLP2619434.html) +[![Chat](https://img.shields.io/badge/chat-slack-4C9689.svg)](http://netapp.io/slack/) +[![GitHub last commit](https://img.shields.io/github/last-commit/netapp/trident.svg)](https://github.com/NetApp/trident/commits) +[![license](https://img.shields.io/github/license/netapp/trident.svg)](LICENSE) +[![Docs](https://img.shields.io/badge/docs-official-0067C5.svg)](https://docs.netapp.com/us-en/trident/index.html) +[![Go Report Card](https://goreportcard.com/badge/github.com/netapp/trident)](https://goreportcard.com/report/github.com/netapp/trident) + +Trident is a fully supported open source project maintained by [NetApp](https://www.netapp.com). It has been designed +from the ground up to help you meet your containerized applications' persistence demands using industry-standard +interfaces, such as the [Container Storage Interface (CSI)](https://kubernetes-csi.github.io/docs/introduction.html). + +Trident deploys in Kubernetes clusters as pods and provides dynamic storage orchestration services for your Kubernetes workloads. It enables your containerized applications to quickly and easily consume persistent storage from NetApp’s broad portfolio that +includes [ONTAP](https://www.netapp.com/data-management/ontap-data-management-software) (AFF/FAS/Select/Cloud), [Element](https://www.netapp.com/data-management/element-software) (HCI/SolidFire), as well as the [Azure NetApp Files](https://www.netapp.com/azure/azure-netapp-files/) +service, [Google Cloud NetApp Volumes](https://www.netapp.com/google-cloud/netapp-volumes/), and [Amazon FSx for ONTAP](https://www.netapp.com/aws/fsx-ontap/). + +Trident features also address data protection, disaster recovery, portability, and migration use cases for +Kubernetes workloads leveraging NetApp's industry-leading data management technology for snapshots, backups, +replication, and cloning. + +Detailed documentation for Trident can be found [here](https://docs.netapp.com/us-en/trident/index.html). + +See [NetApp's Support site](https://mysupport.netapp.com/site/info/version-support) for details on Trident's support policy under the [Trident's Release and Support Lifecycle](https://mysupport.netapp.com/site/info/trident-support) tab. diff --git a/packs/trident-operator-26.02.0/charts/trident-operator-100.2602.0.tgz b/packs/trident-operator-26.02.0/charts/trident-operator-100.2602.0.tgz new file mode 100644 index 00000000..5aad9ff6 Binary files /dev/null and b/packs/trident-operator-26.02.0/charts/trident-operator-100.2602.0.tgz differ diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/.helmignore b/packs/trident-operator-26.02.0/charts/trident-operator/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/Chart.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/Chart.yaml new file mode 100644 index 00000000..82160961 --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +appVersion: 26.02.0 +description: A Helm chart for deploying NetApp's Trident CSI storage provisioner using + the Trident Operator. +home: https://github.com/NetApp/trident +icon: https://raw.githubusercontent.com/NetApp/trident/master/logo/trident.png +keywords: +- NetApp +- Trident +- operator +- CSI +kubeVersion: '>= 1.24.0-0' +name: trident-operator +type: application +version: 100.2602.0 diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/README.md b/packs/trident-operator-26.02.0/charts/trident-operator/README.md new file mode 100644 index 00000000..0f246c1a --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/README.md @@ -0,0 +1,24 @@ +NetApp Trident + +[![Support](https://img.shields.io/badge/support-official-0067C5.svg)](http://mysupport.netapp.com/info/web/ECMLP2619434.html) +[![Chat](https://img.shields.io/badge/chat-slack-4C9689.svg)](http://netapp.io/slack/) +[![GitHub last commit](https://img.shields.io/github/last-commit/netapp/trident.svg)](https://github.com/NetApp/trident/commits) +[![license](https://img.shields.io/github/license/netapp/trident.svg)](LICENSE) +[![Docs](https://img.shields.io/badge/docs-official-0067C5.svg)](https://docs.netapp.com/us-en/trident/index.html) +[![Go Report Card](https://goreportcard.com/badge/github.com/netapp/trident)](https://goreportcard.com/report/github.com/netapp/trident) + +Trident is a fully supported open source project maintained by [NetApp](https://www.netapp.com). It has been designed +from the ground up to help you meet your containerized applications' persistence demands using industry-standard +interfaces, such as the [Container Storage Interface (CSI)](https://kubernetes-csi.github.io/docs/introduction.html). + +Trident deploys in Kubernetes clusters as pods and provides dynamic storage orchestration services for your Kubernetes workloads. It enables your containerized applications to quickly and easily consume persistent storage from NetApp’s broad portfolio that +includes [ONTAP](https://www.netapp.com/data-management/ontap-data-management-software) (AFF/FAS/Select/Cloud), [Element](https://www.netapp.com/data-management/element-software) (HCI/SolidFire), as well as the [Azure NetApp Files](https://www.netapp.com/azure/azure-netapp-files/) +service, [Google Cloud NetApp Volumes](https://www.netapp.com/google-cloud/netapp-volumes/), and [Amazon FSx for ONTAP](https://www.netapp.com/aws/fsx-ontap/). + +Trident features also address data protection, disaster recovery, portability, and migration use cases for +Kubernetes workloads leveraging NetApp's industry-leading data management technology for snapshots, backups, +replication, and cloning. + +Detailed documentation for Trident can be found [here](https://docs.netapp.com/us-en/trident/index.html). + +See [NetApp's Support site](https://mysupport.netapp.com/site/info/version-support) for details on Trident's support policy under the [Trident's Release and Support Lifecycle](https://mysupport.netapp.com/site/info/trident-support) tab. diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/crds/tridentconfigurators.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/crds/tridentconfigurators.yaml new file mode 100644 index 00000000..f3aa8971 --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/crds/tridentconfigurators.yaml @@ -0,0 +1,54 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: tridentconfigurators.trident.netapp.io +spec: + group: trident.netapp.io + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Phase + type: string + description: The backend config phase + priority: 0 + jsonPath: .status.phase + - name: Status + type: string + description: The result of the last operation + priority: 0 + jsonPath: .status.lastOperationStatus + - name: Cloud Provider + type: string + description: The name of cloud provider + priority: 0 + jsonPath: .status.cloudProvider + - name: Storage Driver + type: string + description: The storage driver type + priority: 1 + jsonPath: .spec.storageDriverName + - name: Deletion Policy + type: string + description: The deletion policy + priority: 1 + jsonPath: .status.deletionPolicy + scope: Cluster + names: + plural: tridentconfigurators + singular: tridentconfigurator + kind: TridentConfigurator + shortNames: + - tconf + - tconfigurator + categories: + - trident + - trident-internal + - trident-external \ No newline at end of file diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/crds/tridentorchestrators.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/crds/tridentorchestrators.yaml new file mode 100644 index 00000000..f16b855c --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/crds/tridentorchestrators.yaml @@ -0,0 +1,25 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: tridentorchestrators.trident.netapp.io +spec: + group: trident.netapp.io + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + names: + kind: TridentOrchestrator + listKind: TridentOrchestratorList + plural: tridentorchestrators + singular: tridentorchestrator + shortNames: + - torc + - torchestrator + scope: Cluster diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/NOTES.txt b/packs/trident-operator-26.02.0/charts/trident-operator/templates/NOTES.txt new file mode 100644 index 00000000..acb0dd88 --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/NOTES.txt @@ -0,0 +1,18 @@ + +Thank you for installing {{ .Chart.Name }}, which will deploy and manage NetApp's Trident CSI +storage provisioner for Kubernetes. + +Your release is named '{{ .Release.Name }}' and is installed into the '{{ .Release.Namespace }}' namespace. +Please note that there must be only one instance of Trident (and trident-operator) in a Kubernetes cluster. + +To configure Trident to manage storage resources, you will now need to configure at least one storage +backend and add a matching storageClass. + +Examples of backend and storageClass definitions are available at official NetApp Trident documentation. + +Further, You may find all Trident releases and source code online at {{ .Chart.Home }}. + +To learn more about the release, try: + + $ helm status {{ .Release.Name }} + $ helm get all {{ .Release.Name }} diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/_helpers.tpl b/packs/trident-operator-26.02.0/charts/trident-operator/templates/_helpers.tpl new file mode 100644 index 00000000..bbf3dc01 --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/_helpers.tpl @@ -0,0 +1,416 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "trident.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "trident.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "trident.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "trident.labels" -}} +helm.sh/chart: {{ include "trident.chart" . }} +{{ include "trident.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "trident.selectorLabels" -}} +app.kubernetes.io/name: {{ include "trident.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Trident operator level +*/}} +{{- define "trident-operator.logLevel" -}} +{{- .Values.operatorLogLevel }} +{{- end }} + +{{/* +Trident operator debug +*/}} +{{- define "trident-operator.debug" -}} +{{- .Values.operatorDebug }} +{{- end }} + +{{/* +Trident operator image +*/}} +{{- define "trident-operator.image" -}} +{{- if .Values.operatorImage }} +{{- .Values.operatorImage }} +{{- else if .Values.imageRegistry }} +{{- .Values.imageRegistry }}/trident-operator:{{ .Values.operatorImageTag | default .Chart.AppVersion }} +{{- else }} +{{- "" }}docker.io/netapp/trident-operator:{{ .Values.operatorImageTag | default .Chart.AppVersion }} +{{- end }} +{{- end }} + +{{/* +Trident force detach +*/}} +{{- define "trident.enableForceDetach" -}} +{{- if .Values.enableForceDetach | printf "%v" | eq "true" }} +{{- "true" }} +{{- else }} +{{- "false" }} +{{- end }} +{{- end }} + +{{/* +Trident IPv6 +*/}} +{{- define "trident.IPv6" -}} +{{- if .Values.tridentIPv6 | printf "%v" | eq "true" }} +{{- "true" }} +{{- else }} +{{- "false" }} +{{- end }} +{{- end }} + +{{/* +Trident SilenceAutosupport +*/}} +{{- define "trident.silenceAutosupport" -}} +{{- if .Values.tridentSilenceAutosupport | printf "%v" | eq "true" }} +{{- "true" }} +{{- else }} +{{- "false" }} +{{- end }} +{{- end }} + +{{/* +Trident ExcludeAutosupport +*/}} +{{- define "trident.excludeAutosupport" -}} +{{- if .Values.tridentExcludeAutosupport | printf "%v" | eq "true" }} +{{- "true" }} +{{- else }} +{{- "false" }} +{{- end }} +{{- end }} + +Trident AutoSupport image +*/}} +{{- define "trident.autosupportImage" -}} +{{- if .Values.tridentAutosupportImage }} +{{- .Values.tridentAutosupportImage }} +{{- else if .Values.imageRegistry }} +{{- .Values.imageRegistry }}/trident-autosupport:{{ .Values.tridentAutosupportImageTag | default .Chart.AppVersion | trunc 5}} +{{- else }} +{{- "" }}docker.io/netapp/trident-autosupport:{{ .Values.tridentAutosupportImageTag | default .Chart.AppVersion | trunc 5}} +{{- end }} +{{- end }} + +{{/* +Trident log level +*/}} +{{- define "trident.logLevel" -}} +{{- .Values.tridentLogLevel }} +{{- end }} + +{{/* +Trident debug (equivalent to debug level) +*/}} +{{- define "trident.debug" -}} +{{- .Values.tridentDebug }} +{{- end }} + +{{/* +Trident logging workflows +*/}} +{{- define "trident.logWorkflows" -}} +{{- .Values.tridentLogWorkflows }} +{{- end }} + +{{/* +Trident logging layers +*/}} +{{- define "trident.logLayers" -}} +{{- .Values.tridentLogLayers }} +{{- end }} + +{{/* +Trident log format +*/}} +{{- define "trident.logFormat" -}} +{{- if eq .Values.tridentLogFormat "json" }} +{{- .Values.tridentLogFormat }} +{{- else }} +{{- "text" }} +{{- end }} +{{- end }} + +{{/* +Trident audit log +*/}} +{{- define "trident.disableAuditLog" -}} +{{- if .Values.tridentDisableAuditLog | printf "%v" | eq "true" }} +{{- "true" }} +{{- else }} +{{- "false" }} +{{- end }} +{{- end }} + +{{/* +Trident probe port +*/}} +{{- define "trident.probePort" -}} +{{- if eq .Values.tridentProbePort "json" }} +{{- .Values.tridentProbePort }} +{{- else }} +{{- 17546 }} +{{- end }} +{{- end }} + +{{/* +Trident image +*/}} +{{- define "trident.image" -}} +{{- if .Values.tridentImage }} +{{- .Values.tridentImage }} +{{- else if .Values.imageRegistry }} +{{- .Values.imageRegistry }}/trident:{{ .Values.tridentImageTag | default .Chart.AppVersion }} +{{- else }} +{{- "" }}docker.io/netapp/trident:{{ .Values.tridentImageTag | default .Chart.AppVersion }} +{{- end }} +{{- end }} + +{{/* +Trident image pull policy +*/}} +{{- define "imagePullPolicy" -}} +{{- if .Values.imagePullPolicy }} +{{- .Values.imagePullPolicy }} +{{- else }} +{{- "IfNotPresent" }} +{{- end }} +{{- end }} + +{{/* +Determines if rancher roles should be created by checking for the presence of the cattle-system namespace +or annotations with the prefix "cattle.io/" in the namespace where the chart is being installed. +Override auto-detection and force install the roles by setting Values.forceInstallRancherClusterRoles to 'true'. +*/}} +{{- define "shouldInstallRancherRoles" -}} +{{- $isRancher := false -}} +{{- $currentNs := .Release.Namespace -}} +{{- $currentNsObj := lookup "v1" "Namespace" "" $currentNs -}} +{{- /* Check if 'forceInstallRancherClusterRoles' is set */ -}} +{{- if .Values.forceInstallRancherClusterRoles }} + {{- $isRancher = true -}} +{{- end }} +{{- /* Check if the annotation prefix "cattle.io/" exists on the namespace */ -}} +{{- if $currentNsObj }} + {{- range $key, $value := $currentNsObj.metadata.annotations }} + {{- if hasPrefix "cattle.io/" $key }} + {{- $isRancher = true -}} + {{- end }} + {{- end }} +{{- end }} +{{- /* Check if cattle-system ns exists */ -}} +{{- $cattleNs := lookup "v1" "Namespace" "" "cattle-system" -}} +{{- if $cattleNs }} + {{- $isRancher = true -}} +{{- end }} +{{- $isRancher -}} +{{- end }} + +{{/* +Helper functions to render resource requests and limits for each container of trident from values.yaml +*/}} +{{- define "trident.resources.controller" -}} +{{- range $key, $val := . }} +{{- $containerName := $key }} +{{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory }} +{{ $containerName }}: +{{- if or $val.requests.cpu $val.requests.memory }} + requests: +{{- if $val.requests.cpu }} + cpu: {{ $val.requests.cpu }} +{{- end }} +{{- if $val.requests.memory }} + memory: {{ $val.requests.memory }} +{{- end }} +{{- end }} +{{- if or $val.limits.cpu $val.limits.memory }} + limits: +{{- if $val.limits.cpu }} + cpu: {{ $val.limits.cpu }} +{{- end }} +{{- if $val.limits.memory }} + memory: {{ $val.limits.memory }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "trident.resources.node.linux" -}} +{{- range $key, $val := . }} +{{- $containerName := $key }} +{{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory }} +{{ $containerName }}: +{{- if or $val.requests.cpu $val.requests.memory }} + requests: +{{- if $val.requests.cpu }} + cpu: {{ $val.requests.cpu }} +{{- end }} +{{- if $val.requests.memory }} + memory: {{ $val.requests.memory }} +{{- end }} +{{- end }} +{{- if or $val.limits.cpu $val.limits.memory }} + limits: +{{- if $val.limits.cpu }} + cpu: {{ $val.limits.cpu }} +{{- end }} +{{- if $val.limits.memory }} + memory: {{ $val.limits.memory }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "trident.resources.node.windows" -}} +{{- range $key, $val := . }} +{{- $containerName := $key }} +{{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory }} +{{ $containerName }}: +{{- if or $val.requests.cpu $val.requests.memory }} + requests: +{{- if $val.requests.cpu }} + cpu: {{ $val.requests.cpu }} +{{- end }} +{{- if $val.requests.memory }} + memory: {{ $val.requests.memory }} +{{- end }} +{{- end }} +{{- if or $val.limits.cpu $val.limits.memory }} + limits: +{{- if $val.limits.cpu }} + cpu: {{ $val.limits.cpu }} +{{- end }} +{{- if $val.limits.memory }} + memory: {{ $val.limits.memory }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Helper functions to check if resources are actually defined (not just empty structure) +*/}} +{{- define "trident.hasControllerResources" -}} + {{- $hasResources := false -}} + {{- if .Values.resources -}} + {{- if .Values.resources.controller -}} + {{- range $key, $val := .Values.resources.controller -}} + {{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory -}} + {{- $hasResources = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- if $hasResources -}}true{{- end -}} +{{- end -}} + +{{- define "trident.hasNodeLinuxResources" -}} + {{- $hasResources := false -}} + {{- if .Values.resources -}} + {{- if .Values.resources.node -}} + {{- if .Values.resources.node.linux -}} + {{- range $key, $val := .Values.resources.node.linux -}} + {{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory -}} + {{- $hasResources = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- if $hasResources -}}true{{- end -}} +{{- end -}} + +{{- define "trident.hasNodeWindowsResources" -}} + {{- $hasResources := false -}} + {{- if .Values.resources -}} + {{- if .Values.resources.node -}} + {{- if .Values.resources.node.windows -}} + {{- range $key, $val := .Values.resources.node.windows -}} + {{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory -}} + {{- $hasResources = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- if $hasResources -}}true{{- end -}} +{{- end -}} + +{{/* +Helper function to check if operator resources are defined +*/}} +{{- define "trident-operator.hasResources" -}} + {{- $val := . -}} + {{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory -}} + true + {{- end -}} +{{- end -}} + +{{/* +Helper function to render resource requests and limits for the operator +*/}} +{{- define "trident-operator.resources" }} +{{- $val := .}} +{{- if or $val.requests.cpu $val.requests.memory }} +requests: +{{- if $val.requests.cpu }} + cpu: {{ $val.requests.cpu }} +{{- end }} +{{- if $val.requests.memory }} + memory: {{ $val.requests.memory }} +{{- end }} +{{- end }} +{{- if or $val.limits.cpu $val.limits.memory }} +limits: +{{- if $val.limits.cpu }} + cpu: {{ $val.limits.cpu }} +{{- end }} +{{- if $val.limits.memory }} + memory: {{ $val.limits.memory }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/clusterrole-rancher.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/templates/clusterrole-rancher.yaml new file mode 100644 index 00000000..6300f2f2 --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/clusterrole-rancher.yaml @@ -0,0 +1,13 @@ +{{- if include "shouldInstallRancherRoles" . | eq "true" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: trident-operator-rancher +rules: + - apiGroups: + - management.cattle.io + resources: + - projects + verbs: + - updatepsa +{{- end }} diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/clusterrole.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/templates/clusterrole.yaml new file mode 100644 index 00000000..92279962 --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/clusterrole.yaml @@ -0,0 +1,458 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: trident-operator + labels: + app: operator.trident.netapp.io +rules: + # Permissions same as Trident + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + - volumesnapshotclasses + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - create + - delete + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots/status + - volumesnapshotcontents/status + verbs: + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshots + verbs: + - list + - apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotclasses + verbs: + - list + - watch + - apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents + verbs: + - get + - list + - watch + - patch + - apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents/status + verbs: + - update + - apiGroups: + - csi.storage.k8s.io + resources: + - csidrivers + - csinodeinfos + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + - csinodes + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - trident.netapp.io + resources: + - tridentversions + - tridentbackends + - tridentstorageclasses + - tridentvolumes + - tridentvolumepublications + - tridentvolumereferences + - tridentnodes + - tridenttransactions + - tridentsnapshots + - tridentbackendconfigs + - tridentbackendconfigs/status + - tridentmirrorrelationships + - tridentmirrorrelationships/status + - tridentactionmirrorupdates + - tridentactionmirrorupdates/status + - tridentsnapshotinfos + - tridentsnapshotinfos/status + - tridentgroupsnapshots + - tridentgroupsnapshots/status + - tridentactionsnapshotrestores + - tridentactionsnapshotrestores/status + - tridentnoderemediations + - tridentnoderemediations/status + - tridentnoderemediationtemplates + - tridentnoderemediationtemplates/status + - tridentprovisioners # Required for Tprov + - tridentprovisioners/status # Required to update Tprov's status section + - tridentorchestrators # Required for torc + - tridentorchestrators/status # Required to update torc's status section + - tridentconfigurators # Required for tconf + - tridentconfigurators/status # Required to update tconf's status section + - tridentautogrowpolicies + - tridentautogrowpolicies/status + - tridentautogrowrequestinternals + - tridentautogrowrequestinternals/status + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - trident-controller + - trident-node-linux + - trident-node-windows + # Now Operator specific permissions + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - patch + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - get + - list + - watch + - create + - apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - delete + - update + - patch + resourceNames: + - trident + - trident-csi + - trident-controller + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - delete + - update + - patch + resourceNames: + - trident + - trident-csi + - trident-csi-windows + - trident-node-linux + - trident-node-windows + - apiGroups: + - "" + resources: + - pods/exec + - services + - serviceaccounts + verbs: + - get + - list + - create + - apiGroups: + - "" + resources: + - pods/exec + - services + verbs: + - delete + - update + - patch + resourceNames: + - trident-csi + - trident + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - delete + - update + - patch + resourceNames: + - trident-controller + - trident-node-linux + - trident-node-windows + - trident-csi + - trident + - apiGroups: + - authorization.openshift.io + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - create + - apiGroups: + - authorization.openshift.io + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - get + - delete + - update + - patch + resourceNames: + - trident-node-remediation-access + - trident-controller + - trident-node-linux + - trident-node-windows + - trident-csi + - trident + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - list + - create + - apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - tridentpods + - trident-controller + - trident-node-linux + - trident-node-windows + verbs: + - delete + - update + - patch + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - get + - list + - create + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + resourceNames: + - trident-controller + - trident-node-linux + - trident-node-windows + - trident + verbs: + - delete + - update + - patch + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - tridentoperatorpods + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/clusterrolebinding-rancher.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/templates/clusterrolebinding-rancher.yaml new file mode 100644 index 00000000..b70fcff9 --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/clusterrolebinding-rancher.yaml @@ -0,0 +1,14 @@ +{{- if include "shouldInstallRancherRoles" . | eq "true" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: trident-operator-rancher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: trident-operator-rancher +subjects: + - kind: ServiceAccount + name: trident-operator + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/clusterrolebinding.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..e6297525 --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: trident-operator + labels: + app: operator.trident.netapp.io +subjects: + - kind: ServiceAccount + name: trident-operator + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: trident-operator + apiGroup: rbac.authorization.k8s.io diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/deployment.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/templates/deployment.yaml new file mode 100644 index 00000000..c57bb587 --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/deployment.yaml @@ -0,0 +1,82 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: +{{- if .Values.deploymentAnnotations }} + annotations: +{{ toYaml .Values.deploymentAnnotations | indent 4 }} +{{- end }} + labels: + app: operator.trident.netapp.io + name: trident-operator + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: operator.trident.netapp.io + name: trident-operator + template: + metadata: + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + labels: + app: operator.trident.netapp.io + name: trident-operator + {{- if and (eq .Values.cloudProvider "Azure") (ne .Values.cloudIdentity "") }} + azure.workload.identity/use: 'true' + {{- end }} + spec: + {{- if .Values.affinity }} + affinity: +{{- toYaml .Values.affinity | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + serviceAccountName: trident-operator + containers: + - command: + - /trident-operator + {{- if or .Values.anfConfigurator.enabled .Values.ontapConfigurator.enabled }} + - -configurator-reconcile-interval={{ .Values.configuratorReconcileInterval }} + {{- end }} + {{- if .Values.operatorDebug }} + - -debug + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: trident-operator + {{- if and (eq .Values.cloudProvider "Azure") (eq .Values.cloudIdentity "") }} + - name: AZURE_CREDENTIAL_FILE + value: /etc/kubernetes/azure.json + volumeMounts: + - name: azure-cred + mountPath: /etc/kubernetes + {{- end }} + image: {{ include "trident-operator.image" $ }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + name: trident-operator + {{- if (include "trident-operator.hasResources" .Values.resources.operator) }} + resources: + {{- include "trident-operator.resources" .Values.resources.operator | indent 10 }} + {{- end }} + {{- if and (eq .Values.cloudProvider "Azure") (eq .Values.cloudIdentity "") }} + volumes: + - name: azure-cred + hostPath: + path: /etc/kubernetes + type: DirectoryOrCreate + {{- end }} diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/postdeletecrdshook.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/templates/postdeletecrdshook.yaml new file mode 100644 index 00000000..a9ee84dd --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/postdeletecrdshook.yaml @@ -0,0 +1,82 @@ +{{- if or .Values.cleanupCrds }} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: post-delete-service-account + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "-10" + "helm.sh/hook-delete-policy": hook-succeeded + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: post-delete-cluster-role + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "-9" + "helm.sh/hook-delete-policy": hook-succeeded +rules: +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "delete", "patch"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: post-delete-cluster-rolebinding + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "-8" + "helm.sh/hook-delete-policy": hook-succeeded +subjects: +- kind: ServiceAccount + name: post-delete-service-account + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: post-delete-cluster-role + apiGroup: rbac.authorization.k8s.io + +--- + +apiVersion: batch/v1 +kind: Job +metadata: + name: post-delete-hook + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed +spec: + template: + spec: + serviceAccountName: post-delete-service-account + containers: + - name: post-delete-container + image: {{ .Values.helmHookImage }} + command: + - sh + - -c + - | + set -x + kubectl patch crd tridentorchestrators.trident.netapp.io -p '{"metadata":{"finalizers":[]}}' --type=merge + kubectl delete crd tridentorchestrators.trident.netapp.io + kubectl patch crd tridentconfigurators.trident.netapp.io -p '{"metadata":{"finalizers":[]}}' --type=merge + kubectl delete crd tridentconfigurators.trident.netapp.io + restartPolicy: Never + backoffLimit: 4 + +{{- end }} \ No newline at end of file diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/postinstallupgradehook.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/templates/postinstallupgradehook.yaml new file mode 100644 index 00000000..103b2b15 --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/postinstallupgradehook.yaml @@ -0,0 +1,70 @@ +{{- if or .Values.anfConfigurator.enabled .Values.ontapConfigurator.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: trident-operator + namespace: {{ .Release.Namespace }} +spec: + selector: + app: operator.trident.netapp.io + ports: + - name: http + protocol: TCP + port: 8000 + targetPort: 8002 +--- +apiVersion: v1 +kind: Pod +metadata: + name: trident-post-install-upgrade-hook + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed +spec: + restartPolicy: Never + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | nindent 4 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | nindent 4 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | nindent 4 }} + {{- end }} + initContainers: + - name: init-container-1 + image: {{ include "trident.image" $ }} + command: + - tridentctl + - --debug + - -s + - 127.0.0.1:8000 + - check + - operator + - --timeout + - "7200" # Keeping it 12 mins as AKS extension script has an upper limit of 15 mins. + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + containers: + - name: trident-post-hook + image: {{ include "trident.image" $ }} + command: + - tridentctl + - --debug + - -s + - 127.0.0.1:8000 + - check + - operator + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/predeletecrdshook.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/templates/predeletecrdshook.yaml new file mode 100644 index 00000000..507b38df --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/predeletecrdshook.yaml @@ -0,0 +1,41 @@ +{{- if or .Values.cleanupCrds }} + +apiVersion: batch/v1 +kind: Job +metadata: + name: pre-delete-hook + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed +spec: + template: + spec: + serviceAccountName: trident-operator + containers: + - name: pre-delete-container + image: {{ .Values.helmHookImage }} + command: + - sh + - -c + - | + set -x + if kubectl get torc trident -n trident; then + kubectl patch torc trident -n trident --type=merge -p '{"spec":{"wipeout":["crds"],"uninstall":true, "skipCRDsToObliviate":["tridentorchestrators.trident.netapp.io", "tridentconfigurators.trident.netapp.io"]}}' + while kubectl get crds | grep '.trident.netapp.io' | grep -v -e 'tridentorchestrators.trident.netapp.io' -e 'tridentconfigurators.trident.netapp.io'; do + echo 'Waiting for CRDs to be deleted...' + sleep 5 + done + else + echo 'Trident orchestrator does not exist.' + fi + restartPolicy: Never + backoffLimit: 4 + +{{- end }} diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/serviceaccount.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/templates/serviceaccount.yaml new file mode 100644 index 00000000..7a73016d --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/serviceaccount.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: trident-operator + namespace: {{ .Release.Namespace }} + {{- if and (ne .Values.cloudIdentity "") (ne .Values.cloudProvider "") }} + {{- $cloudIdentity := trimPrefix "'" .Values.cloudIdentity }} + {{- $cloudIdentity = trimSuffix "'" $cloudIdentity }} + {{- $cloudIdentityPair := regexSplit ": " $cloudIdentity 2 }} + annotations: + {{ first $cloudIdentityPair }}: {{ last $cloudIdentityPair }} + {{- end }} + labels: + app: operator.trident.netapp.io +{{- if .Values.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.imagePullSecrets }} +- name: {{ . }} +{{- end }} +{{- end }} diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/tridentconfigurator.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/templates/tridentconfigurator.yaml new file mode 100644 index 00000000..8496eb5e --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/tridentconfigurator.yaml @@ -0,0 +1,111 @@ +{{- if .Values.anfConfigurator.enabled }} +apiVersion: trident.netapp.io/v1 +kind: TridentConfigurator +metadata: + name: netapp-anf-backend-configurator +spec: + storageDriverName: azure-netapp-files + {{- if eq .Values.cloudProvider "" }} + tenantID: {{ .Values.anfConfigurator.tenantID }} + clientCredentials: {{ .Values.anfConfigurator.clientCredentials }} + {{- end }} + {{- if or (eq .Values.cloudProvider "") (and (eq .Values.cloudProvider "Azure") (ne .Values.cloudIdentity "")) }} + subscriptionID: {{ .Values.anfConfigurator.subscriptionID }} + location: {{ .Values.anfConfigurator.location }} + {{- end }} + virtualNetwork: {{ .Values.anfConfigurator.virtualNetwork }} + subnet: {{ .Values.anfConfigurator.subnet }} + capacityPools: + {{- range .Values.anfConfigurator.capacityPools }} + - {{ . }} + {{- end }} + netappAccounts: + {{- range .Values.anfConfigurator.netappAccounts }} + - {{ . }} + {{- end }} + resourceGroups: + {{- range .Values.anfConfigurator.resourceGroups }} + - {{ . }} + {{- end }} + customerEncryptionKeys: + {{- range $key, $value := .Values.anfConfigurator.customerEncryptionKeys }} + {{ $key }}: {{ $value }} + {{- end }} +{{- end }} + +--- + +{{- if .Values.ontapConfigurator.enabled }} +{{- $includeCR := false }} +{{- range .Values.ontapConfigurator.svms }} + {{- if or (has "nfs" .protocols) (has "smb" .protocols) }} + {{- $includeCR = true }} + {{- end }} +{{- end }} + +{{- if $includeCR }} +apiVersion: trident.netapp.io/v1 +kind: TridentConfigurator +metadata: + name: netapp-nas-backend-configurator +spec: + storageDriverName: ontap-nas + svms: + {{- range .Values.ontapConfigurator.svms }} + {{- if or (has "nfs" .protocols) (has "smb" .protocols) }} + - fsxnID: {{ .fsxnID | quote }} + protocols: + {{- $filteredProtocols := list }} + {{- range .protocols }} + {{- if or (eq . "nfs") (eq . "smb") }} + {{- $filteredProtocols = append $filteredProtocols . }} + {{- end }} + {{- end }} + {{- range $filteredProtocols }} + - {{ . | quote }} + {{- end }} + svmName: {{ .svmName | quote }} + authType: {{ .authType | default "awsarn" | quote }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} + + +--- + +{{- if .Values.ontapConfigurator.enabled }} +{{- $includeCR := false }} +{{- range .Values.ontapConfigurator.svms }} + {{- if or (has "iscsi" .protocols) (has "nvme" .protocols) }} + {{- $includeCR = true }} + {{- end }} +{{- end }} + +{{- if $includeCR }} +apiVersion: trident.netapp.io/v1 +kind: TridentConfigurator +metadata: + name: netapp-san-backend-configurator +spec: + storageDriverName: ontap-san + svms: + {{- range .Values.ontapConfigurator.svms }} + {{- if or (has "iscsi" .protocols) (has "nvme" .protocols) }} + - fsxnID: {{ .fsxnID | quote }} + protocols: + {{- $filteredProtocols := list }} + {{- range .protocols }} + {{- if or (eq . "iscsi") (eq . "nvme") }} + {{- $filteredProtocols = append $filteredProtocols . }} + {{- end }} + {{- end }} + {{- range $filteredProtocols }} + - {{ . | quote }} + {{- end }} + svmName: {{ .svmName | quote }} + authType: {{ .authType | default "awsarn" | quote }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/templates/tridentorchestrator.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/templates/tridentorchestrator.yaml new file mode 100644 index 00000000..5f5038df --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/templates/tridentorchestrator.yaml @@ -0,0 +1,108 @@ +apiVersion: trident.netapp.io/v1 +kind: TridentOrchestrator +metadata: + name: trident +spec: + namespace: {{ .Release.Namespace }} + enableForceDetach: {{ include "trident.enableForceDetach" $ }} + IPv6: {{ include "trident.IPv6" $ }} + k8sTimeout: {{ .Values.tridentK8sTimeout }} + httpRequestTimeout: {{ .Values.tridentHttpRequestTimeout }} + silenceAutosupport: {{ include "trident.silenceAutosupport" $ }} + {{- if .Values.tridentExcludeAutosupport }} + excludeAutosupport: {{ .Values.tridentExcludeAutosupport }} + {{- end }} + autosupportImage: {{ include "trident.autosupportImage" $ }} + autosupportProxy: {{ .Values.tridentAutosupportProxy }} + autosupportInsecure: {{ .Values.tridentAutosupportInsecure }} + logFormat: {{ include "trident.logFormat" $ }} + disableAuditLog: {{ include "trident.disableAuditLog" $ }} + {{- if .Values.tridentDebug }} + debug: {{ .Values.tridentDebug }} + {{- end }} + {{- if .Values.tridentLogLevel }} + logLevel: {{ .Values.tridentLogLevel }} + {{- end }} + logWorkflows: {{ include "trident.logWorkflows" $ }} + logLayers: {{ include "trident.logLayers" $ }} + probePort: {{ include "trident.probePort" $ }} + tridentImage: {{ include "trident.image" $ }} + {{- if .Values.imageRegistry }} + imageRegistry: {{ .Values.imageRegistry }} + {{- end }} + kubeletDir: {{ .Values.kubeletDir }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- if .Values.tridentControllerPluginNodeSelector }} + controllerPluginNodeSelector: + {{- range $key, $value := .Values.tridentControllerPluginNodeSelector }} + {{ $key }}: "{{ $value }}" + {{- end }} + {{- end }} + {{- if .Values.tridentControllerPluginTolerations }} + controllerPluginTolerations: + {{- range $value := .Values.tridentControllerPluginTolerations }} + - {{- range $k, $v := $value }} + {{ $k }}: "{{ $v }}" + {{- end}} + {{- end}} + {{- end }} + {{- if .Values.tridentNodePluginNodeSelector }} + nodePluginNodeSelector: + {{- range $key, $value := .Values.tridentNodePluginNodeSelector }} + {{ $key }}: "{{ $value }}" + {{- end }} + {{- end }} + {{- if .Values.tridentNodePluginTolerations }} + nodePluginTolerations: + {{- range $value := .Values.tridentNodePluginTolerations }} + - {{- range $k, $v := $value }} + {{ $k }}: "{{ $v }}" + {{- end}} + {{- end}} + {{- end }} + imagePullPolicy: {{ include "imagePullPolicy" $ }} + windows: {{ .Values.windows }} + cloudProvider: {{ .Values.cloudProvider }} + cloudIdentity: {{ .Values.cloudIdentity }} + enableACP: {{ .Values.enableACP }} + acpImage: {{ .Values.acpImage }} + httpsMetrics: {{ .Values.httpsMetrics }} + enableAutoBackendConfig: {{ or .Values.ontapConfigurator.enabled .Values.anfConfigurator.enabled }} + iscsiSelfHealingInterval: {{ .Values.iscsiSelfHealingInterval }} + iscsiSelfHealingWaitTime: {{ .Values.iscsiSelfHealingWaitTime }} + {{- if .Values.k8sAPIQPS }} + k8sAPIQPS: {{ .Values.k8sAPIQPS }} + {{- end }} + {{- if .Values.fsGroupPolicy }} + fsGroupPolicy: {{ .Values.fsGroupPolicy }} + {{- end }} + {{- if .Values.nodePrep }} + nodePrep: {{- range .Values.nodePrep }} + - {{.}} {{- end }} + {{- end }} + enableConcurrency: {{ .Values.enableConcurrency }} + {{- if .Values.skipCRDsToObliviate }} + skipCRDsToObliviate: {{- range .Values.skipCRDsToObliviate }} + - {{.}} {{- end }} + {{- end }} + {{ if or (include "trident.hasControllerResources" .) (include "trident.hasNodeLinuxResources" .) (include "trident.hasNodeWindowsResources" .) -}} + resources: + {{ if include "trident.hasControllerResources" . -}} + controller: {{ include "trident.resources.controller" .Values.resources.controller | indent 6 }} + {{- end }} + {{ if or (include "trident.hasNodeLinuxResources" .) (include "trident.hasNodeWindowsResources" .) -}} + node: + {{ if include "trident.hasNodeLinuxResources" . -}} + linux: {{ include "trident.resources.node.linux" .Values.resources.node.linux | indent 8 }} + {{- end }} + {{- if include "trident.hasNodeWindowsResources" . }} + windows: {{ include "trident.resources.node.windows" .Values.resources.node.windows | indent 8 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.hostNetwork }} + hostNetwork: {{ .Values.hostNetwork }} + {{- end }} diff --git a/packs/trident-operator-26.02.0/charts/trident-operator/values.yaml b/packs/trident-operator-26.02.0/charts/trident-operator/values.yaml new file mode 100644 index 00000000..e30cee4b --- /dev/null +++ b/packs/trident-operator-26.02.0/charts/trident-operator/values.yaml @@ -0,0 +1,327 @@ +# Default values for standalone. +# This is a YAML-formatted file. + +# helmHookImage specifies the image used for Helm hook jobs +helmHookImage: "alpine/k8s:1.33.0" + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Pod Annotations +podAnnotations: {} + +## Deployment Annotations +deploymentAnnotations: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +## Affinity for pod assignment +## The following affinity configuration ensures that the Trident operator will only be scheduled on nodes with the specified architecture and OS, Hence, do not modify this section. To add custom affinity rules, please append your content to this configuration as needed +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 + - amd64 + - key: kubernetes.io/os + operator: In + values: + - linux + + +# tridentControllerPluginNodeSelector additional nodeSelectors for the Pod running the Trident Controller CSI Plugin. +# tridentControllerPluginNodeSelector : {} + +# tridentControllerPluginTolerations overrides tolerations for the Pod running the Trident Controler CSI Plugin. +# tridentControllerPluginTolerations: [] + +# tridentNodePluginNodeSelector additional nodeSelectors for Pods running the Trident Node CSI Plugin. +# tridentNodePluginNodeSelector : {} + +# tridentNodePluginTolerations overrides tolerations for Pods running the Trident Node CSI Plugin. +# tridentNodePluginTolerations: [] + + + +# imageRegistry identifies the registry for the trident-operator, trident, and other images. Leave empty to accept the default. +imageRegistry: "" + +# imagePullPolicy sets the image pull policy for the trident-operator. +imagePullPolicy: IfNotPresent + +# imagePullSecrets sets the image pull secrets for the trident-operator, trident, and other images. +imagePullSecrets: [] + +# kubeletDir allows overriding the host location of kubelet's internal state. (default "/var/lib/kubelet"). +kubeletDir: "" + + +# operatorLogLevel allows the log level of the Trident operator to be set to one of these: +# trace, debug, info, warn, error, fatal. +# operatorLogLevel: "info" + +# operatorDebug allows the log level of the Trident operator to be set to debug +operatorDebug: true + +# operatorImage allows the complete override of the image for trident-operator. +operatorImage: "" + +# operatorImageTag allows overriding the tag of the trident-operator image. +operatorImageTag: "" + + +# tridentIPv6 allows enabling Trident to work in IPv6 clusters. +tridentIPv6: false + +# tridentK8sTimeout overrides the default 30-second timeout for most Kubernetes API operations (if non-zero, in seconds). +tridentK8sTimeout: 0 + +# tridentHttpRequestTimeout (duration) overrides the default 90-second timeout for the HTTP requests, with 0s being an +# infinite duration for the timeout. Negative values are not allowed. +tridentHttpRequestTimeout: "90s" + +# tridentSilenceAutosupport allows disabling Trident's periodic Autosupport reporting. +tridentSilenceAutosupport: false + +# tridentExcludeAutosupport allows removal of the autosupport container when installing Trident. +tridentExcludeAutosupport: false + +# tridentAutosupportImage allows the complete override of the image for Trident's Autosupport container. +tridentAutosupportImage: "" + +# tridentAutosupportImageTag allows overriding the tag of the image for Trident's Autosupport container. +tridentAutosupportImageTag: "26.02" + +# tridentAutosupportProxy allows Trident's autosupport container to phone home via an HTTP proxy. +tridentAutosupportProxy: "" + +# tridentAutosupportInsecure allows Trident's autosupport container to skip TLS verification +tridentAutosupportInsecure: false + +# tridentLogFormat sets the Trident logging format (text or json). +tridentLogFormat: "text" + +# tridentDisableAuditLog disables Trident's audit logger. +tridentDisableAuditLog: true + +# tridentLogLevel allows the log level of Trident to be set to one of these: trace, debug, info, warn, error, fatal. +#tridentLogLevel: "info" + +# tridentDebug allows the log level of Trident to be set to debug +tridentDebug: false + +# tridentLogWorkflows allows specific Trident workflows to be enabled for trace logging or log suppression. +tridentLogWorkflows: "" + +# tridentLogLayers allows specific Trident layers to be enabled for trace logging or log suppression. +tridentLogLayers: "" + +# tridentImage allows the complete override of the image for Trident. +tridentImage: "" + +# tridentImageTag allows overriding the tag of the image for Trident. +tridentImageTag: "" + +# (Deprecated) tridentEnableNodePrep attempts to automatically install required packages on nodes. +tridentEnableNodePrep: false + +# (Deprecated) tridentSkipK8sVersionCheck allows overriding the k8s version limit for Trident. +tridentSkipK8sVersionCheck: false + +# tridentProbePort allows overriding the default port used for k8s liveness/readiness probes. +tridentProbePort: "" + +# windows allows Trident to be installed on Windows worker node. +windows: false + +# enableForceDetach allows enabling the force detach feature. +enableForceDetach: false + +# cloudProvider indicates which cloud platform Trident is running on. +cloudProvider: "" + +# cloudIdentity indicates the identity that needs to be set on service account. +cloudIdentity: "" + +# enableACP allows enabling the Trident-ACP container to run. +enableACP: false + +# acpImage indicates the image the Trident-ACP container should pull. +acpImage: "" + +# httpsMetrics allows enabling the HTTPS metrics. +httpsMetrics: false + +# iscsiSelfHealingInterval is the interval at which the iSCSI self-healing job is invoked +iscsiSelfHealingInterval: "5m0s" + +# iscsiSelfHealingWaitTime is the wait time after which iSCSI self-healing attempts to fix stale sessions +iscsiSelfHealingWaitTime: "7m0s" + +# configuratorReconcileInterval is the resource refresh rate for the auto generated backends. +configuratorReconcileInterval: 30m0s + +# forceInstallRancherClusterRoles will install a Rancher specific ClusterRole and ClusterRoleBinding when set to true. +# When set to false, the ClusterRole and ClusterRoleBinding will be installed only when a Rancher cluster is detected. +forceInstallRancherClusterRoles: false + +# Auto generated ANF backend related fields consumed by the configurator controller. +anfConfigurator: + enabled: false + virtualNetwork: "" + subnet: "" + subscriptionID: "" + tenantID: "" + location: "" + clientCredentials: "" + capacityPools: [] + netappAccounts: [] + resourceGroups: [] + customerEncryptionKeys: {} + +# Auto generated ONTAP backend related fields consumed by the configurator controller. +ontapConfigurator: + enabled: false + svms: + - fsxnID: '' + svmName: '' + protocols: [] + authType: '' + +# enableConcurrency enables the concurrent core feature in Trident **TECH PREVIEW** +enableConcurrency: false + +# Resource requests and limits for Trident components (controller, node, operator). +# Configure CPU and memory for each container and sidecar to manage resource allocation in Kubernetes. +# +# IMPORTANT NOTES: +# - DO NOT change the names of any containers or fields - or, they may not work +# - DO NOT change the indentation - YAML indentation is critical for proper parsing +# - Default values for controller/node are shown in comments (e.g., # 10m) and are applied automatically if not specified +# - Default values for operator are directly specified in the config (not in comments) and will be applied +# - By default, NO limits are applied - only requests have default values +# - Container names are listed as they appear in the pod specifications +# +# STRUCTURE EXPLANATION: +# +# 1. CONTROLLER POD: +# The controller pod runs on a single operating system (Linux), so there are no OS-specific +# sub-sections. All containers within the controller pod are listed directly under 'controller'. +# +# 2. NODE POD: +# The node pod runs on multiple operating systems (Linux and Windows), so it has OS-specific +# sub-sections: 'linux' and 'windows'. Each OS section lists its specific containers. +# +# 3. OPERATOR POD: +# Unlike controller and node pods, the operator has actual default values directly specified +# (not in comments). If removed, no values will be applied. +resources: + controller: + trident-main: + requests: + cpu: # 10m + memory: # 80Mi + limits: + cpu: + memory: + # sidecars + csi-provisioner: + requests: + cpu: # 2m + memory: # 20Mi + limits: + cpu: + memory: + csi-attacher: + requests: + cpu: # 2m + memory: # 20Mi + limits: + cpu: + memory: + csi-resizer: + requests: + cpu: # 3m + memory: # 20Mi + limits: + cpu: + memory: + csi-snapshotter: + requests: + cpu: # 2m + memory: # 20Mi + limits: + cpu: + memory: + trident-autosupport: + requests: + cpu: # 1m + memory: # 30Mi + limits: + cpu: + memory: + node: + linux: + trident-main: + requests: + cpu: # 10m + memory: # 60Mi + limits: + cpu: + memory: + # sidecars + node-driver-registrar: + requests: + cpu: # 1m + memory: # 10Mi + limits: + cpu: + memory: + windows: + trident-main: + requests: + cpu: # 6m + memory: # 40Mi + limits: + cpu: + memory: + # sidecars + node-driver-registrar: + requests: + cpu: # 6m + memory: # 40Mi + limits: + cpu: + memory: + liveness-probe: + requests: + cpu: # 2m + memory: # 40Mi + limits: + cpu: + memory: + operator: + requests: + cpu: 10m + memory: 40Mi + limits: + cpu: + memory: + +# k8sAPIQPS sets the maximum QPS to the Kubernetes API server from the Trident operator. (default 100) +k8sAPIQPS: 0 + +# hostNetwork sets the hostNetwork field in the Trident operator deployment spec. +hostNetwork: false + +# nodePrep enables Trident to prepare the nodes of the Kubernetes cluster to manage volumes using the +# specified data storage protocol. Currently, iSCSI is the only value supported. +nodePrep: [] diff --git a/packs/trident-operator-26.02.0/logo.png b/packs/trident-operator-26.02.0/logo.png new file mode 100644 index 00000000..6a7f7666 Binary files /dev/null and b/packs/trident-operator-26.02.0/logo.png differ diff --git a/packs/trident-operator-26.02.0/pack.json b/packs/trident-operator-26.02.0/pack.json new file mode 100644 index 00000000..8d55e884 --- /dev/null +++ b/packs/trident-operator-26.02.0/pack.json @@ -0,0 +1,16 @@ +{ + "annotations": { + "source": "community", + "contributor": "netapp" + }, + "cloudTypes": [ + "all" + ], + "displayName": "Trident", + "charts": [ + "charts/trident-operator-100.2602.0.tgz" + ], + "layer": "csi", + "name": "csi-trident", + "version": "26.02.0" +} \ No newline at end of file diff --git a/packs/trident-operator-26.02.0/values.yaml b/packs/trident-operator-26.02.0/values.yaml new file mode 100644 index 00000000..66e247f4 --- /dev/null +++ b/packs/trident-operator-26.02.0/values.yaml @@ -0,0 +1,341 @@ +pack: + namespace: trident + content: + images: + - image: docker.io/netapp/trident-operator:26.02.0 + - image: docker.io/netapp/trident-autosupport:26.02.0 + - image: docker.io/netapp/trident:26.02.0 + + # Add Pod Security Standard label to trident namespace. + namespaceLabels: + "trident": "pod-security.kubernetes.io/enforce=privileged" + +charts: + trident-operator: + # Default values for standalone. + # This is a YAML-formatted file. + + # helmHookImage specifies the image used for Helm hook jobs + helmHookImage: "alpine/k8s:1.33.0" + + ## Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + nodeSelector: {} + + ## Pod Annotations + podAnnotations: {} + + ## Deployment Annotations + deploymentAnnotations: {} + + ## Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## Affinity for pod assignment + ## The following affinity configuration ensures that the Trident operator will only be scheduled on nodes with the specified architecture and OS, Hence, do not modify this section. To add custom affinity rules, please append your content to this configuration as needed + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 + - amd64 + - key: kubernetes.io/os + operator: In + values: + - linux + + + # tridentControllerPluginNodeSelector additional nodeSelectors for the Pod running the Trident Controller CSI Plugin. + # tridentControllerPluginNodeSelector : {} + + # tridentControllerPluginTolerations overrides tolerations for the Pod running the Trident Controler CSI Plugin. + # tridentControllerPluginTolerations: [] + + # tridentNodePluginNodeSelector additional nodeSelectors for Pods running the Trident Node CSI Plugin. + # tridentNodePluginNodeSelector : {} + + # tridentNodePluginTolerations overrides tolerations for Pods running the Trident Node CSI Plugin. + # tridentNodePluginTolerations: [] + + + + # imageRegistry identifies the registry for the trident-operator, trident, and other images. Leave empty to accept the default. + imageRegistry: "" + + # imagePullPolicy sets the image pull policy for the trident-operator. + imagePullPolicy: IfNotPresent + + # imagePullSecrets sets the image pull secrets for the trident-operator, trident, and other images. + imagePullSecrets: [] + + # kubeletDir allows overriding the host location of kubelet's internal state. (default "/var/lib/kubelet"). + kubeletDir: "" + + + # operatorLogLevel allows the log level of the Trident operator to be set to one of these: + # trace, debug, info, warn, error, fatal. + # operatorLogLevel: "info" + + # operatorDebug allows the log level of the Trident operator to be set to debug + operatorDebug: true + + # operatorImage allows the complete override of the image for trident-operator. + operatorImage: "" + + # operatorImageTag allows overriding the tag of the trident-operator image. + operatorImageTag: "" + + + # tridentIPv6 allows enabling Trident to work in IPv6 clusters. + tridentIPv6: false + + # tridentK8sTimeout overrides the default 30-second timeout for most Kubernetes API operations (if non-zero, in seconds). + tridentK8sTimeout: 0 + + # tridentHttpRequestTimeout (duration) overrides the default 90-second timeout for the HTTP requests, with 0s being an + # infinite duration for the timeout. Negative values are not allowed. + tridentHttpRequestTimeout: "90s" + + # tridentSilenceAutosupport allows disabling Trident's periodic Autosupport reporting. + tridentSilenceAutosupport: false + + # tridentExcludeAutosupport allows removal of the autosupport container when installing Trident. + tridentExcludeAutosupport: false + + # tridentAutosupportImage allows the complete override of the image for Trident's Autosupport container. + tridentAutosupportImage: "" + + # tridentAutosupportImageTag allows overriding the tag of the image for Trident's Autosupport container. + tridentAutosupportImageTag: "26.02" + + # tridentAutosupportProxy allows Trident's autosupport container to phone home via an HTTP proxy. + tridentAutosupportProxy: "" + + # tridentAutosupportInsecure allows Trident's autosupport container to skip TLS verification + tridentAutosupportInsecure: false + + # tridentLogFormat sets the Trident logging format (text or json). + tridentLogFormat: "text" + + # tridentDisableAuditLog disables Trident's audit logger. + tridentDisableAuditLog: true + + # tridentLogLevel allows the log level of Trident to be set to one of these: trace, debug, info, warn, error, fatal. + #tridentLogLevel: "info" + + # tridentDebug allows the log level of Trident to be set to debug + tridentDebug: false + + # tridentLogWorkflows allows specific Trident workflows to be enabled for trace logging or log suppression. + tridentLogWorkflows: "" + + # tridentLogLayers allows specific Trident layers to be enabled for trace logging or log suppression. + tridentLogLayers: "" + + # tridentImage allows the complete override of the image for Trident. + tridentImage: "" + + # tridentImageTag allows overriding the tag of the image for Trident. + tridentImageTag: "" + + # (Deprecated) tridentEnableNodePrep attempts to automatically install required packages on nodes. + tridentEnableNodePrep: false + + # (Deprecated) tridentSkipK8sVersionCheck allows overriding the k8s version limit for Trident. + tridentSkipK8sVersionCheck: false + + # tridentProbePort allows overriding the default port used for k8s liveness/readiness probes. + tridentProbePort: "" + + # windows allows Trident to be installed on Windows worker node. + windows: false + + # enableForceDetach allows enabling the force detach feature. + enableForceDetach: false + + # cloudProvider indicates which cloud platform Trident is running on. + cloudProvider: "" + + # cloudIdentity indicates the identity that needs to be set on service account. + cloudIdentity: "" + + # enableACP allows enabling the Trident-ACP container to run. + enableACP: false + + # acpImage indicates the image the Trident-ACP container should pull. + acpImage: "" + + # httpsMetrics allows enabling the HTTPS metrics. + httpsMetrics: false + + # iscsiSelfHealingInterval is the interval at which the iSCSI self-healing job is invoked + iscsiSelfHealingInterval: "5m0s" + + # iscsiSelfHealingWaitTime is the wait time after which iSCSI self-healing attempts to fix stale sessions + iscsiSelfHealingWaitTime: "7m0s" + + # configuratorReconcileInterval is the resource refresh rate for the auto generated backends. + configuratorReconcileInterval: 30m0s + + # forceInstallRancherClusterRoles will install a Rancher specific ClusterRole and ClusterRoleBinding when set to true. + # When set to false, the ClusterRole and ClusterRoleBinding will be installed only when a Rancher cluster is detected. + forceInstallRancherClusterRoles: false + + # Auto generated ANF backend related fields consumed by the configurator controller. + anfConfigurator: + enabled: false + virtualNetwork: "" + subnet: "" + subscriptionID: "" + tenantID: "" + location: "" + clientCredentials: "" + capacityPools: [] + netappAccounts: [] + resourceGroups: [] + customerEncryptionKeys: {} + + # Auto generated ONTAP backend related fields consumed by the configurator controller. + ontapConfigurator: + enabled: false + svms: + - fsxnID: '' + svmName: '' + protocols: [] + authType: '' + + # enableConcurrency enables the concurrent core feature in Trident **TECH PREVIEW** + enableConcurrency: false + + # Resource requests and limits for Trident components (controller, node, operator). + # Configure CPU and memory for each container and sidecar to manage resource allocation in Kubernetes. + # + # IMPORTANT NOTES: + # - DO NOT change the names of any containers or fields - or, they may not work + # - DO NOT change the indentation - YAML indentation is critical for proper parsing + # - Default values for controller/node are shown in comments (e.g., # 10m) and are applied automatically if not specified + # - Default values for operator are directly specified in the config (not in comments) and will be applied + # - By default, NO limits are applied - only requests have default values + # - Container names are listed as they appear in the pod specifications + # + # STRUCTURE EXPLANATION: + # + # 1. CONTROLLER POD: + # The controller pod runs on a single operating system (Linux), so there are no OS-specific + # sub-sections. All containers within the controller pod are listed directly under 'controller'. + # + # 2. NODE POD: + # The node pod runs on multiple operating systems (Linux and Windows), so it has OS-specific + # sub-sections: 'linux' and 'windows'. Each OS section lists its specific containers. + # + # 3. OPERATOR POD: + # Unlike controller and node pods, the operator has actual default values directly specified + # (not in comments). If removed, no values will be applied. + resources: + controller: + trident-main: + requests: + cpu: # 10m + memory: # 80Mi + limits: + cpu: + memory: + # sidecars + csi-provisioner: + requests: + cpu: # 2m + memory: # 20Mi + limits: + cpu: + memory: + csi-attacher: + requests: + cpu: # 2m + memory: # 20Mi + limits: + cpu: + memory: + csi-resizer: + requests: + cpu: # 3m + memory: # 20Mi + limits: + cpu: + memory: + csi-snapshotter: + requests: + cpu: # 2m + memory: # 20Mi + limits: + cpu: + memory: + trident-autosupport: + requests: + cpu: # 1m + memory: # 30Mi + limits: + cpu: + memory: + node: + linux: + trident-main: + requests: + cpu: # 10m + memory: # 60Mi + limits: + cpu: + memory: + # sidecars + node-driver-registrar: + requests: + cpu: # 1m + memory: # 10Mi + limits: + cpu: + memory: + windows: + trident-main: + requests: + cpu: # 6m + memory: # 40Mi + limits: + cpu: + memory: + # sidecars + node-driver-registrar: + requests: + cpu: # 6m + memory: # 40Mi + limits: + cpu: + memory: + liveness-probe: + requests: + cpu: # 2m + memory: # 40Mi + limits: + cpu: + memory: + operator: + requests: + cpu: 10m + memory: 40Mi + limits: + cpu: + memory: + + # k8sAPIQPS sets the maximum QPS to the Kubernetes API server from the Trident operator. (default 100) + k8sAPIQPS: 0 + + # hostNetwork sets the hostNetwork field in the Trident operator deployment spec. + hostNetwork: false + + # nodePrep enables Trident to prepare the nodes of the Kubernetes cluster to manage volumes using the + # specified data storage protocol. Currently, iSCSI is the only value supported. + nodePrep: [] diff --git a/packs/trident-operator-addon-26.02.0/README.md b/packs/trident-operator-addon-26.02.0/README.md new file mode 100644 index 00000000..0f246c1a --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/README.md @@ -0,0 +1,24 @@ +NetApp Trident + +[![Support](https://img.shields.io/badge/support-official-0067C5.svg)](http://mysupport.netapp.com/info/web/ECMLP2619434.html) +[![Chat](https://img.shields.io/badge/chat-slack-4C9689.svg)](http://netapp.io/slack/) +[![GitHub last commit](https://img.shields.io/github/last-commit/netapp/trident.svg)](https://github.com/NetApp/trident/commits) +[![license](https://img.shields.io/github/license/netapp/trident.svg)](LICENSE) +[![Docs](https://img.shields.io/badge/docs-official-0067C5.svg)](https://docs.netapp.com/us-en/trident/index.html) +[![Go Report Card](https://goreportcard.com/badge/github.com/netapp/trident)](https://goreportcard.com/report/github.com/netapp/trident) + +Trident is a fully supported open source project maintained by [NetApp](https://www.netapp.com). It has been designed +from the ground up to help you meet your containerized applications' persistence demands using industry-standard +interfaces, such as the [Container Storage Interface (CSI)](https://kubernetes-csi.github.io/docs/introduction.html). + +Trident deploys in Kubernetes clusters as pods and provides dynamic storage orchestration services for your Kubernetes workloads. It enables your containerized applications to quickly and easily consume persistent storage from NetApp’s broad portfolio that +includes [ONTAP](https://www.netapp.com/data-management/ontap-data-management-software) (AFF/FAS/Select/Cloud), [Element](https://www.netapp.com/data-management/element-software) (HCI/SolidFire), as well as the [Azure NetApp Files](https://www.netapp.com/azure/azure-netapp-files/) +service, [Google Cloud NetApp Volumes](https://www.netapp.com/google-cloud/netapp-volumes/), and [Amazon FSx for ONTAP](https://www.netapp.com/aws/fsx-ontap/). + +Trident features also address data protection, disaster recovery, portability, and migration use cases for +Kubernetes workloads leveraging NetApp's industry-leading data management technology for snapshots, backups, +replication, and cloning. + +Detailed documentation for Trident can be found [here](https://docs.netapp.com/us-en/trident/index.html). + +See [NetApp's Support site](https://mysupport.netapp.com/site/info/version-support) for details on Trident's support policy under the [Trident's Release and Support Lifecycle](https://mysupport.netapp.com/site/info/trident-support) tab. diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator-100.2602.0.tgz b/packs/trident-operator-addon-26.02.0/charts/trident-operator-100.2602.0.tgz new file mode 100644 index 00000000..5aad9ff6 Binary files /dev/null and b/packs/trident-operator-addon-26.02.0/charts/trident-operator-100.2602.0.tgz differ diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/.helmignore b/packs/trident-operator-addon-26.02.0/charts/trident-operator/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/Chart.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/Chart.yaml new file mode 100644 index 00000000..82160961 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +appVersion: 26.02.0 +description: A Helm chart for deploying NetApp's Trident CSI storage provisioner using + the Trident Operator. +home: https://github.com/NetApp/trident +icon: https://raw.githubusercontent.com/NetApp/trident/master/logo/trident.png +keywords: +- NetApp +- Trident +- operator +- CSI +kubeVersion: '>= 1.24.0-0' +name: trident-operator +type: application +version: 100.2602.0 diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/README.md b/packs/trident-operator-addon-26.02.0/charts/trident-operator/README.md new file mode 100644 index 00000000..0f246c1a --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/README.md @@ -0,0 +1,24 @@ +NetApp Trident + +[![Support](https://img.shields.io/badge/support-official-0067C5.svg)](http://mysupport.netapp.com/info/web/ECMLP2619434.html) +[![Chat](https://img.shields.io/badge/chat-slack-4C9689.svg)](http://netapp.io/slack/) +[![GitHub last commit](https://img.shields.io/github/last-commit/netapp/trident.svg)](https://github.com/NetApp/trident/commits) +[![license](https://img.shields.io/github/license/netapp/trident.svg)](LICENSE) +[![Docs](https://img.shields.io/badge/docs-official-0067C5.svg)](https://docs.netapp.com/us-en/trident/index.html) +[![Go Report Card](https://goreportcard.com/badge/github.com/netapp/trident)](https://goreportcard.com/report/github.com/netapp/trident) + +Trident is a fully supported open source project maintained by [NetApp](https://www.netapp.com). It has been designed +from the ground up to help you meet your containerized applications' persistence demands using industry-standard +interfaces, such as the [Container Storage Interface (CSI)](https://kubernetes-csi.github.io/docs/introduction.html). + +Trident deploys in Kubernetes clusters as pods and provides dynamic storage orchestration services for your Kubernetes workloads. It enables your containerized applications to quickly and easily consume persistent storage from NetApp’s broad portfolio that +includes [ONTAP](https://www.netapp.com/data-management/ontap-data-management-software) (AFF/FAS/Select/Cloud), [Element](https://www.netapp.com/data-management/element-software) (HCI/SolidFire), as well as the [Azure NetApp Files](https://www.netapp.com/azure/azure-netapp-files/) +service, [Google Cloud NetApp Volumes](https://www.netapp.com/google-cloud/netapp-volumes/), and [Amazon FSx for ONTAP](https://www.netapp.com/aws/fsx-ontap/). + +Trident features also address data protection, disaster recovery, portability, and migration use cases for +Kubernetes workloads leveraging NetApp's industry-leading data management technology for snapshots, backups, +replication, and cloning. + +Detailed documentation for Trident can be found [here](https://docs.netapp.com/us-en/trident/index.html). + +See [NetApp's Support site](https://mysupport.netapp.com/site/info/version-support) for details on Trident's support policy under the [Trident's Release and Support Lifecycle](https://mysupport.netapp.com/site/info/trident-support) tab. diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/crds/tridentconfigurators.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/crds/tridentconfigurators.yaml new file mode 100644 index 00000000..f3aa8971 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/crds/tridentconfigurators.yaml @@ -0,0 +1,54 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: tridentconfigurators.trident.netapp.io +spec: + group: trident.netapp.io + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + additionalPrinterColumns: + - name: Phase + type: string + description: The backend config phase + priority: 0 + jsonPath: .status.phase + - name: Status + type: string + description: The result of the last operation + priority: 0 + jsonPath: .status.lastOperationStatus + - name: Cloud Provider + type: string + description: The name of cloud provider + priority: 0 + jsonPath: .status.cloudProvider + - name: Storage Driver + type: string + description: The storage driver type + priority: 1 + jsonPath: .spec.storageDriverName + - name: Deletion Policy + type: string + description: The deletion policy + priority: 1 + jsonPath: .status.deletionPolicy + scope: Cluster + names: + plural: tridentconfigurators + singular: tridentconfigurator + kind: TridentConfigurator + shortNames: + - tconf + - tconfigurator + categories: + - trident + - trident-internal + - trident-external \ No newline at end of file diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/crds/tridentorchestrators.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/crds/tridentorchestrators.yaml new file mode 100644 index 00000000..f16b855c --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/crds/tridentorchestrators.yaml @@ -0,0 +1,25 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: tridentorchestrators.trident.netapp.io +spec: + group: trident.netapp.io + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} + names: + kind: TridentOrchestrator + listKind: TridentOrchestratorList + plural: tridentorchestrators + singular: tridentorchestrator + shortNames: + - torc + - torchestrator + scope: Cluster diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/NOTES.txt b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/NOTES.txt new file mode 100644 index 00000000..acb0dd88 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/NOTES.txt @@ -0,0 +1,18 @@ + +Thank you for installing {{ .Chart.Name }}, which will deploy and manage NetApp's Trident CSI +storage provisioner for Kubernetes. + +Your release is named '{{ .Release.Name }}' and is installed into the '{{ .Release.Namespace }}' namespace. +Please note that there must be only one instance of Trident (and trident-operator) in a Kubernetes cluster. + +To configure Trident to manage storage resources, you will now need to configure at least one storage +backend and add a matching storageClass. + +Examples of backend and storageClass definitions are available at official NetApp Trident documentation. + +Further, You may find all Trident releases and source code online at {{ .Chart.Home }}. + +To learn more about the release, try: + + $ helm status {{ .Release.Name }} + $ helm get all {{ .Release.Name }} diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/_helpers.tpl b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/_helpers.tpl new file mode 100644 index 00000000..bbf3dc01 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/_helpers.tpl @@ -0,0 +1,416 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "trident.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "trident.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "trident.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "trident.labels" -}} +helm.sh/chart: {{ include "trident.chart" . }} +{{ include "trident.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "trident.selectorLabels" -}} +app.kubernetes.io/name: {{ include "trident.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Trident operator level +*/}} +{{- define "trident-operator.logLevel" -}} +{{- .Values.operatorLogLevel }} +{{- end }} + +{{/* +Trident operator debug +*/}} +{{- define "trident-operator.debug" -}} +{{- .Values.operatorDebug }} +{{- end }} + +{{/* +Trident operator image +*/}} +{{- define "trident-operator.image" -}} +{{- if .Values.operatorImage }} +{{- .Values.operatorImage }} +{{- else if .Values.imageRegistry }} +{{- .Values.imageRegistry }}/trident-operator:{{ .Values.operatorImageTag | default .Chart.AppVersion }} +{{- else }} +{{- "" }}docker.io/netapp/trident-operator:{{ .Values.operatorImageTag | default .Chart.AppVersion }} +{{- end }} +{{- end }} + +{{/* +Trident force detach +*/}} +{{- define "trident.enableForceDetach" -}} +{{- if .Values.enableForceDetach | printf "%v" | eq "true" }} +{{- "true" }} +{{- else }} +{{- "false" }} +{{- end }} +{{- end }} + +{{/* +Trident IPv6 +*/}} +{{- define "trident.IPv6" -}} +{{- if .Values.tridentIPv6 | printf "%v" | eq "true" }} +{{- "true" }} +{{- else }} +{{- "false" }} +{{- end }} +{{- end }} + +{{/* +Trident SilenceAutosupport +*/}} +{{- define "trident.silenceAutosupport" -}} +{{- if .Values.tridentSilenceAutosupport | printf "%v" | eq "true" }} +{{- "true" }} +{{- else }} +{{- "false" }} +{{- end }} +{{- end }} + +{{/* +Trident ExcludeAutosupport +*/}} +{{- define "trident.excludeAutosupport" -}} +{{- if .Values.tridentExcludeAutosupport | printf "%v" | eq "true" }} +{{- "true" }} +{{- else }} +{{- "false" }} +{{- end }} +{{- end }} + +Trident AutoSupport image +*/}} +{{- define "trident.autosupportImage" -}} +{{- if .Values.tridentAutosupportImage }} +{{- .Values.tridentAutosupportImage }} +{{- else if .Values.imageRegistry }} +{{- .Values.imageRegistry }}/trident-autosupport:{{ .Values.tridentAutosupportImageTag | default .Chart.AppVersion | trunc 5}} +{{- else }} +{{- "" }}docker.io/netapp/trident-autosupport:{{ .Values.tridentAutosupportImageTag | default .Chart.AppVersion | trunc 5}} +{{- end }} +{{- end }} + +{{/* +Trident log level +*/}} +{{- define "trident.logLevel" -}} +{{- .Values.tridentLogLevel }} +{{- end }} + +{{/* +Trident debug (equivalent to debug level) +*/}} +{{- define "trident.debug" -}} +{{- .Values.tridentDebug }} +{{- end }} + +{{/* +Trident logging workflows +*/}} +{{- define "trident.logWorkflows" -}} +{{- .Values.tridentLogWorkflows }} +{{- end }} + +{{/* +Trident logging layers +*/}} +{{- define "trident.logLayers" -}} +{{- .Values.tridentLogLayers }} +{{- end }} + +{{/* +Trident log format +*/}} +{{- define "trident.logFormat" -}} +{{- if eq .Values.tridentLogFormat "json" }} +{{- .Values.tridentLogFormat }} +{{- else }} +{{- "text" }} +{{- end }} +{{- end }} + +{{/* +Trident audit log +*/}} +{{- define "trident.disableAuditLog" -}} +{{- if .Values.tridentDisableAuditLog | printf "%v" | eq "true" }} +{{- "true" }} +{{- else }} +{{- "false" }} +{{- end }} +{{- end }} + +{{/* +Trident probe port +*/}} +{{- define "trident.probePort" -}} +{{- if eq .Values.tridentProbePort "json" }} +{{- .Values.tridentProbePort }} +{{- else }} +{{- 17546 }} +{{- end }} +{{- end }} + +{{/* +Trident image +*/}} +{{- define "trident.image" -}} +{{- if .Values.tridentImage }} +{{- .Values.tridentImage }} +{{- else if .Values.imageRegistry }} +{{- .Values.imageRegistry }}/trident:{{ .Values.tridentImageTag | default .Chart.AppVersion }} +{{- else }} +{{- "" }}docker.io/netapp/trident:{{ .Values.tridentImageTag | default .Chart.AppVersion }} +{{- end }} +{{- end }} + +{{/* +Trident image pull policy +*/}} +{{- define "imagePullPolicy" -}} +{{- if .Values.imagePullPolicy }} +{{- .Values.imagePullPolicy }} +{{- else }} +{{- "IfNotPresent" }} +{{- end }} +{{- end }} + +{{/* +Determines if rancher roles should be created by checking for the presence of the cattle-system namespace +or annotations with the prefix "cattle.io/" in the namespace where the chart is being installed. +Override auto-detection and force install the roles by setting Values.forceInstallRancherClusterRoles to 'true'. +*/}} +{{- define "shouldInstallRancherRoles" -}} +{{- $isRancher := false -}} +{{- $currentNs := .Release.Namespace -}} +{{- $currentNsObj := lookup "v1" "Namespace" "" $currentNs -}} +{{- /* Check if 'forceInstallRancherClusterRoles' is set */ -}} +{{- if .Values.forceInstallRancherClusterRoles }} + {{- $isRancher = true -}} +{{- end }} +{{- /* Check if the annotation prefix "cattle.io/" exists on the namespace */ -}} +{{- if $currentNsObj }} + {{- range $key, $value := $currentNsObj.metadata.annotations }} + {{- if hasPrefix "cattle.io/" $key }} + {{- $isRancher = true -}} + {{- end }} + {{- end }} +{{- end }} +{{- /* Check if cattle-system ns exists */ -}} +{{- $cattleNs := lookup "v1" "Namespace" "" "cattle-system" -}} +{{- if $cattleNs }} + {{- $isRancher = true -}} +{{- end }} +{{- $isRancher -}} +{{- end }} + +{{/* +Helper functions to render resource requests and limits for each container of trident from values.yaml +*/}} +{{- define "trident.resources.controller" -}} +{{- range $key, $val := . }} +{{- $containerName := $key }} +{{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory }} +{{ $containerName }}: +{{- if or $val.requests.cpu $val.requests.memory }} + requests: +{{- if $val.requests.cpu }} + cpu: {{ $val.requests.cpu }} +{{- end }} +{{- if $val.requests.memory }} + memory: {{ $val.requests.memory }} +{{- end }} +{{- end }} +{{- if or $val.limits.cpu $val.limits.memory }} + limits: +{{- if $val.limits.cpu }} + cpu: {{ $val.limits.cpu }} +{{- end }} +{{- if $val.limits.memory }} + memory: {{ $val.limits.memory }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "trident.resources.node.linux" -}} +{{- range $key, $val := . }} +{{- $containerName := $key }} +{{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory }} +{{ $containerName }}: +{{- if or $val.requests.cpu $val.requests.memory }} + requests: +{{- if $val.requests.cpu }} + cpu: {{ $val.requests.cpu }} +{{- end }} +{{- if $val.requests.memory }} + memory: {{ $val.requests.memory }} +{{- end }} +{{- end }} +{{- if or $val.limits.cpu $val.limits.memory }} + limits: +{{- if $val.limits.cpu }} + cpu: {{ $val.limits.cpu }} +{{- end }} +{{- if $val.limits.memory }} + memory: {{ $val.limits.memory }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- define "trident.resources.node.windows" -}} +{{- range $key, $val := . }} +{{- $containerName := $key }} +{{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory }} +{{ $containerName }}: +{{- if or $val.requests.cpu $val.requests.memory }} + requests: +{{- if $val.requests.cpu }} + cpu: {{ $val.requests.cpu }} +{{- end }} +{{- if $val.requests.memory }} + memory: {{ $val.requests.memory }} +{{- end }} +{{- end }} +{{- if or $val.limits.cpu $val.limits.memory }} + limits: +{{- if $val.limits.cpu }} + cpu: {{ $val.limits.cpu }} +{{- end }} +{{- if $val.limits.memory }} + memory: {{ $val.limits.memory }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Helper functions to check if resources are actually defined (not just empty structure) +*/}} +{{- define "trident.hasControllerResources" -}} + {{- $hasResources := false -}} + {{- if .Values.resources -}} + {{- if .Values.resources.controller -}} + {{- range $key, $val := .Values.resources.controller -}} + {{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory -}} + {{- $hasResources = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- if $hasResources -}}true{{- end -}} +{{- end -}} + +{{- define "trident.hasNodeLinuxResources" -}} + {{- $hasResources := false -}} + {{- if .Values.resources -}} + {{- if .Values.resources.node -}} + {{- if .Values.resources.node.linux -}} + {{- range $key, $val := .Values.resources.node.linux -}} + {{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory -}} + {{- $hasResources = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- if $hasResources -}}true{{- end -}} +{{- end -}} + +{{- define "trident.hasNodeWindowsResources" -}} + {{- $hasResources := false -}} + {{- if .Values.resources -}} + {{- if .Values.resources.node -}} + {{- if .Values.resources.node.windows -}} + {{- range $key, $val := .Values.resources.node.windows -}} + {{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory -}} + {{- $hasResources = true -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- if $hasResources -}}true{{- end -}} +{{- end -}} + +{{/* +Helper function to check if operator resources are defined +*/}} +{{- define "trident-operator.hasResources" -}} + {{- $val := . -}} + {{- if or $val.requests.cpu $val.requests.memory $val.limits.cpu $val.limits.memory -}} + true + {{- end -}} +{{- end -}} + +{{/* +Helper function to render resource requests and limits for the operator +*/}} +{{- define "trident-operator.resources" }} +{{- $val := .}} +{{- if or $val.requests.cpu $val.requests.memory }} +requests: +{{- if $val.requests.cpu }} + cpu: {{ $val.requests.cpu }} +{{- end }} +{{- if $val.requests.memory }} + memory: {{ $val.requests.memory }} +{{- end }} +{{- end }} +{{- if or $val.limits.cpu $val.limits.memory }} +limits: +{{- if $val.limits.cpu }} + cpu: {{ $val.limits.cpu }} +{{- end }} +{{- if $val.limits.memory }} + memory: {{ $val.limits.memory }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/clusterrole-rancher.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/clusterrole-rancher.yaml new file mode 100644 index 00000000..6300f2f2 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/clusterrole-rancher.yaml @@ -0,0 +1,13 @@ +{{- if include "shouldInstallRancherRoles" . | eq "true" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: trident-operator-rancher +rules: + - apiGroups: + - management.cattle.io + resources: + - projects + verbs: + - updatepsa +{{- end }} diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/clusterrole.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/clusterrole.yaml new file mode 100644 index 00000000..92279962 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/clusterrole.yaml @@ -0,0 +1,458 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: trident-operator + labels: + app: operator.trident.netapp.io +rules: + # Permissions same as Trident + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - "" + resources: + - resourcequotas + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list + - watch + - update + - patch + - delete + - apiGroups: + - storage.k8s.io + resources: + - volumeattachments/status + verbs: + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + - volumesnapshotclasses + verbs: + - get + - list + - watch + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotclasses + verbs: + - create + - delete + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots/status + - volumesnapshotcontents/status + verbs: + - update + - patch + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshotcontents + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshots + verbs: + - list + - apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotclasses + verbs: + - list + - watch + - apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents + verbs: + - get + - list + - watch + - patch + - apiGroups: + - groupsnapshot.storage.k8s.io + resources: + - volumegroupsnapshotcontents/status + verbs: + - update + - apiGroups: + - csi.storage.k8s.io + resources: + - csidrivers + - csinodeinfos + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + - csinodes + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - trident.netapp.io + resources: + - tridentversions + - tridentbackends + - tridentstorageclasses + - tridentvolumes + - tridentvolumepublications + - tridentvolumereferences + - tridentnodes + - tridenttransactions + - tridentsnapshots + - tridentbackendconfigs + - tridentbackendconfigs/status + - tridentmirrorrelationships + - tridentmirrorrelationships/status + - tridentactionmirrorupdates + - tridentactionmirrorupdates/status + - tridentsnapshotinfos + - tridentsnapshotinfos/status + - tridentgroupsnapshots + - tridentgroupsnapshots/status + - tridentactionsnapshotrestores + - tridentactionsnapshotrestores/status + - tridentnoderemediations + - tridentnoderemediations/status + - tridentnoderemediationtemplates + - tridentnoderemediationtemplates/status + - tridentprovisioners # Required for Tprov + - tridentprovisioners/status # Required to update Tprov's status section + - tridentorchestrators # Required for torc + - tridentorchestrators/status # Required to update torc's status section + - tridentconfigurators # Required for tconf + - tridentconfigurators/status # Required to update tconf's status section + - tridentautogrowpolicies + - tridentautogrowpolicies/status + - tridentautogrowrequestinternals + - tridentautogrowrequestinternals/status + verbs: + - get + - list + - watch + - create + - delete + - update + - patch + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - trident-controller + - trident-node-linux + - trident-node-windows + # Now Operator specific permissions + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - patch + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - get + - list + - watch + - create + - apiGroups: + - apps + resources: + - deployments + - statefulsets + verbs: + - delete + - update + - patch + resourceNames: + - trident + - trident-csi + - trident-controller + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - delete + - update + - patch + resourceNames: + - trident + - trident-csi + - trident-csi-windows + - trident-node-linux + - trident-node-windows + - apiGroups: + - "" + resources: + - pods/exec + - services + - serviceaccounts + verbs: + - get + - list + - create + - apiGroups: + - "" + resources: + - pods/exec + - services + verbs: + - delete + - update + - patch + resourceNames: + - trident-csi + - trident + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - delete + - update + - patch + resourceNames: + - trident-controller + - trident-node-linux + - trident-node-windows + - trident-csi + - trident + - apiGroups: + - authorization.openshift.io + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - create + - apiGroups: + - authorization.openshift.io + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - get + - delete + - update + - patch + resourceNames: + - trident-node-remediation-access + - trident-controller + - trident-node-linux + - trident-node-windows + - trident-csi + - trident + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - list + - create + - apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - tridentpods + - trident-controller + - trident-node-linux + - trident-node-windows + verbs: + - delete + - update + - patch + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - get + - list + - create + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + resourceNames: + - trident-controller + - trident-node-linux + - trident-node-windows + - trident + verbs: + - delete + - update + - patch + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - tridentoperatorpods + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/clusterrolebinding-rancher.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/clusterrolebinding-rancher.yaml new file mode 100644 index 00000000..b70fcff9 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/clusterrolebinding-rancher.yaml @@ -0,0 +1,14 @@ +{{- if include "shouldInstallRancherRoles" . | eq "true" }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: trident-operator-rancher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: trident-operator-rancher +subjects: + - kind: ServiceAccount + name: trident-operator + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/clusterrolebinding.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..e6297525 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: trident-operator + labels: + app: operator.trident.netapp.io +subjects: + - kind: ServiceAccount + name: trident-operator + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: trident-operator + apiGroup: rbac.authorization.k8s.io diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/deployment.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/deployment.yaml new file mode 100644 index 00000000..c57bb587 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/deployment.yaml @@ -0,0 +1,82 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: +{{- if .Values.deploymentAnnotations }} + annotations: +{{ toYaml .Values.deploymentAnnotations | indent 4 }} +{{- end }} + labels: + app: operator.trident.netapp.io + name: trident-operator + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: operator.trident.netapp.io + name: trident-operator + template: + metadata: + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + labels: + app: operator.trident.netapp.io + name: trident-operator + {{- if and (eq .Values.cloudProvider "Azure") (ne .Values.cloudIdentity "") }} + azure.workload.identity/use: 'true' + {{- end }} + spec: + {{- if .Values.affinity }} + affinity: +{{- toYaml .Values.affinity | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + serviceAccountName: trident-operator + containers: + - command: + - /trident-operator + {{- if or .Values.anfConfigurator.enabled .Values.ontapConfigurator.enabled }} + - -configurator-reconcile-interval={{ .Values.configuratorReconcileInterval }} + {{- end }} + {{- if .Values.operatorDebug }} + - -debug + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: trident-operator + {{- if and (eq .Values.cloudProvider "Azure") (eq .Values.cloudIdentity "") }} + - name: AZURE_CREDENTIAL_FILE + value: /etc/kubernetes/azure.json + volumeMounts: + - name: azure-cred + mountPath: /etc/kubernetes + {{- end }} + image: {{ include "trident-operator.image" $ }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + name: trident-operator + {{- if (include "trident-operator.hasResources" .Values.resources.operator) }} + resources: + {{- include "trident-operator.resources" .Values.resources.operator | indent 10 }} + {{- end }} + {{- if and (eq .Values.cloudProvider "Azure") (eq .Values.cloudIdentity "") }} + volumes: + - name: azure-cred + hostPath: + path: /etc/kubernetes + type: DirectoryOrCreate + {{- end }} diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/postdeletecrdshook.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/postdeletecrdshook.yaml new file mode 100644 index 00000000..a9ee84dd --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/postdeletecrdshook.yaml @@ -0,0 +1,82 @@ +{{- if or .Values.cleanupCrds }} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: post-delete-service-account + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "-10" + "helm.sh/hook-delete-policy": hook-succeeded + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: post-delete-cluster-role + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "-9" + "helm.sh/hook-delete-policy": hook-succeeded +rules: +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "delete", "patch"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: post-delete-cluster-rolebinding + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "-8" + "helm.sh/hook-delete-policy": hook-succeeded +subjects: +- kind: ServiceAccount + name: post-delete-service-account + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: post-delete-cluster-role + apiGroup: rbac.authorization.k8s.io + +--- + +apiVersion: batch/v1 +kind: Job +metadata: + name: post-delete-hook + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed +spec: + template: + spec: + serviceAccountName: post-delete-service-account + containers: + - name: post-delete-container + image: {{ .Values.helmHookImage }} + command: + - sh + - -c + - | + set -x + kubectl patch crd tridentorchestrators.trident.netapp.io -p '{"metadata":{"finalizers":[]}}' --type=merge + kubectl delete crd tridentorchestrators.trident.netapp.io + kubectl patch crd tridentconfigurators.trident.netapp.io -p '{"metadata":{"finalizers":[]}}' --type=merge + kubectl delete crd tridentconfigurators.trident.netapp.io + restartPolicy: Never + backoffLimit: 4 + +{{- end }} \ No newline at end of file diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/postinstallupgradehook.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/postinstallupgradehook.yaml new file mode 100644 index 00000000..103b2b15 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/postinstallupgradehook.yaml @@ -0,0 +1,70 @@ +{{- if or .Values.anfConfigurator.enabled .Values.ontapConfigurator.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: trident-operator + namespace: {{ .Release.Namespace }} +spec: + selector: + app: operator.trident.netapp.io + ports: + - name: http + protocol: TCP + port: 8000 + targetPort: 8002 +--- +apiVersion: v1 +kind: Pod +metadata: + name: trident-post-install-upgrade-hook + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded, hook-failed +spec: + restartPolicy: Never + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | nindent 4 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | nindent 4 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | nindent 4 }} + {{- end }} + initContainers: + - name: init-container-1 + image: {{ include "trident.image" $ }} + command: + - tridentctl + - --debug + - -s + - 127.0.0.1:8000 + - check + - operator + - --timeout + - "7200" # Keeping it 12 mins as AKS extension script has an upper limit of 15 mins. + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + containers: + - name: trident-post-hook + image: {{ include "trident.image" $ }} + command: + - tridentctl + - --debug + - -s + - 127.0.0.1:8000 + - check + - operator + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/predeletecrdshook.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/predeletecrdshook.yaml new file mode 100644 index 00000000..507b38df --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/predeletecrdshook.yaml @@ -0,0 +1,41 @@ +{{- if or .Values.cleanupCrds }} + +apiVersion: batch/v1 +kind: Job +metadata: + name: pre-delete-hook + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed +spec: + template: + spec: + serviceAccountName: trident-operator + containers: + - name: pre-delete-container + image: {{ .Values.helmHookImage }} + command: + - sh + - -c + - | + set -x + if kubectl get torc trident -n trident; then + kubectl patch torc trident -n trident --type=merge -p '{"spec":{"wipeout":["crds"],"uninstall":true, "skipCRDsToObliviate":["tridentorchestrators.trident.netapp.io", "tridentconfigurators.trident.netapp.io"]}}' + while kubectl get crds | grep '.trident.netapp.io' | grep -v -e 'tridentorchestrators.trident.netapp.io' -e 'tridentconfigurators.trident.netapp.io'; do + echo 'Waiting for CRDs to be deleted...' + sleep 5 + done + else + echo 'Trident orchestrator does not exist.' + fi + restartPolicy: Never + backoffLimit: 4 + +{{- end }} diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/serviceaccount.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/serviceaccount.yaml new file mode 100644 index 00000000..7a73016d --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/serviceaccount.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: trident-operator + namespace: {{ .Release.Namespace }} + {{- if and (ne .Values.cloudIdentity "") (ne .Values.cloudProvider "") }} + {{- $cloudIdentity := trimPrefix "'" .Values.cloudIdentity }} + {{- $cloudIdentity = trimSuffix "'" $cloudIdentity }} + {{- $cloudIdentityPair := regexSplit ": " $cloudIdentity 2 }} + annotations: + {{ first $cloudIdentityPair }}: {{ last $cloudIdentityPair }} + {{- end }} + labels: + app: operator.trident.netapp.io +{{- if .Values.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.imagePullSecrets }} +- name: {{ . }} +{{- end }} +{{- end }} diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/tridentconfigurator.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/tridentconfigurator.yaml new file mode 100644 index 00000000..8496eb5e --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/tridentconfigurator.yaml @@ -0,0 +1,111 @@ +{{- if .Values.anfConfigurator.enabled }} +apiVersion: trident.netapp.io/v1 +kind: TridentConfigurator +metadata: + name: netapp-anf-backend-configurator +spec: + storageDriverName: azure-netapp-files + {{- if eq .Values.cloudProvider "" }} + tenantID: {{ .Values.anfConfigurator.tenantID }} + clientCredentials: {{ .Values.anfConfigurator.clientCredentials }} + {{- end }} + {{- if or (eq .Values.cloudProvider "") (and (eq .Values.cloudProvider "Azure") (ne .Values.cloudIdentity "")) }} + subscriptionID: {{ .Values.anfConfigurator.subscriptionID }} + location: {{ .Values.anfConfigurator.location }} + {{- end }} + virtualNetwork: {{ .Values.anfConfigurator.virtualNetwork }} + subnet: {{ .Values.anfConfigurator.subnet }} + capacityPools: + {{- range .Values.anfConfigurator.capacityPools }} + - {{ . }} + {{- end }} + netappAccounts: + {{- range .Values.anfConfigurator.netappAccounts }} + - {{ . }} + {{- end }} + resourceGroups: + {{- range .Values.anfConfigurator.resourceGroups }} + - {{ . }} + {{- end }} + customerEncryptionKeys: + {{- range $key, $value := .Values.anfConfigurator.customerEncryptionKeys }} + {{ $key }}: {{ $value }} + {{- end }} +{{- end }} + +--- + +{{- if .Values.ontapConfigurator.enabled }} +{{- $includeCR := false }} +{{- range .Values.ontapConfigurator.svms }} + {{- if or (has "nfs" .protocols) (has "smb" .protocols) }} + {{- $includeCR = true }} + {{- end }} +{{- end }} + +{{- if $includeCR }} +apiVersion: trident.netapp.io/v1 +kind: TridentConfigurator +metadata: + name: netapp-nas-backend-configurator +spec: + storageDriverName: ontap-nas + svms: + {{- range .Values.ontapConfigurator.svms }} + {{- if or (has "nfs" .protocols) (has "smb" .protocols) }} + - fsxnID: {{ .fsxnID | quote }} + protocols: + {{- $filteredProtocols := list }} + {{- range .protocols }} + {{- if or (eq . "nfs") (eq . "smb") }} + {{- $filteredProtocols = append $filteredProtocols . }} + {{- end }} + {{- end }} + {{- range $filteredProtocols }} + - {{ . | quote }} + {{- end }} + svmName: {{ .svmName | quote }} + authType: {{ .authType | default "awsarn" | quote }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} + + +--- + +{{- if .Values.ontapConfigurator.enabled }} +{{- $includeCR := false }} +{{- range .Values.ontapConfigurator.svms }} + {{- if or (has "iscsi" .protocols) (has "nvme" .protocols) }} + {{- $includeCR = true }} + {{- end }} +{{- end }} + +{{- if $includeCR }} +apiVersion: trident.netapp.io/v1 +kind: TridentConfigurator +metadata: + name: netapp-san-backend-configurator +spec: + storageDriverName: ontap-san + svms: + {{- range .Values.ontapConfigurator.svms }} + {{- if or (has "iscsi" .protocols) (has "nvme" .protocols) }} + - fsxnID: {{ .fsxnID | quote }} + protocols: + {{- $filteredProtocols := list }} + {{- range .protocols }} + {{- if or (eq . "iscsi") (eq . "nvme") }} + {{- $filteredProtocols = append $filteredProtocols . }} + {{- end }} + {{- end }} + {{- range $filteredProtocols }} + - {{ . | quote }} + {{- end }} + svmName: {{ .svmName | quote }} + authType: {{ .authType | default "awsarn" | quote }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/tridentorchestrator.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/tridentorchestrator.yaml new file mode 100644 index 00000000..5f5038df --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/templates/tridentorchestrator.yaml @@ -0,0 +1,108 @@ +apiVersion: trident.netapp.io/v1 +kind: TridentOrchestrator +metadata: + name: trident +spec: + namespace: {{ .Release.Namespace }} + enableForceDetach: {{ include "trident.enableForceDetach" $ }} + IPv6: {{ include "trident.IPv6" $ }} + k8sTimeout: {{ .Values.tridentK8sTimeout }} + httpRequestTimeout: {{ .Values.tridentHttpRequestTimeout }} + silenceAutosupport: {{ include "trident.silenceAutosupport" $ }} + {{- if .Values.tridentExcludeAutosupport }} + excludeAutosupport: {{ .Values.tridentExcludeAutosupport }} + {{- end }} + autosupportImage: {{ include "trident.autosupportImage" $ }} + autosupportProxy: {{ .Values.tridentAutosupportProxy }} + autosupportInsecure: {{ .Values.tridentAutosupportInsecure }} + logFormat: {{ include "trident.logFormat" $ }} + disableAuditLog: {{ include "trident.disableAuditLog" $ }} + {{- if .Values.tridentDebug }} + debug: {{ .Values.tridentDebug }} + {{- end }} + {{- if .Values.tridentLogLevel }} + logLevel: {{ .Values.tridentLogLevel }} + {{- end }} + logWorkflows: {{ include "trident.logWorkflows" $ }} + logLayers: {{ include "trident.logLayers" $ }} + probePort: {{ include "trident.probePort" $ }} + tridentImage: {{ include "trident.image" $ }} + {{- if .Values.imageRegistry }} + imageRegistry: {{ .Values.imageRegistry }} + {{- end }} + kubeletDir: {{ .Values.kubeletDir }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- if .Values.tridentControllerPluginNodeSelector }} + controllerPluginNodeSelector: + {{- range $key, $value := .Values.tridentControllerPluginNodeSelector }} + {{ $key }}: "{{ $value }}" + {{- end }} + {{- end }} + {{- if .Values.tridentControllerPluginTolerations }} + controllerPluginTolerations: + {{- range $value := .Values.tridentControllerPluginTolerations }} + - {{- range $k, $v := $value }} + {{ $k }}: "{{ $v }}" + {{- end}} + {{- end}} + {{- end }} + {{- if .Values.tridentNodePluginNodeSelector }} + nodePluginNodeSelector: + {{- range $key, $value := .Values.tridentNodePluginNodeSelector }} + {{ $key }}: "{{ $value }}" + {{- end }} + {{- end }} + {{- if .Values.tridentNodePluginTolerations }} + nodePluginTolerations: + {{- range $value := .Values.tridentNodePluginTolerations }} + - {{- range $k, $v := $value }} + {{ $k }}: "{{ $v }}" + {{- end}} + {{- end}} + {{- end }} + imagePullPolicy: {{ include "imagePullPolicy" $ }} + windows: {{ .Values.windows }} + cloudProvider: {{ .Values.cloudProvider }} + cloudIdentity: {{ .Values.cloudIdentity }} + enableACP: {{ .Values.enableACP }} + acpImage: {{ .Values.acpImage }} + httpsMetrics: {{ .Values.httpsMetrics }} + enableAutoBackendConfig: {{ or .Values.ontapConfigurator.enabled .Values.anfConfigurator.enabled }} + iscsiSelfHealingInterval: {{ .Values.iscsiSelfHealingInterval }} + iscsiSelfHealingWaitTime: {{ .Values.iscsiSelfHealingWaitTime }} + {{- if .Values.k8sAPIQPS }} + k8sAPIQPS: {{ .Values.k8sAPIQPS }} + {{- end }} + {{- if .Values.fsGroupPolicy }} + fsGroupPolicy: {{ .Values.fsGroupPolicy }} + {{- end }} + {{- if .Values.nodePrep }} + nodePrep: {{- range .Values.nodePrep }} + - {{.}} {{- end }} + {{- end }} + enableConcurrency: {{ .Values.enableConcurrency }} + {{- if .Values.skipCRDsToObliviate }} + skipCRDsToObliviate: {{- range .Values.skipCRDsToObliviate }} + - {{.}} {{- end }} + {{- end }} + {{ if or (include "trident.hasControllerResources" .) (include "trident.hasNodeLinuxResources" .) (include "trident.hasNodeWindowsResources" .) -}} + resources: + {{ if include "trident.hasControllerResources" . -}} + controller: {{ include "trident.resources.controller" .Values.resources.controller | indent 6 }} + {{- end }} + {{ if or (include "trident.hasNodeLinuxResources" .) (include "trident.hasNodeWindowsResources" .) -}} + node: + {{ if include "trident.hasNodeLinuxResources" . -}} + linux: {{ include "trident.resources.node.linux" .Values.resources.node.linux | indent 8 }} + {{- end }} + {{- if include "trident.hasNodeWindowsResources" . }} + windows: {{ include "trident.resources.node.windows" .Values.resources.node.windows | indent 8 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.hostNetwork }} + hostNetwork: {{ .Values.hostNetwork }} + {{- end }} diff --git a/packs/trident-operator-addon-26.02.0/charts/trident-operator/values.yaml b/packs/trident-operator-addon-26.02.0/charts/trident-operator/values.yaml new file mode 100644 index 00000000..e30cee4b --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/charts/trident-operator/values.yaml @@ -0,0 +1,327 @@ +# Default values for standalone. +# This is a YAML-formatted file. + +# helmHookImage specifies the image used for Helm hook jobs +helmHookImage: "alpine/k8s:1.33.0" + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +## Pod Annotations +podAnnotations: {} + +## Deployment Annotations +deploymentAnnotations: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +## Affinity for pod assignment +## The following affinity configuration ensures that the Trident operator will only be scheduled on nodes with the specified architecture and OS, Hence, do not modify this section. To add custom affinity rules, please append your content to this configuration as needed +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 + - amd64 + - key: kubernetes.io/os + operator: In + values: + - linux + + +# tridentControllerPluginNodeSelector additional nodeSelectors for the Pod running the Trident Controller CSI Plugin. +# tridentControllerPluginNodeSelector : {} + +# tridentControllerPluginTolerations overrides tolerations for the Pod running the Trident Controler CSI Plugin. +# tridentControllerPluginTolerations: [] + +# tridentNodePluginNodeSelector additional nodeSelectors for Pods running the Trident Node CSI Plugin. +# tridentNodePluginNodeSelector : {} + +# tridentNodePluginTolerations overrides tolerations for Pods running the Trident Node CSI Plugin. +# tridentNodePluginTolerations: [] + + + +# imageRegistry identifies the registry for the trident-operator, trident, and other images. Leave empty to accept the default. +imageRegistry: "" + +# imagePullPolicy sets the image pull policy for the trident-operator. +imagePullPolicy: IfNotPresent + +# imagePullSecrets sets the image pull secrets for the trident-operator, trident, and other images. +imagePullSecrets: [] + +# kubeletDir allows overriding the host location of kubelet's internal state. (default "/var/lib/kubelet"). +kubeletDir: "" + + +# operatorLogLevel allows the log level of the Trident operator to be set to one of these: +# trace, debug, info, warn, error, fatal. +# operatorLogLevel: "info" + +# operatorDebug allows the log level of the Trident operator to be set to debug +operatorDebug: true + +# operatorImage allows the complete override of the image for trident-operator. +operatorImage: "" + +# operatorImageTag allows overriding the tag of the trident-operator image. +operatorImageTag: "" + + +# tridentIPv6 allows enabling Trident to work in IPv6 clusters. +tridentIPv6: false + +# tridentK8sTimeout overrides the default 30-second timeout for most Kubernetes API operations (if non-zero, in seconds). +tridentK8sTimeout: 0 + +# tridentHttpRequestTimeout (duration) overrides the default 90-second timeout for the HTTP requests, with 0s being an +# infinite duration for the timeout. Negative values are not allowed. +tridentHttpRequestTimeout: "90s" + +# tridentSilenceAutosupport allows disabling Trident's periodic Autosupport reporting. +tridentSilenceAutosupport: false + +# tridentExcludeAutosupport allows removal of the autosupport container when installing Trident. +tridentExcludeAutosupport: false + +# tridentAutosupportImage allows the complete override of the image for Trident's Autosupport container. +tridentAutosupportImage: "" + +# tridentAutosupportImageTag allows overriding the tag of the image for Trident's Autosupport container. +tridentAutosupportImageTag: "26.02" + +# tridentAutosupportProxy allows Trident's autosupport container to phone home via an HTTP proxy. +tridentAutosupportProxy: "" + +# tridentAutosupportInsecure allows Trident's autosupport container to skip TLS verification +tridentAutosupportInsecure: false + +# tridentLogFormat sets the Trident logging format (text or json). +tridentLogFormat: "text" + +# tridentDisableAuditLog disables Trident's audit logger. +tridentDisableAuditLog: true + +# tridentLogLevel allows the log level of Trident to be set to one of these: trace, debug, info, warn, error, fatal. +#tridentLogLevel: "info" + +# tridentDebug allows the log level of Trident to be set to debug +tridentDebug: false + +# tridentLogWorkflows allows specific Trident workflows to be enabled for trace logging or log suppression. +tridentLogWorkflows: "" + +# tridentLogLayers allows specific Trident layers to be enabled for trace logging or log suppression. +tridentLogLayers: "" + +# tridentImage allows the complete override of the image for Trident. +tridentImage: "" + +# tridentImageTag allows overriding the tag of the image for Trident. +tridentImageTag: "" + +# (Deprecated) tridentEnableNodePrep attempts to automatically install required packages on nodes. +tridentEnableNodePrep: false + +# (Deprecated) tridentSkipK8sVersionCheck allows overriding the k8s version limit for Trident. +tridentSkipK8sVersionCheck: false + +# tridentProbePort allows overriding the default port used for k8s liveness/readiness probes. +tridentProbePort: "" + +# windows allows Trident to be installed on Windows worker node. +windows: false + +# enableForceDetach allows enabling the force detach feature. +enableForceDetach: false + +# cloudProvider indicates which cloud platform Trident is running on. +cloudProvider: "" + +# cloudIdentity indicates the identity that needs to be set on service account. +cloudIdentity: "" + +# enableACP allows enabling the Trident-ACP container to run. +enableACP: false + +# acpImage indicates the image the Trident-ACP container should pull. +acpImage: "" + +# httpsMetrics allows enabling the HTTPS metrics. +httpsMetrics: false + +# iscsiSelfHealingInterval is the interval at which the iSCSI self-healing job is invoked +iscsiSelfHealingInterval: "5m0s" + +# iscsiSelfHealingWaitTime is the wait time after which iSCSI self-healing attempts to fix stale sessions +iscsiSelfHealingWaitTime: "7m0s" + +# configuratorReconcileInterval is the resource refresh rate for the auto generated backends. +configuratorReconcileInterval: 30m0s + +# forceInstallRancherClusterRoles will install a Rancher specific ClusterRole and ClusterRoleBinding when set to true. +# When set to false, the ClusterRole and ClusterRoleBinding will be installed only when a Rancher cluster is detected. +forceInstallRancherClusterRoles: false + +# Auto generated ANF backend related fields consumed by the configurator controller. +anfConfigurator: + enabled: false + virtualNetwork: "" + subnet: "" + subscriptionID: "" + tenantID: "" + location: "" + clientCredentials: "" + capacityPools: [] + netappAccounts: [] + resourceGroups: [] + customerEncryptionKeys: {} + +# Auto generated ONTAP backend related fields consumed by the configurator controller. +ontapConfigurator: + enabled: false + svms: + - fsxnID: '' + svmName: '' + protocols: [] + authType: '' + +# enableConcurrency enables the concurrent core feature in Trident **TECH PREVIEW** +enableConcurrency: false + +# Resource requests and limits for Trident components (controller, node, operator). +# Configure CPU and memory for each container and sidecar to manage resource allocation in Kubernetes. +# +# IMPORTANT NOTES: +# - DO NOT change the names of any containers or fields - or, they may not work +# - DO NOT change the indentation - YAML indentation is critical for proper parsing +# - Default values for controller/node are shown in comments (e.g., # 10m) and are applied automatically if not specified +# - Default values for operator are directly specified in the config (not in comments) and will be applied +# - By default, NO limits are applied - only requests have default values +# - Container names are listed as they appear in the pod specifications +# +# STRUCTURE EXPLANATION: +# +# 1. CONTROLLER POD: +# The controller pod runs on a single operating system (Linux), so there are no OS-specific +# sub-sections. All containers within the controller pod are listed directly under 'controller'. +# +# 2. NODE POD: +# The node pod runs on multiple operating systems (Linux and Windows), so it has OS-specific +# sub-sections: 'linux' and 'windows'. Each OS section lists its specific containers. +# +# 3. OPERATOR POD: +# Unlike controller and node pods, the operator has actual default values directly specified +# (not in comments). If removed, no values will be applied. +resources: + controller: + trident-main: + requests: + cpu: # 10m + memory: # 80Mi + limits: + cpu: + memory: + # sidecars + csi-provisioner: + requests: + cpu: # 2m + memory: # 20Mi + limits: + cpu: + memory: + csi-attacher: + requests: + cpu: # 2m + memory: # 20Mi + limits: + cpu: + memory: + csi-resizer: + requests: + cpu: # 3m + memory: # 20Mi + limits: + cpu: + memory: + csi-snapshotter: + requests: + cpu: # 2m + memory: # 20Mi + limits: + cpu: + memory: + trident-autosupport: + requests: + cpu: # 1m + memory: # 30Mi + limits: + cpu: + memory: + node: + linux: + trident-main: + requests: + cpu: # 10m + memory: # 60Mi + limits: + cpu: + memory: + # sidecars + node-driver-registrar: + requests: + cpu: # 1m + memory: # 10Mi + limits: + cpu: + memory: + windows: + trident-main: + requests: + cpu: # 6m + memory: # 40Mi + limits: + cpu: + memory: + # sidecars + node-driver-registrar: + requests: + cpu: # 6m + memory: # 40Mi + limits: + cpu: + memory: + liveness-probe: + requests: + cpu: # 2m + memory: # 40Mi + limits: + cpu: + memory: + operator: + requests: + cpu: 10m + memory: 40Mi + limits: + cpu: + memory: + +# k8sAPIQPS sets the maximum QPS to the Kubernetes API server from the Trident operator. (default 100) +k8sAPIQPS: 0 + +# hostNetwork sets the hostNetwork field in the Trident operator deployment spec. +hostNetwork: false + +# nodePrep enables Trident to prepare the nodes of the Kubernetes cluster to manage volumes using the +# specified data storage protocol. Currently, iSCSI is the only value supported. +nodePrep: [] diff --git a/packs/trident-operator-addon-26.02.0/logo.png b/packs/trident-operator-addon-26.02.0/logo.png new file mode 100644 index 00000000..6a7f7666 Binary files /dev/null and b/packs/trident-operator-addon-26.02.0/logo.png differ diff --git a/packs/trident-operator-addon-26.02.0/pack.json b/packs/trident-operator-addon-26.02.0/pack.json new file mode 100644 index 00000000..b9130116 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/pack.json @@ -0,0 +1,17 @@ +{ + "addonType": "system app", + "annotations": { + "source": "community", + "contributor": "netapp" + }, + "cloudTypes": [ + "all" + ], + "displayName": "Trident", + "charts": [ + "charts/trident-operator-100.2602.0.tgz" + ], + "layer": "addon", + "name": "csi-trident-addon", + "version": "26.02.0" +} \ No newline at end of file diff --git a/packs/trident-operator-addon-26.02.0/values.yaml b/packs/trident-operator-addon-26.02.0/values.yaml new file mode 100644 index 00000000..f35ae8e7 --- /dev/null +++ b/packs/trident-operator-addon-26.02.0/values.yaml @@ -0,0 +1,340 @@ +pack: + spectrocloud.com/display-name: trident-operator + releaseNameOverride: + trident-operator: trident-operator + namespace: trident + content: + images: + - image: docker.io/netapp/trident-operator:26.02.0 + - image: docker.io/netapp/trident-autosupport:26.02.0 + - image: docker.io/netapp/trident:26.02.0 + +charts: + trident-operator: + # Default values for standalone. + # This is a YAML-formatted file. + + # helmHookImage specifies the image used for Helm hook jobs + helmHookImage: "alpine/k8s:1.33.0" + + ## Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + nodeSelector: {} + + ## Pod Annotations + podAnnotations: {} + + ## Deployment Annotations + deploymentAnnotations: {} + + ## Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + + ## Affinity for pod assignment + ## The following affinity configuration ensures that the Trident operator will only be scheduled on nodes with the specified architecture and OS, Hence, do not modify this section. To add custom affinity rules, please append your content to this configuration as needed + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 + - amd64 + - key: kubernetes.io/os + operator: In + values: + - linux + + + # tridentControllerPluginNodeSelector additional nodeSelectors for the Pod running the Trident Controller CSI Plugin. + # tridentControllerPluginNodeSelector : {} + + # tridentControllerPluginTolerations overrides tolerations for the Pod running the Trident Controler CSI Plugin. + # tridentControllerPluginTolerations: [] + + # tridentNodePluginNodeSelector additional nodeSelectors for Pods running the Trident Node CSI Plugin. + # tridentNodePluginNodeSelector : {} + + # tridentNodePluginTolerations overrides tolerations for Pods running the Trident Node CSI Plugin. + # tridentNodePluginTolerations: [] + + + + # imageRegistry identifies the registry for the trident-operator, trident, and other images. Leave empty to accept the default. + imageRegistry: "" + + # imagePullPolicy sets the image pull policy for the trident-operator. + imagePullPolicy: IfNotPresent + + # imagePullSecrets sets the image pull secrets for the trident-operator, trident, and other images. + imagePullSecrets: [] + + # kubeletDir allows overriding the host location of kubelet's internal state. (default "/var/lib/kubelet"). + kubeletDir: "" + + + # operatorLogLevel allows the log level of the Trident operator to be set to one of these: + # trace, debug, info, warn, error, fatal. + # operatorLogLevel: "info" + + # operatorDebug allows the log level of the Trident operator to be set to debug + operatorDebug: true + + # operatorImage allows the complete override of the image for trident-operator. + operatorImage: "" + + # operatorImageTag allows overriding the tag of the trident-operator image. + operatorImageTag: "" + + + # tridentIPv6 allows enabling Trident to work in IPv6 clusters. + tridentIPv6: false + + # tridentK8sTimeout overrides the default 30-second timeout for most Kubernetes API operations (if non-zero, in seconds). + tridentK8sTimeout: 0 + + # tridentHttpRequestTimeout (duration) overrides the default 90-second timeout for the HTTP requests, with 0s being an + # infinite duration for the timeout. Negative values are not allowed. + tridentHttpRequestTimeout: "90s" + + # tridentSilenceAutosupport allows disabling Trident's periodic Autosupport reporting. + tridentSilenceAutosupport: false + + # tridentExcludeAutosupport allows removal of the autosupport container when installing Trident. + tridentExcludeAutosupport: false + + # tridentAutosupportImage allows the complete override of the image for Trident's Autosupport container. + tridentAutosupportImage: "" + + # tridentAutosupportImageTag allows overriding the tag of the image for Trident's Autosupport container. + tridentAutosupportImageTag: "26.02" + + # tridentAutosupportProxy allows Trident's autosupport container to phone home via an HTTP proxy. + tridentAutosupportProxy: "" + + # tridentAutosupportInsecure allows Trident's autosupport container to skip TLS verification + tridentAutosupportInsecure: false + + # tridentLogFormat sets the Trident logging format (text or json). + tridentLogFormat: "text" + + # tridentDisableAuditLog disables Trident's audit logger. + tridentDisableAuditLog: true + + # tridentLogLevel allows the log level of Trident to be set to one of these: trace, debug, info, warn, error, fatal. + #tridentLogLevel: "info" + + # tridentDebug allows the log level of Trident to be set to debug + tridentDebug: false + + # tridentLogWorkflows allows specific Trident workflows to be enabled for trace logging or log suppression. + tridentLogWorkflows: "" + + # tridentLogLayers allows specific Trident layers to be enabled for trace logging or log suppression. + tridentLogLayers: "" + + # tridentImage allows the complete override of the image for Trident. + tridentImage: "" + + # tridentImageTag allows overriding the tag of the image for Trident. + tridentImageTag: "" + + # (Deprecated) tridentEnableNodePrep attempts to automatically install required packages on nodes. + tridentEnableNodePrep: false + + # (Deprecated) tridentSkipK8sVersionCheck allows overriding the k8s version limit for Trident. + tridentSkipK8sVersionCheck: false + + # tridentProbePort allows overriding the default port used for k8s liveness/readiness probes. + tridentProbePort: "" + + # windows allows Trident to be installed on Windows worker node. + windows: false + + # enableForceDetach allows enabling the force detach feature. + enableForceDetach: false + + # cloudProvider indicates which cloud platform Trident is running on. + cloudProvider: "" + + # cloudIdentity indicates the identity that needs to be set on service account. + cloudIdentity: "" + + # enableACP allows enabling the Trident-ACP container to run. + enableACP: false + + # acpImage indicates the image the Trident-ACP container should pull. + acpImage: "" + + # httpsMetrics allows enabling the HTTPS metrics. + httpsMetrics: false + + # iscsiSelfHealingInterval is the interval at which the iSCSI self-healing job is invoked + iscsiSelfHealingInterval: "5m0s" + + # iscsiSelfHealingWaitTime is the wait time after which iSCSI self-healing attempts to fix stale sessions + iscsiSelfHealingWaitTime: "7m0s" + + # configuratorReconcileInterval is the resource refresh rate for the auto generated backends. + configuratorReconcileInterval: 30m0s + + # forceInstallRancherClusterRoles will install a Rancher specific ClusterRole and ClusterRoleBinding when set to true. + # When set to false, the ClusterRole and ClusterRoleBinding will be installed only when a Rancher cluster is detected. + forceInstallRancherClusterRoles: false + + # Auto generated ANF backend related fields consumed by the configurator controller. + anfConfigurator: + enabled: false + virtualNetwork: "" + subnet: "" + subscriptionID: "" + tenantID: "" + location: "" + clientCredentials: "" + capacityPools: [] + netappAccounts: [] + resourceGroups: [] + customerEncryptionKeys: {} + + # Auto generated ONTAP backend related fields consumed by the configurator controller. + ontapConfigurator: + enabled: false + svms: + - fsxnID: '' + svmName: '' + protocols: [] + authType: '' + + # enableConcurrency enables the concurrent core feature in Trident **TECH PREVIEW** + enableConcurrency: false + + # Resource requests and limits for Trident components (controller, node, operator). + # Configure CPU and memory for each container and sidecar to manage resource allocation in Kubernetes. + # + # IMPORTANT NOTES: + # - DO NOT change the names of any containers or fields - or, they may not work + # - DO NOT change the indentation - YAML indentation is critical for proper parsing + # - Default values for controller/node are shown in comments (e.g., # 10m) and are applied automatically if not specified + # - Default values for operator are directly specified in the config (not in comments) and will be applied + # - By default, NO limits are applied - only requests have default values + # - Container names are listed as they appear in the pod specifications + # + # STRUCTURE EXPLANATION: + # + # 1. CONTROLLER POD: + # The controller pod runs on a single operating system (Linux), so there are no OS-specific + # sub-sections. All containers within the controller pod are listed directly under 'controller'. + # + # 2. NODE POD: + # The node pod runs on multiple operating systems (Linux and Windows), so it has OS-specific + # sub-sections: 'linux' and 'windows'. Each OS section lists its specific containers. + # + # 3. OPERATOR POD: + # Unlike controller and node pods, the operator has actual default values directly specified + # (not in comments). If removed, no values will be applied. + resources: + controller: + trident-main: + requests: + cpu: # 10m + memory: # 80Mi + limits: + cpu: + memory: + # sidecars + csi-provisioner: + requests: + cpu: # 2m + memory: # 20Mi + limits: + cpu: + memory: + csi-attacher: + requests: + cpu: # 2m + memory: # 20Mi + limits: + cpu: + memory: + csi-resizer: + requests: + cpu: # 3m + memory: # 20Mi + limits: + cpu: + memory: + csi-snapshotter: + requests: + cpu: # 2m + memory: # 20Mi + limits: + cpu: + memory: + trident-autosupport: + requests: + cpu: # 1m + memory: # 30Mi + limits: + cpu: + memory: + node: + linux: + trident-main: + requests: + cpu: # 10m + memory: # 60Mi + limits: + cpu: + memory: + # sidecars + node-driver-registrar: + requests: + cpu: # 1m + memory: # 10Mi + limits: + cpu: + memory: + windows: + trident-main: + requests: + cpu: # 6m + memory: # 40Mi + limits: + cpu: + memory: + # sidecars + node-driver-registrar: + requests: + cpu: # 6m + memory: # 40Mi + limits: + cpu: + memory: + liveness-probe: + requests: + cpu: # 2m + memory: # 40Mi + limits: + cpu: + memory: + operator: + requests: + cpu: 10m + memory: 40Mi + limits: + cpu: + memory: + + # k8sAPIQPS sets the maximum QPS to the Kubernetes API server from the Trident operator. (default 100) + k8sAPIQPS: 0 + + # hostNetwork sets the hostNetwork field in the Trident operator deployment spec. + hostNetwork: false + + # nodePrep enables Trident to prepare the nodes of the Kubernetes cluster to manage volumes using the + # specified data storage protocol. Currently, iSCSI is the only value supported. + nodePrep: []