diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ede0dd0..aa604f80 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,25 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Added + +- New helm values for `csiProvisioner.priorityClassName` and `csiNodeDriver.priorityClassName` ([#334]). + +### Changed + +- BREAKING: Split helm values for independent configuration ([#334]). + - `controller` values have been moved to `csiProvisioner.controllerService`. + - `csiProvisioner` values have been moved to `csiProvisioner.externalProvisioner` + - `csiNodeDriverRegistrar` values have been moved to `csiNodeDriver.nodeRegistrar`. + - `node.driver` values have been moved to `csiNodeDriver.nodeService`. + - `podAnnotations` has been split into `csiProvisioner.podAnnotations` and `csiNodeDriver.podAnnotations`. + - `podSecurityContext` has been split into `csiProvisioner.podSecurityContext` and `csiNodeDriver.podSecurityContext`. + - `nodeSelector` has been split into `csiProvisioner.nodeSelector` and `csiNodeDriver.nodeSelector`. + - `tolerations` has been split into `csiProvisioner.tolerations` and `csiNodeDriver.tolerations`. + - `affinity` has been split into `csiProvisioner.affinity` and `csiNodeDriver.affinity`. + +[#334]: https://github.com/stackabletech/listener-operator/pull/334 + ## [25.7.0] - 2025-07-23 ## [25.7.0-rc1] - 2025-07-18 diff --git a/deploy/helm/listener-operator/templates/node-daemonset.yaml b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml similarity index 79% rename from deploy/helm/listener-operator/templates/node-daemonset.yaml rename to deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml index 3e114777..44bdd22b 100644 --- a/deploy/helm/listener-operator/templates/node-daemonset.yaml +++ b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml @@ -2,22 +2,22 @@ apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ include "operator.fullname" . }}-node-daemonset + name: {{ include "operator.fullname" . }}-csi-node-driver labels: {{- include "operator.labels" . | nindent 4 }} spec: selector: matchLabels: - app.kubernetes.io/role: node + app.kubernetes.io/role: node-driver {{- include "operator.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} + {{- with .Values.csiNodeDriver.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: - app.kubernetes.io/role: node + app.kubernetes.io/role: node-driver {{- include "operator.selectorLabels" . | nindent 8 }} spec: {{- with .Values.image.pullSecrets }} @@ -26,15 +26,15 @@ spec: {{- end }} serviceAccountName: {{ include "operator.fullname" . }}-serviceaccount securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml .Values.csiNodeDriver.podSecurityContext | nindent 8 }} containers: - - name: {{ include "operator.appname" . }} + - name: csi-node-service securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.csiNodeDriver.nodeService.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} resources: - {{ .Values.node.driver.resources | toYaml | nindent 12 }} + {{ .Values.csiNodeDriver.nodeService.resources | toYaml | nindent 12 }} args: - run - node @@ -85,10 +85,10 @@ spec: - name: mountpoint mountPath: {{ .Values.kubeletDir }}/pods - name: node-driver-registrar - image: "{{ .Values.csiNodeDriverRegistrar.image.repository }}:{{ .Values.csiNodeDriverRegistrar.image.tag }}" - imagePullPolicy: {{ .Values.csiNodeDriverRegistrar.image.pullPolicy }} + image: "{{ .Values.csiNodeDriver.nodeDriverRegistrar.image.repository }}:{{ .Values.csiNodeDriver.nodeDriverRegistrar.image.tag }}" + imagePullPolicy: {{ .Values.csiNodeDriver.nodeDriverRegistrar.image.pullPolicy }} resources: - {{ .Values.csiNodeDriverRegistrar.resources | toYaml | nindent 12 }} + {{ .Values.csiNodeDriver.nodeDriverRegistrar.resources | toYaml | nindent 12 }} args: - --csi-address=/csi/csi.sock - --kubelet-registration-path={{ .Values.kubeletDir }}/plugins/listeners.stackable.tech/csi.sock @@ -109,15 +109,18 @@ spec: - name: mountpoint hostPath: path: {{ .Values.kubeletDir }}/pods/ - {{- with .Values.nodeSelector }} + {{- with .Values.csiNodeDriver.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with .Values.csiNodeDriver.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with .Values.csiNodeDriver.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.csiNodeDriver.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/deploy/helm/listener-operator/templates/controller-deployment.yaml b/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml similarity index 76% rename from deploy/helm/listener-operator/templates/controller-deployment.yaml rename to deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml index 9145e1ba..153bd21a 100644 --- a/deploy/helm/listener-operator/templates/controller-deployment.yaml +++ b/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml @@ -2,23 +2,23 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "operator.fullname" . }}-deployment + name: {{ include "operator.fullname" . }}-csi-provisioner labels: {{- include "operator.labels" . | nindent 4 }} spec: selector: matchLabels: - app.kubernetes.io/role: controller + app.kubernetes.io/role: provisioner {{- include "operator.selectorLabels" . | nindent 6 }} template: metadata: annotations: internal.stackable.tech/image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - {{- with .Values.podAnnotations }} + {{- with .Values.csiProvisioner.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: - app.kubernetes.io/role: controller + app.kubernetes.io/role: provisioner {{- include "operator.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} @@ -27,15 +27,15 @@ spec: {{- end }} serviceAccountName: {{ include "operator.fullname" . }}-serviceaccount securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml .Values.csiProvisioner.podSecurityContext | nindent 8 }} containers: - - name: {{ include "operator.appname" . }} + - name: csi-controller-service securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.csiProvisioner.controllerService.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} resources: - {{ .Values.controller.resources | toYaml | nindent 12 }} + {{- .Values.csiProvisioner.controllerService.resources | toYaml | nindent 12 }} args: - run - controller @@ -84,10 +84,10 @@ spec: - name: csi mountPath: /csi - name: external-provisioner - image: "{{ .Values.csiProvisioner.image.repository }}:{{ .Values.csiProvisioner.image.tag }}" - imagePullPolicy: {{ .Values.csiProvisioner.image.pullPolicy }} + image: "{{ .Values.csiProvisioner.externalProvisioner.image.repository }}:{{ .Values.csiProvisioner.externalProvisioner.image.tag }}" + imagePullPolicy: {{ .Values.csiProvisioner.externalProvisioner.image.pullPolicy }} resources: - {{ .Values.csiProvisioner.resources | toYaml | nindent 12 }} + {{ .Values.csiProvisioner.externalProvisioner.resources | toYaml | nindent 12 }} args: - --csi-address=/csi/csi.sock - --feature-gates=Topology=true @@ -98,15 +98,18 @@ spec: volumes: - name: csi emptyDir: {} - {{- with .Values.nodeSelector }} + {{- with .Values.csiProvisioner.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with .Values.csiProvisioner.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with .Values.csiProvisioner.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.csiProvisioner.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} diff --git a/deploy/helm/listener-operator/values.yaml b/deploy/helm/listener-operator/values.yaml index 626c2138..61facd11 100644 --- a/deploy/helm/listener-operator/values.yaml +++ b/deploy/helm/listener-operator/values.yaml @@ -1,34 +1,117 @@ # Default values for listener-operator. --- +# Used by both the Controller Service and Node Service containers image: repository: oci.stackable.tech/sdp/listener-operator + # tag: 0.0.0-dev pullPolicy: IfNotPresent pullSecrets: [] csiProvisioner: - image: - repository: oci.stackable.tech/sdp/sig-storage/csi-provisioner - tag: v5.2.0 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 100m - memory: 128Mi -csiNodeDriverRegistrar: - image: - repository: oci.stackable.tech/sdp/sig-storage/csi-node-driver-registrar - tag: v2.13.0 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 100m - memory: 128Mi + podAnnotations: {} + + podSecurityContext: {} + # fsGroup: 2000 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + # priority: ... + # priorityClassName: ... + # preemptionPolicy: ... + + controllerService: + resources: + # Resource requests and limits for the controller pod + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + securityContext: + # listener-operator requires root permissions + runAsUser: 0 + seLinuxOptions: + # Run as "Super Privileged Container" to be allowed to write into + # the Listener volumes + type: spc_t + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + externalProvisioner: + image: + repository: oci.stackable.tech/sdp/sig-storage/csi-provisioner + tag: v5.2.0 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 100m + memory: 128Mi + +csiNodeDriver: + podAnnotations: {} + + podSecurityContext: {} + # fsGroup: 2000 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + # priority: ... + # priorityClassName: ... + # preemptionPolicy: ... + + nodeService: + resources: + # Resource requests and limits for the controller pod + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + securityContext: + # listener-operator requires root permissions + runAsUser: 0 + seLinuxOptions: + # Run as "Super Privileged Container" to be allowed to write into + # the Listener volumes + type: spc_t + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + nodeDriverRegistrar: + image: + repository: oci.stackable.tech/sdp/sig-storage/csi-node-driver-registrar + tag: v2.13.0 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 100m + memory: 128Mi nameOverride: "" fullnameOverride: "" @@ -42,56 +125,10 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" -podAnnotations: {} - # Provide additional labels which get attached to all deployed resources labels: stackable.tech/vendor: Stackable -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: - # listener-operator requires root permissions - runAsUser: 0 - seLinuxOptions: - # Run as "Super Privileged Container" to be allowed to write into - # the Listener volumes - type: spc_t - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -controller: - resources: - # Resource requests and limits for the controller pod - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - -node: - driver: - resources: - # Resource requests and limits for the per node driver container - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - # When running on a non-default Kubernetes cluster domain, the cluster domain can be configured here. # See the https://docs.stackable.tech/home/stable/guides/kubernetes-cluster-domain guide for details. # kubernetesClusterDomain: my-cluster.local @@ -100,7 +137,7 @@ affinity: {} kubeletDir: /var/lib/kubelet # Options: none, stable-nodes, ephemeral-nodes -# none: No ListenerClasses are preinstalled, the administrator must supply them themself +# none: No ListenerClasses are preinstalled, administrators must supply them themselves # stable-nodes: ListenerClasses are preinstalled that are suitable for on-prem/"pet" environments, assuming long-running Nodes but not requiring a LoadBalancer controller # ephemeral-nodes: ListenerClasses are preinstalled that are suitable for cloud/"cattle" environments with short-lived nodes, however this requires a LoadBalancer controller to be installed preset: stable-nodes diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index 4639585d..425de749 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -62,7 +62,10 @@ struct ListenerOperatorRun { #[derive(Debug, clap::Parser, strum::AsRefStr, strum::Display)] enum RunMode { + /// CSI Controller Service Controller, + + /// CSI Node Service Node, }