Skip to content

Commit

Permalink
Powermax resiliency changes (#421)
Browse files Browse the repository at this point in the history
  • Loading branch information
delldubey authored Jun 17, 2024
1 parent 43a51be commit acbcc3d
Show file tree
Hide file tree
Showing 3 changed files with 214 additions and 17 deletions.
72 changes: 62 additions & 10 deletions charts/csi-powermax/templates/controller.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,11 @@ rules:
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
{{- if eq .Values.podmon.enabled true }}
verbs: [ "get", "list", "watch", "patch" ]
{{- else }}
verbs: [ "get", "list", "watch" ]
{{- end }}
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch" ]
Expand All @@ -34,9 +38,13 @@ rules:
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update", "patch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattachments" ]
{{- if eq .Values.podmon.enabled true }}
verbs: [ "get", "list", "watch", "update", "patch", "delete" ]
{{- else }}
verbs: [ "get", "list", "watch", "update", "patch" ]
{{- end }}
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch", "update"]
Expand All @@ -46,9 +54,15 @@ rules:
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [ "" ]
resources: [ "pods" ]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
verbs: [ "get", "list", "watch", "update", "delete" ]
{{- else }}
verbs: [ "get", "list", "watch" ]
{{- end }}
{{- end }}
# below for snapshotter
- apiGroups: [""]
resources: ["secrets"]
Expand Down Expand Up @@ -97,9 +111,6 @@ rules:
- apiGroups: ["storage.k8s.io"]
resources: ["csistoragecapacities"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["get"]
Expand Down Expand Up @@ -169,6 +180,33 @@ spec:
- {{ .Release.Name }}-controller
topologyKey: kubernetes.io/hostname
containers:
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: podmon
image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
{{- toYaml .Values.podmon.controller.args | nindent 12 }}
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: powermax-config-params
mountPath: /powermax-config-params
{{- end }}
{{- end }}
- name: attacher
image: {{ required "Must provide the CSI attacher container image." .Values.images.attacher }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
Expand Down Expand Up @@ -449,6 +487,20 @@ spec:
name: {{ .Values.vSphere.vCenterCredSecret }}
key: password
{{- end }}
{{- if hasKey .Values "podmon" }}
- name: X_CSI_PODMON_ENABLED
value: "{{ .Values.podmon.enabled }}"
{{- if eq .Values.podmon.enabled true }}
{{- range $key, $value := .Values.podmon.controller.args }}
{{- if contains "--arrayConnectivityPollRate" $value }}
- name: X_CSI_PODMON_ARRAY_CONNECTIVITY_POLL_RATE
value: "{{ (split "=" $value)._1 }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
- name: X_CSI_PODMON_API_PORT
value: "{{ .Values.podmon.podmonAPIPort }}"
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
Expand Down
125 changes: 118 additions & 7 deletions charts/csi-powermax/templates/node.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
name: {{.Release.Name}}-node
namespace: {{.Release.Namespace}}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
Expand All @@ -16,6 +17,21 @@ rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "create", "delete", "get", "list", "watch", "update" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumesclaims" ]
verbs: [ "get", "list", "watch", "update" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "get", "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattachments" ]
verbs: [ "get", "list", "watch", "update" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
{{- if eq .Values.openshift true }}
- apiGroups: ["security.openshift.io"]
resources: ["securitycontextconstraints"]
Expand All @@ -40,6 +56,14 @@ rules:
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "update", "patch" ]
{{- end}}
#below for podmon
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "update", "delete" ]
{{- end }}
{{- end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
Expand Down Expand Up @@ -83,6 +107,9 @@ spec:
kubectl.kubernetes.io/default-container: "driver"
labels:
app: {{ .Release.Name }}-node
{{- if .Values.podmon.enabled }}
driver.dellemc.com: dell-storage
{{- end }}
spec:
serviceAccountName: {{ .Release.Name }}-node
{{ if .Values.node.nodeSelector }}
Expand Down Expand Up @@ -168,7 +195,7 @@ spec:
{{- end }}
- name: X_CSI_POWERMAX_PROXY_SERVICE_NAME
value: {{ .Release.Name }}-reverseproxy
- name: X_CSI_ISCSI_CHROOT
- name: X_CSI_NODE_CHROOT
value: {{ .Values.ISCSIChroot | default "/noderoot" }}
- name: X_CSI_GRPC_MAX_THREADS
value: "50"
Expand Down Expand Up @@ -218,12 +245,29 @@ spec:
name: {{ .Values.vSphere.vCenterCredSecret }}
key: password
{{- end }}
{{- if hasKey .Values "podmon" }}
- name: X_CSI_PODMON_ENABLED
value: "{{ .Values.podmon.enabled }}"
{{- if eq .Values.podmon.enabled true }}
{{- range $key, $value := .Values.podmon.node.args }}
{{- if contains "--arrayConnectivityPollRate" $value }}
- name: X_CSI_PODMON_ARRAY_CONNECTIVITY_POLL_RATE
value: "{{ (split "=" $value)._1 }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
- name: X_CSI_PODMON_API_PORT
value: "{{ .Values.podmon.podmonAPIPort }}"
volumeMounts:
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/powermax.emc.dell.com
- name: volumedevices-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi/volumeDevices
mountPropagation: "Bidirectional"
- name: csi-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
mountPropagation: "Bidirectional"
- name: pods-path
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
Expand Down Expand Up @@ -342,6 +386,58 @@ spec:
mountPath: /etc/karavi-authorization
{{ end }}
{{ end }}
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: podmon
securityContext:
privileged: true
capabilities:
add: [ "SYS_ADMIN" ]
allowPrivilegeEscalation: true
image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
{{- toYaml .Values.podmon.node.args | nindent 12 }}
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: X_CSI_PRIVATE_MOUNT_DIR
value: {{ .Values.kubeletConfigDir }}
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: kubelet-pods
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/powermax.emc.dell.com
mountPropagation: "Bidirectional"
- name: csi-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
mountPropagation: "Bidirectional"
- name: dev
mountPath: /dev
- name: usr-bin
mountPath: /usr-bin
- name: var-run
mountPath: /var/run
- name: powermax-config-params
mountPath: /powermax-config-params
{{- end }}
{{- end }}
volumes:
- name: registration-dir
hostPath:
Expand All @@ -359,6 +455,9 @@ spec:
hostPath:
path: {{ .Values.kubeletConfigDir }}/pods
type: Directory
- name: csi-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
- name: dev
hostPath:
path: /dev
Expand All @@ -378,17 +477,17 @@ spec:
- name: powermax-config-params
configMap:
name: {{ .Release.Name }}-config-params
- name: certs
secret:
secretName: {{ .Release.Name }}-certs
optional: true
{{- if hasKey .Values.node "topologyControl" }}
{{- if eq .Values.node.topologyControl.enabled true }}
- name: node-topology-config
configMap:
name: node-topology-config
{{- end }}
{{- end }}
- name: certs
secret:
secretName: {{ .Release.Name }}-certs
optional: true
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
- name: karavi-authorization-config
Expand All @@ -399,3 +498,15 @@ spec:
secretName: proxy-server-root-certificate
{{ end }}
{{ end }}
- name: usr-bin
hostPath:
path: /usr/bin
type: Directory
- name: kubelet-pods
hostPath:
path: /var/lib/kubelet/pods
type: Directory
- name: var-run
hostPath:
path: /var/run
type: Directory
34 changes: 34 additions & 0 deletions charts/csi-powermax/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ images:
replication: dellemc/dell-csi-replicator:v1.9.0
authorization: dellemc/csm-authorization-sidecar:v1.11.0
migration: dellemc/dell-csi-migrator:v1.4.0
podmon: dellemc/podmon:v1.10.0
# Node rescan sidecar does a rescan on nodes for identifying new paths
# Default value: dellemc/dell-csi-node-rescanner:v1.3.0
noderescan: dellemc/dell-csi-node-rescanner:v1.3.0
Expand Down Expand Up @@ -463,3 +464,36 @@ vSphere:
vCenterHost: "00.000.000.00"
# vCenterCredSecret: secret name for the vCenter credentials
vCenterCredSecret: vcenter-creds


# Enable this feature only after contact support for additional information
podmon:
# podmonAPIPort: Defines the port to be used within the kubernetes cluster
# Allowed values:
# Any valid and free port.
# Default value: 8083
podmonAPIPort: 8083
enabled: false
controller:
args:
- "--csisock=unix:/var/run/csi/csi.sock"
- "--labelvalue=csi-powermax"
- "--arrayConnectivityPollRate=60"
- "--driverPath=csi-powermax.dellemc.com"
- "--mode=controller"
- "--skipArrayConnectionValidation=false"
- "--driver-config-params=/powermax-config-params/driver-config-params.yaml"
- "--driverPodLabelValue=dell-storage"
- "--ignoreVolumelessPods=false"

node:
args:
- "--csisock=unix:/var/lib/kubelet/plugins/powermax.emc.dell.com/csi_sock"
- "--labelvalue=csi-powermax"
- "--arrayConnectivityPollRate=60"
- "--driverPath=csi-powermax.dellemc.com"
- "--mode=node"
- "--leaderelection=false"
- "--driver-config-params=/powermax-config-params/driver-config-params.yaml"
- "--driverPodLabelValue=dell-storage"
- "--ignoreVolumelessPods=false"

0 comments on commit acbcc3d

Please sign in to comment.