Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Powermax resiliency changes #421

Merged
merged 1 commit into from
Jun 17, 2024
Merged

Powermax resiliency changes #421

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 62 additions & 10 deletions charts/csi-powermax/templates/controller.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,11 @@ rules:
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
{{- if eq .Values.podmon.enabled true }}
verbs: [ "get", "list", "watch", "patch" ]
{{- else }}
verbs: [ "get", "list", "watch" ]
{{- end }}
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch" ]
Expand All @@ -34,9 +38,13 @@ rules:
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update", "patch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattachments" ]
{{- if eq .Values.podmon.enabled true }}
verbs: [ "get", "list", "watch", "update", "patch", "delete" ]
{{- else }}
verbs: [ "get", "list", "watch", "update", "patch" ]
{{- end }}
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch", "update"]
Expand All @@ -46,9 +54,15 @@ rules:
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
- apiGroups: [ "" ]
resources: [ "pods" ]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
verbs: [ "get", "list", "watch", "update", "delete" ]
{{- else }}
verbs: [ "get", "list", "watch" ]
{{- end }}
{{- end }}
# below for snapshotter
- apiGroups: [""]
resources: ["secrets"]
Expand Down Expand Up @@ -97,9 +111,6 @@ rules:
- apiGroups: ["storage.k8s.io"]
resources: ["csistoragecapacities"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["get"]
Expand Down Expand Up @@ -169,6 +180,33 @@ spec:
- {{ .Release.Name }}-controller
topologyKey: kubernetes.io/hostname
containers:
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: podmon
image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
{{- toYaml .Values.podmon.controller.args | nindent 12 }}
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: powermax-config-params
mountPath: /powermax-config-params
{{- end }}
{{- end }}
- name: attacher
image: {{ required "Must provide the CSI attacher container image." .Values.images.attacher }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
Expand Down Expand Up @@ -449,6 +487,20 @@ spec:
name: {{ .Values.vSphere.vCenterCredSecret }}
key: password
{{- end }}
{{- if hasKey .Values "podmon" }}
- name: X_CSI_PODMON_ENABLED
value: "{{ .Values.podmon.enabled }}"
{{- if eq .Values.podmon.enabled true }}
{{- range $key, $value := .Values.podmon.controller.args }}
{{- if contains "--arrayConnectivityPollRate" $value }}
- name: X_CSI_PODMON_ARRAY_CONNECTIVITY_POLL_RATE
value: "{{ (split "=" $value)._1 }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
- name: X_CSI_PODMON_API_PORT
value: "{{ .Values.podmon.podmonAPIPort }}"
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
Expand Down
125 changes: 118 additions & 7 deletions charts/csi-powermax/templates/node.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
name: {{.Release.Name}}-node
namespace: {{.Release.Namespace}}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
Expand All @@ -16,6 +17,21 @@ rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "create", "delete", "get", "list", "watch", "update" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumesclaims" ]
verbs: [ "get", "list", "watch", "update" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "get", "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattachments" ]
verbs: [ "get", "list", "watch", "update" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
{{- if eq .Values.openshift true }}
- apiGroups: ["security.openshift.io"]
resources: ["securitycontextconstraints"]
Expand All @@ -40,6 +56,14 @@ rules:
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "update", "patch" ]
{{- end}}
#below for podmon
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "update", "delete" ]
{{- end }}
{{- end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
Expand Down Expand Up @@ -83,6 +107,9 @@ spec:
kubectl.kubernetes.io/default-container: "driver"
labels:
app: {{ .Release.Name }}-node
{{- if .Values.podmon.enabled }}
driver.dellemc.com: dell-storage
{{- end }}
spec:
serviceAccountName: {{ .Release.Name }}-node
{{ if .Values.node.nodeSelector }}
Expand Down Expand Up @@ -168,7 +195,7 @@ spec:
{{- end }}
- name: X_CSI_POWERMAX_PROXY_SERVICE_NAME
value: {{ .Release.Name }}-reverseproxy
- name: X_CSI_ISCSI_CHROOT
- name: X_CSI_NODE_CHROOT
value: {{ .Values.ISCSIChroot | default "/noderoot" }}
- name: X_CSI_GRPC_MAX_THREADS
value: "50"
Expand Down Expand Up @@ -218,12 +245,29 @@ spec:
name: {{ .Values.vSphere.vCenterCredSecret }}
key: password
{{- end }}
{{- if hasKey .Values "podmon" }}
- name: X_CSI_PODMON_ENABLED
value: "{{ .Values.podmon.enabled }}"
{{- if eq .Values.podmon.enabled true }}
{{- range $key, $value := .Values.podmon.node.args }}
{{- if contains "--arrayConnectivityPollRate" $value }}
- name: X_CSI_PODMON_ARRAY_CONNECTIVITY_POLL_RATE
value: "{{ (split "=" $value)._1 }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
- name: X_CSI_PODMON_API_PORT
value: "{{ .Values.podmon.podmonAPIPort }}"
volumeMounts:
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/powermax.emc.dell.com
- name: volumedevices-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi/volumeDevices
mountPropagation: "Bidirectional"
- name: csi-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
mountPropagation: "Bidirectional"
- name: pods-path
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
Expand Down Expand Up @@ -342,6 +386,58 @@ spec:
mountPath: /etc/karavi-authorization
{{ end }}
{{ end }}
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: podmon
securityContext:
privileged: true
capabilities:
add: [ "SYS_ADMIN" ]
allowPrivilegeEscalation: true
image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
{{- toYaml .Values.podmon.node.args | nindent 12 }}
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: X_CSI_PRIVATE_MOUNT_DIR
value: {{ .Values.kubeletConfigDir }}
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: kubelet-pods
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/powermax.emc.dell.com
mountPropagation: "Bidirectional"
- name: csi-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
mountPropagation: "Bidirectional"
- name: dev
mountPath: /dev
- name: usr-bin
mountPath: /usr-bin
- name: var-run
mountPath: /var/run
- name: powermax-config-params
mountPath: /powermax-config-params
{{- end }}
{{- end }}
volumes:
- name: registration-dir
hostPath:
Expand All @@ -359,6 +455,9 @@ spec:
hostPath:
path: {{ .Values.kubeletConfigDir }}/pods
type: Directory
- name: csi-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
- name: dev
hostPath:
path: /dev
Expand All @@ -378,17 +477,17 @@ spec:
- name: powermax-config-params
configMap:
name: {{ .Release.Name }}-config-params
- name: certs
secret:
secretName: {{ .Release.Name }}-certs
optional: true
{{- if hasKey .Values.node "topologyControl" }}
{{- if eq .Values.node.topologyControl.enabled true }}
- name: node-topology-config
configMap:
name: node-topology-config
{{- end }}
{{- end }}
- name: certs
secret:
secretName: {{ .Release.Name }}-certs
optional: true
{{- if hasKey .Values "authorization" }}
{{- if eq .Values.authorization.enabled true }}
- name: karavi-authorization-config
Expand All @@ -399,3 +498,15 @@ spec:
secretName: proxy-server-root-certificate
{{ end }}
{{ end }}
- name: usr-bin
hostPath:
path: /usr/bin
type: Directory
- name: kubelet-pods
hostPath:
path: /var/lib/kubelet/pods
type: Directory
- name: var-run
hostPath:
path: /var/run
type: Directory
34 changes: 34 additions & 0 deletions charts/csi-powermax/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ images:
replication: dellemc/dell-csi-replicator:v1.9.0
authorization: dellemc/csm-authorization-sidecar:v1.11.0
migration: dellemc/dell-csi-migrator:v1.4.0
podmon: dellemc/podmon:v1.10.0
# Node rescan sidecar does a rescan on nodes for identifying new paths
# Default value: dellemc/dell-csi-node-rescanner:v1.3.0
noderescan: dellemc/dell-csi-node-rescanner:v1.3.0
Expand Down Expand Up @@ -463,3 +464,36 @@ vSphere:
vCenterHost: "00.000.000.00"
# vCenterCredSecret: secret name for the vCenter credentials
vCenterCredSecret: vcenter-creds


# Enable this feature only after contact support for additional information
podmon:
# podmonAPIPort: Defines the port to be used within the kubernetes cluster
# Allowed values:
# Any valid and free port.
# Default value: 8083
podmonAPIPort: 8083
enabled: false
controller:
args:
- "--csisock=unix:/var/run/csi/csi.sock"
- "--labelvalue=csi-powermax"
- "--arrayConnectivityPollRate=60"
- "--driverPath=csi-powermax.dellemc.com"
- "--mode=controller"
- "--skipArrayConnectionValidation=false"
- "--driver-config-params=/powermax-config-params/driver-config-params.yaml"
- "--driverPodLabelValue=dell-storage"
- "--ignoreVolumelessPods=false"

node:
args:
- "--csisock=unix:/var/lib/kubelet/plugins/powermax.emc.dell.com/csi_sock"
- "--labelvalue=csi-powermax"
- "--arrayConnectivityPollRate=60"
- "--driverPath=csi-powermax.dellemc.com"
- "--mode=node"
- "--leaderelection=false"
- "--driver-config-params=/powermax-config-params/driver-config-params.yaml"
- "--driverPodLabelValue=dell-storage"
- "--ignoreVolumelessPods=false"
Loading