Skip to content

Commit

Permalink
VAST Data CSI Plugin - v2.4.1
Browse files Browse the repository at this point in the history
  (from f38da9c67ca435a7ff45df051d411078c44cd795)
  • Loading branch information
koreno committed Aug 5, 2024
1 parent cc42866 commit a47cd1f
Show file tree
Hide file tree
Showing 23 changed files with 525 additions and 316 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/prepare_releaser_configuration.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@

release_name_template = "helm-{{ .Name }}-{{ .Version }}"
pages_branch = "gh-pages-beta" if is_beta else "gh-pages"
version = f"{VERSION}-beta.{SHA}" if is_beta else VERSION
version = f"{VERSION}-beta" if is_beta else VERSION

# Create unique release name based on version and commit sha
for chart in CHARTS:
Expand Down
4 changes: 3 additions & 1 deletion .gitlab-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,9 @@ build_csi:
set -x
VERSION=$(cat version.txt)
TAGGED=$(grep 'the version of the Vast CSI driver' charts/vastcsi/values.yaml | awk '{print $2}')
if [[ "$TAGGED" != "$VERSION" ]]; then
if [[ "$TAGGED" == *"beta"* ]]; then
echo "skip version verification. Version is beta"
elif [[ "$TAGGED" != "$VERSION" ]]; then
echo "version.txt has $VERSION, while our helm chart has $TAGGED (check charts/vastcsi/values.yaml)"
exit 5
fi
Expand Down
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
# CHANGELOG

## Version 2.4.1
* Support for multiple Vast Clusters via using StorageClass secrets (VCSI-140)
* Set a timeout on requests to VMS, to prevent worker threads hanging (VCSI-183)
* Improve mounting performance by support the use of VIPPool DNS, skipping an API call to the VMS (VCSI-167)

## Version 2.4.0
* added Container Object Storage Interface (COSI) support (VCSI-159)
* added formal support for multitenancy via StorageClasses (VCSI-147)
Expand Down
2 changes: 1 addition & 1 deletion charts/vastcosi/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ truncateVolumeName: 64
image:
csiVastPlugin:
repository: vastdataorg/csi
tag: v2.4.0
tag: v2.4.1-beta-1426549
imagePullPolicy: IfNotPresent
objectstorageProvisioner:
repository: gcr.io/k8s-staging-sig-storage/objectstorage-sidecar/objectstorage-sidecar
Expand Down
8 changes: 5 additions & 3 deletions charts/vastcsi/templates/controller.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -141,11 +141,13 @@ spec:
nodeSelector:
{{- if .Values.controller.runOnMaster}}
node-role.kubernetes.io/master: ""
{{- end}}
{{- if .Values.controller.runOnControlPlane}}
{{- end }}
{{- if .Values.controller.runOnControlPlane}}
node-role.kubernetes.io/control-plane: ""
{{- end}}
{{- end }}
{{- if .Values.controller.nodeSelector }}
{{ toYaml .Values.controller.nodeSelector | indent 8 }}
{{- end }}
priorityClassName: {{ .Values.controller.priorityClassName }}
serviceAccount: {{ .Release.Name }}-vast-controller-sa
tolerations:
Expand Down
7 changes: 2 additions & 5 deletions charts/vastcsi/templates/shared/_common_env.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,12 @@
# changes in the corresponding template in the other chart.
*/}}

{{- define "vastcsi.commonEnv" -}}
{{- define "vastcsi.commonEnv" }}

{{- if (urlParse (required "endpoint is required" $.Values.endpoint )).scheme }}
{{- fail "endpoint requires only host to be provided. Please exclude 'http//|https//' from url." -}}
{{- end }}
- name: X_CSI_PLUGIN_NAME
value: "csi.vastdata.com"
- name: X_CSI_VMS_HOST
value: {{ $.Values.endpoint | quote }}
value: {{ $.Values.endpoint | default "" | quote }}
- name: X_CSI_ENABLE_VMS_SSL_VERIFICATION
value: {{ $.Values.verifySsl | quote }}
- name: X_CSI_DELETION_VIP_POOL_NAME
Expand Down
8 changes: 6 additions & 2 deletions charts/vastcsi/templates/shared/_vms_auth.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,23 @@
{{- define "vastcsi.vmsAuthVolume" -}}
{{- if and .Values.sslCert .Values.sslCertsSecretName -}}
{{-
fail (printf "Ambiguous origin of the 'sslCert'. The certificate is found in both the '%s' secret and the command line --from-file argument." .Values.secretName)
fail (printf "Ambiguous origin of the 'sslCert'. The certificate is found in both the '%s' secret and the command line --from-file argument." .Values.sslCertsSecretName)
-}}
{{- end -}}
{{- if and .ca_bundle (not .Values.verifySsl) -}}
{{- fail "When sslCert is provided `verifySsl` must be set to true." -}}
{{- end }}

{{- if $.Values.secretName }}
- name: vms-auth
secret:
secretName: {{ required "secretName field must be specified" .Values.secretName | quote }}
secretName: {{ $.Values.secretName | quote }}
items:
- key: username
path: username
- key: password
path: password
{{- end }}
{{- if $.ca_bundle }}
- name: vms-ca-bundle
secret:
Expand All @@ -32,9 +34,11 @@

{{/* Volume bindings for vms credentials and vms session certificates */}}
{{ define "vastcsi.vmsAuthVolumeMount" }}
{{- if $.Values.secretName }}
- name: vms-auth
mountPath: /opt/vms-auth
readOnly: true
{{- end }}
{{- if $.ca_bundle }}
- name: vms-ca-bundle
mountPath: /etc/ssl/certs
Expand Down
43 changes: 37 additions & 6 deletions charts/vastcsi/templates/snapshot-class.yaml
Original file line number Diff line number Diff line change
@@ -1,17 +1,48 @@
{{/* Vast CSI snapshot class */}}
{{/* Generate one or more snapshot classes from 'snapshotClasses' section. */}}

{{/* Check if .Values.secretName is not empty */}}
{{- if not (empty .Values.secretName) }}

{{/* If .Values.snapshotClasses is empty, set a default value */}}
{{- if empty .Values.snapshotClasses }}
{{- $_ := set .Values "snapshotClasses" (dict "vastdata-snapshot" (dict)) }}
{{- end -}}
{{- end -}}

{{/* Iterate over SnapshotClasses from manifest */}}
{{- range $name, $options := .Values.snapshotClasses }}

{{/* Validate setDefaultSnapshotClass option. Options should be either true or false */}}
{{-
$is_default_class := pluck "setDefaultSnapshotClass" $options $.Values.snapshotClassDefaults | first | quote
-}}
{{- if not (or (kindIs "bool" $is_default_class ) ( $is_default_class | mustRegexMatch "true|false" )) -}}
{{- fail "setDefaultSnapshotClass should be either 'true' or 'false'" -}}
{{- end }}

{{- $snapshot_name_fmt := pluck "snapshotNameFormat" $options $.Values.snapshotClassDefaults | first | quote -}}
{{- $deletion_policy := pluck "deletionPolicy" $options $.Values.snapshotClassDefaults | first | quote -}}

{{- $snapshot_class_secret := pluck "secretName" $options $.Values.snapshotClassDefaults | first | quote -}}
{{/* Get secretNamespace parameter. If not provided .Release.Namespace is used. */}}
{{- $snapshot_class_secret_namespace := pluck "secretNamespace" $options $.Values.snapshotClassDefaults | first | default $.Release.Namespace | quote -}}

{{- with .Values.snapshotClass }}
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
name: {{ required "snapshotClassName must be non empty string" .snapshotClassName | quote }}
name: {{ required "snapshotClassName must be non empty string" $name }}
namespace: {{ include "vastcsi.namespace" $ }}
annotations:
snapshot.storage.kubernetes.io/is-default-class: {{ .setDefaultStorageClass | quote }}
snapshot.storage.kubernetes.io/is-default-class: {{ $is_default_class }}
labels:
{{- include "vastcsi.labels" $ | nindent 4 }}
driver: csi.vastdata.com
deletionPolicy: {{ .deletionPolicy | quote }}
deletionPolicy: {{ $deletion_policy }}
parameters:
snapshot_name_fmt: {{ .snapshotNameFormat | quote }}
snapshot_name_fmt: {{ $snapshot_name_fmt }}
{{- if ne $snapshot_class_secret ( quote "" ) }}
csi.storage.k8s.io/snapshotter-secret-name: {{ $snapshot_class_secret }}
csi.storage.k8s.io/snapshotter-secret-namespace: {{ $snapshot_class_secret_namespace }}
{{- end }}
---
{{- end }}
39 changes: 26 additions & 13 deletions charts/vastcsi/templates/storage-class.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{{/* Generate one or more storage classes from 'storageClasses' section. */}}

{{- if not .Values.storageClasses -}}
{{- fail "`storageClasses` cannot be empty section. Specify at least one StorageClass with required parameters (vipPool, storagePath etc)" -}}
{{- fail "`storageClasses` cannot be empty section. Specify at least one StorageClass with required parameters (vipPolicy, storagePath etc)" -}}
{{- end -}}

{{/* Iterate over StorageClasses from manifest */}}
Expand All @@ -15,12 +15,6 @@
{{- fail "setDefaultStorageClass should be either 'true' or 'false'" -}}
{{- end }}

{{/* Validate lbStrategy parameter. Parameter should be either random or roundrobin. */}}
{{- $lb_strategy := pluck "lbStrategy" $options $.Values.storageClassDefaults | first | quote -}}
{{- if not ( $lb_strategy | mustRegexMatch "roundrobin|random" ) -}}
{{- fail "lbStrategy should be either 'random' or 'roundrobin'" -}}
{{- end }}

{{/* Validate storagePath parameter. Parameter should be not empty string. */}}
{{- $storage_path := pluck "storagePath" $options $.Values.storageClassDefaults | first | quote -}}
{{- if eq $storage_path ( quote "" ) -}}
Expand All @@ -34,6 +28,12 @@
{{- end }}

{{- $vip_pool_name := pluck "vipPool" $options $.Values.storageClassDefaults | first | quote -}}
{{- $vip_pool_fqdn := pluck "vipPoolFQDN" $options $.Values.storageClassDefaults | first | quote -}}

{{- if and (ne $vip_pool_name ( quote "" )) (ne $vip_pool_fqdn ( quote "" )) -}}
{{- fail (printf "vipPool and vipPoolFQDN are mutually exclusive in the StorageClass '%s' parameters. Do not set a default value from storageDefaults for either field; choose only one to specify." $name) -}}
{{- end }}

{{- $volume_name_fmt := pluck "volumeNameFormat" $options $.Values.storageClassDefaults | first | quote -}}
{{- $eph_volume_name_fmt := pluck "ephemeralVolumeNameFormat" $options $.Values.storageClassDefaults | first | quote -}}
{{- $qos_policy := pluck "qosPolicy" $options $.Values.storageClassDefaults | first | quote -}}
Expand All @@ -44,6 +44,10 @@
first | quote | mustRegexMatch "true" | ternary true false
-}}

{{- $storage_class_secret := pluck "secretName" $options $.Values.storageClassDefaults | first | quote -}}
{{/* Get secretNamespace parameter. If not provided .Release.Namespace is used. */}}
{{- $storage_class_secret_namespace := pluck "secretNamespace" $options $.Values.storageClassDefaults | first | default $.Release.Namespace | quote -}}

kind: StorageClass
apiVersion: storage.k8s.io/v1
provisioner: csi.vastdata.com
Expand All @@ -58,15 +62,24 @@ reclaimPolicy: {{ $reclaim_policy }}
parameters:
root_export: {{ $storage_path }}
view_policy: {{ $view_policy }}
lb_strategy: {{ $lb_strategy }}
lb_strategy: "roundrobin" # deprecated; this is here for backwards compatibility, so users don't have to delete their helm deployment and reinstall (since StorageClass is immutable)
volume_name_fmt: {{ $volume_name_fmt }}
eph_volume_name_fmt: {{ $eph_volume_name_fmt }}
{{- if ne $vip_pool_name ( quote "" ) }}
vip_pool_name: {{ $vip_pool_name }}
{{- end }}
{{- if ne $qos_policy ( quote "" ) }}
qos_policy: {{ $qos_policy }}
{{- range $key, $value := dict "vip_pool_name" $vip_pool_name "vip_pool_fqdn" $vip_pool_fqdn "qos_policy" $qos_policy }}
{{- if and $value (ne $value ( quote "" )) }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- if ne $storage_class_secret ( quote "" ) }}
csi.storage.k8s.io/provisioner-secret-name: {{ $storage_class_secret }}
csi.storage.k8s.io/provisioner-secret-namespace: {{ $storage_class_secret_namespace }}
csi.storage.k8s.io/controller-publish-secret-name: {{ $storage_class_secret }}
csi.storage.k8s.io/controller-publish-secret-namespace: {{ $storage_class_secret_namespace }}
csi.storage.k8s.io/node-publish-secret-name: {{ $storage_class_secret }}
csi.storage.k8s.io/node-publish-secret-namespace: {{ $storage_class_secret_namespace }}
csi.storage.k8s.io/controller-expand-secret-name: {{ $storage_class_secret }}
csi.storage.k8s.io/controller-expand-secret-namespace: {{ $storage_class_secret_namespace }}
{{- end }}
allowVolumeExpansion: {{ $allow_volume_expansion }}
{{- if kindIs "string" $mount_options -}}
{{/* Keep option to specify mountOptions as string for backward compatibility */}}
Expand Down
73 changes: 59 additions & 14 deletions charts/vastcsi/values.yaml
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
####################
# VAST REST SESSION ATTRIBUTES
####################
# Secret name, which corresponds to a secret containing credentials to login - must be provided by user
# Secret name, which corresponds to a secret containing credentials to login - should be provided by user if secretName is not provided in StorageClass attributes
# Secret must contain username and password fields
# Example: kubectl create secret generic vast-mgmt --from-literal=username='< VAST username >' --from-literal=password='< VAST password >'
secretName: ""

# API endpoint of VAST appliance - must be provided by user
# API endpoint of VAST appliance - should be provided by user if secretName is not provided in StorageClass attributes
endpoint: ""

# Set true to enable certificate validity test
Expand Down Expand Up @@ -44,18 +44,36 @@ useLocalIpForMount: ""
# storageClassDefaults is set of options that will be using by default if option is not provided
# for particular storageClass in 'storageClasses' section
storageClassDefaults:
# Any of the following options can be specified within the StorageClasses section on a per-storage class basis,
# or can be set here as default values for all storage classes.

# Secret name, which corresponds to a secret containing credentials to login - must be provided by user
# Secret must contain username, password and endpoint fields. Other fields are ignored.
# Example: kubectl create secret generic vast-mgmt --from-literal=username='< VAST username >' --from-literal=password='< VAST password >' --from-literal=endpoint='< VAST endpoint >'
# Optionally you can include CA ssl certificate. Along with verifySsl option enabled it will establish trusted connection per StorageClass
# if you have different certificates per cluster (Otherwise use `sslCertsSecretName` to specify global secret with ssl certificate to be used across all storage classes):
# Example:
# kubectl create secret generic vast-mgmt \
# --from-literal=username='<VAST username>' \
# --from-literal=password='<VAST password>' \
# --from-literal=endpoint='<VAST endpoint>' \
# --from-file=ssl_cert='<path to sslCert.crt>'
secretName: ""
# Secret namespace. If not specified then secret will be searched in the same namespace as StorageClass is created.
secretNamespace: ""
# Where volumes will be located on VAST - must be provided by user
storagePath: ""
# Name of VAST VIP pool to use - must be provided by user
# Name of VAST VIP pool to use. Must specify either vipPool or vipPoolFQDN.
vipPool: ""
# The FQDN of the VIP pool to use. Must specify either vipPool or vipPoolFQDN.
# Using a DNS skips an API call to the VMS for obtaining a random VIP from the vipPool, leading to faster volume mounting.
# NOTE: The driver will prepend the FQDN with a random prefix, which forces the NFS client to resolve into a different VIP,
# thereby distributing the load across the entire range of the VIP pool.
vipPoolFQDN: ""
# VAST policy name to create views - must be provided by user
viewPolicy: ""
# Allows resizing existing volumes
allowVolumeExpansion: true
# Load-balancing strategy
# Options:
# roundrobin, random
lbStrategy: roundrobin
# If true, sets Vast CSI as the cluster-wide storage class default
setDefaultStorageClass: false
# String template for CSI-provisioned volume names, within VAST
Expand Down Expand Up @@ -83,10 +101,12 @@ storageClasses: {}
# User can add more storage classes to this section eg:
# vastdata-filesystem2:
# vipPool: "vippool-2"
# secretName: "secret2"
# .... other options
#
# vastdata-filesystem3:
# vipPool: "vippool-3"
# secretName: "secret3"
# .... other options

####################
Expand Down Expand Up @@ -118,14 +138,39 @@ attachRequired: true
####################
# VAST CSI SNAPSHOTS CLASS OPTIONS
####################
snapshotClass:
snapshotClassName: "vastdata-snapshot"
# On snapshot delete behavior. By default, Vast Cluster snapshot will be removed as well.
deletionPolicy: "Delete"
# If true, sets Vast CSI as the cluster-wide snapshot class default
setDefaultStorageClass: true
# snapshotClassDefaults is set of options that will be using by default if option is not provided
# for particular snapshotClass in 'snapshotClasses' section
snapshotClassDefaults:
# Any of the following options can be specified within the snapshotClasses section on a per-snapshot class basis,
# or can be set here as default values for all snapshot classes.

# Secret name, which corresponds to a secret containing credentials to login - must be provided by user
# Secret must contain username, password and endpoint fields. Other fields are ignored.
# Example: kubectl create secret generic vast-mgmt --from-literal=username='< VAST username >' --from-literal=password='< VAST password >' --from-literal=endpoint='< VAST endpoint >'
# Optionally you can include CA ssl certificate. Along with verifySsl option enabled it will establish trusted connection per SnapshotClass
# if you have different certificates per cluster (Otherwise use `sslCertsSecretName` to specify global secret with ssl certificate to be used across all snapshot classes):
# Example:
# kubectl create secret generic vast-mgmt \
# --from-literal=username='<VAST username>' \
# --from-literal=password='<VAST password>' \
# --from-literal=endpoint='<VAST endpoint>' \
# --from-file=ssl_cert='<path to sslCert.crt>'
secretName: ""
# Secret namespace. If not specified then secret will be searched in the same namespace as SnapshotClass is created.
secretNamespace: ""
# If true, sets SnapshotClass as the cluster-wide snapshot class default
setDefaultSnapshotClass: true
# String template for CSI-provisioned snapshot names, within VAST
snapshotNameFormat: "csi:{namespace}:{name}:{id}"
# On snapshot delete behavior. By default, Vast Cluster snapshot will be removed as well.
deletionPolicy: "Delete"

snapshotClasses: {}
# vastdata-snapshot:
# secretName: "secret"
# deletionPolicy: "Delete"
# setDefaultSnapshotClass: false
# snapshotNameFormat: "snapshot:{name}:{id}"


####################
Expand All @@ -135,7 +180,7 @@ snapshotClass:
image:
csiVastPlugin:
repository: vastdataorg/csi
tag: v2.4.0 # the version of the Vast CSI driver
tag: v2.4.1-beta-1426549 # the version of the Vast CSI driver
imagePullPolicy: IfNotPresent
csiAttacher:
repository: registry.k8s.io/sig-storage/csi-attacher
Expand Down
1 change: 1 addition & 0 deletions packaging/files/constraints.txt
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,5 @@ real-easypy==0.4.3
psutil==5.6.3
prompt_toolkit==3.0.8
requests==2.28.2
cryptography==43.0.0
pytest==7.2.0
1 change: 1 addition & 0 deletions packaging/files/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ plumbum
real-easypy
requests
psutil
cryptography
prompt_toolkit
pytest

Loading

0 comments on commit a47cd1f

Please sign in to comment.