--- # Source: datashim-charts/charts/csi-nfs-chart/templates/csi-attacher-rbac.yaml # This YAML file contains RBAC API objects that are necessary to run external # CSI attacher for nfs flex adapter apiVersion: v1 kind: ServiceAccount metadata: name: csi-attacher-nfs labels: helm.sh/chart: csi-nfs-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf --- # Source: datashim-charts/charts/csi-nfs-chart/templates/csi-nodeplugin-rbac.yaml # This YAML defines all API objects to create RBAC roles for CSI node plugin apiVersion: v1 kind: ServiceAccount metadata: name: csi-nodeplugin labels: helm.sh/chart: csi-nfs-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf --- # Source: datashim-charts/charts/csi-s3-chart/templates/csi-s3.yaml apiVersion: v1 kind: ServiceAccount metadata: name: csi-s3 labels: helm.sh/chart: csi-s3-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf --- # Source: datashim-charts/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml # This YAML file contains all RBAC objects that are necessary to run external # CSI attacher. # # In production, each CSI driver deployment has to be customized: # - to avoid conflicts, use non-default namespace and different names # for non-namespaced entities like the ClusterRole # - decide whether the deployment replicates the external CSI # attacher, in which case leadership election must be enabled; # this influences the RBAC setup, see below apiVersion: v1 kind: ServiceAccount metadata: name: csi-attacher # replace with non-default namespace name namespace: dlf labels: helm.sh/chart: csi-sidecars-rbac-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf --- # Source: datashim-charts/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml # This YAML file contains all RBAC objects that are necessary to run external # CSI provisioner. # # In production, each CSI driver deployment has to be customized: # - to avoid conflicts, use non-default namespace and different names # for non-namespaced entities like the ClusterRole # - decide whether the deployment replicates the external CSI # provisioner, in which case leadership election must be enabled; # this influences the RBAC setup, see below apiVersion: v1 kind: ServiceAccount metadata: name: csi-provisioner # replace with non-default namespace name namespace: dlf labels: helm.sh/chart: csi-sidecars-rbac-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf --- # Source: datashim-charts/charts/dataset-operator-chart/templates/rbac/service_account.yaml apiVersion: v1 kind: ServiceAccount metadata: name: dataset-operator labels: helm.sh/chart: dataset-operator-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf --- # Source: datashim-charts/charts/dataset-operator-chart/templates/secrets/server-tls.yaml apiVersion: v1 kind: Secret metadata: labels: app.kubernetes.io/name: dlf name: webhook-server-tls namespace: dlf type: kubernetes.io/tls data: tls.crt: YmFyCg== tls.key: YmFyCg== --- # Source: datashim-charts/charts/csi-s3-chart/templates/storageclass.yaml kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: csi-s3 labels: helm.sh/chart: csi-s3-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf provisioner: ch.ctrox.csi.s3-driver parameters: # specify which mounter to use # can be set to s3fs, goofys # OTHER OPTIONS NOT WORKING! mounter: goofys csi.storage.k8s.io/provisioner-secret-name: ${pvc.name} csi.storage.k8s.io/provisioner-secret-namespace: ${pvc.namespace} csi.storage.k8s.io/controller-publish-secret-name: ${pvc.name} csi.storage.k8s.io/controller-publish-secret-namespace: ${pvc.namespace} csi.storage.k8s.io/node-stage-secret-name: ${pvc.name} csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace} csi.storage.k8s.io/node-publish-secret-name: ${pvc.name} csi.storage.k8s.io/node-publish-secret-namespace: ${pvc.namespace} --- # Source: datashim-charts/charts/dataset-operator-chart/templates/crds/com.ie.ibm.hpsys_datasetinternals_crd.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: datasetsinternal.datashim.io spec: group: datashim.io names: kind: DatasetInternal listKind: DatasetInternalList plural: datasetsinternal singular: datasetinternal scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: DatasetInternal is the Schema for the datasetsinternal API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: DatasetSpec defines the desired state of Dataset properties: extract: type: string format: type: string local: additionalProperties: type: string description: Foo is an example field of Dataset. Edit dataset_types.go to remove/update type: object remote: additionalProperties: type: string type: object type: description: TODO temp definition for archive type: string url: type: string type: object status: description: DatasetInternalStatus defines the observed state of DatasetInternal properties: caching: properties: placements: properties: datalocations: items: properties: key: type: string value: type: string type: object type: array gateways: items: properties: key: type: string value: type: string type: object type: array type: object type: object type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- # Source: datashim-charts/charts/dataset-operator-chart/templates/crds/com.ie.ibm.hpsys_datasets_crd.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: datasets.datashim.io spec: group: datashim.io names: kind: Dataset listKind: DatasetList plural: datasets singular: dataset scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: Dataset is the Schema for the datasets API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: DatasetSpec defines the desired state of Dataset properties: extract: type: string format: type: string local: additionalProperties: type: string description: Foo is an example field of Dataset. Edit dataset_types.go to remove/update type: object remote: additionalProperties: type: string type: object type: description: TODO temp definition for archive type: string url: type: string type: object status: description: DatasetStatus defines the observed state of Dataset properties: caching: properties: info: type: string status: type: string type: object provision: properties: info: type: string status: type: string type: object type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- # Source: datashim-charts/charts/csi-nfs-chart/templates/csi-attacher-rbac.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: external-attacher-runner-nfs labels: helm.sh/chart: csi-nfs-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update", "patch"] --- # Source: datashim-charts/charts/csi-nfs-chart/templates/csi-nodeplugin-rbac.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-nodeplugin labels: helm.sh/chart: csi-nfs-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "update"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update"] --- # Source: datashim-charts/charts/csi-s3-chart/templates/csi-s3.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-s3 labels: helm.sh/chart: csi-s3-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "update"] - apiGroups: [""] resources: ["namespaces"] verbs: ["get", "list"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update","create"] --- # Source: datashim-charts/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml # Attacher must be able to work with PVs, CSINodes and VolumeAttachments kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: external-attacher-runner labels: helm.sh/chart: csi-sidecars-rbac-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "update", "patch"] #Adding "update" - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch", "update", "patch", "create"] #Adding "update" - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments/status"] verbs: ["patch"] #Secret permission is optional. #Enable it if you need value from secret. #For example, you have key `csi.storage.k8s.io/controller-publish-secret-name` in StorageClass.parameters #see https://kubernetes-csi.github.io/docs/secrets-and-credentials.html # - apiGroups: [""] # resources: ["secrets"] # verbs: ["get", "list"] --- # Source: datashim-charts/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: external-provisioner-runner labels: helm.sh/chart: csi-sidecars-rbac-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf rules: # The following rule should be uncommented for plugins that require secrets # for provisioning. #Enabling secrets - apiGroups: [""] resources: ["secrets"] verbs: ["get", "list"] - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] verbs: ["get", "list"] - apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] verbs: ["get", "list"] - apiGroups: ["storage.k8s.io"] resources: ["csinodes"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "list", "watch"] # Access to volumeattachments is only needed when the CSI driver # has the PUBLISH_UNPUBLISH_VOLUME controller capability. # In that case, external-provisioner will watch volumeattachments # to determine when it is safe to delete a volume. - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments"] verbs: ["get", "list", "watch","create"] --- # Source: datashim-charts/charts/dataset-operator-chart/templates/rbac/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: dataset-operator labels: helm.sh/chart: dataset-operator-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf rules: - apiGroups: - "" resources: - pods - services - endpoints - persistentvolumeclaims - persistentvolumes - events - configmaps - secrets verbs: - '*' - apiGroups: - apps resources: - deployments - daemonsets - replicasets - statefulsets verbs: - '*' - apiGroups: - monitoring.coreos.com resources: - servicemonitors verbs: - get - create - apiGroups: - apps resourceNames: - dataset-operator resources: - deployments/finalizers verbs: - update - apiGroups: - "" resources: - pods verbs: - get - apiGroups: - apps resources: - replicasets verbs: - get - apiGroups: - datashim.io resources: - '*' - datasetsinternal - datasets verbs: - '*' - apiGroups: - storage.k8s.io resources: - '*' verbs: - '*' - apiGroups: - objectbucket.io resources: - '*' verbs: - '*' - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations verbs: - '*' - apiGroups: ["batch", "extensions"] resources: ["jobs"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- # Source: datashim-charts/charts/csi-nfs-chart/templates/csi-attacher-rbac.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-attacher-role-nfs labels: helm.sh/chart: csi-nfs-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf subjects: - kind: ServiceAccount name: csi-attacher-nfs namespace: dlf roleRef: kind: ClusterRole name: external-attacher-runner-nfs apiGroup: rbac.authorization.k8s.io --- # Source: datashim-charts/charts/csi-nfs-chart/templates/csi-nodeplugin-rbac.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-nodeplugin labels: helm.sh/chart: csi-nfs-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf subjects: - kind: ServiceAccount name: csi-nodeplugin namespace: dlf roleRef: kind: ClusterRole name: csi-nodeplugin apiGroup: rbac.authorization.k8s.io --- # Source: datashim-charts/charts/csi-s3-chart/templates/csi-s3.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-s3 labels: helm.sh/chart: csi-s3-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf subjects: - kind: ServiceAccount name: csi-s3 namespace: dlf roleRef: kind: ClusterRole name: csi-s3 apiGroup: rbac.authorization.k8s.io --- # Source: datashim-charts/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-attacher-role labels: helm.sh/chart: csi-sidecars-rbac-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf subjects: - kind: ServiceAccount name: csi-attacher # replace with non-default namespace name namespace: dlf roleRef: kind: ClusterRole name: external-attacher-runner apiGroup: rbac.authorization.k8s.io --- # Source: datashim-charts/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-provisioner-role labels: helm.sh/chart: csi-sidecars-rbac-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf subjects: - kind: ServiceAccount name: csi-provisioner # replace with non-default namespace name namespace: dlf roleRef: kind: ClusterRole name: external-provisioner-runner apiGroup: rbac.authorization.k8s.io --- # Source: datashim-charts/charts/dataset-operator-chart/templates/rbac/role_binding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dataset-operator labels: helm.sh/chart: dataset-operator-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf subjects: - kind: ServiceAccount name: dataset-operator namespace: dlf roleRef: kind: ClusterRole name: dataset-operator apiGroup: rbac.authorization.k8s.io --- # Source: datashim-charts/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml # Attacher must be able to work with configmaps or leases in the current namespace # if (and only if) leadership election is enabled kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: # replace with non-default namespace name namespace: dlf name: external-attacher-cfg labels: helm.sh/chart: csi-sidecars-rbac-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] --- # Source: datashim-charts/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml # Provisioner must be able to work with endpoints in current namespace # if (and only if) leadership election is enabled kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: # replace with non-default namespace name namespace: dlf name: external-provisioner-cfg labels: helm.sh/chart: csi-sidecars-rbac-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf rules: # Only one of the following rules for endpoints or leases is required based on # what is set for `--leader-election-type`. Endpoints are deprecated in favor of Leases. - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "watch", "list", "delete", "update", "create"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "watch", "list", "delete", "update", "create"] # Permissions for CSIStorageCapacity are only needed enabling the publishing # of storage capacity information. - apiGroups: ["storage.k8s.io"] resources: ["csistoragecapacities"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # The GET permissions below are needed for walking up the ownership chain # for CSIStorageCapacity. They are sufficient for deployment via # StatefulSet (only needs to get Pod) and Deployment (needs to get # Pod and then ReplicaSet to find the Deployment). - apiGroups: [""] resources: ["pods"] verbs: ["get"] - apiGroups: ["apps"] resources: ["replicasets"] verbs: ["get"] --- # Source: datashim-charts/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-attacher-role-cfg # replace with non-default namespace name namespace: dlf labels: helm.sh/chart: csi-sidecars-rbac-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf subjects: - kind: ServiceAccount name: csi-attacher # replace with non-default namespace name namespace: dlf roleRef: kind: Role name: external-attacher-cfg apiGroup: rbac.authorization.k8s.io --- # Source: datashim-charts/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: csi-provisioner-role-cfg # replace with non-default namespace name namespace: dlf labels: helm.sh/chart: csi-sidecars-rbac-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf subjects: - kind: ServiceAccount name: csi-provisioner # replace with non-default namespace name namespace: dlf roleRef: kind: Role name: external-provisioner-cfg apiGroup: rbac.authorization.k8s.io --- # Source: datashim-charts/charts/csi-nfs-chart/templates/csi-attacher-nfsplugin.yaml # This YAML file contains attacher & csi driver API objects that are necessary # to run external CSI attacher for nfs kind: Service apiVersion: v1 metadata: name: csi-attacher-nfsplugin namespace: dlf labels: app: csi-attacher-nfsplugin helm.sh/chart: csi-nfs-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf spec: selector: app: csi-attacher-nfsplugin ports: - name: dummy port: 12345 --- # Source: datashim-charts/charts/csi-s3-chart/templates/attacher.yaml # needed for StatefulSet kind: Service apiVersion: v1 metadata: name: csi-attacher-s3 namespace: dlf labels: app: csi-attacher-s3 helm.sh/chart: csi-s3-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf spec: selector: app: csi-attacher-s3 ports: - name: dummy port: 12345 --- # Source: datashim-charts/charts/csi-s3-chart/templates/provisioner.yaml kind: Service apiVersion: v1 metadata: name: csi-provisioner-s3 namespace: dlf labels: app: csi-provisioner-s3 helm.sh/chart: csi-s3-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf spec: selector: app: csi-provisioner-s3 ports: - name: dummy port: 12345 --- # Source: datashim-charts/charts/dataset-operator-chart/templates/apps/operator.yaml apiVersion: v1 kind: Service metadata: name: webhook-server labels: helm.sh/chart: dataset-operator-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf spec: ports: - port: 443 protocol: TCP targetPort: webhook-api selector: name: dataset-operator --- # Source: datashim-charts/charts/csi-nfs-chart/templates/csi-nodeplugin-nfsplugin.yaml # This YAML file contains driver-registrar & csi driver nodeplugin API objects # that are necessary to run CSI nodeplugin for nfs kind: DaemonSet apiVersion: apps/v1 metadata: name: csi-nodeplugin-nfsplugin labels: helm.sh/chart: csi-nfs-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf spec: selector: matchLabels: app: csi-nodeplugin-nfsplugin template: metadata: labels: helm.sh/chart: csi-nfs-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf app: csi-nodeplugin-nfsplugin spec: serviceAccountName: csi-nodeplugin hostNetwork: true containers: - name: node-driver-registrar image: "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.3.0" lifecycle: preStop: exec: command: ["/bin/sh", "-c", "rm -rf /registration/csi-nfsplugin /registration/csi-nfsplugin-reg.sock"] args: - --v=10 - --csi-address=/plugin/csi.sock - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-nfsplugin/csi.sock env: - name: KUBE_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumeMounts: - name: plugin-dir mountPath: /plugin - name: registration-dir mountPath: /registration - name: nfs securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true image: "quay.io/datashim-io/csi-nfs:latest" args : - "--nodeid=$(NODE_ID)" - "--endpoint=$(CSI_ENDPOINT)" env: - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: CSI_ENDPOINT value: unix://plugin/csi.sock imagePullPolicy: "Always" volumeMounts: - name: plugin-dir mountPath: /plugin - name: pods-mount-dir mountPath: /var/lib/kubelet/pods mountPropagation: "Bidirectional" volumes: - name: plugin-dir hostPath: path: /var/lib/kubelet/plugins/csi-nfsplugin type: DirectoryOrCreate - name: pods-mount-dir hostPath: path: /var/lib/kubelet/pods type: Directory - hostPath: path: /var/lib/kubelet/plugins_registry type: Directory name: registration-dir --- # Source: datashim-charts/charts/csi-s3-chart/templates/csi-s3.yaml kind: DaemonSet apiVersion: apps/v1 metadata: name: csi-s3 labels: helm.sh/chart: csi-s3-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf spec: selector: matchLabels: app: csi-s3 template: metadata: labels: helm.sh/chart: csi-s3-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf app: csi-s3 spec: serviceAccountName: csi-s3 containers: - name: driver-registrar image: "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.3.0" imagePullPolicy: Always args: - --v=5 - --csi-address=/csi/csi.sock - --kubelet-registration-path=/var/lib/kubelet/plugins/csi-s3/csi.sock securityContext: # This is necessary only for systems with SELinux, where # non-privileged sidecar containers cannot access unix domain socket # created by privileged CSI driver container. privileged: false env: - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName volumeMounts: - mountPath: /csi name: socket-dir - mountPath: /registration name: registration-dir - name: csi-s3 image: "quay.io/datashim-io/csi-s3:latest" imagePullPolicy: Always args: - "--v=5" - "--endpoint=$(CSI_ENDPOINT)" - "--nodeid=$(KUBE_NODE_NAME)" env: - name: CSI_ENDPOINT value: unix:///csi/csi.sock - name: KUBE_NODE_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: cheap value: "off" securityContext: privileged: true # ports: # - containerPort: 9898 # name: healthz # protocol: TCP # TODO make it configurable and build it for ppc64le # livenessProbe: # failureThreshold: 5 # httpGet: # path: /healthz # port: healthz # initialDelaySeconds: 10 # timeoutSeconds: 3 # periodSeconds: 2 volumeMounts: - mountPath: /csi name: socket-dir - mountPath: /var/lib/kubelet/pods mountPropagation: Bidirectional name: mountpoint-dir - mountPath: /dev name: dev-dir ##TODO make it configurable and build it for ppc64le # - name: liveness-probe # volumeMounts: # - mountPath: /csi # name: socket-dir # image: quay.io/k8scsi/livenessprobe:v1.1.0 # args: # - --csi-address=/csi/csi.sock # - --health-port=9898 volumes: - hostPath: path: /var/lib/kubelet/plugins/csi-s3 type: DirectoryOrCreate name: socket-dir - hostPath: path: /var/lib/kubelet/pods type: DirectoryOrCreate name: mountpoint-dir - hostPath: path: /var/lib/kubelet/plugins_registry type: Directory name: registration-dir - hostPath: path: /dev type: Directory name: dev-dir --- # Source: datashim-charts/charts/dataset-operator-chart/templates/apps/operator.yaml apiVersion: apps/v1 kind: Deployment metadata: name: dataset-operator labels: helm.sh/chart: dataset-operator-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf spec: replicas: 1 selector: matchLabels: name: dataset-operator template: metadata: annotations: sidecar.istio.io/inject: "false" labels: name: dataset-operator helm.sh/chart: dataset-operator-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf spec: serviceAccountName: dataset-operator initContainers: - name: generate-keys image: "quay.io/datashim-io/generate-keys:latest" imagePullPolicy: Always env: - name: DATASET_OPERATOR_NAMESPACE value: dlf containers: - name: dataset-operator # Replace this with the built image name image: "quay.io/datashim-io/dataset-operator:latest" command: - /manager imagePullPolicy: Always ports: - containerPort: 9443 name: webhook-api env: - name: WATCH_NAMESPACE value: "" - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: OPERATOR_NAME value: "dataset-operator" - name: OPERATOR_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumeMounts: - name: webhook-tls-certs mountPath: /tmp/k8s-webhook-server/serving-certs readOnly: true volumes: - name: webhook-tls-certs secret: secretName: webhook-server-tls --- # Source: datashim-charts/charts/csi-nfs-chart/templates/csi-attacher-nfsplugin.yaml kind: StatefulSet apiVersion: apps/v1 metadata: name: csi-attacher-nfsplugin namespace: dlf labels: helm.sh/chart: csi-nfs-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf spec: selector: matchLabels: app: csi-attacher-nfsplugin serviceName: "csi-attacher-nfsplugin" replicas: 1 template: metadata: labels: helm.sh/chart: csi-nfs-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf app: csi-attacher-nfsplugin spec: serviceAccountName: csi-attacher-nfs containers: - name: csi-attacher image: "k8s.gcr.io/sig-storage/csi-attacher:v3.3.0" args: - "--v=10" - "--csi-address=$(ADDRESS)" env: - name: ADDRESS value: /csi/csi.sock imagePullPolicy: Always volumeMounts: - name: socket-dir mountPath: /csi - name: nfs image: "quay.io/datashim-io/csi-nfs:latest" args : - "--nodeid=$(NODE_ID)" - "--endpoint=$(CSI_ENDPOINT)" env: - name: NODE_ID valueFrom: fieldRef: fieldPath: spec.nodeName - name: CSI_ENDPOINT value: unix://plugin/csi.sock imagePullPolicy: Always volumeMounts: - name: socket-dir mountPath: /plugin volumes: - name: socket-dir emptyDir: {} --- # Source: datashim-charts/charts/csi-s3-chart/templates/attacher.yaml kind: StatefulSet apiVersion: apps/v1 metadata: name: csi-attacher-s3 namespace: dlf labels: helm.sh/chart: csi-s3-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf spec: serviceName: "csi-attacher-s3" replicas: 1 selector: matchLabels: app: csi-attacher-s3 template: metadata: labels: helm.sh/chart: csi-s3-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf app: csi-attacher-s3 spec: serviceAccountName: csi-attacher containers: - name: csi-attacher image: "k8s.gcr.io/sig-storage/csi-attacher:v3.3.0" imagePullPolicy: Always args: - --v=5 - --csi-address=/csi/csi.sock securityContext: # This is necessary only for systems with SELinux, where # non-privileged sidecar containers cannot access unix domain socket # created by privileged CSI driver container. privileged: true volumeMounts: - mountPath: /csi name: socket-dir volumes: - hostPath: path: /var/lib/kubelet/plugins/csi-s3 type: DirectoryOrCreate name: socket-dir --- # Source: datashim-charts/charts/csi-s3-chart/templates/provisioner.yaml kind: StatefulSet apiVersion: apps/v1 metadata: name: csi-provisioner-s3 labels: helm.sh/chart: csi-s3-chart-0.1.0 app.kubernetes.io/name: datashim app.kubernetes.io/instance: default app.kubernetes.io/managed-by: Helm meta.helm.sh/release-name: default meta.helm.sh/release-namespace: dlf namespace: dlf spec: serviceName: "csi-provisioner-s3" replicas: 1 selector: matchLabels: app: csi-provisioner-s3 template: metadata: labels: app: csi-provisioner-s3 spec: serviceAccountName: csi-provisioner containers: - name: csi-provisioner image: "k8s.gcr.io/sig-storage/csi-provisioner:v2.2.2" imagePullPolicy: Always args: - -v=5 - --csi-address=/csi/csi.sock - --feature-gates=Topology=true securityContext: # This is necessary only for systems with SELinux, where # non-privileged sidecar containers cannot access unix domain socket # created by privileged CSI driver container. privileged: true volumeMounts: - mountPath: /csi name: socket-dir volumes: - hostPath: path: /var/lib/kubelet/plugins/csi-s3 type: DirectoryOrCreate name: socket-dir --- # Source: datashim-charts/charts/csi-s3-chart/templates/driver.yaml apiVersion: storage.k8s.io/v1 kind: CSIDriver metadata: name: ch.ctrox.csi.s3-driver spec: attachRequired: false podInfoOnMount: false volumeLifecycleModes: - Persistent # - Ephemeral --- # Source: datashim-charts/charts/dataset-operator-chart/templates/apps/webhook-definition.yaml apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: dlf-mutating-webhook-cfg