various fixes to chart and driver (#4)

* add chart publish action * use nix to build image for chart publish * rename myApp to csiDriver * remove unneeded secrets and make storageclassname dynamic * ignore kind template in git * remove sops * remove secret, update readme, fix deploy * add helm lint * fix rbac apigroup * fix custom driver name support * fix unmounting corrupt storage * add support for readonly * fix helm check, optimize pv lookup * add support for zsh * Update test.yaml * address comments * make go version in line with chart version --------- Co-authored-by: Ralf Grubenmann <[email protected]>
SwissDataScienceCenter · Jan 9, 2024 · cea92d8 · cea92d8
1 parent 18b7ea6
commit cea92d8
Show file tree

Hide file tree

Showing 36 changed files with 181 additions and 1,449 deletions.
diff --git a/.env b/.env
diff --git a/.github/workflows/build_images.yml b/.github/workflows/build_images.yml
diff --git a/.github/workflows/publish-chart.yaml b/.github/workflows/publish-chart.yaml
@@ -0,0 +1,52 @@
+name: Publish chart
+on:
+  push:
+    tags:
+      - "*.*.*"
+  workflow_dispatch:
+jobs:
+  publish-chart:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+        with:
+          python-version: 3.11
+      - uses: azure/setup-helm@v3
+        with:
+          token: ${{secrets.GITHUB_TOKEN }}
+      - name: install dependencies
+        run: pip install chartpress
+      - uses: cachix/install-nix-action@v22
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - name: Flake check
+        run: nix flake check
+      - name: Publish images
+        uses: workflow/[email protected]
+        env:
+          DOCKER_USERNAME: ${{ secrets.RENKU_DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.RENKU_DOCKER_PASSWORD }}
+        with:
+          flakes-from-devshell: true
+          flakes: .#csi-rclone-container-layerd
+          script: |
+            export TAG=$(echo ${GITHUB_REF} |cut -d/ -f3)
+            nix build .#csi-rclone-container-layerd && ./result | docker load
+            docker tag csi-rclone:latest renku/csi-rclone:latest
+            docker tag csi-rclone:latest renku/csi-rclone:${TAG}
+            echo ${DOCKER_PASSWORD}|docker login -u ${DOCKER_USERNAME} --password-stdin
+            docker push renku/csi-rclone:latest
+            docker push renku/csi-rclone:${TAG}
+
+      - name: Publish chart
+        run: |
+          cd deploy
+          git config --global user.email "[email protected]"
+          git config --global user.name "Renku Bot"
+          export TAG=$(echo ${GITHUB_REF} |cut -d/ -f3)
+          helm dep update csi-rclone
+          chartpress --tag $TAG
+          helm lint csi-rclone
+          chartpress --tag $TAG --no-build --publish-chart
+          
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -28,6 +28,8 @@ jobs:
           nix_path: nixpkgs=channel:nixos-unstable
       - name: Flake check
         run: nix flake check
+      - name: Helm check
+        run: helm lint deploy/csi-rclone
       - name: Run tests
         uses: workflow/[email protected]
         with:
@@ -40,5 +42,3 @@ jobs:
       - name: Print rclone log
         if: ${{ failure() }}
         run: cat /tmp/rclone.log
-
-
diff --git a/.gitignore b/.gitignore
@@ -5,3 +5,4 @@ rclone-build/
 result
 kubeconfig
 .DS_Store
+devenv/kind/
diff --git a/.sops.yaml b/.sops.yaml
diff --git a/README.md b/README.md
@@ -3,120 +3,15 @@
 
 This project implements Container Storage Interface (CSI) plugin that allows using [rclone mount](https://rclone.org/) as storage backend. Rclone mount points and [parameters](https://rclone.org/commands/rclone_mount/) can be configured using Secret or PersistentVolume volumeAttibutes. 
 
-## Kubernetes cluster compatability
-Works (tested):
-- `deploy/kubernetes/1.19`: K8S>= 1.19.x (due to storage.k8s.io/v1 CSIDriver API)
-- `deploy/kubernetes/1.13`: K8S 1.13.x - 1.21.x (storage.k8s.io/v1beta1 CSIDriver API)
-
-Does not work:
-- v1.12.7-gke.10, driver name csi-rclone not found in the list of registered CSI drivers
 
 ## Installing CSI driver to kubernetes cluster
-TLDR: ` kubectl apply -f deploy/kubernetes/1.19` (or `deploy/kubernetes/1.13` for older version)
-
-1. Set up storage backend. You can use [Minio](https://min.io/), Amazon S3 compatible cloud storage service.
-i.e. 
-```
-helm upgrade --install --create-namespace --namespace minio minio minio/minio --version 6.0.5 --set resources.requests.memory=512Mi --set secretKey=SECRET_ACCESS_KEY --set accessKey=ACCESS_KEY_ID
-```
-
-2. Configure defaults by pushing secret to kube-system namespace. This is optional if you will always define `volumeAttributes` in PersistentVolume.
-
-```
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rclone-secret
-type: Opaque
-stringData:
-  remote: "s3"
-  remotePath: "projectname"
-  s3-provider: "Minio"
-  s3-endpoint: "http://minio.minio:9000"
-  s3-access-key-id: "ACCESS_KEY_ID"
-  s3-secret-access-key: "SECRET_ACCESS_KEY"
-```
-
-Alternatively, you may specify rclone configuration file directly in the secret under `configData` field.
-
-```
-apiVersion: v1
-kind: Secret
-metadata:
-  name: rclone-secret
-type: Opaque
-stringData:
-  remote: "my-s3"
-  remotePath: "projectname"
-  configData: |
-    [my-s3]
-    type = s3
-    provider = Minio
-    access_key_id = ACCESS_KEY_ID
-    secret_access_key = SECRET_ACCESS_KEY
-    endpoint = http://minio-release.default:9000
-```
-
-Deploy example secret
-> `kubectl apply -f example/kubernetes/rclone-secret-example.yaml --namespace kube-system`
-
-3. You can override configuration via PersistentStorage resource definition. Leave volumeAttributes empty if you don't want to. Keys in `volumeAttributes` will be merged with predefined parameters.
-
-```
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: data-rclone-example
-  labels:
-    name: data-rclone-example
-spec:
-  accessModes:
-  - ReadWriteMany
-  capacity:
-    storage: 10Gi
-  storageClassName: rclone
-  csi:
-    driver: csi-rclone
-    volumeHandle: data-id
-    volumeAttributes:
-      remote: "s3"
-      remotePath: "projectname/pvname"
-      s3-provider: "Minio"
-      s3-endpoint: "http://minio.minio:9000"
-      s3-access-key-id: "ACCESS_KEY_ID"
-      s3-secret-access-key: "SECRET_ACCESS_KEY"
-```
 
-Deploy example definition
-> `kubectl apply -f example/kubernetes/nginx-example.yaml`
-
-
-## Building plugin and creating image
-Current code is referencing projects repository on github.com. If you fork the repository, you have to change go includes in several places (use search and replace).
-
-
-1. First push the changed code to remote. The build will use paths from `pkg/` directory.
-
-2. Build the plugin
-```
-make plugin
-```
-
-3. Build the container and inject the plugin into it.
-```
-make container
-```
-
-4. Change docker.io account in `Makefile` and use `make push` to push the image to remote. 
-``` 
-make push
-```
 ## Changelog
 
 See [CHANGELOG.txt](CHANGELOG.txt)
 
 ## Dev Environment
-This repo uses `nix` for the dev environment.
+This repo uses `nix` for the dev environment. Alternatively, run `nix develop` to enter a dev shell.
 
 Ensure that `nix`, `direnv` and `nix-direnv` are installed.
 Also add the following to your nix.conf:
@@ -125,3 +20,20 @@ experimental-features = nix-command flakes
 ```
 then commands can be run like e.g. `nix run '.#initKind'`. Check `flakes.nix` 
 for all available commands.
+
+To deploy the test cluster and run tests, run 
+```bash
+$ nix run '.#initKind'
+$ nix run '.#getKubeconfig'
+$ nix run '.#deployToKind'
+$ go test -v ./...
+```
+in your shell, or if you're in a nix shell, run
+```bash
+$ init-kind-cluster
+$ get-kind-kubeconfig
+$ local-deploy
+$ go test -v ./...
+```
+
+
diff --git a/deploy/chart/templates/csi-rclone-namespace.yaml b/deploy/chart/templates/csi-rclone-namespace.yaml
diff --git a/deploy/chart/templates/csi-rclone-secret.yaml b/deploy/chart/templates/csi-rclone-secret.yaml
diff --git a/deploy/chart/templates/csi-rclone-storageclass.yaml b/deploy/chart/templates/csi-rclone-storageclass.yaml
diff --git a/deploy/chartpress.yaml b/deploy/chartpress.yaml
@@ -0,0 +1,15 @@
+charts:
+  - name: csi-rclone
+    imagePrefix: renku/
+    resetTag: ""
+    resetVersion: 0.1.0
+    repo:
+      git: SwissDataScienceCenter/helm-charts
+      published: https://swissdatasciencecenter.github.io/helm-charts
+    images:
+      csi-rclone:
+        contextPath: ../
+        dockerFilePath: ../Dockerfile
+        valuesPath:
+          - csiControllerRclone.rclone.image
+          - csiNodepluginRclone.rclone.image
diff --git a/deploy/chart/.helmignore → deploy/csi-rclone/.helmignore b/deploy/chart/.helmignore → deploy/csi-rclone/.helmignore
diff --git a/deploy/chart/Chart.yaml → deploy/csi-rclone/Chart.yaml b/deploy/chart/Chart.yaml → deploy/csi-rclone/Chart.yaml
diff --git a/deploy/chart/templates/_helpers.tpl → deploy/csi-rclone/templates/_helpers.tpl b/deploy/chart/templates/_helpers.tpl → deploy/csi-rclone/templates/_helpers.tpl
diff --git a/.../chart/templates/csi-controller-rbac.yaml → ...rclone/templates/csi-controller-rbac.yaml b/.../chart/templates/csi-controller-rbac.yaml → ...rclone/templates/csi-controller-rbac.yaml
@@ -286,4 +286,5 @@ subjects:
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: Role
-  name: {{ include "chart.fullname" . }}-external-provisioner-cfg
+  name: {{ include "chart.fullname" . }}-external-provisioner-cfg
+  apiGroup: rbac.authorization.k8s.io