charts: add webhook to node-disk-manager

Signed-off-by: Vicente Cheng <[email protected]>

Author: Vicente-Cheng

charts/harvester-node-disk-manager/templates/_helpers.tpl

@@ -50,6 +50,27 @@ app.kubernetes.io/name: {{ include "harvester-node-disk-manager.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{/*
+Webhook labels
+*/}}
+{{- define "harvester-node-disk-manager-webhook.labels" -}}
+helm.sh/chart: {{ include "harvester-node-disk-manager.chart" . }}
+{{ include "harvester-node-disk-manager-webhook.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: webhook
+{{- end }}
+
+{{/*
+Webhook Selector labels
+*/}}
+{{- define "harvester-node-disk-manager-webhook.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "harvester-node-disk-manager.name" . }}-webhook
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
 {{/*
 Create the name of the service account to use
 */}}

charts/harvester-node-disk-manager/templates/daemonset.yaml

@@ -50,10 +50,6 @@ spec:
         - name: NDM_AUTO_PROVISION_FILTER
           value: {{ . | join "," | quote }}
         {{- end }}
-        {{- with .Values.rescanInterval }}
-        - name: NDM_RESCAN_INTERVAL
-          value: {{ . | quote }}
-        {{- end }}
         {{- with .Values.maxConcurrentOps }}
         - name: NDM_MAX_CONCURRENT_OPS
           value: {{ . | quote }}

charts/harvester-node-disk-manager/templates/rbac.yaml

@@ -35,3 +35,43 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "harvester-node-disk-manager.name" . }}
     namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: harvester-node-disk-manager-webhook
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: harvester-node-disk-manager-webhook
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "secrets", "configmaps" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "harvesterhci.io" ]
+    resources: [ "blockdevices" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "apiregistration.k8s.io" ]
+    resources: [ "apiservices" ]
+    verbs: [ "get", "watch", "list" ]
+  - apiGroups: [ "apiextensions.k8s.io" ]
+    resources: [ "customresourcedefinitions" ]
+    verbs: [ "get", "watch", "list" ]
+  - apiGroups: [ "admissionregistration.k8s.io" ]
+    resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ]
+    verbs: [ "*" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: harvester-node-disk-manager-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: harvester-node-disk-manager-webhook
+subjects:
+  - kind: ServiceAccount
+    name: harvester-node-disk-manager-webhook
+    namespace: {{ .Release.Namespace }}

charts/harvester-node-disk-manager/templates/webhook.yaml

@@ -0,0 +1,45 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "harvester-node-disk-manager-webhook.labels" . | nindent 4 }}
+  name: harvester-node-disk-manager-webhook
+spec:
+  replicas: {{ .Values.webhook.replicas }}
+  selector:
+    matchLabels:
+      {{- include "harvester-node-disk-manager-webhook.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "harvester-node-disk-manager-webhook.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: harvester-node-disk-manager-webhook
+      containers:
+        - name: harvester-node-disk-manager-webhook
+          image: "{{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          command:
+            - node-disk-manager-webhook
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: harvester-node-disk-manager-webhook
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    {{- include "harvester-node-disk-manager-webhook.selectorLabels" . | nindent 4 }}
+  ports:
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: {{ .Values.webhook.httpsPort }}

charts/harvester-node-disk-manager/values.yaml

@@ -4,10 +4,19 @@
 
 image:
   repository: rancher/harvester-node-disk-manager
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
   tag: "master-head"
 
+webhook:
+  replicas: 1
+  image:
+    repository: rancher/harvester-node-disk-manager-webhook
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: "master-head"
+  httpsPort: 8443
+
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
@@ -67,15 +76,12 @@ autoProvisionFilter: []
   # - /dev/sda?
   # - /dev/nvme0n1p1
 
-# Specify the interval of device rescanning of the node (in seconds)
-rescanInterval:
-
 # Sepcify how many concurrent ops we could execute at the same time
 maxConcurrentOps:
 
 # Perform auto GPT partition generating if a disk can not be globally identified
 # Default to false.
 autoGPTGenerate:
 
-# Enable debug logging, default to false
+# Enable debug logging
 debug: false