From 3e75f7c07dd7f620f2568cbb9d44de44dfc992b6 Mon Sep 17 00:00:00 2001
From: Vicente Cheng <vicente.cheng@suse.com>
Date: Wed, 25 Sep 2024 01:16:31 +0800
Subject: [PATCH] charts: update lvm csi driver webhook related charts

Signed-off-by: Vicente Cheng <vicente.cheng@suse.com>
---
 .../templates/_helpers.tpl                    | 80 +++++++++++++++++++
 .../templates/controller.yaml                 | 11 ++-
 .../templates/csi.yaml                        |  7 +-
 .../templates/rbac.yaml                       | 41 +++++++++-
 .../templates/webhook.yaml                    | 57 +++++++++++++
 charts/harvester-csi-driver-lvm/values.yaml   | 30 +++++--
 6 files changed, 210 insertions(+), 16 deletions(-)
 create mode 100644 charts/harvester-csi-driver-lvm/templates/webhook.yaml

diff --git a/charts/harvester-csi-driver-lvm/templates/_helpers.tpl b/charts/harvester-csi-driver-lvm/templates/_helpers.tpl
index f6e673af..a7e5a005 100644
--- a/charts/harvester-csi-driver-lvm/templates/_helpers.tpl
+++ b/charts/harvester-csi-driver-lvm/templates/_helpers.tpl
@@ -1,3 +1,83 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "harvester-csi-driver-lvm.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "harvester-csi-driver-lvm.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+CSI-plugin labels
+*/}}
+{{- define "harvester-csi-driver-lvm.labels" -}}
+helm.sh/chart: {{ include "harvester-csi-driver-lvm.chart" . }}
+{{ include "harvester-csi-driver-lvm.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: storage
+{{- end }}
+
+{{/*
+CSI-plugin Selector labels
+*/}}
+{{- define "harvester-csi-driver-lvm.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "harvester-csi-driver-lvm.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+CSI-controller labels
+*/}}
+{{- define "harvester-csi-driver-lvm-controller.labels" -}}
+helm.sh/chart: {{ include "harvester-csi-driver-lvm.chart" . }}
+{{ include "harvester-csi-driver-lvm-controller.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: storage
+{{- end }}
+
+{{/*
+CSI-controller Selector labels
+*/}}
+{{- define "harvester-csi-driver-lvm-controller.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "harvester-csi-driver-lvm.name" . }}-controller
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+CSI-webhook labels
+*/}}
+{{- define "harvester-csi-driver-lvm-webhook.labels" -}}
+helm.sh/chart: {{ include "harvester-csi-driver-lvm.chart" . }}
+{{ include "harvester-csi-driver-lvm-webhook.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: webhook
+{{- end }}
+
+{{/*
+CSI-webhook Selector labels
+*/}}
+{{- define "harvester-csi-driver-lvm-webhook.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "harvester-csi-driver-lvm.name" . }}-webhook
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+CSI components
+*/}}
 {{- define "externalImages.csiAttacher" -}}
 {{- if .Values.customCSISidecars.enabled -}}
 {{- print .Values.customCSISidecars.attacher -}}
diff --git a/charts/harvester-csi-driver-lvm/templates/controller.yaml b/charts/harvester-csi-driver-lvm/templates/controller.yaml
index 423dcc83..ce97d334 100644
--- a/charts/harvester-csi-driver-lvm/templates/controller.yaml
+++ b/charts/harvester-csi-driver-lvm/templates/controller.yaml
@@ -4,28 +4,27 @@ apiVersion: apps/v1
 metadata:
   name: harvester-csi-driver-lvm-controller
   labels:
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+     {{- include "harvester-csi-driver-lvm-controller.labels" . | nindent 4 }}
 spec:
   serviceName: harvester-csi-driver-lvm-controller
   replicas: 1
   selector:
     matchLabels:
-      app: harvester-csi-driver-lvm-controller
+      {{- include "harvester-csi-driver-lvm-controller.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       labels:
-        app: harvester-csi-driver-lvm-controller
+        {{- include "harvester-csi-driver-lvm-controller.labels" . | nindent 8 }}
     spec:
       affinity:
         podAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
           - labelSelector:
               matchExpressions:
-              - key: app
+              - key: app.kubernetes.io/name
                 operator: In
                 values:
-                - harvester-csi-driver-lvm-plugin
+                - harvester-csi-driver-lvm
             topologyKey: kubernetes.io/hostname
 {{- if .Values.nodeSelector.provisioner }}
       nodeSelector:
diff --git a/charts/harvester-csi-driver-lvm/templates/csi.yaml b/charts/harvester-csi-driver-lvm/templates/csi.yaml
index d1ae0ce1..2406b3f3 100644
--- a/charts/harvester-csi-driver-lvm/templates/csi.yaml
+++ b/charts/harvester-csi-driver-lvm/templates/csi.yaml
@@ -4,17 +4,16 @@ kind: DaemonSet
 metadata:
   name: harvester-csi-driver-lvm-plugin
   labels:
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
+    {{- include "harvester-csi-driver-lvm.labels" . | nindent 4 }}
 spec:
   revisionHistoryLimit: 10
   selector:
     matchLabels:
-      app: harvester-csi-driver-lvm-plugin
+      {{- include "harvester-csi-driver-lvm.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       labels:
-        app: harvester-csi-driver-lvm-plugin
+        {{- include "harvester-csi-driver-lvm.labels" . | nindent 8 }}
     spec:
       serviceAccountName: harvester-csi-driver-lvm
 {{- if .Values.tolerations.plugin }}
diff --git a/charts/harvester-csi-driver-lvm/templates/rbac.yaml b/charts/harvester-csi-driver-lvm/templates/rbac.yaml
index a43ec3f6..00966619 100644
--- a/charts/harvester-csi-driver-lvm/templates/rbac.yaml
+++ b/charts/harvester-csi-driver-lvm/templates/rbac.yaml
@@ -49,4 +49,43 @@ roleRef:
   kind: ClusterRole
   name: harvester-csi-driver-lvm
   apiGroup: rbac.authorization.k8s.io
----
\ No newline at end of file
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: harvester-csi-driver-lvm-webhook
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: harvester-csi-driver-lvm-webhook
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "secrets", "configmaps" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "storageclasses" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "apiregistration.k8s.io" ]
+    resources: [ "apiservices" ]
+    verbs: [ "get", "watch", "list" ]
+  - apiGroups: [ "apiextensions.k8s.io" ]
+    resources: [ "customresourcedefinitions" ]
+    verbs: [ "get", "watch", "list" ]
+  - apiGroups: [ "admissionregistration.k8s.io" ]
+    resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ]
+    verbs: [ "*" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: harvester-csi-driver-lvm-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: harvester-csi-driver-lvm-webhook
+subjects:
+  - kind: ServiceAccount
+    name: harvester-csi-driver-lvm-webhook
+    namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/harvester-csi-driver-lvm/templates/webhook.yaml b/charts/harvester-csi-driver-lvm/templates/webhook.yaml
new file mode 100644
index 000000000..716cc4f0
--- /dev/null
+++ b/charts/harvester-csi-driver-lvm/templates/webhook.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "harvester-csi-driver-lvm-webhook.labels" . | nindent 4 }}
+  {{- if .Values.webhook.replicas }}
+  # The annotation does not support 0 replicas.
+  annotations:
+    management.cattle.io/scale-available: "{{ .Values.webhook.replicas }}"
+  {{- end }}
+  name: harvester-csi-driver-lvm-webhook
+spec:
+  {{- if not .Values.webhook.replicas }}
+  # Use this field instead of the scale-available annotation when it is 0 replicas.
+  replicas: {{ .Values.webhook.replicas }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "harvester-csi-driver-lvm-webhook.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "harvester-csi-driver-lvm-webhook.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: harvester-csi-driver-lvm-webhook
+{{- if .Values.tolerations.webhook }}
+      tolerations:
+{{ toYaml .Values.tolerations.webhook | indent 8 }}
+{{- end }}
+      containers:
+        - name: harvester-csi-driver-lvm-webhook
+          image: "{{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          command:
+            - csi-driver-lvm-webhook
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: harvester-csi-driver-lvm-webhook
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    {{- include "harvester-csi-driver-lvm-webhook.selectorLabels" . | nindent 4 }}
+  ports:
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: {{ .Values.webhook.httpsPort }}
\ No newline at end of file
diff --git a/charts/harvester-csi-driver-lvm/values.yaml b/charts/harvester-csi-driver-lvm/values.yaml
index eee20a85..f7c60019 100644
--- a/charts/harvester-csi-driver-lvm/values.yaml
+++ b/charts/harvester-csi-driver-lvm/values.yaml
@@ -14,6 +14,8 @@ provisionerImage:
   # Overrides the image tag whose default is the chart appVersion.
   tag: "main-head"
 
+nameOverride: ""
+
 lvm:
   # You will want to change this for read-only filesystems
   # For example, in Talos OS, set this to "/var/etc/lvm"
@@ -21,6 +23,15 @@ lvm:
 
   driverName: lvm.driver.harvesterhci.io
 
+webhook:
+  replicas: 1
+  image:
+    repository: rancher/harvester-lvm-csi-driver-webhook
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: "main-head"
+  httpsPort: 8443
+
 rbac:
   create: true
 
@@ -48,11 +59,12 @@ customCSISidecars:
 
   ## uncomment and set these if enabled=true
 
-  # attacher: k8s.gcr.io/sig-storage/csi-attacher:v3.5.0
-  # livenessprobe: k8s.gcr.io/sig-storage/livenessprobe:v2.7.0
-  # provisioner: k8s.gcr.io/sig-storage/csi-provisioner:v3.2.1
-  # registrar: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.5.1
-  # resizer: k8s.gcr.io/sig-storage/csi-resizer:v1.6.0
+  # attacher: registry.k8s.io/sig-storage/csi-attacher:v4.4.2
+  # livenessprobe: registry.k8s.io/sig-storage/livenessprobe:v2.12.0
+  # provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2
+  # registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.2
+  # resizer: registry.k8s.io/sig-storage/csi-resizer:v1.9.2
+  # snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.4
 
 nodeSelector:
   # The plugin daemonset will run on all nodes if it has a toleration,
@@ -86,3 +98,11 @@ tolerations:
   # - key: node-role.kubernetes.io/control-plane
   #   operator: Exists
   #   effect: NoSchedule
+  webhook:
+  # - key: node-role.kubernetes.io/master
+  #   operator: Exists
+  #   effect: NoSchedule
+  # - key: node-role.kubernetes.io/control-plane
+  #   operator: Exists
+  #   effect: NoSchedule
+  
\ No newline at end of file