add files

.drone.yml

+clone:
+  git:
+    image: registry-vpc.cn-qingdao.aliyuncs.com/wod/drone-plugin-git:1.4.0
+pipeline:
+  docker:
+    image: harbor.wodcloud.com/devops/drone-plugin-docker:1.0
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    base: registry-vpc.cn-qingdao.aliyuncs.com/wod-k8s/data:1.0.0
+    repo: wod/storageos-chart
+    registry: registry-vpc.cn-qingdao.aliyuncs.com
+    secrets: 
+      - source: REGISTRY_USER_ALIYUN
+        target: REGISTRY_USER
+      - source: REGISTRY_PASSWORD_ALIYUN
+        target: REGISTRY_PASSWORD        
+branches: [master]
\ No newline at end of file

.helmignore

+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

Chart.yaml

+name: storageos
+version: 0.1.0
+description: Converged storage for containers
+appVersion: 1.0.0-rc2
+apiVersion: v1
+keywords:
+- storage
+- block-storage
+- volume
+home: https://storageos.com
+icon: https://storageos.com/wp-content/themes/storageOS/images/logo.svg
+sources:
+- https://github.com/storageos
+maintainers:
+- name: croomes
+  email: simon.croome@storageos.com
+- name: darkowlzz
+  email: sunny.gogoi@storageos.com

LICENSE

+MIT License
+
+Copyright (c) 2017 StorageOS
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

+# StorageOS Helm Chart
+
+```bash
+# install
+helm install /etc/kubernetes/helm/storageos \
+--name=storageos \
+--set cluster.join=172.31.14.41 \
+--set cluster.kv_address=172.31.14.41:2379 \
+--set cluster.sharedDir=/data/storageos \
+--set api.username=storageos \
+--set api.password=spaceIN511
+```
\ No newline at end of file

build/dockerfile

+FROM {{ BASEIMAGE }}
+MAINTAINER mengkzhaoyun <mengkzhaoyun@gmail.com>
+
+ADD . /data/input
\ No newline at end of file

package.json

+{
+  "name": "storageos-chart",
+  "version": "1.0.0-rc4"
+}
\ No newline at end of file

templates/NOTES.txt

+{{- if not .Values.csi.enable }}
+
+1. Please run the following commands now to configure the link between Kubernetes and StorageOS(*):
+
+ClusterIP=$(kubectl get svc/{{ .Values.service.name }} --namespace {{ .Values.namespace }} -o custom-columns=IP:spec.clusterIP --no-headers=true)
+ApiAddress=$(echo -n "tcp://$ClusterIP:{{ .Values.service.externalPort }}" | base64)
+kubectl patch secret/{{ .Values.api.secretName }} --namespace {{ .Values.api.secretNamespace }} --patch "{\"data\": {\"apiAddress\": \"$ApiAddress\"}}"
+
+*) Unfortunately this is needed until the Kubernetes apiserver can use kube-dns to resolve service 
+   dns names like {{ .Values.service.name }}.{{ .Values.namespace }}.svc to the correct ClusterIP.
+   This is a known limitation: https://github.com/kubernetes-incubator/bootkube/issues/456
+
+{{- end }}

templates/_helpers.tpl

+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "storageos.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "storageos.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "storageos.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

templates/credentials_csi.yaml

+{{- if .Values.csi.enable }}
+
+{{- if .Values.csi.provisionCreds.enable }}
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.csi.provisionCreds.secretName }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+type: Opaque
+data:
+  username: {{ default "" .Values.csi.provisionCreds.username | b64enc | quote }}
+  password: {{ default "" .Values.csi.provisionCreds.password | b64enc | quote }}
+
+{{- end }}
+
+{{- if .Values.csi.controllerPublishCreds.enable }}
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.csi.controllerPublishCreds.secretName }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+type: Opaque
+data:
+  username: {{ default "" .Values.csi.controllerPublishCreds.username | b64enc | quote }}
+  password: {{ default "" .Values.csi.controllerPublishCreds.password | b64enc | quote }}
+
+{{- end }}
+
+{{- if .Values.csi.nodeStageCreds.enable }}
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.csi.nodeStageCreds.secretName }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+type: Opaque
+data:
+  username: {{ default "" .Values.csi.nodeStageCreds.username | b64enc | quote }}
+  password: {{ default "" .Values.csi.nodeStageCreds.password | b64enc | quote }}
+
+{{- end }}
+
+{{- if .Values.csi.nodePublishCreds.enable }}
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.csi.nodePublishCreds.secretName }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+type: Opaque
+data:
+  username: {{ default "" .Values.csi.nodePublishCreds.username | b64enc | quote }}
+  password: {{ default "" .Values.csi.nodePublishCreds.password | b64enc | quote }}
+
+{{- end }}
+
+{{- end }}

templates/daemonset.yaml

+{{- if not .Values.csi.enable }}
+
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: {{ template "storageos.fullname" . }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "storageos.name" . }}
+  template:
+    metadata:
+      name: {{ template "storageos.fullname" . }}
+      labels:
+        app: {{ template "storageos.name" . }}
+        chart: {{ template "storageos.chart" . }}
+        heritage: {{ .Release.Service }}
+        release: {{ .Release.Name }}
+        kind: daemonset
+    spec:
+      hostPID: true
+      hostNetwork: true
+      {{- if .Values.rbacEnabled }}
+      serviceAccountName: {{ template "storageos.fullname" . }}
+      {{- end }}
+      initContainers:
+      - name: enable-lio
+        image: "{{ .Values.initContainer.repository }}:{{ .Values.initContainer.tag }}"
+        imagePullPolicy: {{ .Values.initContainer.pullPolicy }}
+        volumeMounts:
+          - name: kernel-modules
+            mountPath: /lib/modules
+            readOnly: true
+          - name: sys
+            mountPath: /sys
+            mountPropagation: Bidirectional
+        securityContext:
+          privileged: true
+          capabilities:
+            add:
+            - SYS_ADMIN
+      containers:
+      - name: {{ .Chart.Name }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+        - server
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+          name: api
+        livenessProbe:
+          initialDelaySeconds: 65
+          timeoutSeconds: 10
+          failureThreshold: 5
+          httpGet:
+            path: /v1/health
+            port: api
+        readinessProbe:
+          initialDelaySeconds: 65
+          timeoutSeconds: 10
+          failureThreshold: 5
+          httpGet:
+            path: /v1/health
+            port: api
+        resources:
+{{ toYaml .Values.resources | indent 12 }}
+        env:
+        - name: HOSTNAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: ADMIN_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.initSecretName }}
+              key: username
+        - name: ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.initSecretName }}
+              key: password
+        {{- if .Values.cluster.join }}
+        - name: JOIN
+          value: {{ .Values.cluster.join }}
+        {{- else }}
+        - name: JOIN
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        {{- end }}
+        - name: ADVERTISE_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: NAMESPACE
+          value: {{ .Values.namespace }}
+        {{- if .Values.cluster.sharedDir }}
+        - name: DEVICE_DIR
+          value: {{ .Values.cluster.sharedDir }}/devices
+        {{- end }}
+        volumeMounts:
+          - name: fuse
+            mountPath: /dev/fuse
+          - name: sys
+            mountPath: /sys
+          - name: state
+            mountPath: /var/lib/storageos
+            mountPropagation: Bidirectional
+          {{- if .Values.cluster.sharedDir }}
+          - name: shared
+            mountPath: {{ .Values.cluster.sharedDir }}
+            mountPropagation: Bidirectional
+          {{- end }}
+        securityContext:
+          privileged: true
+          capabilities:
+            add:
+            - SYS_ADMIN
+      volumes:
+        - name: kernel-modules
+          hostPath:
+            path: /lib/modules
+        - name: fuse
+          hostPath:
+            path: /dev/fuse
+        - name: sys
+          hostPath:
+            path: /sys
+        - name: state
+          hostPath:
+            path: /var/lib/storageos
+        {{- if .Values.cluster.sharedDir }}
+        - name: shared
+          hostPath:
+            path: {{ .Values.cluster.sharedDir }}
+        {{- end }}
+
+{{- end }}

templates/daemonset_csi.yaml

+{{- if .Values.csi.enable }}
+
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ template "storageos.fullname" . }}-daemon
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ template "storageos.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "storageos.name" . }}
+        chart: {{ template "storageos.chart" . }}
+        heritage: {{ .Release.Service }}
+        release: {{ .Release.Name }}
+        kind: daemonset
+    spec:
+      serviceAccount: {{ template "storageos.fullname" . }}-daemonset-sa
+      hostPID: true
+      hostNetwork: true
+      initContainers:
+      - name: enable-lio
+        image: "{{ .Values.initContainer.repository }}:{{ .Values.initContainer.tag }}"
+        imagePullPolicy: {{ .Values.initContainer.pullPolicy }}
+        volumeMounts:
+          - name: kernel-modules
+            mountPath: /lib/modules
+            readOnly: true
+          - name: sys
+            mountPath: /sys
+            mountPropagation: Bidirectional
+        securityContext:
+          privileged: true
+          capabilities:
+            add:
+            - SYS_ADMIN
+      containers:
+      - name: csi-driver-registrar
+        image: "{{ .Values.csiDriverRegistrar.repository }}:{{ .Values.csiDriverRegistrar.tag }}"
+        imagePullPolicy: {{ .Values.csiDriverRegistrar.pullPolicy }}
+        args:
+          - "--v=5"
+          - "--csi-address=$(ADDRESS)"
+        env:
+          - name: ADDRESS
+            value: /csi/csi.sock # plugin-dir is mounted at /csi
+            # value: unix://var/lib/kubelet/plugins/storageos/csi.sock
+          - name: KUBE_NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+        volumeMounts:
+          - name: plugin-dir
+            mountPath: /csi
+            # This is where kubelet.sock exists.
+          - name: registrar-socket-dir
+            mountPath: /var/lib/csi/sockets/
+      - name: {{ .Chart.Name }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+        - server
+        ports:
+        - containerPort: {{ .Values.service.internalPort }}
+          name: api
+        livenessProbe:
+          initialDelaySeconds: 65
+          timeoutSeconds: 10
+          failureThreshold: 5
+          httpGet:
+            path: /v1/health
+            port: api
+        readinessProbe:
+          initialDelaySeconds: 65
+          timeoutSeconds: 10
+          failureThreshold: 5
+          httpGet:
+            path: /v1/health
+            port: api
+        resources:
+{{ toYaml .Values.resources | indent 12 }}
+
+        env:
+        - name: HOSTNAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: ADMIN_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.initSecretName }}
+              key: username
+        - name: ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.initSecretName }}
+              key: password
+        {{- if .Values.cluster.join }}
+        - name: JOIN
+          value: {{ .Values.cluster.join }}
+        {{- else }}
+        - name: JOIN
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        {{- end }}
+        - name: ADVERTISE_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.podIP
+        - name: NAMESPACE
+          value: {{ .Values.namespace }}
+        {{- if .Values.cluster.sharedDir }}
+        - name: DEVICE_DIR
+          value: {{ .Values.cluster.sharedDir }}/devices
+        {{- end }}
+        {{- if .Values.cluster.kv_address }}
+        - name: KV_ADDR
+          value: {{ .Values.cluster.kv_address }}
+        {{- end }}
+        {{- if .Values.cluster.kv_backend }}
+        - name: KV_BACKEND
+          value: {{ .Values.cluster.kv_backend }}
+        {{- end }}                
+        - name: CSI_ENDPOINT
+          value: unix://var/lib/kubelet/plugins/storageos/csi.sock
+        # CSI credentials config.
+        {{- if .Values.csi.provisionCreds.enable }}
+        - name: CSI_REQUIRE_CREDS_CREATE_VOL
+          value: "true"
+        - name: CSI_REQUIRE_CREDS_DELETE_VOL
+          value: "true"
+        - name: CSI_PROVISION_CREDS_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.csi.provisionCreds.secretName }}
+              key: username
+        - name: CSI_PROVISION_CREDS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.csi.provisionCreds.secretName }}
+              key: password
+        {{- end }}
+        {{- if .Values.csi.controllerPublishCreds.enable }}
+        - name: CSI_REQUIRE_CREDS_CTRL_PUB_VOL
+          value: "true"
+        - name: CSI_REQUIRE_CREDS_CTRL_UNPUB_VOL
+          value: "true"
+        - name: CSI_CTRL_PUB_CREDS_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.csi.controllerPublishCreds.secretName }}
+              key: username
+        - name: CSI_CTRL_PUB_CREDS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.csi.controllerPublishCreds.secretName }}
+              key: password
+        {{- end }}
+        {{- if .Values.csi.nodeStageCreds.enable }}
+        - name: CSI_REQUIRE_CREDS_NODE_STG_VOL
+          value: "true"
+        - name: CSI_NODE_STG_CREDS_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.csi.nodeStageCreds.secretName }}
+              key: username
+        - name: CSI_NODE_STG_CREDS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.csi.nodeStageCreds.secretName }}
+              key: password
+        {{- end }}
+        {{- if .Values.csi.nodePublishCreds.enable }}
+        - name: CSI_REQUIRE_CREDS_NODE_PUB_VOL
+          value: "true"
+        - name: CSI_NODE_PUB_CREDS_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.csi.nodePublishCreds.secretName }}
+              key: username
+        - name: CSI_NODE_PUB_CREDS_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.csi.nodePublishCreds.secretName }}
+              key: password
+        {{- end }}
+        securityContext:
+          privileged: true
+          capabilities:
+            add:
+            - SYS_ADMIN
+          allowPrivilegeEscalation: true
+        volumeMounts:
+          - name: kubelet-dir
+            mountPath: /var/lib/kubelet
+            mountPropagation: "Bidirectional"
+          - name: plugin-dir
+            mountPath: /var/lib/kubelet/plugins/storageos/
+          - name: device-dir
+            mountPath: /dev
+          - name: fuse
+            mountPath: /dev/fuse
+          - name: sys
+            mountPath: /sys
+          - name: state
+            mountPath: /var/lib/storageos
+            mountPropagation: "Bidirectional"
+          {{- if .Values.cluster.sharedDir }}
+          - name: shared
+            mountPath: {{ .Values.cluster.sharedDir }}
+            mountPropagation: Bidirectional
+          {{- end }}
+      volumes:
+      - name: kernel-modules
+        hostPath:
+          path: /lib/modules
+      - name: registrar-socket-dir
+        hostPath:
+          path: /var/lib/kubelet/device-plugins/
+          type: DirectoryOrCreate
+      - name: kubelet-dir
+        hostPath:
+          path: /var/lib/kubelet
+          type: Directory
+      - name: plugin-dir
+        hostPath:
+          path: /var/lib/kubelet/plugins/storageos/
+          type: DirectoryOrCreate
+      - name: device-dir
+        hostPath:
+          path: /dev
+          type: Directory
+      - name: fuse
+        hostPath:
+          path: /dev/fuse
+      - name: sys
+        hostPath:
+          path: /sys
+      - name: state
+        hostPath:
+          path: /var/lib/storageos
+      {{- if .Values.cluster.sharedDir }}
+      - name: shared
+        hostPath:
+          path: {{ .Values.cluster.sharedDir }}
+      {{- end }}
+
+{{- end }}

templates/ingress.yaml

+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ template "storageos.fullname" $ }}
+  namespace: {{ $.Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" $ }}
+    chart: {{ template "storageos.chart" $ }}
+    release: {{ $.Release.Name }}
+    heritage: {{ $.Release.Service }}
+  annotations:
+    {{- if .tls }}
+    ingress.kubernetes.io/secure-backends: "true"
+    {{- end }}
+    {{- range $key, $value := .annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  rules:
+  - host: {{ .name }}
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: {{ $.Values.service.name }}
+          servicePort: {{ $.Values.service.externalPort }}
+{{- if .tls }}
+  tls:
+  - hosts:
+    - {{ .name }}
+    secretName: {{ .tlsSecret }}
+{{- end }}
+---
+{{- end }}
+{{- end }}

templates/role.yaml

+{{- if not .Values.csi.enable }}
+
+{{- if .Values.rbacEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "storageos.fullname" . }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["create", "get", "list", "delete"]
+{{- end -}}
+
+{{- end }}

templates/rolebinding.yaml

+{{- if not .Values.csi.enable }}
+
+{{- if .Values.rbacEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "storageos.fullname" . }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "storageos.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "storageos.fullname" . }}
+{{- end -}}
+
+{{- end }}

templates/secrets.yaml

+{{- if not .Values.csi.enable }}
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.api.secretName }}
+  namespace:  {{ .Values.api.secretNamespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+type: "kubernetes.io/storageos"
+data:
+  # apiAddress: {{ printf "http://%s:%.0f" .Values.service.name .Values.service.externalPort | b64enc | quote }}
+  apiAddress: {{ default "" .Values.api.address | b64enc | quote }}
+  apiUsername: {{ default "" .Values.api.username | b64enc | quote }}
+  apiPassword: {{ default "" .Values.api.password | b64enc | quote }}
+
+{{- end }}
+
+---
+
+# This secret is used to set the initial credentials of the node container.
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.initSecretName }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+type: "kubernetes.io/storageos"
+data:
+  username: {{ default "" .Values.api.username | b64enc | quote }}
+  password: {{ default "" .Values.api.password | b64enc | quote }}

templates/serviceaccount.yaml

+{{- if not .Values.csi.enable }}
+
+{{- if .Values.rbacEnabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "storageos.fullname" . }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+{{- end -}}
+
+{{- end }}

templates/setup_csi.yaml

+{{- if .Values.csi.enable }}
+
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: {{ .Values.storageclass.name }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+provisioner: storageos
+parameters:
+  pool: {{ .Values.storageclass.pool }}
+  # Value with space is an invalid label in CSI volumes.
+  # description: Kubernetes volume
+  fsType: {{ .Values.storageclass.fsType }}
+
+  # CSI credentials config.
+  {{- if .Values.csi.provisionCreds.enable }}
+  csiProvisionerSecretName: {{ .Values.csi.provisionCreds.secretName }}
+  csiProvisionerSecretNamespace: {{ .Values.namespace }}
+  {{- end }}
+
+  {{- if .Values.csi.controllerPublishCreds.enable }}
+  csiControllerPublishSecretName: {{ .Values.csi.controllerPublishCreds.secretName }}
+  csiControllerPublishSecretNamespace: {{ .Values.namespace }}
+  {{- end}}
+
+  {{- if .Values.csi.nodeStageCreds.enable }}
+  csiNodeStageSecretName: {{ .Values.csi.nodeStageCreds.secretName }}
+  csiNodeStageSecretNamespace: {{ .Values.namespace }}
+  {{- end }}
+
+  {{- if .Values.csi.nodePublishCreds.enable }}
+  csiNodePublishSecretName: {{ .Values.csi.nodePublishCreds.secretName }}
+  csiNodePublishSecretNamespace: {{ .Values.namespace }}
+  {{- end }}
+
+---
+
+# Role for Key Management.
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: key-management-role
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "create", "delete"]
+
+---
+
+# Role for Driver Registrar.
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: driver-registrar-role
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "update"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+
+---
+
+# Service account for StorageOS DaemonSet.
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: {{ template "storageos.fullname" . }}-daemonset-sa
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+
+---
+
+# Bind DaemonSet Service account to Driver Registrar role.
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: driver-registrar-binding
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "storageos.fullname" . }}-daemonset-sa
+    namespace: {{ .Values.namespace }}
+roleRef:
+  kind: ClusterRole
+  name: driver-registrar-role
+  apiGroup: rbac.authorization.k8s.io
+
+---
+
+# Bind DaemonSet Service account to Key Management role.
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: key-management-binding
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "storageos.fullname" . }}-daemonset-sa
+    namespace: {{ .Values.namespace }}
+roleRef:
+  kind: ClusterRole
+  name: key-management-role
+  apiGroup: rbac.authorization.k8s.io
+
+---
+
+# Role for CSI External Provisioner.
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-provisioner-role
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["list", "watch", "create", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["list", "watch", "get"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+
+---
+
+# Role for CSI External Attacher.
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-attacher-role
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["list", "watch", "get"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+
+---
+
+# Service Account for StorageOS StatefulSet.
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: {{ template "storageos.fullname" . }}-statefulset-sa
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+
+---
+
+# Bind StatefulSet service account to External Provisioner role.
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-provisioner-binding
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "storageos.fullname" . }}-statefulset-sa
+    namespace: {{ .Values.namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+
+---
+
+# Bind StatefulSet service account to External Attacher role.
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-attacher-binding
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "storageos.fullname" . }}-statefulset-sa
+    namespace: {{ .Values.namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-attacher-role
+  apiGroup: rbac.authorization.k8s.io
+
+---
+
+# Bind StatefulSet service account to Key Management role.
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: sidecar-key-management-binding
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "storageos.fullname" . }}-statefulset-sa
+    namespace: {{ .Values.namespace }}
+roleRef:
+  kind: ClusterRole
+  name: key-management-role
+  apiGroup: rbac.authorization.k8s.io
+
+{{- end }}

templates/statefulset_csi.yaml

+{{- if .Values.csi.enable }}
+
+kind: StatefulSet
+apiVersion: apps/v1beta1
+metadata:
+  name: {{ template "storageos.fullname" . }}-statefulset
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  serviceName: {{ .Chart.Name }}
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ template "storageos.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "storageos.name" . }}
+        chart: {{ template "storageos.chart" . }}
+        heritage: {{ .Release.Service }}
+        release: {{ .Release.Name }}
+        kind: statefulset
+    spec:
+      serviceAccount: {{ template "storageos.fullname" . }}-statefulset-sa
+      containers:
+      - name: csi-external-provisioner
+        image: "{{ .Values.csiExternalProvisioner.repository }}:{{ .Values.csiExternalProvisioner.tag }}"
+        imagePullPolicy: {{ .Values.csiExternalProvisioner.pullPolicy }}
+        args:
+          - "--v=5"
+          - "--provisioner=storageos"
+          - "--csi-address=$(ADDRESS)"
+        env:
+          - name: ADDRESS
+            value: /csi/csi.sock # plugin-dir is mounted at /csi
+        volumeMounts:
+          - name: plugin-dir
+            mountPath: /csi
+      - name: csi-external-attacher
+        image: "{{ .Values.csiExternalAttacher.repository }}:{{ .Values.csiExternalAttacher.tag }}"
+        imagePullPolicy: {{ .Values.csiExternalAttacher.pullPolicy }}
+        args:
+          - "--v=5"
+          - "--csi-address=$(ADDRESS)"
+        env:
+          - name: ADDRESS
+            value: /csi/csi.sock
+        volumeMounts:
+          - name: plugin-dir
+            mountPath: /csi
+      volumes:
+        - name: plugin-dir
+          hostPath:
+            path: /var/lib/kubelet/plugins/storageos/
+            type: DirectoryOrCreate
+
+{{- end }}

templates/storageclass.yaml

+{{- if not .Values.csi.enable }}
+
+apiVersion: storage.k8s.io/v1beta1
+kind: StorageClass
+metadata:
+  name: {{ .Values.storageclass.name }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+provisioner: kubernetes.io/storageos
+parameters:
+  pool: {{ .Values.storageclass.pool }}
+  description: Kubernetes volume
+  fsType: {{ .Values.storageclass.fsType }}
+  adminSecretNamespace: {{ .Values.api.secretNamespace }}
+  adminSecretName: {{ .Values.api.secretName }}
+
+{{- end }}

templates/svc.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.service.name }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: {{ template "storageos.name" . }}
+    chart: {{ template "storageos.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  type: {{ .Values.service.type }}
+  {{- if .Values.service.loadBalancerIP }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - port: {{ .Values.service.internalPort }}
+      targetPort: {{ .Values.service.externalPort }}
+      protocol: TCP
+      name: {{ .Values.service.name }}
+  selector:
+    app: {{ template "storageos.name" . }}
+    release: {{ .Release.Name }}
+    kind: daemonset

templates/tests/redis.yaml

+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Release.Name }}-redis-test
+  annotations:
+    volume.beta.kubernetes.io/storage-class: {{ .Values.storageclass.name }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+
+
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ .Release.Name }}-redis-test
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: master
+      image: kubernetes/redis:v1
+      ports:
+        - containerPort: 6379
+      resources:
+        limits:
+          cpu: "0.1"
+      volumeMounts:
+        - mountPath: /redis-master-data
+          name: redis-data
+  volumes:
+    - name: redis-data
+      persistentVolumeClaim:
+        claimName: {{ .Release.Name }}-redis-test

templates/tls-secrets.yaml

+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  labels:
+    app: {{ template "storageos.name" $ }}
+    chart: {{ template "storageos.chart" $ }}
+    release: {{ $.Release.Name }}
+    heritage: {{ $.Release.Service }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .certificate | b64enc }}
+  tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- end }}

values.yaml

+# Default values for storageos.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+image:
+  repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/storageos-node
+  tag: 1.0.0-rc4
+  pullPolicy: IfNotPresent
+
+initContainer:
+  repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/storageos-init
+  tag: 0.1
+  pullPolicy: IfNotPresent
+
+csiDriverRegistrar:
+  repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/k8scsi-driver-registrar
+  tag: v0.2.0
+  pullPolicy: IfNotPresent
+
+csiExternalProvisioner:
+  repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/k8scsi-csi-provisioner
+  tag: v0.3.0
+  pullPolicy: Always
+
+csiExternalAttacher:
+  repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/k8scsi-csi-attacher
+  tag: v0.3.0
+  pullPolicy: Always
+
+rbacEnabled: true
+
+cluster:
+  # To generate a join token see:
+  # https://docs.storageos.com/docs/install/prerequisites/clusterdiscovery
+  # or use hostname/ip address of any or all of the cluster nodes.
+  # Example:
+  # join: node1,node2,node3
+  # or
+  # join: 10.1.5.07,10.1.5.08,10.1.5.09
+  join: 172.31.14.41
+
+  # sharedDir should be set if running kubelet in a container.  This should
+  # be the path shared into to kubelet container, typically:
+  # "/var/lib/kubelet/plugins/kubernetes.io~storageos".  If not set, defaults
+  # will be used.
+  sharedDir: /var/lib/kubelet/plugins/kubernetes.io~storageos
+
+  kv_address: 172.31.14.41:2379
+  kv_backend: etcd
+
+storageclass:
+  name: storageos
+  pool: default
+  fsType: ext4
+api:
+  secretName: storageos-api
+  secretNamespace: default
+  # secrets are namespace specific, create 1+N for every namespace.
+  address: storageos:5705
+  # address is used to generate the ApiAddress value in the secret. This
+  # updated later with the service ClusterIP which is not known at this stage.
+  username: admin
+  password: "abcd2018"
+namespace: storageos
+initSecretName: init-secret
+service:
+  name: storageos
+  type: ClusterIP
+  externalPort: 5705
+  internalPort: 5705
+resources: {}
+
+## Configure the ingress resource that allows you to access the
+## StorageOS API endpoints. Set up the URL
+## ref: http://kubernetes.io/docs/user-guide/ingress/
+##
+ingress:
+  ## Set to true to enable ingress record generation
+  enabled: true
+
+  ## The list of hostnames to be covered with this ingress record.
+  ## Most likely this will be just one host, but in the event more hosts are needed, this is an array
+  hosts:
+  - name: storageos.wodcloud.com
+
+    ## Set this to true in order to enable TLS on the ingress record
+    ## A side effect of this will be that the backend joomla service will be connected at port 443
+    tls: false
+
+    ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
+    tlsSecret: storageos.local-tls
+
+    ## Ingress annotations done as key:value pairs
+    ## If you're using kube-lego, you will want to add:
+    ## kubernetes.io/tls-acme: true
+    ##
+    ## For a full list of possible ingress annotations, please see
+    ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md
+    ##
+    ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
+    annotations:
+    #  kubernetes.io/ingress.class: nginx
+    #  kubernetes.io/tls-acme: true
+
+  secrets:
+  ## If you're providing your own certificates, please use this to add the certificates as secrets
+  ## key and certificate should start with -----BEGIN CERTIFICATE----- or
+  ## -----BEGIN RSA PRIVATE KEY-----
+  ##
+  ## name should line up with a tlsSecret set further up
+  ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set
+  ##
+  ## It is also possible to create and manage the certificates outside of this helm chart
+  ## Please see README.md for more information
+  # - name: storageos.local-tls
+  #   key:
+  #   certificate:
+
+csi:
+  enable: true
+  # provisionCreds are credentials for volume create and delete operations.
+  provisionCreds:
+    enable: false
+    username: username1
+    password: password1
+    secretName: storageos-provision-creds
+  # controllerPublishCreds are credentials for controller volume publish and unpublish operations.
+  controllerPublishCreds:
+    enable: false
+    username: username2
+    password: password2
+    secretName: storageos-ctrl-publish-creds
+  # nodeStageCreds are credentials for node volume stage operations.
+  nodeStageCreds:
+    enable: false
+    username: username3
+    password: password3
+    secretName: storageos-node-stage-creds
+  # nodePublishCreds are credentials for node volume publish operations.
+  nodePublishCreds:
+    enable: false
+    username: username4
+    password: password4
+    secretName: storageos-node-publish-creds