Skip to content

feat(helm)!: Allows for the CSI Provisioner Deployment and CSI Node Driver DaemonSet to be configured independently #334

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Sep 16, 2025
Merged

feat(helm)!: Allows for the CSI Provisioner Deployment and CSI Node Driver DaemonSet to be configured independently #334

merged 17 commits into from
Sep 16, 2025

Conversation

NickLarsenNZ
Copy link
Member

@NickLarsenNZ NickLarsenNZ commented Sep 15, 2025
edited
Loading

Description

Part of stackabletech/issues#763

BREAKING: This change allows for the CSI Provisioner Deployment and CSI Node Driver DaemonSet to be configured independently for many settings. See the explanation below for what changes.

Also add in new configurables for priority and preemption.

Helm Values changes

Caution

The original values are no longer valid.

  • controller values have been moved to csiProvisioner.controllerService.
  • csiProvisioner values have been moved to csiProvisioner.externalProvisioner
  • csiNodeDriverRegistrar values have been moved to csiNodeDriver.nodeDriverRegistrar.
  • node.driver values have been moved to csiNodeDriver.nodeService.
  • podAnnotations has been split into csiProvisioner.podAnnotations and csiNodeDriver.podAnnotations.
  • podSecurityContext has been split into csiProvisioner.podSecurityContext and csiNodeDriver.podSecurityContext.
  • nodeSelector has been split into csiProvisioner.nodeSelector and csiNodeDriver.nodeSelector.
  • tolerations has been split into csiProvisioner.tolerations and csiNodeDriver.tolerations.
  • affinity has been split into csiProvisioner.affinity and csiNodeDriver.affinity.

Tip

In addition, the following new values are available.
This is part of stackabletech/issues#765.

  • csiProvisioner.priorityClassName
  • csiNodeDriver.priorityClassName
diff --git a/deploy/helm/listener-operator/values.yaml b/deploy/helm/listener-operator/values.yaml
index 626c213..2caf9b4 100644
--- a/deploy/helm/listener-operator/values.yaml
+++ b/deploy/helm/listener-operator/values.yaml
@@ -1,34 +1,109 @@
 # Default values for listener-operator.
 ---
+# Used by both the Controller Service and Node Service containers
 image:
   repository: oci.stackable.tech/sdp/listener-operator
+  # tag: 0.0.0-dev
   pullPolicy: IfNotPresent
   pullSecrets: []
 
 csiProvisioner:
-  image:
-    repository: oci.stackable.tech/sdp/sig-storage/csi-provisioner
-    tag: v5.2.0
-    pullPolicy: IfNotPresent
-  resources:
-    requests:
-      cpu: 100m
-      memory: 128Mi
-    limits:
-      cpu: 100m
-      memory: 128Mi
-csiNodeDriverRegistrar:
-  image:
-    repository: oci.stackable.tech/sdp/sig-storage/csi-node-driver-registrar
-    tag: v2.13.0
-    pullPolicy: IfNotPresent
-  resources:
-    requests:
-      cpu: 100m
-      memory: 128Mi
-    limits:
-      cpu: 100m
-      memory: 128Mi
+  podAnnotations: {}
+
+  podSecurityContext: {}
+    # fsGroup: 2000
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  controllerService:
+    resources:
+      # Resource requests and limits for the controller pod
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+
+    securityContext:
+      # listener-operator requires root permissions
+      runAsUser: 0
+      seLinuxOptions:
+        # Run as "Super Privileged Container" to be allowed to write into
+        # the Listener volumes
+        type: spc_t
+      # capabilities:
+      #   drop:
+      #   - ALL
+      # readOnlyRootFilesystem: true
+      # runAsNonRoot: true
+      # runAsUser: 1000
+
+  externalProvisioner:
+    image:
+      repository: oci.stackable.tech/sdp/sig-storage/csi-provisioner
+      tag: v5.2.0
+      pullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 100m
+        memory: 128Mi
+
+csiNodeDriver:
+  podAnnotations: {}
+
+  podSecurityContext: {}
+    # fsGroup: 2000
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  nodeService:
+    resources:
+      # Resource requests and limits for the controller pod
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+
+    securityContext:
+      # listener-operator requires root permissions
+      runAsUser: 0
+      seLinuxOptions:
+        # Run as "Super Privileged Container" to be allowed to write into
+        # the Listener volumes
+        type: spc_t
+      # capabilities:
+      #   drop:
+      #   - ALL
+      # readOnlyRootFilesystem: true
+      # runAsNonRoot: true
+      # runAsUser: 1000
+
+  nodeDriverRegistrar:
+    image:
+      repository: oci.stackable.tech/sdp/sig-storage/csi-node-driver-registrar
+      tag: v2.13.0
+      pullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 100m
+        memory: 128Mi
 
 nameOverride: ""
 fullnameOverride: ""
@@ -42,56 +117,10 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
-podAnnotations: {}
-
 # Provide additional labels which get attached to all deployed resources
 labels:
   stackable.tech/vendor: Stackable
 
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext:
-  # listener-operator requires root permissions
-  runAsUser: 0
-  seLinuxOptions:
-    # Run as "Super Privileged Container" to be allowed to write into
-    # the Listener volumes
-    type: spc_t
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-controller:
-  resources:
-    # Resource requests and limits for the controller pod
-    limits:
-      cpu: 100m
-      memory: 128Mi
-    requests:
-      cpu: 100m
-      memory: 128Mi
-
-node:
-  driver:
-    resources:
-      # Resource requests and limits for the per node driver container
-      limits:
-        cpu: 100m
-        memory: 128Mi
-      requests:
-        cpu: 100m
-        memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
 # When running on a non-default Kubernetes cluster domain, the cluster domain can be configured here.
 # See the https://docs.stackable.tech/home/stable/guides/kubernetes-cluster-domain guide for details.
 # kubernetesClusterDomain: my-cluster.local
@@ -100,7 +129,7 @@ affinity: {}
 kubeletDir: /var/lib/kubelet
 
 # Options: none, stable-nodes, ephemeral-nodes
-# none: No ListenerClasses are preinstalled, the administrator must supply them themself
+# none: No ListenerClasses are preinstalled, administrators must supply them themselves
 # stable-nodes: ListenerClasses are preinstalled that are suitable for on-prem/"pet" environments, assuming long-running Nodes but not requiring a LoadBalancer controller
 # ephemeral-nodes: ListenerClasses are preinstalled that are suitable for cloud/"cattle" environments with short-lived nodes, however this requires a LoadBalancer controller to be installed
 preset: stable-nodes

Changes to the resource names

  • Deployment testing-listener-operator-deployment has been renamed to testing-listener-operator-csi-provisioner
    • app.kubernetes.io/role label value has changed from controller to provisioner
    • Container listener-operator has been renamed to csi-controller-service
  • DaemonSet listener-operator-node-daemonset has been renamed to listener-operator-csi-node-driver
    • app.kubernetes.io/role label value has changed from node to node-driver
    • Container listener-operator has been renamed to csi-node-service

Warning

Generally no action is required, but that depends on whether or not your deployment scripts (eg: Kustomize) or monitoring/alerting system depends on any of the names and values.

--- nightly.yaml	2025-09-10 17:47:52.077555228 +0200
+++ rendy.yaml	2025-09-15 15:07:07.239531634 +0200
@@ -181,11 +181,11 @@
       port: 8443
       targetPort: 8443
 ---
-# Source: listener-operator/templates/node-daemonset.yaml
+# Source: listener-operator/templates/csi-node-driver-daemonset.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  name: testing-listener-operator-node-daemonset
+  name: testing-listener-operator-csi-node-driver
   labels:
     helm.sh/chart: listener-operator-0.0.0-dev
     app.kubernetes.io/name: listener-operator
@@ -196,14 +196,14 @@
 spec:
   selector:
     matchLabels:
-      app.kubernetes.io/role: node
+      app.kubernetes.io/role: node-driver
       app.kubernetes.io/name: listener-operator
       app.kubernetes.io/instance: testing
       stackable.tech/vendor: Stackable
   template:
     metadata:
       labels:
-        app.kubernetes.io/role: node
+        app.kubernetes.io/role: node-driver
         app.kubernetes.io/name: listener-operator
         app.kubernetes.io/instance: testing
         stackable.tech/vendor: Stackable
@@ -212,7 +212,7 @@
       securityContext:
         {}
       containers:
-        - name: listener-operator
+        - name: csi-node-service
           securityContext:
             runAsUser: 0
             seLinuxOptions:
@@ -303,11 +303,11 @@
           hostPath:
             path: /var/lib/kubelet/pods/
 ---
-# Source: listener-operator/templates/controller-deployment.yaml
+# Source: listener-operator/templates/csi-provisioner-deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: testing-listener-operator-deployment
+  name: testing-listener-operator-csi-provisioner
   labels:
     helm.sh/chart: listener-operator-0.0.0-dev
     app.kubernetes.io/name: listener-operator
@@ -318,7 +318,7 @@
 spec:
   selector:
     matchLabels:
-      app.kubernetes.io/role: controller
+      app.kubernetes.io/role: provisioner
       app.kubernetes.io/name: listener-operator
       app.kubernetes.io/instance: testing
       stackable.tech/vendor: Stackable
@@ -327,7 +327,7 @@
       annotations:
         internal.stackable.tech/image: "oci.stackable.tech/sdp/listener-operator:0.0.0-dev"
       labels:
-        app.kubernetes.io/role: controller
+        app.kubernetes.io/role: provisioner
         app.kubernetes.io/name: listener-operator
         app.kubernetes.io/instance: testing
         stackable.tech/vendor: Stackable
@@ -336,7 +336,7 @@
       securityContext:
         {}
       containers:
-        - name: listener-operator
+        - name: csi-controller-service
           securityContext:
             runAsUser: 0
             seLinuxOptions:
@@ -344,7 +344,6 @@
           image: "oci.stackable.tech/sdp/listener-operator:0.0.0-dev"
           imagePullPolicy: IfNotPresent
           resources:
-            
             limits:
               cpu: 100m
               memory: 128Mi

@NickLarsenNZ
chore: Add docs to run modes
13273c7
@NickLarsenNZ
chore(helm)!: Rename resources, labels, and containers
8f06e62 
Note: This tries to align as well as possible to the rather scattered and vague CSI terminology.

The charts should be uninstalled and reinstalled to ensure no orphaned and conflicting resources remain.

This could impact monitoring setups that depend on the old resource names, labels, and container names.
@NickLarsenNZ
chore(helm)!: Use with to set context for the Deployment/DaemonSet.
463592a 
BREAKING: Helm values that were under `csiNodeDriverRegistrar` are now under `csiNodeDriver`.
The reason being is that the "registrar" is only one of the containers in the DaemonSet for the Node Driver.
@NickLarsenNZ
chore(helm): Rename csi-provisioner deployment filename
52f7ec0
@NickLarsenNZ
chore(helm)!: Separate configs for the Provisioner Deployment
27a2c8b
@NickLarsenNZ
chore(helm)!: Separate configs for the NodeDriver DaemonSet
d48727b
@NickLarsenNZ
chore(helm): Show example for overriding the operator image tag
7193a1f
@NickLarsenNZ
chore(helm): Remove "with" directive because Deployment/DaemonSet con…
974e775 
…tainers are not optional

NOTE: These were incorrectly introduced in 463592a while trying to hash out the structure of the values.
@NickLarsenNZ NickLarsenNZ self-assigned this Sep 15, 2025
@NickLarsenNZ NickLarsenNZ added release-note/action-required Denotes a PR that introduces potentially breaking changes that require user action. scheduled-for/25.11.0 labels Sep 15, 2025
@NickLarsenNZ NickLarsenNZ mentioned this pull request Sep 16, 2025
Open
17 tasks
@NickLarsenNZ NickLarsenNZ force-pushed the feat/csi-driver-helm-values branch from e599bfe to ebccce0 Compare September 16, 2025 08:19
@NickLarsenNZ NickLarsenNZ moved this to Development: In Progress in Stackable Engineering Sep 16, 2025
@NickLarsenNZ NickLarsenNZ mentioned this pull request Sep 16, 2025
Open
2 tasks
@NickLarsenNZ
fix(helm): Remove unconfigurable Pod fields
449044d 
These were introduced in 010207b. Only priorityClassName is valid.
@NickLarsenNZ
chore: Update changelog
a0faa3c
@NickLarsenNZ NickLarsenNZ marked this pull request as ready for review September 16, 2025 09:14
@NickLarsenNZ NickLarsenNZ moved this from Development: In Progress to Development: Waiting for Review in Stackable Engineering Sep 16, 2025
@Techassi Techassi self-requested a review September 16, 2025 09:50
Techassi
Techassi previously approved these changes Sep 16, 2025
View reviewed changes
@Techassi Techassi moved this from Development: Waiting for Review to Development: In Review in Stackable Engineering Sep 16, 2025
@NickLarsenNZ NickLarsenNZ added this pull request to the merge queue Sep 16, 2025
Merged via the queue into main with commit 51f1219 Sep 16, 2025
17 checks passed
@NickLarsenNZ NickLarsenNZ deleted the feat/csi-driver-helm-values branch September 16, 2025 20:00
NickLarsenNZ added a commit to stackabletech/secret-operator that referenced this pull request Sep 19, 2025
@NickLarsenNZ
chore(helm)!: Rearrange values to be somewhat consistent with the lis…
331b9fb 
…tener-operator value changes

Part of stackabletech/issues#763

NOTE: These aren't exactly consistent with listener-operator changes from stackabletech/listener-operator#334, but are a step towards consistency, and make it easier should we decide to split secret-operator into a CSI Provisioner Deployment and CSI Node Driver DaemonSet.
NickLarsenNZ added a commit to stackabletech/secret-operator that referenced this pull request Sep 19, 2025
@NickLarsenNZ
chore(helm)!: Rearrange values to be somewhat consistent with the lis…
3770078 
…tener-operator value changes

Part of stackabletech/issues#763

NOTE: These aren't exactly consistent with listener-operator changes from stackabletech/listener-operator#334, but are a step towards consistency, and make it easier should we decide to split secret-operator into a CSI Provisioner Deployment and CSI Node Driver DaemonSet.
@NickLarsenNZ NickLarsenNZ mentioned this pull request Sep 19, 2025
Open
@NickLarsenNZ
Copy link
Member Author

Release Notes

Refer to: stackabletech/issues#763 (comment)

@NickLarsenNZ NickLarsenNZ mentioned this pull request Sep 19, 2025
Merged
@NickLarsenNZ NickLarsenNZ moved this from Development: In Review to Development: Done in Stackable Engineering Sep 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Techassi Techassi Techassi approved these changes

Assignees

@NickLarsenNZ NickLarsenNZ

Labels
release-note/action-required Denotes a PR that introduces potentially breaking changes that require user action. scheduled-for/25.11.0
Projects
Stackable Engineering
Status: Development: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NickLarsenNZ @Techassi