From 13273c75f91f5fd11f96676e47ab17f6a1486dbe Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Wed, 10 Sep 2025 15:22:36 +0200 Subject: [PATCH 01/15] chore: Add docs to run modes --- rust/operator-binary/src/main.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rust/operator-binary/src/main.rs b/rust/operator-binary/src/main.rs index 4639585..425de74 100644 --- a/rust/operator-binary/src/main.rs +++ b/rust/operator-binary/src/main.rs @@ -62,7 +62,10 @@ struct ListenerOperatorRun { #[derive(Debug, clap::Parser, strum::AsRefStr, strum::Display)] enum RunMode { + /// CSI Controller Service Controller, + + /// CSI Node Service Node, } From 8f06e62e8e7b7f07f38fed1dad2ae6e1a56ecc60 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Wed, 10 Sep 2025 17:16:42 +0200 Subject: [PATCH 02/15] chore(helm)!: Rename resources, labels, and containers Note: This tries to align as well as possible to the rather scattered and vague CSI terminology. The charts should be uninstalled and reinstalled to ensure no orphaned and conflicting resources remain. This could impact monitoring setups that depend on the old resource names, labels, and container names. --- ...ler-deployment.yaml => csi-controller-deployment.yaml} | 8 ++++---- ...node-daemonset.yaml => csi-node-driver-daemonset.yaml} | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) rename deploy/helm/listener-operator/templates/{controller-deployment.yaml => csi-controller-deployment.yaml} (95%) rename deploy/helm/listener-operator/templates/{node-daemonset.yaml => csi-node-driver-daemonset.yaml} (96%) diff --git a/deploy/helm/listener-operator/templates/controller-deployment.yaml b/deploy/helm/listener-operator/templates/csi-controller-deployment.yaml similarity index 95% rename from deploy/helm/listener-operator/templates/controller-deployment.yaml rename to deploy/helm/listener-operator/templates/csi-controller-deployment.yaml index 9145e1b..b06304f 100644 --- a/deploy/helm/listener-operator/templates/controller-deployment.yaml +++ b/deploy/helm/listener-operator/templates/csi-controller-deployment.yaml @@ -2,13 +2,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "operator.fullname" . }}-deployment + name: {{ include "operator.fullname" . }}-csi-provisioner labels: {{- include "operator.labels" . | nindent 4 }} spec: selector: matchLabels: - app.kubernetes.io/role: controller + app.kubernetes.io/role: provisioner {{- include "operator.selectorLabels" . | nindent 6 }} template: metadata: @@ -18,7 +18,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - app.kubernetes.io/role: controller + app.kubernetes.io/role: provisioner {{- include "operator.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} @@ -29,7 +29,7 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: {{ include "operator.appname" . }} + - name: csi-controller-service securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" diff --git a/deploy/helm/listener-operator/templates/node-daemonset.yaml b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml similarity index 96% rename from deploy/helm/listener-operator/templates/node-daemonset.yaml rename to deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml index 3e11477..b666cc8 100644 --- a/deploy/helm/listener-operator/templates/node-daemonset.yaml +++ b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml @@ -2,13 +2,13 @@ apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ include "operator.fullname" . }}-node-daemonset + name: {{ include "operator.fullname" . }}-csi-node-driver labels: {{- include "operator.labels" . | nindent 4 }} spec: selector: matchLabels: - app.kubernetes.io/role: node + app.kubernetes.io/role: node-driver {{- include "operator.selectorLabels" . | nindent 6 }} template: metadata: @@ -17,7 +17,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - app.kubernetes.io/role: node + app.kubernetes.io/role: node-driver {{- include "operator.selectorLabels" . | nindent 8 }} spec: {{- with .Values.image.pullSecrets }} @@ -28,7 +28,7 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: {{ include "operator.appname" . }} + - name: csi-node-service securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" From 463592ac2bed13a6451848ccb7fdeb5221667faa Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Thu, 11 Sep 2025 14:47:27 +0200 Subject: [PATCH 03/15] chore(helm)!: Use with to set context for the Deployment/DaemonSet. BREAKING: Helm values that were under `csiNodeDriverRegistrar` are now under `csiNodeDriver`. The reason being is that the "registrar" is only one of the containers in the DaemonSet for the Node Driver. --- .../templates/csi-controller-deployment.yaml | 48 ++++++++-------- .../templates/csi-node-driver-daemonset.yaml | 56 ++++++++++--------- deploy/helm/listener-operator/values.yaml | 2 +- 3 files changed, 55 insertions(+), 51 deletions(-) diff --git a/deploy/helm/listener-operator/templates/csi-controller-deployment.yaml b/deploy/helm/listener-operator/templates/csi-controller-deployment.yaml index b06304f..7d237dc 100644 --- a/deploy/helm/listener-operator/templates/csi-controller-deployment.yaml +++ b/deploy/helm/listener-operator/templates/csi-controller-deployment.yaml @@ -1,41 +1,42 @@ --- +{{- with .Values.csiProvisioner }} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "operator.fullname" . }}-csi-provisioner + name: {{ include "operator.fullname" $ }}-csi-provisioner labels: - {{- include "operator.labels" . | nindent 4 }} + {{- include "operator.labels" $ | nindent 4 }} spec: selector: matchLabels: app.kubernetes.io/role: provisioner - {{- include "operator.selectorLabels" . | nindent 6 }} + {{- include "operator.selectorLabels" $ | nindent 6 }} template: metadata: annotations: - internal.stackable.tech/image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - {{- with .Values.podAnnotations }} + internal.stackable.tech/image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" + {{- with $.Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: app.kubernetes.io/role: provisioner - {{- include "operator.selectorLabels" . | nindent 8 }} + {{- include "operator.selectorLabels" $ | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} + {{- with $.Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "operator.fullname" . }}-serviceaccount + serviceAccountName: {{ include "operator.fullname" $ }}-serviceaccount securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml $.Values.podSecurityContext | nindent 8 }} containers: - name: csi-controller-service securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- toYaml $.Values.securityContext | nindent 12 }} + image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ $.Values.image.pullPolicy }} resources: - {{ .Values.controller.resources | toYaml | nindent 12 }} + {{- $.Values.controller.resources | toYaml | nindent 12 }} args: - run - controller @@ -66,7 +67,7 @@ spec: # The name of the Kubernetes Service that point to the operator Pod, e.g. used to # construct the conversion webhook endpoint. - name: OPERATOR_SERVICE_NAME - value: {{ include "operator.fullname" . }} + value: {{ include "operator.fullname" $ }} # Operators need to know the node name they are running on, to e.g. discover the # Kubernetes domain name from the kubelet API. @@ -75,19 +76,19 @@ spec: fieldRef: fieldPath: spec.nodeName - {{- if .Values.kubernetesClusterDomain }} + {{- if $.Values.kubernetesClusterDomain }} - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ .Values.kubernetesClusterDomain | quote }} + value: {{ $.Values.kubernetesClusterDomain | quote }} {{- end }} - {{- include "telemetry.envVars" . | nindent 12 }} + {{- include "telemetry.envVars" $ | nindent 12 }} volumeMounts: - name: csi mountPath: /csi - name: external-provisioner - image: "{{ .Values.csiProvisioner.image.repository }}:{{ .Values.csiProvisioner.image.tag }}" - imagePullPolicy: {{ .Values.csiProvisioner.image.pullPolicy }} + image: "{{ .image.repository }}:{{ .image.tag }}" + imagePullPolicy: {{ .image.pullPolicy }} resources: - {{ .Values.csiProvisioner.resources | toYaml | nindent 12 }} + {{ .resources | toYaml | nindent 12 }} args: - --csi-address=/csi/csi.sock - --feature-gates=Topology=true @@ -98,15 +99,16 @@ spec: volumes: - name: csi emptyDir: {} - {{- with .Values.nodeSelector }} + {{- with $.Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with $.Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with $.Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml index b666cc8..cd7178f 100644 --- a/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml +++ b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml @@ -1,40 +1,41 @@ --- +{{- with .Values.csiNodeDriver }} apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ include "operator.fullname" . }}-csi-node-driver + name: {{ include "operator.fullname" $ }}-csi-node-driver labels: - {{- include "operator.labels" . | nindent 4 }} + {{- include "operator.labels" $ | nindent 4 }} spec: selector: matchLabels: app.kubernetes.io/role: node-driver - {{- include "operator.selectorLabels" . | nindent 6 }} + {{- include "operator.selectorLabels" $ | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} + {{- with $.Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: app.kubernetes.io/role: node-driver - {{- include "operator.selectorLabels" . | nindent 8 }} + {{- include "operator.selectorLabels" $ | nindent 8 }} spec: - {{- with .Values.image.pullSecrets }} + {{- with $.Values.image.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "operator.fullname" . }}-serviceaccount + serviceAccountName: {{ include "operator.fullname" $ }}-serviceaccount securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- toYaml $.Values.podSecurityContext | nindent 8 }} containers: - name: csi-node-service securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- toYaml $.Values.securityContext | nindent 12 }} + image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" + imagePullPolicy: {{ $.Values.image.pullPolicy }} resources: - {{ .Values.node.driver.resources | toYaml | nindent 12 }} + {{ $.Values.node.driver.resources | toYaml | nindent 12 }} args: - run - node @@ -65,7 +66,7 @@ spec: # The name of the Kubernetes Service that point to the operator Pod, e.g. used to # construct the conversion webhook endpoint. - name: OPERATOR_SERVICE_NAME - value: {{ include "operator.fullname" . }} + value: {{ include "operator.fullname" $ }} # Operators need to know the node name they are running on, to e.g. discover the # Kubernetes domain name from the kubelet API. @@ -74,24 +75,24 @@ spec: fieldRef: fieldPath: spec.nodeName - {{- if .Values.kubernetesClusterDomain }} + {{- if $.Values.kubernetesClusterDomain }} - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ .Values.kubernetesClusterDomain | quote }} + value: {{ $.Values.kubernetesClusterDomain | quote }} {{- end }} - {{- include "telemetry.envVars" . | nindent 12 }} + {{- include "telemetry.envVars" $ | nindent 12 }} volumeMounts: - name: csi mountPath: /csi - name: mountpoint - mountPath: {{ .Values.kubeletDir }}/pods + mountPath: {{ $.Values.kubeletDir }}/pods - name: node-driver-registrar - image: "{{ .Values.csiNodeDriverRegistrar.image.repository }}:{{ .Values.csiNodeDriverRegistrar.image.tag }}" - imagePullPolicy: {{ .Values.csiNodeDriverRegistrar.image.pullPolicy }} + image: "{{ .image.repository }}:{{ .image.tag }}" + imagePullPolicy: {{ .image.pullPolicy }} resources: - {{ .Values.csiNodeDriverRegistrar.resources | toYaml | nindent 12 }} + {{ .resources | toYaml | nindent 12 }} args: - --csi-address=/csi/csi.sock - - --kubelet-registration-path={{ .Values.kubeletDir }}/plugins/listeners.stackable.tech/csi.sock + - --kubelet-registration-path={{ $.Values.kubeletDir }}/plugins/listeners.stackable.tech/csi.sock volumeMounts: - name: registration-sock mountPath: /registration @@ -102,22 +103,23 @@ spec: hostPath: # node-driver-registrar appends a driver-unique filename to this path to avoid conflicts # see https://github.com/stackabletech/secret-operator/issues/229 for why this path should not be too long - path: {{ .Values.kubeletDir }}/plugins_registry + path: {{ $.Values.kubeletDir }}/plugins_registry - name: csi hostPath: - path: {{ .Values.kubeletDir }}/plugins/listeners.stackable.tech/ + path: {{ $.Values.kubeletDir }}/plugins/listeners.stackable.tech/ - name: mountpoint hostPath: - path: {{ .Values.kubeletDir }}/pods/ - {{- with .Values.nodeSelector }} + path: {{ $.Values.kubeletDir }}/pods/ + {{- with $.Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with $.Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with $.Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/deploy/helm/listener-operator/values.yaml b/deploy/helm/listener-operator/values.yaml index 626c213..96500d2 100644 --- a/deploy/helm/listener-operator/values.yaml +++ b/deploy/helm/listener-operator/values.yaml @@ -17,7 +17,7 @@ csiProvisioner: limits: cpu: 100m memory: 128Mi -csiNodeDriverRegistrar: +csiNodeDriver: image: repository: oci.stackable.tech/sdp/sig-storage/csi-node-driver-registrar tag: v2.13.0 From 52f7ec0c1221d63c463affeaa50fd6ff738c3fad Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Fri, 12 Sep 2025 14:23:49 +0200 Subject: [PATCH 04/15] chore(helm): Rename csi-provisioner deployment filename --- ...ontroller-deployment.yaml => csi-provisioner-deployment.yaml} | 0 deploy/helm/listener-operator/values.yaml | 1 + 2 files changed, 1 insertion(+) rename deploy/helm/listener-operator/templates/{csi-controller-deployment.yaml => csi-provisioner-deployment.yaml} (100%) diff --git a/deploy/helm/listener-operator/templates/csi-controller-deployment.yaml b/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml similarity index 100% rename from deploy/helm/listener-operator/templates/csi-controller-deployment.yaml rename to deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml diff --git a/deploy/helm/listener-operator/values.yaml b/deploy/helm/listener-operator/values.yaml index 96500d2..3031a1e 100644 --- a/deploy/helm/listener-operator/values.yaml +++ b/deploy/helm/listener-operator/values.yaml @@ -1,5 +1,6 @@ # Default values for listener-operator. --- +# Used by both the Controller Service and Node Service containers image: repository: oci.stackable.tech/sdp/listener-operator pullPolicy: IfNotPresent From 27a2c8b49ad0e267ffcf42729c0b0b0a5a044fc6 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 15 Sep 2025 14:20:00 +0200 Subject: [PATCH 05/15] chore(helm)!: Separate configs for the Provisioner Deployment --- .../templates/csi-provisioner-deployment.yaml | 20 +++++----- deploy/helm/listener-operator/values.yaml | 37 +++++++++++++++++++ 2 files changed, 47 insertions(+), 10 deletions(-) diff --git a/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml b/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml index 7d237dc..43b42c8 100644 --- a/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml +++ b/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml @@ -15,7 +15,7 @@ spec: metadata: annotations: internal.stackable.tech/image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" - {{- with $.Values.podAnnotations }} + {{- with .podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: @@ -28,15 +28,15 @@ spec: {{- end }} serviceAccountName: {{ include "operator.fullname" $ }}-serviceaccount securityContext: - {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- toYaml .podSecurityContext | nindent 8 }} containers: - name: csi-controller-service securityContext: - {{- toYaml $.Values.securityContext | nindent 12 }} + {{- toYaml .controllerService.securityContext | nindent 12 }} image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" imagePullPolicy: {{ $.Values.image.pullPolicy }} resources: - {{- $.Values.controller.resources | toYaml | nindent 12 }} + {{- .controllerService.resources | toYaml | nindent 12 }} args: - run - controller @@ -85,10 +85,10 @@ spec: - name: csi mountPath: /csi - name: external-provisioner - image: "{{ .image.repository }}:{{ .image.tag }}" - imagePullPolicy: {{ .image.pullPolicy }} + image: "{{ .externalProvisioner.image.repository }}:{{ .externalProvisioner.image.tag }}" + imagePullPolicy: {{ .externalProvisioner.image.pullPolicy }} resources: - {{ .resources | toYaml | nindent 12 }} + {{ .externalProvisioner.resources | toYaml | nindent 12 }} args: - --csi-address=/csi/csi.sock - --feature-gates=Topology=true @@ -99,15 +99,15 @@ spec: volumes: - name: csi emptyDir: {} - {{- with $.Values.nodeSelector }} + {{- with .nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with $.Values.affinity }} + {{- with .affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with $.Values.tolerations }} + {{- with .tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/deploy/helm/listener-operator/values.yaml b/deploy/helm/listener-operator/values.yaml index 3031a1e..c9bc782 100644 --- a/deploy/helm/listener-operator/values.yaml +++ b/deploy/helm/listener-operator/values.yaml @@ -7,6 +7,42 @@ image: pullSecrets: [] csiProvisioner: + podAnnotations: {} + + podSecurityContext: {} + # fsGroup: 2000 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + controllerService: + resources: + # Resource requests and limits for the controller pod + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + securityContext: + # listener-operator requires root permissions + runAsUser: 0 + seLinuxOptions: + # Run as "Super Privileged Container" to be allowed to write into + # the Listener volumes + type: spc_t + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + externalProvisioner: image: repository: oci.stackable.tech/sdp/sig-storage/csi-provisioner tag: v5.2.0 @@ -18,6 +54,7 @@ csiProvisioner: limits: cpu: 100m memory: 128Mi + csiNodeDriver: image: repository: oci.stackable.tech/sdp/sig-storage/csi-node-driver-registrar From d48727b674a2dd15105a635bda96a379647d15a9 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 15 Sep 2025 14:47:32 +0200 Subject: [PATCH 06/15] chore(helm)!: Separate configs for the NodeDriver DaemonSet --- .../templates/csi-node-driver-daemonset.yaml | 20 +-- deploy/helm/listener-operator/values.yaml | 126 ++++++++---------- 2 files changed, 68 insertions(+), 78 deletions(-) diff --git a/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml index cd7178f..9655a0d 100644 --- a/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml +++ b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml @@ -13,7 +13,7 @@ spec: {{- include "operator.selectorLabels" $ | nindent 6 }} template: metadata: - {{- with $.Values.podAnnotations }} + {{- with .podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} @@ -27,15 +27,15 @@ spec: {{- end }} serviceAccountName: {{ include "operator.fullname" $ }}-serviceaccount securityContext: - {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- toYaml .podSecurityContext | nindent 8 }} containers: - name: csi-node-service securityContext: - {{- toYaml $.Values.securityContext | nindent 12 }} + {{- toYaml .nodeService.securityContext | nindent 12 }} image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" imagePullPolicy: {{ $.Values.image.pullPolicy }} resources: - {{ $.Values.node.driver.resources | toYaml | nindent 12 }} + {{ .nodeService.resources | toYaml | nindent 12 }} args: - run - node @@ -86,10 +86,10 @@ spec: - name: mountpoint mountPath: {{ $.Values.kubeletDir }}/pods - name: node-driver-registrar - image: "{{ .image.repository }}:{{ .image.tag }}" - imagePullPolicy: {{ .image.pullPolicy }} + image: "{{ .nodeRegistrar.image.repository }}:{{ .nodeRegistrar.image.tag }}" + imagePullPolicy: {{ .nodeRegistrar.image.pullPolicy }} resources: - {{ .resources | toYaml | nindent 12 }} + {{ .nodeRegistrar.resources | toYaml | nindent 12 }} args: - --csi-address=/csi/csi.sock - --kubelet-registration-path={{ $.Values.kubeletDir }}/plugins/listeners.stackable.tech/csi.sock @@ -110,15 +110,15 @@ spec: - name: mountpoint hostPath: path: {{ $.Values.kubeletDir }}/pods/ - {{- with $.Values.nodeSelector }} + {{- with .nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with $.Values.affinity }} + {{- with .affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with $.Values.tolerations }} + {{- with .tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/deploy/helm/listener-operator/values.yaml b/deploy/helm/listener-operator/values.yaml index c9bc782..1f82465 100644 --- a/deploy/helm/listener-operator/values.yaml +++ b/deploy/helm/listener-operator/values.yaml @@ -43,30 +43,66 @@ csiProvisioner: # runAsUser: 1000 externalProvisioner: - image: - repository: oci.stackable.tech/sdp/sig-storage/csi-provisioner - tag: v5.2.0 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 100m - memory: 128Mi + image: + repository: oci.stackable.tech/sdp/sig-storage/csi-provisioner + tag: v5.2.0 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 100m + memory: 128Mi csiNodeDriver: - image: - repository: oci.stackable.tech/sdp/sig-storage/csi-node-driver-registrar - tag: v2.13.0 - pullPolicy: IfNotPresent - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 100m - memory: 128Mi + podAnnotations: {} + + podSecurityContext: {} + # fsGroup: 2000 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + nodeService: + resources: + # Resource requests and limits for the controller pod + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + + securityContext: + # listener-operator requires root permissions + runAsUser: 0 + seLinuxOptions: + # Run as "Super Privileged Container" to be allowed to write into + # the Listener volumes + type: spc_t + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + nodeRegistrar: + image: + repository: oci.stackable.tech/sdp/sig-storage/csi-node-driver-registrar + tag: v2.13.0 + pullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 100m + memory: 128Mi nameOverride: "" fullnameOverride: "" @@ -80,56 +116,10 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" -podAnnotations: {} - # Provide additional labels which get attached to all deployed resources labels: stackable.tech/vendor: Stackable -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: - # listener-operator requires root permissions - runAsUser: 0 - seLinuxOptions: - # Run as "Super Privileged Container" to be allowed to write into - # the Listener volumes - type: spc_t - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -controller: - resources: - # Resource requests and limits for the controller pod - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - -node: - driver: - resources: - # Resource requests and limits for the per node driver container - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - # When running on a non-default Kubernetes cluster domain, the cluster domain can be configured here. # See the https://docs.stackable.tech/home/stable/guides/kubernetes-cluster-domain guide for details. # kubernetesClusterDomain: my-cluster.local From 7193a1f78b8208ec0d8e1d90e2d1b4c133557b4c Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 15 Sep 2025 14:58:54 +0200 Subject: [PATCH 07/15] chore(helm): Show example for overriding the operator image tag --- deploy/helm/listener-operator/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/helm/listener-operator/values.yaml b/deploy/helm/listener-operator/values.yaml index 1f82465..2caf9b4 100644 --- a/deploy/helm/listener-operator/values.yaml +++ b/deploy/helm/listener-operator/values.yaml @@ -3,6 +3,7 @@ # Used by both the Controller Service and Node Service containers image: repository: oci.stackable.tech/sdp/listener-operator + # tag: 0.0.0-dev pullPolicy: IfNotPresent pullSecrets: [] @@ -128,7 +129,7 @@ labels: kubeletDir: /var/lib/kubelet # Options: none, stable-nodes, ephemeral-nodes -# none: No ListenerClasses are preinstalled, the administrator must supply them themself +# none: No ListenerClasses are preinstalled, administrators must supply them themselves # stable-nodes: ListenerClasses are preinstalled that are suitable for on-prem/"pet" environments, assuming long-running Nodes but not requiring a LoadBalancer controller # ephemeral-nodes: ListenerClasses are preinstalled that are suitable for cloud/"cattle" environments with short-lived nodes, however this requires a LoadBalancer controller to be installed preset: stable-nodes From 974e7750b5be959d302188d6e42bae14caa7399c Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 15 Sep 2025 15:08:28 +0200 Subject: [PATCH 08/15] chore(helm): Remove "with" directive because Deployment/DaemonSet containers are not optional NOTE: These were incorrectly introduced in 463592a while trying to hash out the structure of the values. --- .../templates/csi-node-driver-daemonset.yaml | 56 +++++++++---------- .../templates/csi-provisioner-deployment.yaml | 48 ++++++++-------- 2 files changed, 50 insertions(+), 54 deletions(-) diff --git a/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml index 9655a0d..d01ef6e 100644 --- a/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml +++ b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml @@ -1,41 +1,40 @@ --- -{{- with .Values.csiNodeDriver }} apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ include "operator.fullname" $ }}-csi-node-driver + name: {{ include "operator.fullname" . }}-csi-node-driver labels: - {{- include "operator.labels" $ | nindent 4 }} + {{- include "operator.labels" . | nindent 4 }} spec: selector: matchLabels: app.kubernetes.io/role: node-driver - {{- include "operator.selectorLabels" $ | nindent 6 }} + {{- include "operator.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .podAnnotations }} + {{- with .Values.csiNodeDriver.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: app.kubernetes.io/role: node-driver - {{- include "operator.selectorLabels" $ | nindent 8 }} + {{- include "operator.selectorLabels" . | nindent 8 }} spec: - {{- with $.Values.image.pullSecrets }} + {{- with .Values.image.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "operator.fullname" $ }}-serviceaccount + serviceAccountName: {{ include "operator.fullname" . }}-serviceaccount securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} + {{- toYaml .Values.csiNodeDriver.podSecurityContext | nindent 8 }} containers: - name: csi-node-service securityContext: - {{- toYaml .nodeService.securityContext | nindent 12 }} - image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- toYaml .Values.csiNodeDriver.nodeService.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} resources: - {{ .nodeService.resources | toYaml | nindent 12 }} + {{ .Values.csiNodeDriver.nodeService.resources | toYaml | nindent 12 }} args: - run - node @@ -66,7 +65,7 @@ spec: # The name of the Kubernetes Service that point to the operator Pod, e.g. used to # construct the conversion webhook endpoint. - name: OPERATOR_SERVICE_NAME - value: {{ include "operator.fullname" $ }} + value: {{ include "operator.fullname" . }} # Operators need to know the node name they are running on, to e.g. discover the # Kubernetes domain name from the kubelet API. @@ -75,24 +74,24 @@ spec: fieldRef: fieldPath: spec.nodeName - {{- if $.Values.kubernetesClusterDomain }} + {{- if .Values.kubernetesClusterDomain }} - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ $.Values.kubernetesClusterDomain | quote }} + value: {{ .Values.kubernetesClusterDomain | quote }} {{- end }} - {{- include "telemetry.envVars" $ | nindent 12 }} + {{- include "telemetry.envVars" . | nindent 12 }} volumeMounts: - name: csi mountPath: /csi - name: mountpoint - mountPath: {{ $.Values.kubeletDir }}/pods + mountPath: {{ .Values.kubeletDir }}/pods - name: node-driver-registrar - image: "{{ .nodeRegistrar.image.repository }}:{{ .nodeRegistrar.image.tag }}" - imagePullPolicy: {{ .nodeRegistrar.image.pullPolicy }} + image: "{{ .Values.csiNodeDriver.nodeRegistrar.image.repository }}:{{ .Values.csiNodeDriver.nodeRegistrar.image.tag }}" + imagePullPolicy: {{ .Values.csiNodeDriver.nodeRegistrar.image.pullPolicy }} resources: - {{ .nodeRegistrar.resources | toYaml | nindent 12 }} + {{ .Values.csiNodeDriver.nodeRegistrar.resources | toYaml | nindent 12 }} args: - --csi-address=/csi/csi.sock - - --kubelet-registration-path={{ $.Values.kubeletDir }}/plugins/listeners.stackable.tech/csi.sock + - --kubelet-registration-path={{ .Values.kubeletDir }}/plugins/listeners.stackable.tech/csi.sock volumeMounts: - name: registration-sock mountPath: /registration @@ -103,23 +102,22 @@ spec: hostPath: # node-driver-registrar appends a driver-unique filename to this path to avoid conflicts # see https://github.com/stackabletech/secret-operator/issues/229 for why this path should not be too long - path: {{ $.Values.kubeletDir }}/plugins_registry + path: {{ .Values.kubeletDir }}/plugins_registry - name: csi hostPath: - path: {{ $.Values.kubeletDir }}/plugins/listeners.stackable.tech/ + path: {{ .Values.kubeletDir }}/plugins/listeners.stackable.tech/ - name: mountpoint hostPath: - path: {{ $.Values.kubeletDir }}/pods/ - {{- with .nodeSelector }} + path: {{ .Values.kubeletDir }}/pods/ + {{- with .Values.csiNodeDriver.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .affinity }} + {{- with .Values.csiNodeDriver.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .tolerations }} + {{- with .Values.csiNodeDriver.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} diff --git a/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml b/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml index 43b42c8..f8d742a 100644 --- a/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml +++ b/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml @@ -1,42 +1,41 @@ --- -{{- with .Values.csiProvisioner }} apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "operator.fullname" $ }}-csi-provisioner + name: {{ include "operator.fullname" . }}-csi-provisioner labels: - {{- include "operator.labels" $ | nindent 4 }} + {{- include "operator.labels" . | nindent 4 }} spec: selector: matchLabels: app.kubernetes.io/role: provisioner - {{- include "operator.selectorLabels" $ | nindent 6 }} + {{- include "operator.selectorLabels" . | nindent 6 }} template: metadata: annotations: - internal.stackable.tech/image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" - {{- with .podAnnotations }} + internal.stackable.tech/image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + {{- with .Values.csiProvisioner.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: app.kubernetes.io/role: provisioner - {{- include "operator.selectorLabels" $ | nindent 8 }} + {{- include "operator.selectorLabels" . | nindent 8 }} spec: - {{- with $.Values.imagePullSecrets }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "operator.fullname" $ }}-serviceaccount + serviceAccountName: {{ include "operator.fullname" . }}-serviceaccount securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} + {{- toYaml .Values.csiProvisioner.podSecurityContext | nindent 8 }} containers: - name: csi-controller-service securityContext: - {{- toYaml .controllerService.securityContext | nindent 12 }} - image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}" - imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- toYaml .Values.csiProvisioner.controllerService.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} resources: - {{- .controllerService.resources | toYaml | nindent 12 }} + {{- .Values.csiProvisioner.controllerService.resources | toYaml | nindent 12 }} args: - run - controller @@ -67,7 +66,7 @@ spec: # The name of the Kubernetes Service that point to the operator Pod, e.g. used to # construct the conversion webhook endpoint. - name: OPERATOR_SERVICE_NAME - value: {{ include "operator.fullname" $ }} + value: {{ include "operator.fullname" . }} # Operators need to know the node name they are running on, to e.g. discover the # Kubernetes domain name from the kubelet API. @@ -76,19 +75,19 @@ spec: fieldRef: fieldPath: spec.nodeName - {{- if $.Values.kubernetesClusterDomain }} + {{- if .Values.kubernetesClusterDomain }} - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ $.Values.kubernetesClusterDomain | quote }} + value: {{ .Values.kubernetesClusterDomain | quote }} {{- end }} - {{- include "telemetry.envVars" $ | nindent 12 }} + {{- include "telemetry.envVars" . | nindent 12 }} volumeMounts: - name: csi mountPath: /csi - name: external-provisioner - image: "{{ .externalProvisioner.image.repository }}:{{ .externalProvisioner.image.tag }}" - imagePullPolicy: {{ .externalProvisioner.image.pullPolicy }} + image: "{{ .Values.csiProvisioner.externalProvisioner.image.repository }}:{{ .Values.csiProvisioner.externalProvisioner.image.tag }}" + imagePullPolicy: {{ .Values.csiProvisioner.externalProvisioner.image.pullPolicy }} resources: - {{ .externalProvisioner.resources | toYaml | nindent 12 }} + {{ .Values.csiProvisioner.externalProvisioner.resources | toYaml | nindent 12 }} args: - --csi-address=/csi/csi.sock - --feature-gates=Topology=true @@ -99,16 +98,15 @@ spec: volumes: - name: csi emptyDir: {} - {{- with .nodeSelector }} + {{- with .Values.csiProvisioner.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .affinity }} + {{- with .Values.csiProvisioner.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .tolerations }} + {{- with .Values.csiProvisioner.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} From 010207b663dac6f15d9881875d50cabe3fa806c6 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 15 Sep 2025 15:45:21 +0200 Subject: [PATCH 09/15] feat(helm): Allow Pod priority, priorityClassName, and preemptionPolicy to be configured --- .../templates/csi-node-driver-daemonset.yaml | 9 +++++++++ .../templates/csi-provisioner-deployment.yaml | 9 +++++++++ deploy/helm/listener-operator/values.yaml | 8 ++++++++ 3 files changed, 26 insertions(+) diff --git a/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml index d01ef6e..1b7eed4 100644 --- a/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml +++ b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml @@ -121,3 +121,12 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.csiNodeDriver.priority }} + priority: {{ . }} + {{- end }} + {{- with .Values.csiNodeDriver.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.csiNodeDriver.preemptionPolicy }} + preemptionPolicy: {{ . }} + {{- end }} diff --git a/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml b/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml index f8d742a..6dd9488 100644 --- a/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml +++ b/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml @@ -110,3 +110,12 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.csiProvisioner.priority }} + priority: {{ . }} + {{- end }} + {{- with .Values.csiProvisioner.priorityClassName }} + priorityClassName: {{ . }} + {{- end }} + {{- with .Values.csiProvisioner.preemptionPolicy }} + preemptionPolicy: {{ . }} + {{- end }} diff --git a/deploy/helm/listener-operator/values.yaml b/deploy/helm/listener-operator/values.yaml index 2caf9b4..28cb3f2 100644 --- a/deploy/helm/listener-operator/values.yaml +++ b/deploy/helm/listener-operator/values.yaml @@ -19,6 +19,10 @@ csiProvisioner: affinity: {} + # priority: ... + # priorityClassName: ... + # preemptionPolicy: ... + controllerService: resources: # Resource requests and limits for the controller pod @@ -68,6 +72,10 @@ csiNodeDriver: affinity: {} + # priority: ... + # priorityClassName: ... + # preemptionPolicy: ... + nodeService: resources: # Resource requests and limits for the controller pod From 6900863b1d8c38439fed0e1f1fcbaca6cbfb8b07 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Mon, 15 Sep 2025 15:51:18 +0200 Subject: [PATCH 10/15] chore: Update changelog --- CHANGELOG.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ede0dd..2ff4895 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,25 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Added + +- New helm values for `*.priority`, `*.priorityClassName`, and `*.preemptionPolicy` ([#334]). + +### Changed + +- Split helm values for independent configuration ([#334]). + - `controller` values have been moved to `csiProvisioner.controllerService`. + - `csiProvisioner` values have been moved to `csiProvisioner.externalProvisioner` + - `csiNodeDriverRegistrar` values have been moved to `csiNodeDriver.nodeRegistrar`. + - `node.driver` values have been moved to `csiNodeDriver.nodeService`. + - `podAnnotations` has been split into `csiProvisioner.podAnnotations` and `csiNodeDriver.podAnnotations`. + - `podSecurityContext` has been split into `csiProvisioner.podSecurityContext` and `csiNodeDriver.podSecurityContext`. + - `nodeSelector` has been split into `csiProvisioner.nodeSelector` and `csiNodeDriver.nodeSelector`. + - `tolerations` has been split into `csiProvisioner.tolerations` and `csiNodeDriver.tolerations`. + - `affinity` has been split into `csiProvisioner.affinity` and `csiNodeDriver.affinity`. + +[#334]: https://github.com/stackabletech/listener-operator/pull/334 + ## [25.7.0] - 2025-07-23 ## [25.7.0-rc1] - 2025-07-18 From ebccce0ae3b3e2a85303b1f7f15cd9914f8aa86d Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Tue, 16 Sep 2025 10:18:20 +0200 Subject: [PATCH 11/15] chore: Disable yamllint for comments-indentation This would be rolled out by https://github.com/stackabletech/operator-templating/pull/551 --- .yamllint.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.yamllint.yaml b/.yamllint.yaml index 769cda1..08bf167 100644 --- a/.yamllint.yaml +++ b/.yamllint.yaml @@ -12,3 +12,4 @@ rules: min-spaces-from-content: 1 # Needed due to https://github.com/adrienverge/yamllint/issues/443 indentation: indent-sequences: consistent + comments-indentation: disable # This is generally useless and interferes with commented example values From 449044d8e5f012b07bb25caa1ef8aa93bc98b2e4 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Tue, 16 Sep 2025 10:59:12 +0200 Subject: [PATCH 12/15] fix(helm): Remove unconfigurable Pod fields These were introduced in 010207b. Only priorityClassName is valid. --- .../templates/csi-node-driver-daemonset.yaml | 6 ------ .../templates/csi-provisioner-deployment.yaml | 6 ------ 2 files changed, 12 deletions(-) diff --git a/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml index 1b7eed4..6dead64 100644 --- a/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml +++ b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml @@ -121,12 +121,6 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.csiNodeDriver.priority }} - priority: {{ . }} - {{- end }} {{- with .Values.csiNodeDriver.priorityClassName }} priorityClassName: {{ . }} {{- end }} - {{- with .Values.csiNodeDriver.preemptionPolicy }} - preemptionPolicy: {{ . }} - {{- end }} diff --git a/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml b/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml index 6dd9488..153bd21 100644 --- a/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml +++ b/deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml @@ -110,12 +110,6 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.csiProvisioner.priority }} - priority: {{ . }} - {{- end }} {{- with .Values.csiProvisioner.priorityClassName }} priorityClassName: {{ . }} {{- end }} - {{- with .Values.csiProvisioner.preemptionPolicy }} - preemptionPolicy: {{ . }} - {{- end }} From a0faa3cb39b2e2eb2c24117071e0d0542d895061 Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Tue, 16 Sep 2025 11:00:01 +0200 Subject: [PATCH 13/15] chore: Update changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2ff4895..3401925 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ All notable changes to this project will be documented in this file. ### Added -- New helm values for `*.priority`, `*.priorityClassName`, and `*.preemptionPolicy` ([#334]). +- New helm values for `csiProvisioner.priorityClassName` and `csiNodeDriver.priorityClassName` ([#334]). ### Changed From 69671149f4e3f19cd03602cd9342c11f95772e0d Mon Sep 17 00:00:00 2001 From: Nick Larsen Date: Tue, 16 Sep 2025 11:43:14 +0200 Subject: [PATCH 14/15] fix(helm): Rename nodeRegistrar to nodeDriverRegistrar for consistency --- .../templates/csi-node-driver-daemonset.yaml | 6 +++--- deploy/helm/listener-operator/values.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml index 6dead64..44bdd22 100644 --- a/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml +++ b/deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml @@ -85,10 +85,10 @@ spec: - name: mountpoint mountPath: {{ .Values.kubeletDir }}/pods - name: node-driver-registrar - image: "{{ .Values.csiNodeDriver.nodeRegistrar.image.repository }}:{{ .Values.csiNodeDriver.nodeRegistrar.image.tag }}" - imagePullPolicy: {{ .Values.csiNodeDriver.nodeRegistrar.image.pullPolicy }} + image: "{{ .Values.csiNodeDriver.nodeDriverRegistrar.image.repository }}:{{ .Values.csiNodeDriver.nodeDriverRegistrar.image.tag }}" + imagePullPolicy: {{ .Values.csiNodeDriver.nodeDriverRegistrar.image.pullPolicy }} resources: - {{ .Values.csiNodeDriver.nodeRegistrar.resources | toYaml | nindent 12 }} + {{ .Values.csiNodeDriver.nodeDriverRegistrar.resources | toYaml | nindent 12 }} args: - --csi-address=/csi/csi.sock - --kubelet-registration-path={{ .Values.kubeletDir }}/plugins/listeners.stackable.tech/csi.sock diff --git a/deploy/helm/listener-operator/values.yaml b/deploy/helm/listener-operator/values.yaml index 28cb3f2..61facd1 100644 --- a/deploy/helm/listener-operator/values.yaml +++ b/deploy/helm/listener-operator/values.yaml @@ -100,7 +100,7 @@ csiNodeDriver: # runAsNonRoot: true # runAsUser: 1000 - nodeRegistrar: + nodeDriverRegistrar: image: repository: oci.stackable.tech/sdp/sig-storage/csi-node-driver-registrar tag: v2.13.0 From d9ec60b7723910bd4bc5af3bff5c57842231eb96 Mon Sep 17 00:00:00 2001 From: Nick <10092581+NickLarsenNZ@users.noreply.github.com> Date: Tue, 16 Sep 2025 12:37:24 +0200 Subject: [PATCH 15/15] Apply suggestions from code review Co-authored-by: Techassi --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3401925..aa604f8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ All notable changes to this project will be documented in this file. ### Changed -- Split helm values for independent configuration ([#334]). +- BREAKING: Split helm values for independent configuration ([#334]). - `controller` values have been moved to `csiProvisioner.controllerService`. - `csiProvisioner` values have been moved to `csiProvisioner.externalProvisioner` - `csiNodeDriverRegistrar` values have been moved to `csiNodeDriver.nodeRegistrar`.