feat(helm)!: Allows for the CSI Provisioner Deployment and CSI Node Driver DaemonSet to be configured independently

CHANGELOG.md

@@ -4,6 +4,25 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+### Added
+
+- New helm values for `csiProvisioner.priorityClassName` and `csiNodeDriver.priorityClassName` ([#334]).
+
+### Changed
+
+- BREAKING: Split helm values for independent configuration ([#334]).
+  - `controller` values have been moved to `csiProvisioner.controllerService`.
+  - `csiProvisioner` values have been moved to `csiProvisioner.externalProvisioner`
+  - `csiNodeDriverRegistrar` values have been moved to `csiNodeDriver.nodeRegistrar`.
+  - `node.driver` values have been moved to `csiNodeDriver.nodeService`.
+  - `podAnnotations` has been split into `csiProvisioner.podAnnotations` and `csiNodeDriver.podAnnotations`.
+  - `podSecurityContext` has been split into `csiProvisioner.podSecurityContext` and `csiNodeDriver.podSecurityContext`.
+  - `nodeSelector` has been split into `csiProvisioner.nodeSelector` and `csiNodeDriver.nodeSelector`.
+  - `tolerations` has been split into `csiProvisioner.tolerations` and `csiNodeDriver.tolerations`.
+  - `affinity` has been split into `csiProvisioner.affinity` and `csiNodeDriver.affinity`.
+
+[#334]: https://github.com/stackabletech/listener-operator/pull/334
+
 ## [25.7.0] - 2025-07-23
 
 ## [25.7.0-rc1] - 2025-07-18

deploy/helm/listener-operator/templates/node-daemonset.yaml → deploy/helm/listener-operator/templates/csi-node-driver-daemonset.yaml

@@ -2,22 +2,22 @@
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  name: {{ include "operator.fullname" . }}-node-daemonset
+  name: {{ include "operator.fullname" . }}-csi-node-driver
   labels:
     {{- include "operator.labels" . | nindent 4 }}
 spec:
   selector:
     matchLabels:
-      app.kubernetes.io/role: node
+      app.kubernetes.io/role: node-driver
       {{- include "operator.selectorLabels" . | nindent 6 }}
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
+      {{- with .Values.csiNodeDriver.podAnnotations }}
       annotations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       labels:
-        app.kubernetes.io/role: node
+        app.kubernetes.io/role: node-driver
         {{- include "operator.selectorLabels" . | nindent 8 }}
     spec:
       {{- with .Values.image.pullSecrets }}
@@ -26,15 +26,15 @@ spec:
       {{- end }}
       serviceAccountName: {{ include "operator.fullname" . }}-serviceaccount
       securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.csiNodeDriver.podSecurityContext | nindent 8 }}
       containers:
-        - name: {{ include "operator.appname" . }}
+        - name: csi-node-service
           securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
+            {{- toYaml .Values.csiNodeDriver.nodeService.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           resources:
-            {{ .Values.node.driver.resources | toYaml | nindent 12 }}
+            {{ .Values.csiNodeDriver.nodeService.resources | toYaml | nindent 12 }}
           args:
             - run
             - node
@@ -85,10 +85,10 @@ spec:
             - name: mountpoint
               mountPath: {{ .Values.kubeletDir }}/pods
         - name: node-driver-registrar
-          image: "{{ .Values.csiNodeDriverRegistrar.image.repository }}:{{ .Values.csiNodeDriverRegistrar.image.tag }}"
-          imagePullPolicy: {{ .Values.csiNodeDriverRegistrar.image.pullPolicy }}
+          image: "{{ .Values.csiNodeDriver.nodeDriverRegistrar.image.repository }}:{{ .Values.csiNodeDriver.nodeDriverRegistrar.image.tag }}"
+          imagePullPolicy: {{ .Values.csiNodeDriver.nodeDriverRegistrar.image.pullPolicy }}
           resources:
-            {{ .Values.csiNodeDriverRegistrar.resources | toYaml | nindent 12 }}
+            {{ .Values.csiNodeDriver.nodeDriverRegistrar.resources | toYaml | nindent 12 }}
           args:
             - --csi-address=/csi/csi.sock
             - --kubelet-registration-path={{ .Values.kubeletDir }}/plugins/listeners.stackable.tech/csi.sock
@@ -109,15 +109,18 @@ spec:
         - name: mountpoint
           hostPath:
             path: {{ .Values.kubeletDir }}/pods/
-      {{- with .Values.nodeSelector }}
+      {{- with .Values.csiNodeDriver.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.affinity }}
+      {{- with .Values.csiNodeDriver.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.tolerations }}
+      {{- with .Values.csiNodeDriver.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.csiNodeDriver.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}

deploy/helm/listener-operator/templates/controller-deployment.yaml → deploy/helm/listener-operator/templates/csi-provisioner-deployment.yaml

@@ -2,23 +2,23 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ include "operator.fullname" . }}-deployment
+  name: {{ include "operator.fullname" . }}-csi-provisioner
   labels:
     {{- include "operator.labels" . | nindent 4 }}
 spec:
   selector:
     matchLabels:
-      app.kubernetes.io/role: controller
+      app.kubernetes.io/role: provisioner
       {{- include "operator.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       annotations:
         internal.stackable.tech/image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-        {{- with .Values.podAnnotations }}
+        {{- with .Values.csiProvisioner.podAnnotations }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
       labels:
-        app.kubernetes.io/role: controller
+        app.kubernetes.io/role: provisioner
         {{- include "operator.selectorLabels" . | nindent 8 }}
     spec:
       {{- with .Values.imagePullSecrets }}
@@ -27,15 +27,15 @@ spec:
       {{- end }}
       serviceAccountName: {{ include "operator.fullname" . }}-serviceaccount
       securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.csiProvisioner.podSecurityContext | nindent 8 }}
       containers:
-        - name: {{ include "operator.appname" . }}
+        - name: csi-controller-service
           securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
+            {{- toYaml .Values.csiProvisioner.controllerService.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           resources:
-            {{ .Values.controller.resources | toYaml | nindent 12 }}
+            {{- .Values.csiProvisioner.controllerService.resources | toYaml | nindent 12 }}
           args:
             - run
             - controller
@@ -84,10 +84,10 @@ spec:
             - name: csi
               mountPath: /csi
         - name: external-provisioner
-          image: "{{ .Values.csiProvisioner.image.repository }}:{{ .Values.csiProvisioner.image.tag }}"
-          imagePullPolicy: {{ .Values.csiProvisioner.image.pullPolicy }}
+          image: "{{ .Values.csiProvisioner.externalProvisioner.image.repository }}:{{ .Values.csiProvisioner.externalProvisioner.image.tag }}"
+          imagePullPolicy: {{ .Values.csiProvisioner.externalProvisioner.image.pullPolicy }}
           resources:
-            {{ .Values.csiProvisioner.resources | toYaml | nindent 12 }}
+            {{ .Values.csiProvisioner.externalProvisioner.resources | toYaml | nindent 12 }}
           args:
             - --csi-address=/csi/csi.sock
             - --feature-gates=Topology=true
@@ -98,15 +98,18 @@ spec:
       volumes:
         - name: csi
           emptyDir: {}
-      {{- with .Values.nodeSelector }}
+      {{- with .Values.csiProvisioner.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.affinity }}
+      {{- with .Values.csiProvisioner.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.tolerations }}
+      {{- with .Values.csiProvisioner.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.csiProvisioner.priorityClassName }}
+      priorityClassName: {{ . }}
+      {{- end }}

deploy/helm/listener-operator/values.yaml

@@ -1,34 +1,117 @@
 # Default values for listener-operator.
 ---
+# Used by both the Controller Service and Node Service containers
 image:
   repository: oci.stackable.tech/sdp/listener-operator
+  # tag: 0.0.0-dev
   pullPolicy: IfNotPresent
   pullSecrets: []
 
 csiProvisioner:
-  image:
-    repository: oci.stackable.tech/sdp/sig-storage/csi-provisioner
-    tag: v5.2.0
-    pullPolicy: IfNotPresent
-  resources:
-    requests:
-      cpu: 100m
-      memory: 128Mi
-    limits:
-      cpu: 100m
-      memory: 128Mi
-csiNodeDriverRegistrar:
-  image:
-    repository: oci.stackable.tech/sdp/sig-storage/csi-node-driver-registrar
-    tag: v2.13.0
-    pullPolicy: IfNotPresent
-  resources:
-    requests:
-      cpu: 100m
-      memory: 128Mi
-    limits:
-      cpu: 100m
-      memory: 128Mi
+  podAnnotations: {}
+
+  podSecurityContext: {}
+    # fsGroup: 2000
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  # priority: ...
+  # priorityClassName: ...
+  # preemptionPolicy: ...
+
+  controllerService:
+    resources:
+      # Resource requests and limits for the controller pod
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+
+    securityContext:
+      # listener-operator requires root permissions
+      runAsUser: 0
+      seLinuxOptions:
+        # Run as "Super Privileged Container" to be allowed to write into
+        # the Listener volumes
+        type: spc_t
+      # capabilities:
+      #   drop:
+      #   - ALL
+      # readOnlyRootFilesystem: true
+      # runAsNonRoot: true
+      # runAsUser: 1000
+
+  externalProvisioner:
+    image:
+      repository: oci.stackable.tech/sdp/sig-storage/csi-provisioner
+      tag: v5.2.0
+      pullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 100m
+        memory: 128Mi
+
+csiNodeDriver:
+  podAnnotations: {}
+
+  podSecurityContext: {}
+    # fsGroup: 2000
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  # priority: ...
+  # priorityClassName: ...
+  # preemptionPolicy: ...
+
+  nodeService:
+    resources:
+      # Resource requests and limits for the controller pod
+      limits:
+        cpu: 100m
+        memory: 128Mi
+      requests:
+        cpu: 100m
+        memory: 128Mi
+
+    securityContext:
+      # listener-operator requires root permissions
+      runAsUser: 0
+      seLinuxOptions:
+        # Run as "Super Privileged Container" to be allowed to write into
+        # the Listener volumes
+        type: spc_t
+      # capabilities:
+      #   drop:
+      #   - ALL
+      # readOnlyRootFilesystem: true
+      # runAsNonRoot: true
+      # runAsUser: 1000
+
+  nodeDriverRegistrar:
+    image:
+      repository: oci.stackable.tech/sdp/sig-storage/csi-node-driver-registrar
+      tag: v2.13.0
+      pullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 100m
+        memory: 128Mi
+      limits:
+        cpu: 100m
+        memory: 128Mi
 
 nameOverride: ""
 fullnameOverride: ""
@@ -42,56 +125,10 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name: ""
 
-podAnnotations: {}
-
 # Provide additional labels which get attached to all deployed resources
 labels:
   stackable.tech/vendor: Stackable
 
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext:
-  # listener-operator requires root permissions
-  runAsUser: 0
-  seLinuxOptions:
-    # Run as "Super Privileged Container" to be allowed to write into
-    # the Listener volumes
-    type: spc_t
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-controller:
-  resources:
-    # Resource requests and limits for the controller pod
-    limits:
-      cpu: 100m
-      memory: 128Mi
-    requests:
-      cpu: 100m
-      memory: 128Mi
-
-node:
-  driver:
-    resources:
-      # Resource requests and limits for the per node driver container
-      limits:
-        cpu: 100m
-        memory: 128Mi
-      requests:
-        cpu: 100m
-        memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
 # When running on a non-default Kubernetes cluster domain, the cluster domain can be configured here.
 # See the https://docs.stackable.tech/home/stable/guides/kubernetes-cluster-domain guide for details.
 # kubernetesClusterDomain: my-cluster.local
@@ -100,7 +137,7 @@ affinity: {}
 kubeletDir: /var/lib/kubelet
 
 # Options: none, stable-nodes, ephemeral-nodes
-# none: No ListenerClasses are preinstalled, the administrator must supply them themself
+# none: No ListenerClasses are preinstalled, administrators must supply them themselves
 # stable-nodes: ListenerClasses are preinstalled that are suitable for on-prem/"pet" environments, assuming long-running Nodes but not requiring a LoadBalancer controller
 # ephemeral-nodes: ListenerClasses are preinstalled that are suitable for cloud/"cattle" environments with short-lived nodes, however this requires a LoadBalancer controller to be installed
 preset: stable-nodes