WiP proxmox-csi

2025-02-11 17:28:42 +01:00 · 2025-02-11 17:28:42 +01:00 · ae9ac8edb6
commit ae9ac8edb6
parent 39c65eae4e
4 changed files with 58 additions and 41 deletions
--- a/stages/base/helmfile.yaml
+++ b/stages/base/helmfile.yaml
@ -3,8 +3,8 @@ repositories:
    url: https://metallb.github.io/metallb
  - name: ingress-nginx
    url: https://kubernetes.github.io/ingress-nginx
-  - name: csi-driver-nfs
-    url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
+  - name: proxmox-csi-plugin
+    url: oci://ghcr.io/sergelogvinov/charts/proxmox-csi-plugin
  - name: jetstack
    url: https://charts.jetstack.io
  - name: mojo2600
@ -23,10 +23,12 @@ releases:
    version: 4.12.0
    values:
      - ./values/ingress-nginx.values.yaml
-  - name: csi-driver-nfs
-    namespace: kube-system
-    chart: csi-driver-nfs/csi-driver-nfs
-    version: v4.9.0
+  - name: proxmox-csi-plugin
+    namespace: proxmox-csi
+    chart: proxmox-csi-plugin/proxmox-csi-plugin
+    version: 0.3.5
+    values:
+      - ./values/proxmox-csi-plugin.values.yaml.gotmpl
  - name: cert-manager
    namespace: cert-manager
    chart: jetstack/cert-manager
--- a/stages/base/kustomize/csi-driver-nfs.yaml
+++ b/stages/base/kustomize/csi-driver-nfs.yaml
@ -1,15 +0,0 @@
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: nfs-csi
-  annotations:
-    storageclass.kubernetes.io/is-default-class: "true"
-provisioner: nfs.csi.k8s.io
-parameters:
-  server: 192.168.1.180
-  share: /mnt/nas
-reclaimPolicy: Delete
-volumeBindingMode: Immediate
-allowVolumeExpansion: true
-mountOptions:
-  - nfsvers=4.1
--- a/stages/base/values/proxmox-csi-plugin.values.yaml.gotmpl
+++ b/stages/base/values/proxmox-csi-plugin.values.yaml.gotmpl
@ -0,0 +1,35 @@
+config:
+  clusters:
+    - url: https://192.168.1.151:8006/api2/json
+      insecure: true
+      token_id: "kubernetes-csi@pve!csi"
+      token_secret: "key"
+      region: cluster-1
+
+# Deploy Node CSI driver only on proxmox nodes
+node:
+  nodeSelector:
+    # It will work only with Talos CCM, remove it overwise
+    node.cloudprovider.kubernetes.io/platform: nocloud
+  tolerations:
+    - operator: Exists
+
+# Deploy CSI controller only on control-plane nodes
+nodeSelector:
+  node-role.kubernetes.io/control-plane: ""
+tolerations:
+  - key: node-role.kubernetes.io/control-plane
+    effect: NoSchedule
+
+# Define storage classes
+# See https://pve.proxmox.com/wiki/Storage
+storageClass:
+  - name: proxmox-data-xfs
+    storage: data
+    reclaimPolicy: Delete
+    fstype: xfs
+  - name: proxmox-data
+    storage: data
+    reclaimPolicy: Delete
+    fstype: ext4
+    cache: writethrough
--- a/stages/identity/values/authentik.values.yaml.gotmpl
+++ b/stages/identity/values/authentik.values.yaml.gotmpl
@ -1,12 +1,7 @@
 postgresql:
-  image:
-    debug: true
  enabled: true
  auth:
    password: {{ readFile "../.envs/.authentik-postgresql" }}
-  resources:
-    limits:
-      hugepages-2Mi: "512Mi"
  volumePermissions:
    enabled: true

@ -18,18 +13,18 @@ authentik:

 redis:
  enabled: true
-# 
-# server:
-#   ingress:
-#     ingressClassName: nginx
-#     enabled: true
-#     hosts:
-#       - idp.kropcloud.net
-#     annotations:
-#       nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-#       nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
-#       cert-manager.io/cluster-issuer: cloudflare-issuer
-#     tls:
-#       - hosts: 
-#         - idp.kropcloud.net
-#         secretName: authentik-tls
+
+server:
+  ingress:
+    ingressClassName: nginx
+    enabled: true
+    hosts:
+      - idp.kropcloud.net
+    annotations:
+      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+      cert-manager.io/cluster-issuer: cloudflare-issuer
+    tls:
+      - hosts: 
+        - idp.kropcloud.net
+        secretName: authentik-tls