Update release images

Prepare release v0.4.0

manifests/cozystack-installer.yaml

@@ -63,7 +63,7 @@ spec:
       serviceAccountName: cozystack
       containers:
       - name: cozystack
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.3.1"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.4.0"
         env:
         - name: KUBERNETES_SERVICE_HOST
           value: localhost
@@ -82,7 +82,7 @@ spec:
             fieldRef:
               fieldPath: metadata.name
       - name: darkhttpd
-        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.3.1"
+        image: "ghcr.io/aenix-io/cozystack/cozystack:v0.4.0"
         command:
         - /usr/bin/darkhttpd
         - /cozystack/assets

packages/apps/http-cache/images/nginx-cache.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:e406d5ac59cc06bbab51e16ae9a520143ad4f54952ef8f8cca982dc89454d616",
-  "containerimage.digest": "sha256:08e5063e65d2adc17278abee0ab43ce31cf37bc9bc7eb7988ef16f1f1c459862"
+  "containerimage.config.digest": "sha256:9eb68d2d503d7e22afc6fde2635f566fd3456bbdb3caad5dc9f887be1dc2b8ab",
+  "containerimage.digest": "sha256:1f44274dbc2c3be2a98e6cef83d68a041ae9ef31abb8ab069a525a2a92702bdd"
 }

packages/apps/kubernetes/images/ubuntu-container-disk.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:62baab666445d76498fb14cc1d0865fc82e4bdd5cb1d7ba80475dc5024184622",
-  "containerimage.digest": "sha256:9363d717f966f4e7927da332eaaf17401b42203a2fcb493b428f94d096dae3a5"
+  "containerimage.config.digest": "sha256:a7e8e6e35ac07bcf6253c9cfcf21fd3c315bd0653ad0427dd5f0cae95ffd3722",
+  "containerimage.digest": "sha256:c03bffeeb70fe7dd680d2eca3021d2405fbcd9961dd38437f5673560c31c72cc"
 }

packages/apps/kubernetes/templates/cluster-autoscaler/deployment.yaml

@@ -15,6 +15,12 @@ spec:
       labels:
         app: {{ .Release.Name }}-cluster-autoscaler
     spec:
+      tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: "NoSchedule"
       containers:
       - image: ghcr.io/kvaps/test:cluster-autoscaller
         name: cluster-autoscaler

packages/apps/kubernetes/templates/csi/deploy.yaml

@@ -16,12 +16,10 @@ spec:
     spec:
       serviceAccountName: {{ .Release.Name }}-kcsi
       priorityClassName: system-cluster-critical
-      nodeSelector:
-        node-role.kubernetes.io/control-plane: ""
       tolerations:
         - key: CriticalAddonsOnly
           operator: Exists
-        - key: node-role.kubernetes.io/master
+        - key: node-role.kubernetes.io/control-plane
           operator: Exists
           effect: "NoSchedule"
       containers:

packages/apps/kubernetes/templates/helmreleases/delete.yaml

@@ -12,6 +12,12 @@ spec:
     spec:
       serviceAccountName: {{ .Release.Name }}-flux-teardown
       restartPolicy: Never
+      tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: "NoSchedule"
       containers:
         - name: kubectl
           image: docker.io/clastix/kubectl:v1.29.1

packages/apps/kubernetes/templates/kccm/manager.yaml

@@ -14,6 +14,12 @@ spec:
       labels:
         k8s-app: {{ .Release.Name }}-kccm
     spec:
+      tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - key: node-role.kubernetes.io/control-plane
+          operator: Exists
+          effect: "NoSchedule"
       containers:
       - name: kubevirt-cloud-controller-manager
         args:
@@ -44,6 +50,4 @@ spec:
       - secret:
           secretName: {{ .Release.Name }}-admin-kubeconfig
         name: kubeconfig
-      tolerations:
-      - operator: Exists
       serviceAccountName: {{ .Release.Name }}-kccm

packages/core/installer/images/cozystack.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:29b11ecbb92bae830f2e55cd4b6f7f3ada09b2f5514c0eeee395bd2dbd12fb81",
-  "containerimage.digest": "sha256:791df989ff37a76062c7c638dbfc93435df9ee0db48797f2045c80b6d6b937c0"
+  "containerimage.config.digest": "sha256:aefc3ca9f56f69270d7ce6f56a1ce5b531332d5641481eb54c8e74b66b0f3341",
+  "containerimage.digest": "sha256:a2bf43cb7eb812166edfeb1a4fae6a76a4ddba93be2c0ba9040a804ccb53c261"
 }

packages/core/installer/images/cozystack.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/cozystack:v0.3.1
+ghcr.io/aenix-io/cozystack/cozystack:v0.4.0

packages/core/installer/images/matchbox.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:d63ac434876b4e47c130e6b99f0c9657e718f9d97f522f5ccd878eab75844122",
-  "containerimage.digest": "sha256:9963580a02ac4ddccafb60f2411365910bcadd73f92d1c9187a278221306a4ed"
+  "containerimage.config.digest": "sha256:68ea72fcc581352fabfd87fa6fd482968cc85ee520cab7a614f1244d7ae36eb0",
+  "containerimage.digest": "sha256:cea915e08a19eb6892f3facf3b3648368cd4a05abefc49bc2616ba3340c27e82"
 }

packages/core/installer/images/matchbox.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/matchbox:v1.6.4
+ghcr.io/aenix-io/cozystack/matchbox:v1.7.1

packages/core/installer/images/talos/profiles/initramfs.yaml

@@ -3,24 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
   kind: initramfs
+  imageOptions: {}
   outFormat: raw

packages/core/installer/images/talos/profiles/installer.yaml

@@ -3,24 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
   kind: installer
+  imageOptions: {}
   outFormat: raw

packages/core/installer/images/talos/profiles/iso.yaml

@@ -3,24 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
   kind: iso
+  imageOptions: {}
   outFormat: raw

packages/core/installer/images/talos/profiles/kernel.yaml

@@ -3,24 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
   kind: kernel
+  imageOptions: {}
   outFormat: raw

packages/core/installer/images/talos/profiles/nocloud.yaml

@@ -3,25 +3,25 @@
 arch: amd64
 platform: metal
 secureboot: false
-version: v1.6.4
+version: v1.7.1
 input:
   kernel:
     path: /usr/install/amd64/vmlinuz
   initramfs:
     path: /usr/install/amd64/initramfs.xz
   baseInstaller:
-    imageRef: ghcr.io/siderolabs/installer:v1.6.4
+    imageRef: ghcr.io/siderolabs/installer:v1.7.1
   systemExtensions:
-    - imageRef: ghcr.io/siderolabs/amd-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240115
-    - imageRef: ghcr.io/siderolabs/i915-ucode:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/intel-ucode:20231114
-    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240115
-    - imageRef: ghcr.io/siderolabs/drbd:9.2.6-v1.6.4
-    - imageRef: ghcr.io/siderolabs/zfs:2.1.14-v1.6.4
+    - imageRef: ghcr.io/siderolabs/amd-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/amdgpu-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/bnx2-bnx2x:20240410
+    - imageRef: ghcr.io/siderolabs/i915-ucode:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ice-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/intel-ucode:20240312
+    - imageRef: ghcr.io/siderolabs/qlogic-firmware:20240410
+    - imageRef: ghcr.io/siderolabs/drbd:9.2.8-v1.7.1
+    - imageRef: ghcr.io/siderolabs/zfs:2.2.3-v1.7.1
 output:
-  kind: image
+  kind: nocloud
   imageOptions: { diskSize: 1306525696, diskFormat: raw }
   outFormat: .xz

packages/core/platform/bundles/distro-full.yaml

@@ -52,6 +52,12 @@ releases:
   privileged: true
   dependsOn: [cilium]
 
+- name: etcd-operator
+  releaseName: etcd-operator
+  chart: cozy-etcd-operator
+  namespace: cozy-etcd-operator
+  dependsOn: [cilium,cert-manager]
+
 - name: grafana-operator
   releaseName: grafana-operator
   chart: cozy-grafana-operator

packages/core/platform/bundles/distro-hosted.yaml

@@ -26,6 +26,12 @@ releases:
   privileged: true
   dependsOn: [victoria-metrics-operator]
 
+- name: etcd-operator
+  releaseName: etcd-operator
+  chart: cozy-etcd-operator
+  namespace: cozy-etcd-operator
+  dependsOn: [cert-manager]
+
 - name: grafana-operator
   releaseName: grafana-operator
   chart: cozy-grafana-operator

packages/core/platform/bundles/paas-full.yaml

@@ -81,6 +81,12 @@ releases:
   privileged: true
   dependsOn: [cilium,kubeovn]
 
+- name: etcd-operator
+  releaseName: etcd-operator
+  chart: cozy-etcd-operator
+  namespace: cozy-etcd-operator
+  dependsOn: [cilium,kubeovn,cert-manager]
+
 - name: grafana-operator
   releaseName: grafana-operator
   chart: cozy-grafana-operator

packages/core/platform/bundles/paas-hosted.yaml

@@ -26,6 +26,12 @@ releases:
   privileged: true
   dependsOn: [victoria-metrics-operator]
 
+- name: etcd-operator
+  releaseName: etcd-operator
+  chart: cozy-etcd-operator
+  namespace: cozy-etcd-operator
+  dependsOn: [cert-manager]
+
 - name: grafana-operator
   releaseName: grafana-operator
   chart: cozy-grafana-operator

packages/core/platform/templates/helmreleases.yaml

@@ -23,9 +23,11 @@ spec:
   interval: 1m
   releaseName: {{ $x.releaseName | default $x.name }}
   install:
+    crds: CreateReplace
     remediation:
       retries: -1
   upgrade:
+    crds: CreateReplace
     remediation:
       retries: -1
   chart:

packages/extra/etcd/Chart.yaml

@@ -3,4 +3,4 @@ name: etcd
 description: Storage for Kubernetes clusters
 icon: https://www.svgrepo.com/show/353714/etcd.svg
 type: application
-version: 1.0.0
+version: 2.0.0

packages/extra/etcd/templates/datastore.yaml

@@ -0,0 +1,50 @@
+---
+apiVersion: kamaji.clastix.io/v1alpha1
+kind: DataStore
+metadata:
+  name: {{ .Release.Namespace }}
+spec:
+  driver: etcd
+  endpoints:
+  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc:2379
+  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc:2379
+  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc:2379
+  tlsConfig:
+    certificateAuthority:
+      certificate:
+        secretReference:
+          keyPath: tls.crt
+          name: etcd-ca-tls
+          namespace: {{ .Release.Namespace }}
+      privateKey:
+        secretReference:
+          keyPath: tls.key
+          name: etcd-ca-tls
+          namespace: {{ .Release.Namespace }}
+    clientCertificate:
+      certificate:
+        secretReference:
+          keyPath: tls.crt
+          name: etcd-client-tls
+          namespace: {{ .Release.Namespace }}
+      privateKey:
+        secretReference:
+          keyPath: tls.key
+          name: etcd-client-tls
+          namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: etcd-ca-tls
+  annotations:
+    helm.sh/hook: pre-install
+    helm.sh/resource-policy: keep
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: etcd-client-tls
+  annotations:
+    helm.sh/hook: pre-install
+    helm.sh/resource-policy: keep

packages/extra/etcd/templates/etcd-cluster.yaml

@@ -0,0 +1,176 @@
+---
+apiVersion: etcd.aenix.io/v1alpha1
+kind: EtcdCluster
+metadata:
+  name: etcd
+spec:
+  storage: {}
+  security:
+    tls:
+      peerTrustedCASecret: etcd-peer-ca-tls
+      peerSecret: etcd-peer-tls
+      serverSecret: etcd-server-tls
+      clientTrustedCASecret: etcd-ca-tls
+      clientSecret: etcd-client-tls
+  podTemplate:
+    spec:
+      topologySpreadConstraints:
+      - maxSkew: 1
+        topologyKey: "kubernetes.io/hostname"
+        whenUnsatisfiable: ScheduleAnyway
+        labelSelector:
+          matchLabels:
+            app.kubernetes.io/instance: etcd
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: etcd-selfsigning-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-peer-ca
+spec:
+  isCA: true
+  usages:
+  - "signing"
+  - "key encipherment"
+  - "cert sign"
+  commonName: etcd-peer-ca
+  subject:
+    organizations:
+      - ACME Inc.
+    organizationalUnits:
+      - Widgets
+  secretName: etcd-peer-ca-tls
+  privateKey:
+    algorithm: RSA
+    size: 4096
+  issuerRef:
+    name: etcd-selfsigning-issuer
+    kind: Issuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-ca
+spec:
+  isCA: true
+  usages:
+  - "signing"
+  - "key encipherment"
+  - "cert sign"
+  commonName: etcd-ca
+  subject:
+    organizations:
+      - ACME Inc.
+    organizationalUnits:
+      - Widgets
+  secretName: etcd-ca-tls
+  privateKey:
+    algorithm: RSA
+    size: 4096
+  issuerRef:
+    name: etcd-selfsigning-issuer
+    kind: Issuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: etcd-peer-issuer
+spec:
+  ca:
+    secretName: etcd-peer-ca-tls
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: etcd-issuer
+spec:
+  ca:
+    secretName: etcd-ca-tls
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-server
+spec:
+  secretName: etcd-server-tls
+  isCA: false
+  usages:
+    - "server auth"
+    - "signing"
+    - "key encipherment"
+  dnsNames:
+  - etcd-0
+  - etcd-0.etcd-headless
+  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc
+  - etcd-1
+  - etcd-1.etcd-headless
+  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc
+  - etcd-2
+  - etcd-2.etcd-headless
+  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc
+  - localhost
+  - "127.0.0.1"
+  privateKey:
+    rotationPolicy: Always
+    algorithm: RSA
+    size: 4096
+  issuerRef:
+    name: etcd-issuer
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-peer
+spec:
+  secretName: etcd-peer-tls
+  isCA: false
+  usages:
+    - "server auth"
+    - "client auth"
+    - "signing"
+    - "key encipherment"
+  dnsNames:
+  - etcd-0
+  - etcd-0.etcd-headless
+  - etcd-0.etcd-headless.{{ .Release.Namespace }}.svc
+  - etcd-1
+  - etcd-1.etcd-headless
+  - etcd-1.etcd-headless.{{ .Release.Namespace }}.svc
+  - etcd-2
+  - etcd-2.etcd-headless
+  - etcd-2.etcd-headless.{{ .Release.Namespace }}.svc
+  - localhost
+  - "127.0.0.1"
+  privateKey:
+    rotationPolicy: Always
+    algorithm: RSA
+    size: 4096
+  issuerRef:
+    name: etcd-peer-issuer
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: etcd-client
+spec:
+  commonName: root
+  secretName: etcd-client-tls
+  usages:
+  - "signing"
+  - "key encipherment"
+  - "client auth"
+  privateKey:
+    rotationPolicy: Always
+    algorithm: RSA
+    size: 4096
+  issuerRef:
+    name: etcd-issuer
+    kind: Issuer

packages/extra/etcd/templates/kamaji-etcd.yaml

@@ -1,19 +0,0 @@
-apiVersion: helm.toolkit.fluxcd.io/v2beta1
-kind: HelmRelease
-metadata:
-  name: kamaji-etcd
-spec:
-  chart:
-    spec:
-      chart: cozy-kamaji-etcd
-      reconcileStrategy: Revision
-      sourceRef:
-        kind: HelmRepository
-        name: cozystack-system
-        namespace: cozy-system
-      version: '*'
-  interval: 1m0s
-  timeout: 5m0s
-  values:
-    kamaji-etcd:
-      fullnameOverride: etcd

packages/extra/versions_map

@@ -1,3 +1,4 @@
-etcd 1.0.0 HEAD
+etcd 1.0.0 f7eaab0
+etcd 2.0.0 HEAD
 ingress 1.0.0 HEAD
 monitoring 1.0.0 HEAD

packages/system/dashboard/images/dashboard.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:ac9429d9bf66dd913a37fa9c22a6a2ccdc5d6bef50986bfef7868b5643ecaab2",
-  "containerimage.digest": "sha256:b551704d07e93f9837d36bb610ae5d10508325c31e9bd98a019452eed12ed96f"
+  "containerimage.config.digest": "sha256:78b413d1c9a4ecf3bec9383444b3e85c01d8b33bf903c6443bfa5bdfd8b5bc04",
+  "containerimage.digest": "sha256:ddfaadb33e33123f553a36a3ee5857a1bf53f312043f91d76ad24316591fd26e"
 }

packages/system/dashboard/images/dashboard.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/dashboard:latest
+ghcr.io/aenix-io/cozystack/dashboard:v0.4.0

packages/system/dashboard/images/kubeapps-apis.json

@@ -1,4 +1,4 @@
 {
-  "containerimage.config.digest": "sha256:ab059b6397905b2a2084def06582e61b49c4a8a3374747e87b08c82621357420",
-  "containerimage.digest": "sha256:9c1093da42482f116b27407edcdf8b24122885e295cbb632e565213c66fc07c0"
+  "containerimage.config.digest": "sha256:273a8e7055816068b2975d8ac10f0f7d114cafef74057680ffc60414d4d8cf4c",
+  "containerimage.digest": "sha256:5e111f09ee9c34281e2ef02cb0d41700943f8c036014110765bb002831148547"
 }

packages/system/dashboard/images/kubeapps-apis.tag

@@ -1 +1 @@
-ghcr.io/aenix-io/cozystack/kubeapps-apis:latest
+ghcr.io/aenix-io/cozystack/kubeapps-apis:v0.4.0

packages/system/etcd-operator/.helmignore

@@ -0,0 +1,3 @@
+images
+hack
+.gitkeep

packages/system/etcd-operator/Chart.yaml

@@ -0,0 +1,2 @@
+name: cozy-etcd-operator
+version: 0.4.0

packages/system/etcd-operator/Makefile

@@ -0,0 +1,8 @@
+NAME=etcd-operator
+NAMESPACE=cozy-${NAME}
+
+include ../../../scripts/package-system.mk
+
+update:
+	rm -rf charts
+	helm pull oci://ghcr.io/aenix-io/charts/etcd-operator --untar --untardir charts

packages/system/etcd-operator/charts/etcd-operator/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+appVersion: v0.2.0
+name: etcd-operator
+type: application
+version: 0.2.0

packages/system/etcd-operator/charts/etcd-operator/README.md

@@ -0,0 +1,63 @@
+# etcd-operator
+
+![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square)
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| etcdOperator.args[0] | string | `"--health-probe-bind-address=:8081"` |  |
+| etcdOperator.args[1] | string | `"--metrics-bind-address=127.0.0.1:8080"` |  |
+| etcdOperator.args[2] | string | `"--leader-elect"` |  |
+| etcdOperator.envVars | object | `{}` |  |
+| etcdOperator.image.pullPolicy | string | `"IfNotPresent"` |  |
+| etcdOperator.image.repository | string | `"ghcr.io/aenix-io/etcd-operator"` |  |
+| etcdOperator.image.tag | string | `""` |  |
+| etcdOperator.livenessProbe.httpGet.path | string | `"/healthz"` |  |
+| etcdOperator.livenessProbe.httpGet.port | int | `8081` |  |
+| etcdOperator.livenessProbe.initialDelaySeconds | int | `15` |  |
+| etcdOperator.livenessProbe.periodSeconds | int | `20` |  |
+| etcdOperator.readinessProbe.httpGet.path | string | `"/readyz"` |  |
+| etcdOperator.readinessProbe.httpGet.port | int | `8081` |  |
+| etcdOperator.readinessProbe.initialDelaySeconds | int | `5` |  |
+| etcdOperator.readinessProbe.periodSeconds | int | `10` |  |
+| etcdOperator.resources.limits.cpu | string | `"500m"` |  |
+| etcdOperator.resources.limits.memory | string | `"128Mi"` |  |
+| etcdOperator.resources.requests.cpu | string | `"100m"` |  |
+| etcdOperator.resources.requests.memory | string | `"64Mi"` |  |
+| etcdOperator.securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| etcdOperator.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| etcdOperator.service.port | int | `9443` |  |
+| etcdOperator.service.type | string | `"ClusterIP"` |  |
+| fullnameOverride | string | `""` |  |
+| imagePullSecrets | list | `[]` |  |
+| kubeRbacProxy.args[0] | string | `"--secure-listen-address=0.0.0.0:8443"` |  |
+| kubeRbacProxy.args[1] | string | `"--upstream=http://127.0.0.1:8080/"` |  |
+| kubeRbacProxy.args[2] | string | `"--logtostderr=true"` |  |
+| kubeRbacProxy.args[3] | string | `"--v=0"` |  |
+| kubeRbacProxy.image.pullPolicy | string | `"IfNotPresent"` |  |
+| kubeRbacProxy.image.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` |  |
+| kubeRbacProxy.image.tag | string | `"v0.16.0"` |  |
+| kubeRbacProxy.livenessProbe | object | `{}` |  |
+| kubeRbacProxy.readinessProbe | object | `{}` |  |
+| kubeRbacProxy.resources.limits.cpu | string | `"500m"` |  |
+| kubeRbacProxy.resources.limits.memory | string | `"128Mi"` |  |
+| kubeRbacProxy.resources.requests.cpu | string | `"100m"` |  |
+| kubeRbacProxy.resources.requests.memory | string | `"64Mi"` |  |
+| kubeRbacProxy.securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| kubeRbacProxy.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| kubeRbacProxy.service.port | int | `8443` |  |
+| kubeRbacProxy.service.type | string | `"ClusterIP"` |  |
+| kubernetesClusterDomain | string | `"cluster.local"` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| securityContext.runAsNonRoot | bool | `true` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| tolerations | list | `[]` |  |
+

packages/system/etcd-operator/charts/etcd-operator/templates/_helpers.tpl

@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "proxmox-csi-plugin.name" -}}
+{{- define "etcd-operator.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "proxmox-csi-plugin.fullname" -}}
+{{- define "etcd-operator.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,17 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "proxmox-csi-plugin.chart" -}}
+{{- define "etcd-operator.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "proxmox-csi-plugin.labels" -}}
-helm.sh/chart: {{ include "proxmox-csi-plugin.chart" . }}
-app.kubernetes.io/name: {{ include "proxmox-csi-plugin.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
+{{- define "etcd-operator.labels" -}}
+helm.sh/chart: {{ include "etcd-operator.chart" . }}
+{{ include "etcd-operator.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -46,26 +45,7 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "proxmox-csi-plugin.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "proxmox-csi-plugin.name" . }}
+{{- define "etcd-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "etcd-operator.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/component: controller
-{{- end }}
-
-{{- define "proxmox-csi-plugin-node.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "proxmox-csi-plugin.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-app.kubernetes.io/component: node
-{{- end }}
-
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "proxmox-csi-plugin.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "proxmox-csi-plugin.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
 {{- end }}

packages/system/etcd-operator/charts/etcd-operator/templates/cert-manager/certificate.yml

@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+  name: {{ include "etcd-operator.fullname" . }}-serving-cert
+spec:
+  dnsNames:
+    - {{ include "etcd-operator.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc
+    - {{ include "etcd-operator.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc.{{ .Values.kubernetesClusterDomain }}
+  issuerRef:
+    kind: Issuer
+    name: {{ include "etcd-operator.fullname" . }}-selfsigned-issuer
+  secretName: webhook-server-cert

packages/system/etcd-operator/charts/etcd-operator/templates/cert-manager/issuer.yml

@@ -0,0 +1,8 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+  name: {{ include "etcd-operator.fullname" . }}-selfsigned-issuer
+spec:
+  selfSigned: {}

packages/system/etcd-operator/charts/etcd-operator/templates/cert-manager/mutatingwebhookconfiguration.yml

@@ -0,0 +1,29 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "etcd-operator.fullname" . }}-serving-cert
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+  name: {{ include "etcd-operator.fullname" . }}-mutating-webhook-configuration
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      service:
+        name: {{ include "etcd-operator.fullname" . }}-webhook-service
+        namespace: {{ .Release.Namespace }}
+        path: /mutate-etcd-aenix-io-v1alpha1-etcdcluster
+    failurePolicy: Fail
+    name: metcdcluster.kb.io
+    rules:
+      - apiGroups:
+          - etcd.aenix.io
+        apiVersions:
+          - v1alpha1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - etcdclusters
+    sideEffects: None

packages/system/etcd-operator/charts/etcd-operator/templates/cert-manager/validatingwebhookconfiguration.yml

@@ -0,0 +1,29 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "etcd-operator.fullname" . }}-serving-cert
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+  name: {{ include "etcd-operator.fullname" . }}-validating-webhook-configuration
+webhooks:
+  - admissionReviewVersions:
+      - v1
+    clientConfig:
+      service:
+        name: {{ include "etcd-operator.fullname" . }}-webhook-service
+        namespace: {{ .Release.Namespace }}
+        path: /validate-etcd-aenix-io-v1alpha1-etcdcluster
+    failurePolicy: Fail
+    name: vetcdcluster.kb.io
+    rules:
+      - apiGroups:
+          - etcd.aenix.io
+        apiVersions:
+          - v1alpha1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - etcdclusters
+    sideEffects: None

packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrole-manager-role.yml

@@ -0,0 +1,81 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+  name: {{ include "etcd-operator.fullname" . }}-manager-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - apps
+    resources:
+      - statefulsets
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - etcd.aenix.io
+    resources:
+      - etcdclusters
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - etcd.aenix.io
+    resources:
+      - etcdclusters/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - etcd.aenix.io
+    resources:
+      - etcdclusters/status
+    verbs:
+      - get
+      - patch
+      - update
+  - apiGroups:
+    - policy
+    resources:
+    - poddisruptionbudgets
+    verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch

packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrole-metrics-reader.yml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+  name: {{ include "etcd-operator.fullname" . }}-metrics-reader
+rules:
+  - nonResourceURLs:
+      - /metrics
+    verbs:
+      - get

packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrole-proxy-role.yml

@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+  name: {{ include "etcd-operator.fullname" . }}-proxy-role
+rules:
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create

packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrolebinding-manager-rolebinding.yml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+  name: {{ include "etcd-operator.fullname" . }}-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "etcd-operator.fullname" . }}-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "etcd-operator.fullname" . }}-controller-manager
+    namespace: {{ .Release.Namespace }}

packages/system/etcd-operator/charts/etcd-operator/templates/rbac/clusterrolebinding-proxy-rolebinding.yml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+  name: {{ include "etcd-operator.fullname" . }}-proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "etcd-operator.fullname" . }}-proxy-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "etcd-operator.fullname" . }}-controller-manager
+    namespace: {{ .Release.Namespace }}

packages/system/etcd-operator/charts/etcd-operator/templates/rbac/role-leader-election-role.yml

@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+  name: {{ include "etcd-operator.fullname" . }}-leader-election-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch

packages/system/etcd-operator/charts/etcd-operator/templates/rbac/rolebinding-leader-election-rolebinding.yml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+  name: {{ include "etcd-operator.fullname" . }}-leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "etcd-operator.fullname" . }}-leader-election-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "etcd-operator.fullname" . }}-controller-manager
+    namespace: {{ .Release.Namespace }}

packages/system/etcd-operator/charts/etcd-operator/templates/workload/configmap-env.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.etcdOperator.envVars }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "etcd-operator.labels" . }}-env
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+data:
+  {{- range $k, $v := .Values.etcdOperator.envVars }}
+    {{- if typeOf $v | eq "string" }}
+      {{- print (tpl $k $) ": " (tpl $v $ | quote) | nindent 2 }}
+    {{- else }}
+      {{- print (tpl $k $) ": " ($v | quote) | nindent 2 }}
+    {{- end }}
+  {{- end }}
+{{- end }}

packages/system/etcd-operator/charts/etcd-operator/templates/workload/deployment.yml

@@ -0,0 +1,114 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "etcd-operator.fullname" . }}-controller-manager
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "etcd-operator.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "etcd-operator.labels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: etcd-operator
+          image: {{ .Values.etcdOperator.image.repository }}:{{ .Values.etcdOperator.image.tag | default .Chart.AppVersion }}
+          imagePullPolicy: {{ .Values.etcdOperator.image.pullPolicy }}
+          {{- with .Values.etcdOperator.args }}
+          args:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          ports:
+            - containerPort: {{ .Values.etcdOperator.service.port }}
+              name: webhook-server
+              protocol: TCP
+          {{- with .Values.etcdOperator.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.etcdOperator.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.etcdOperator.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.etcdOperator.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- if .Values.etcdOperator.envVars }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "etcd-operator.fullname" . }}-env
+          {{- end }}
+          volumeMounts:
+            - mountPath: /tmp/k8s-webhook-server/serving-certs
+              name: cert
+              readOnly: true
+        - name: kube-rbac-proxy
+          image: {{ .Values.kubeRbacProxy.image.repository }}:{{ .Values.kubeRbacProxy.image.tag }}
+          imagePullPolicy: {{ .Values.kubeRbacProxy.image.pullPolicy }}
+          {{- with .Values.kubeRbacProxy.args }}
+          args:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          ports:
+            - containerPort: {{ .Values.kubeRbacProxy.service.port }}
+              name: https
+              protocol: TCP
+          {{- with .Values.kubeRbacProxy.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.kubeRbacProxy.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.kubeRbacProxy.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.kubeRbacProxy.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "etcd-operator.fullname" . }}-controller-manager
+      terminationGracePeriodSeconds: 10
+      volumes:
+        - name: cert
+          secret:
+            defaultMode: 420
+            secretName: webhook-server-cert
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

packages/system/etcd-operator/charts/etcd-operator/templates/workload/service-controller-manager-metrics-service.yml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "etcd-operator.fullname" . }}-controller-manager-metrics-service
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.kubeRbacProxy.service.type }}
+  ports:
+    - name: https
+      port: {{ .Values.kubeRbacProxy.service.port }}
+      protocol: TCP
+      targetPort: https
+  selector:
+    {{- include "etcd-operator.selectorLabels" . | nindent 4 }}

packages/system/etcd-operator/charts/etcd-operator/templates/workload/service-webhook-service.yml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    {{- include "etcd-operator.labels" . | nindent 4 }}
+  name: {{ include "etcd-operator.fullname" . }}-webhook-service
+spec:
+  type: {{ .Values.etcdOperator.service.type }}
+  ports:
+    - port: 443
+      protocol: TCP
+      targetPort: {{ .Values.etcdOperator.service.port }}
+  selector:
+    {{- include "etcd-operator.selectorLabels" . | nindent 4 }}

packages/system/etcd-operator/charts/etcd-operator/templates/workload/serviceaccount.yml

@@ -2,12 +2,11 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "proxmox-cloud-controller-manager.serviceAccountName" . }}
+  name: {{ include "etcd-operator.fullname" . }}-controller-manager
   labels:
-    {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }}
+    {{- include "etcd-operator.labels" . | nindent 4 }}
   {{- with .Values.serviceAccount.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
-  namespace: {{ .Release.Namespace }}
 {{- end }}

packages/system/etcd-operator/charts/etcd-operator/values.schema.json

@@ -0,0 +1,284 @@
+{
+    "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "properties": {
+        "affinity": {
+            "properties": {},
+            "type": "object"
+        },
+        "etcdOperator": {
+            "properties": {
+                "args": {
+                    "items": {
+                        "type": "string"
+                    },
+                    "type": "array"
+                },
+                "envVars": {
+                    "properties": {},
+                    "type": "object"
+                },
+                "image": {
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    },
+                    "type": "object"
+                },
+                "livenessProbe": {
+                    "properties": {
+                        "httpGet": {
+                            "properties": {
+                                "path": {
+                                    "type": "string"
+                                },
+                                "port": {
+                                    "type": "integer"
+                                }
+                            },
+                            "type": "object"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        }
+                    },
+                    "type": "object"
+                },
+                "readinessProbe": {
+                    "properties": {
+                        "httpGet": {
+                            "properties": {
+                                "path": {
+                                    "type": "string"
+                                },
+                                "port": {
+                                    "type": "integer"
+                                }
+                            },
+                            "type": "object"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        }
+                    },
+                    "type": "object"
+                },
+                "resources": {
+                    "properties": {
+                        "limits": {
+                            "properties": {
+                                "cpu": {
+                                    "type": "string"
+                                },
+                                "memory": {
+                                    "type": "string"
+                                }
+                            },
+                            "type": "object"
+                        },
+                        "requests": {
+                            "properties": {
+                                "cpu": {
+                                    "type": "string"
+                                },
+                                "memory": {
+                                    "type": "string"
+                                }
+                            },
+                            "type": "object"
+                        }
+                    },
+                    "type": "object"
+                },
+                "securityContext": {
+                    "properties": {
+                        "allowPrivilegeEscalation": {
+                            "type": "boolean"
+                        },
+                        "capabilities": {
+                            "properties": {
+                                "drop": {
+                                    "items": {
+                                        "type": "string"
+                                    },
+                                    "type": "array"
+                                }
+                            },
+                            "type": "object"
+                        }
+                    },
+                    "type": "object"
+                },
+                "service": {
+                    "properties": {
+                        "port": {
+                            "type": "integer"
+                        },
+                        "type": {
+                            "type": "string"
+                        }
+                    },
+                    "type": "object"
+                }
+            },
+            "type": "object"
+        },
+        "fullnameOverride": {
+            "type": "string"
+        },
+        "imagePullSecrets": {
+            "type": "array"
+        },
+        "kubeRbacProxy": {
+            "properties": {
+                "args": {
+                    "items": {
+                        "type": "string"
+                    },
+                    "type": "array"
+                },
+                "image": {
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    },
+                    "type": "object"
+                },
+                "livenessProbe": {
+                    "properties": {},
+                    "type": "object"
+                },
+                "readinessProbe": {
+                    "properties": {},
+                    "type": "object"
+                },
+                "resources": {
+                    "properties": {
+                        "limits": {
+                            "properties": {
+                                "cpu": {
+                                    "type": "string"
+                                },
+                                "memory": {
+                                    "type": "string"
+                                }
+                            },
+                            "type": "object"
+                        },
+                        "requests": {
+                            "properties": {
+                                "cpu": {
+                                    "type": "string"
+                                },
+                                "memory": {
+                                    "type": "string"
+                                }
+                            },
+                            "type": "object"
+                        }
+                    },
+                    "type": "object"
+                },
+                "securityContext": {
+                    "properties": {
+                        "allowPrivilegeEscalation": {
+                            "type": "boolean"
+                        },
+                        "capabilities": {
+                            "properties": {
+                                "drop": {
+                                    "items": {
+                                        "type": "string"
+                                    },
+                                    "type": "array"
+                                }
+                            },
+                            "type": "object"
+                        }
+                    },
+                    "type": "object"
+                },
+                "service": {
+                    "properties": {
+                        "port": {
+                            "type": "integer"
+                        },
+                        "type": {
+                            "type": "string"
+                        }
+                    },
+                    "type": "object"
+                }
+            },
+            "type": "object"
+        },
+        "kubernetesClusterDomain": {
+            "type": "string"
+        },
+        "nameOverride": {
+            "type": "string"
+        },
+        "nodeSelector": {
+            "properties": {},
+            "type": "object"
+        },
+        "podAnnotations": {
+            "properties": {},
+            "type": "object"
+        },
+        "podLabels": {
+            "properties": {},
+            "type": "object"
+        },
+        "podSecurityContext": {
+            "properties": {},
+            "type": "object"
+        },
+        "replicaCount": {
+            "type": "integer"
+        },
+        "securityContext": {
+            "properties": {
+                "runAsNonRoot": {
+                    "type": "boolean"
+                }
+            },
+            "type": "object"
+        },
+        "serviceAccount": {
+            "properties": {
+                "annotations": {
+                    "properties": {},
+                    "type": "object"
+                },
+                "create": {
+                    "type": "boolean"
+                }
+            },
+            "type": "object"
+        },
+        "tolerations": {
+            "type": "array"
+        }
+    },
+    "type": "object"
+}

packages/system/etcd-operator/charts/etcd-operator/values.yaml

@@ -0,0 +1,98 @@
+etcdOperator:
+  image:
+    repository: ghcr.io/aenix-io/etcd-operator
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: ""
+  args:
+    - --health-probe-bind-address=:8081
+    - --metrics-bind-address=127.0.0.1:8080
+    - --leader-elect
+  service:
+    type: ClusterIP
+    port: 9443
+  envVars: {}
+  livenessProbe:
+    httpGet:
+      path: /healthz
+      port: 8081
+    initialDelaySeconds: 15
+    periodSeconds: 20
+  readinessProbe:
+    httpGet:
+      path: /readyz
+      port: 8081
+    initialDelaySeconds: 5
+    periodSeconds: 10
+  resources:
+    limits:
+      cpu: 500m
+      memory: 128Mi
+    requests:
+      cpu: 100m
+      memory: 64Mi
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+
+kubeRbacProxy:
+  image:
+    repository: gcr.io/kubebuilder/kube-rbac-proxy
+    pullPolicy: IfNotPresent
+    tag: v0.16.0
+  args:
+    - --secure-listen-address=0.0.0.0:8443
+    - --upstream=http://127.0.0.1:8080/
+    - --logtostderr=true
+    - --v=0
+  service:
+    type: ClusterIP
+    port: 8443
+  livenessProbe: {}
+  readinessProbe: {}
+  resources:
+    limits:
+      cpu: 500m
+      memory: 128Mi
+    requests:
+      cpu: 100m
+      memory: 64Mi
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+
+kubernetesClusterDomain: cluster.local
+
+replicaCount: 1
+
+imagePullSecrets: []
+
+nameOverride: ""
+
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+
+podAnnotations: {}
+
+podLabels: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext:
+  runAsNonRoot: true
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

packages/system/proxmox-csi/Chart.yaml

@@ -1,2 +0,0 @@
-name: app
-version: 0.0.0

packages/system/proxmox-csi/Makefile

@@ -1,13 +0,0 @@
-include ../../hack/app-helm.mk
-
-update:
-	rm -rf charts
-	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/sergelogvinov/proxmox-cloud-controller-manager | awk -F'[/^]' 'END{print $$3}') && \
-	curl -sSL https://github.com/sergelogvinov/proxmox-cloud-controller-manager/archive/refs/tags/$${tag}.tar.gz | \
-	tar xzvf - --strip 1 proxmox-cloud-controller-manager-$${tag#*v}/charts
-	sed -i 's/^  namespace: .*/  namespace: kube-system/' charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml
-	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/sergelogvinov/proxmox-csi-plugin | awk -F'[/^]' 'END{print $$3}') && \
-	curl -sSL https://github.com/sergelogvinov/proxmox-csi-plugin/archive/refs/tags/$${tag}.tar.gz | \
-	tar xzvf - --strip 1 proxmox-csi-plugin-$${tag#*v}/charts
-	rm -f charts/proxmox-csi-plugin/templates/namespace.yaml
-	patch -p 3 < patches/namespace.patch

packages/system/proxmox-csi/README.md

@@ -1,6 +0,0 @@
-# Proxmox CSI Plugin
-
-Plugin that provides CSI interface for Proxmox
-
-- GitHub: https://github.com/sergelogvinov/proxmox-csi-plugin
-- Telegram: https://t.me/ru_talos

packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/Chart.yaml

@@ -1,24 +0,0 @@
-apiVersion: v2
-name: proxmox-cloud-controller-manager
-description: A Helm chart for Kubernetes
-type: application
-home: https://github.com/sergelogvinov/proxmox-cloud-controller-manager
-icon: https://proxmox.com/templates/yoo_nano2/favicon.ico
-sources:
-- https://github.com/sergelogvinov/proxmox-cloud-controller-manager
-keywords:
-- ccm
-maintainers:
-- name: sergelogvinov
-  url: https://github.com/sergelogvinov
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.6
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: v0.2.0

packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md

@@ -1,81 +0,0 @@
-# proxmox-cloud-controller-manager
-
-![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square)
-
-A Helm chart for Kubernetes
-
-**Homepage:** <https://github.com/sergelogvinov/proxmox-cloud-controller-manager>
-
-## Maintainers
-
-| Name | Email | Url |
-| ---- | ------ | --- |
-| sergelogvinov |  | <https://github.com/sergelogvinov> |
-
-## Source Code
-
-* <https://github.com/sergelogvinov/proxmox-cloud-controller-manager>
-
-Example:
-
-```yaml
-# proxmox-ccm.yaml
-
-config:
-  clusters:
-    - url: https://cluster-api-1.exmple.com:8006/api2/json
-      insecure: false
-      token_id: "kubernetes@pve!csi"
-      token_secret: "key"
-      region: cluster-1
-
-enabledControllers:
-  # Remove `cloud-node` if you use it with Talos CCM
-  - cloud-node
-  - cloud-node-lifecycle
-
-# Deploy CCM only on control-plane nodes
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
-tolerations:
-  - key: node-role.kubernetes.io/control-plane
-    effect: NoSchedule
-```
-
-Deploy chart:
-
-```shell
-helm upgrade -i --namespace=kube-system -f proxmox-ccm.yaml \
-		proxmox-cloud-controller-manager charts/proxmox-cloud-controller-manager
-```
-
-## Values
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| replicaCount | int | `1` |  |
-| image.repository | string | `"ghcr.io/sergelogvinov/proxmox-cloud-controller-manager"` | Proxmox CCM image. |
-| image.pullPolicy | string | `"IfNotPresent"` | Always or IfNotPresent |
-| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion. |
-| imagePullSecrets | list | `[]` |  |
-| nameOverride | string | `""` |  |
-| fullnameOverride | string | `""` |  |
-| extraArgs | list | `[]` | Any extra arguments for talos-cloud-controller-manager |
-| enabledControllers | list | `["cloud-node","cloud-node-lifecycle"]` | List of controllers should be enabled. Use '*' to enable all controllers. Support only `cloud-node,cloud-node-lifecycle` controllers. |
-| logVerbosityLevel | int | `2` | Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md for description of individual verbosity levels. |
-| existingConfigSecret | string | `nil` | Proxmox cluster config stored in secrets. |
-| existingConfigSecretKey | string | `"config.yaml"` | Proxmox cluster config stored in secrets key. |
-| config | object | `{"clusters":[]}` | Proxmox cluster config. |
-| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Pods Service Account. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
-| priorityClassName | string | `"system-cluster-critical"` | CCM pods' priorityClassName. |
-| podAnnotations | object | `{}` | Annotations for data pods. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
-| podSecurityContext | object | `{"fsGroup":10258,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":10258,"runAsNonRoot":true,"runAsUser":10258}` | Pods Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
-| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"seccompProfile":{"type":"RuntimeDefault"}}` | Container Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
-| resources | object | `{"requests":{"cpu":"10m","memory":"32Mi"}}` | Resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | Deployment update stategy type. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment |
-| nodeSelector | object | `{}` | Node labels for data pods assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ |
-| tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane","operator":"Exists"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","operator":"Exists"}]` | Tolerations for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
-| affinity | object | `{}` | Affinity for data pods assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2)

packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/README.md.gotmpl

@@ -1,52 +0,0 @@
-{{ template "chart.header" . }}
-
-{{ template "chart.deprecationWarning" . }}
-
-{{ template "chart.badgesSection" . }}
-
-{{ template "chart.description" . }}
-
-{{ template "chart.homepageLine" . }}
-
-{{ template "chart.maintainersSection" . }}
-
-{{ template "chart.sourcesSection" . }}
-
-{{ template "chart.requirementsSection" . }}
-
-Example:
-
-```yaml
-# proxmox-ccm.yaml
-
-config:
-  clusters:
-    - url: https://cluster-api-1.exmple.com:8006/api2/json
-      insecure: false
-      token_id: "kubernetes@pve!csi"
-      token_secret: "key"
-      region: cluster-1
-
-enabledControllers:
-  # Remove `cloud-node` if you use it with Talos CCM
-  - cloud-node
-  - cloud-node-lifecycle
-
-# Deploy CCM only on control-plane nodes
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
-tolerations:
-  - key: node-role.kubernetes.io/control-plane
-    effect: NoSchedule
-```
-
-Deploy chart:
-
-```shell
-helm upgrade -i --namespace=kube-system -f proxmox-ccm.yaml \
-		proxmox-cloud-controller-manager charts/proxmox-cloud-controller-manager
-```
-
-{{ template "chart.valuesSection" . }}
-
-{{ template "helm-docs.versionFooter" . }}

packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/ci/values.yaml

@@ -1,27 +0,0 @@
-
-image:
-  repository: ghcr.io/sergelogvinov/proxmox-cloud-controller-manager
-  pullPolicy: Always
-  tag: edge
-
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
-
-logVerbosityLevel: 4
-
-enabledControllers:
-  - cloud-node
-  - cloud-node-lifecycle
-
-config:
-  clusters:
-    - url: https://cluster-api-1.exmple.com:8006/api2/json
-      insecure: false
-      token_id: "user!token-id"
-      token_secret: "secret"
-      region: cluster-1
-    - url: https://cluster-api-2.exmple.com:8006/api2/json
-      insecure: false
-      token_id: "user!token-id"
-      token_secret: "secret"
-      region: cluster-2

packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/_helpers.tpl

@@ -1,69 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "proxmox-cloud-controller-manager.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "proxmox-cloud-controller-manager.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "proxmox-cloud-controller-manager.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "proxmox-cloud-controller-manager.labels" -}}
-helm.sh/chart: {{ include "proxmox-cloud-controller-manager.chart" . }}
-{{ include "proxmox-cloud-controller-manager.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "proxmox-cloud-controller-manager.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "proxmox-cloud-controller-manager.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "proxmox-cloud-controller-manager.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "proxmox-cloud-controller-manager.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
-
-{{/*
-Generate string of enabled controllers. Might have a trailing comma (,) which needs to be trimmed.
-*/}}
-{{- define "proxmox-cloud-controller-manager.enabledControllers" }}
-{{- range .Values.enabledControllers -}}{{ . }},{{- end -}}
-{{- end }}

packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/deployment.yaml

@@ -1,102 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "proxmox-cloud-controller-manager.fullname" . }}
-  labels:
-    {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }}
-  namespace: {{ .Release.Namespace }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  strategy:
-    type: {{ .Values.updateStrategy.type }}
-  selector:
-    matchLabels:
-      {{- include "proxmox-cloud-controller-manager.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-      {{- if .Values.config }}
-        checksum/config: {{ toJson .Values.config | sha256sum }}
-      {{- end }}
-      {{- with .Values.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "proxmox-cloud-controller-manager.selectorLabels" . | nindent 8 }}
-    spec:
-      enableServiceLinks: false
-      {{- if .Values.priorityClassName }}
-      priorityClassName: {{ .Values.priorityClassName }}
-      {{- end }}
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "proxmox-cloud-controller-manager.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          args:
-            - --v={{ .Values.logVerbosityLevel }}
-            - --cloud-provider=proxmox
-            - --cloud-config=/etc/proxmox/config.yaml
-            - --controllers={{- trimAll "," (include "proxmox-cloud-controller-manager.enabledControllers" . ) }}
-            - --leader-elect-resource-name=cloud-controller-manager-proxmox
-            - --use-service-account-credentials
-            - --secure-port=10258
-          {{- with .Values.extraArgs }}
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 10258
-              scheme: HTTPS
-            initialDelaySeconds: 20
-            periodSeconds: 30
-            timeoutSeconds: 5
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          volumeMounts:
-            - name: cloud-config
-              mountPath: /etc/proxmox
-              readOnly: true
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      topologySpreadConstraints:
-        - maxSkew: 1
-          topologyKey: kubernetes.io/hostname
-          whenUnsatisfiable: DoNotSchedule
-          labelSelector:
-            matchLabels:
-              {{- include "proxmox-cloud-controller-manager.selectorLabels" . | nindent 14 }}
-      volumes:
-        {{- if .Values.existingConfigSecret }}
-        - name: cloud-config
-          secret:
-            secretName: {{ .Values.existingConfigSecret }}
-            items:
-              - key: {{ .Values.existingConfigSecretKey }}
-                path: config.yaml
-            defaultMode: 416
-        {{- else }}
-        - name: cloud-config
-          secret:
-            secretName: {{ include "proxmox-cloud-controller-manager.fullname" . }}
-            defaultMode: 416
-        {{- end }}

packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/role.yaml

@@ -1,53 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: system:{{ include "proxmox-cloud-controller-manager.fullname" . }}
-  labels:
-    {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }}
-rules:
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - create
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - nodes/status
-  verbs:
-  - patch
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts
-  verbs:
-  - create
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - serviceaccounts/token
-  verbs:
-  - create

packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml

@@ -1,26 +0,0 @@
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: system:{{ include "proxmox-cloud-controller-manager.fullname" . }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:{{ include "proxmox-cloud-controller-manager.fullname" . }}
-subjects:
-- kind: ServiceAccount
-  name: {{ include "proxmox-cloud-controller-manager.fullname" . }}
-  namespace: {{ .Release.Namespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: system:{{ include "proxmox-cloud-controller-manager.fullname" . }}:extension-apiserver-authentication-reader
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: extension-apiserver-authentication-reader
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "proxmox-cloud-controller-manager.fullname" . }}
-    namespace: {{ .Release.Namespace }}

packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/secrets.yaml

@@ -1,11 +0,0 @@
-{{- if ne (len .Values.config.clusters) 0 }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "proxmox-cloud-controller-manager.fullname" . }}
-  labels:
-    {{- include "proxmox-cloud-controller-manager.labels" . | nindent 4 }}
-  namespace: {{ .Release.Namespace }}
-data:
-  config.yaml: {{ toYaml .Values.config | b64enc | quote }}
-{{- end }}

packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.edge.yaml

@@ -1,13 +0,0 @@
-
-image:
-  pullPolicy: Always
-  tag: edge
-
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
-
-logVerbosityLevel: 4
-
-enabledControllers:
-  - cloud-node
-  - cloud-node-lifecycle

packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.talos.yaml

@@ -1,8 +0,0 @@
-
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
-
-logVerbosityLevel: 4
-
-enabledControllers:
-  - cloud-node-lifecycle

packages/system/proxmox-csi/charts/proxmox-cloud-controller-manager/values.yaml

@@ -1,125 +0,0 @@
-# Default values for proxmox-cloud-controller-manager.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
-  # -- Proxmox CCM image.
-  repository: ghcr.io/sergelogvinov/proxmox-cloud-controller-manager
-  # -- Always or IfNotPresent
-  pullPolicy: IfNotPresent
-  # -- Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-# -- Any extra arguments for talos-cloud-controller-manager
-extraArgs: []
-  # - --cluster-name=kubernetes
-
-# -- List of controllers should be enabled.
-# Use '*' to enable all controllers.
-# Support only `cloud-node,cloud-node-lifecycle` controllers.
-enabledControllers:
-  - cloud-node
-  - cloud-node-lifecycle
-  # - route
-  # - service
-
-# -- Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md
-# for description of individual verbosity levels.
-logVerbosityLevel: 2
-
-# -- Proxmox cluster config stored in secrets.
-existingConfigSecret: ~
-# -- Proxmox cluster config stored in secrets key.
-existingConfigSecretKey: config.yaml
-
-# -- Proxmox cluster config.
-config:
-  clusters: []
-  #   - url: https://cluster-api-1.exmple.com:8006/api2/json
-  #     insecure: false
-  #     token_id: "login!name"
-  #     token_secret: "secret"
-  #     region: cluster-1
-
-# -- Pods Service Account.
-# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-# -- CCM pods' priorityClassName.
-priorityClassName: system-cluster-critical
-
-# -- Annotations for data pods.
-# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-podAnnotations: {}
-
-# -- Pods Security Context.
-# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
-podSecurityContext:
-  runAsNonRoot: true
-  runAsUser: 10258
-  runAsGroup: 10258
-  fsGroup: 10258
-  fsGroupChangePolicy: "OnRootMismatch"
-
-# -- Container Security Context.
-# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
-securityContext:
-  allowPrivilegeEscalation: false
-  capabilities:
-    drop:
-    - ALL
-  seccompProfile:
-    type: RuntimeDefault
-
-# -- Resource requests and limits.
-# ref: https://kubernetes.io/docs/user-guide/compute-resources/
-resources:
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  requests:
-    cpu: 10m
-    memory: 32Mi
-
-# -- Deployment update stategy type.
-# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment
-updateStrategy:
-  type: RollingUpdate
-  rollingUpdate:
-    maxUnavailable: 1
-
-# -- Node labels for data pods assignment.
-# ref: https://kubernetes.io/docs/user-guide/node-selection/
-nodeSelector: {}
-  # node-role.kubernetes.io/control-plane: ""
-
-# -- Tolerations for data pods assignment.
-# ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-tolerations:
-  - effect: NoSchedule
-    key: node-role.kubernetes.io/control-plane
-    operator: Exists
-  - effect: NoSchedule
-    key: node.cloudprovider.kubernetes.io/uninitialized
-    operator: Exists
-
-# -- Affinity for data pods assignment.
-# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
-affinity: {}

packages/system/proxmox-csi/charts/proxmox-csi-plugin/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

packages/system/proxmox-csi/charts/proxmox-csi-plugin/Chart.yaml

@@ -1,26 +0,0 @@
-apiVersion: v2
-name: proxmox-csi-plugin
-description: A CSI plugin for Proxmox
-type: application
-home: https://github.com/sergelogvinov/proxmox-csi-plugin
-icon: https://proxmox.com/templates/yoo_nano2/favicon.ico
-sources:
-- https://github.com/sergelogvinov/proxmox-csi-plugin
-keywords:
-- storage
-- block-storage
-- volume
-maintainers:
-- name: sergelogvinov
-  url: https://github.com/sergelogvinov
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.6
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: v0.3.0

packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md

@@ -1,116 +0,0 @@
-# proxmox-csi-plugin
-
-![Version: 0.1.6](https://img.shields.io/badge/Version-0.1.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.3.0](https://img.shields.io/badge/AppVersion-v0.3.0-informational?style=flat-square)
-
-A CSI plugin for Proxmox
-
-**Homepage:** <https://github.com/sergelogvinov/proxmox-csi-plugin>
-
-## Maintainers
-
-| Name | Email | Url |
-| ---- | ------ | --- |
-| sergelogvinov |  | <https://github.com/sergelogvinov> |
-
-## Source Code
-
-* <https://github.com/sergelogvinov/proxmox-csi-plugin>
-
-Example:
-
-```yaml
-# proxmox-csi.yaml
-
-config:
-  clusters:
-    - url: https://cluster-api-1.exmple.com:8006/api2/json
-      insecure: false
-      token_id: "kubernetes-csi@pve!csi"
-      token_secret: "key"
-      region: cluster-1
-
-# Deploy Node CSI driver only on proxmox nodes
-node:
-  nodeSelector:
-    # It will work only with Talos CCM, remove it overwise
-    node.cloudprovider.kubernetes.io/platform: nocloud
-  tolerations:
-    - operator: Exists
-
-# Deploy CSI controller only on control-plane nodes
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
-tolerations:
-  - key: node-role.kubernetes.io/control-plane
-    effect: NoSchedule
-
-# Define storage classes
-# See https://pve.proxmox.com/wiki/Storage
-storageClass:
-  - name: proxmox-data-xfs
-    storage: data
-    reclaimPolicy: Delete
-    fstype: xfs
-  - name: proxmox-data
-    storage: data
-    reclaimPolicy: Delete
-    fstype: ext4
-    cache: writethrough
-```
-
-Deploy chart:
-
-```shell
-helm upgrade -i --namespace=csi-proxmox -f proxmox-csi.yaml \
-		proxmox-csi-plugin charts/proxmox-csi-plugin/
-```
-
-## Values
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| replicaCount | int | `1` |  |
-| imagePullSecrets | list | `[]` |  |
-| nameOverride | string | `""` |  |
-| fullnameOverride | string | `""` |  |
-| priorityClassName | string | `"system-cluster-critical"` | Controller pods priorityClassName. |
-| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | Pods Service Account. ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ |
-| provisionerName | string | `"csi.proxmox.sinextra.dev"` | CSI Driver provisioner name. Currently, cannot be customized. |
-| clusterID | string | `"kubernetes"` | Cluster name. Currently, cannot be customized. |
-| logVerbosityLevel | int | `5` | Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md for description of individual verbosity levels. |
-| timeout | string | `"3m"` | Connection timeout between sidecars. |
-| existingConfigSecret | string | `nil` | Proxmox cluster config stored in secrets. |
-| existingConfigSecretKey | string | `"config.yaml"` | Proxmox cluster config stored in secrets key. |
-| configFile | string | `"/etc/proxmox/config.yaml"` | Proxmox cluster config path. |
-| config | object | `{"clusters":[]}` | Proxmox cluster config. |
-| storageClass | list | `[]` | Storage class defenition. |
-| controller.plugin.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/sergelogvinov/proxmox-csi-controller","tag":""}` | Controller CSI Driver. |
-| controller.plugin.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Controller resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| controller.attacher.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-attacher","tag":"v4.3.0"}` | CSI Attacher. |
-| controller.attacher.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Attacher resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| controller.provisioner.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-provisioner","tag":"v3.5.0"}` | CSI Provisioner. |
-| controller.provisioner.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Provisioner resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| controller.resizer.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-resizer","tag":"v1.8.0"}` | CSI Resizer. |
-| controller.resizer.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Resizer resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| node.plugin.image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/sergelogvinov/proxmox-csi-node","tag":""}` | Node CSI Driver. |
-| node.plugin.resources | object | `{}` | Node CSI Driver resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| node.driverRegistrar.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/csi-node-driver-registrar","tag":"v2.8.0"}` | Node CSI driver registrar. |
-| node.driverRegistrar.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Node registrar resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| node.nodeSelector | object | `{}` | Node labels for node-plugin assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ |
-| node.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/unschedulable","operator":"Exists"},{"effect":"NoSchedule","key":"node.kubernetes.io/disk-pressure","operator":"Exists"}]` | Tolerations for node-plugin assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
-| livenessprobe.image | object | `{"pullPolicy":"IfNotPresent","repository":"registry.k8s.io/sig-storage/livenessprobe","tag":"v2.10.0"}` | Common livenessprobe sidecar. |
-| livenessprobe.failureThreshold | int | `5` | Failure threshold for livenessProbe |
-| livenessprobe.initialDelaySeconds | int | `10` | Initial delay seconds for livenessProbe |
-| livenessprobe.timeoutSeconds | int | `10` | Timeout seconds for livenessProbe |
-| livenessprobe.periodSeconds | int | `60` | Period seconds for livenessProbe |
-| livenessprobe.resources | object | `{"requests":{"cpu":"10m","memory":"16Mi"}}` | Liveness probe resource requests and limits. ref: https://kubernetes.io/docs/user-guide/compute-resources/ |
-| podAnnotations | object | `{}` | Annotations for controller pod. ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |
-| podSecurityContext | object | `{"fsGroup":65532,"fsGroupChangePolicy":"OnRootMismatch","runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532}` | Controller Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
-| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Controller Container Security Context. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod |
-| updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | Controller deployment update stategy type. ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment |
-| nodeSelector | object | `{}` | Node labels for controller assignment. ref: https://kubernetes.io/docs/user-guide/node-selection/ |
-| tolerations | list | `[]` | Tolerations for controller assignment. ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
-| affinity | object | `{}` | Affinity for controller assignment. ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

packages/system/proxmox-csi/charts/proxmox-csi-plugin/README.md.gotmpl

@@ -1,68 +0,0 @@
-{{ template "chart.header" . }}
-
-{{ template "chart.deprecationWarning" . }}
-
-{{ template "chart.badgesSection" . }}
-
-{{ template "chart.description" . }}
-
-{{ template "chart.homepageLine" . }}
-
-{{ template "chart.maintainersSection" . }}
-
-{{ template "chart.sourcesSection" . }}
-
-{{ template "chart.requirementsSection" . }}
-
-Example:
-
-```yaml
-# proxmox-csi.yaml
-
-config:
-  clusters:
-    - url: https://cluster-api-1.exmple.com:8006/api2/json
-      insecure: false
-      token_id: "kubernetes-csi@pve!csi"
-      token_secret: "key"
-      region: cluster-1
-
-# Deploy Node CSI driver only on proxmox nodes
-node:
-  nodeSelector:
-    # It will work only with Talos CCM, remove it overwise
-    node.cloudprovider.kubernetes.io/platform: nocloud
-  tolerations:
-    - operator: Exists
-
-# Deploy CSI controller only on control-plane nodes
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
-tolerations:
-  - key: node-role.kubernetes.io/control-plane
-    effect: NoSchedule
-
-# Define storage classes
-# See https://pve.proxmox.com/wiki/Storage
-storageClass:
-  - name: proxmox-data-xfs
-    storage: data
-    reclaimPolicy: Delete
-    fstype: xfs
-  - name: proxmox-data
-    storage: data
-    reclaimPolicy: Delete
-    fstype: ext4
-    cache: writethrough
-```
-
-Deploy chart:
-
-```shell
-helm upgrade -i --namespace=csi-proxmox -f proxmox-csi.yaml \
-		proxmox-csi-plugin charts/proxmox-csi-plugin/
-```
-
-{{ template "chart.valuesSection" . }}
-
-{{ template "helm-docs.versionFooter" . }}

packages/system/proxmox-csi/charts/proxmox-csi-plugin/ci/values.yaml

@@ -1,22 +0,0 @@
-
-node:
-  nodeSelector:
-    node.cloudprovider.kubernetes.io/platform: nocloud
-  tolerations:
-    - operator: Exists
-
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
-tolerations:
-  - key: node-role.kubernetes.io/control-plane
-    effect: NoSchedule
-
-storageClass:
-  - name: proxmox-data-xfs
-    storage: data
-    reclaimPolicy: Delete
-    fstype: xfs
-  - name: proxmox-data
-    storage: data
-    reclaimPolicy: Delete
-    ssd: true

packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-clusterrole.yaml

@@ -1,37 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
-rules:
-  - apiGroups: [""]
-    resources: ["persistentvolumes"]
-    verbs: ["get", "list", "watch", "create", "patch", "delete"]
-  - apiGroups: [""]
-    resources: ["persistentvolumeclaims"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: [""]
-    resources: ["persistentvolumeclaims/status"]
-    verbs: ["patch"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["get","list", "watch", "create", "update", "patch"]
-
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["storageclasses"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["csinodes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
-
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["volumeattachments"]
-    verbs: ["get", "list", "watch", "patch"]
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["volumeattachments/status"]
-    verbs: ["patch"]

packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-deployment.yaml

@@ -1,157 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  strategy:
-    type: {{ .Values.updateStrategy.type }}
-    rollingUpdate:
-      {{- toYaml .Values.updateStrategy.rollingUpdate | nindent 6 }}
-  selector:
-    matchLabels:
-      {{- include "proxmox-csi-plugin.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      annotations:
-        checksum/config: {{ toJson .Values.config | sha256sum }}
-      {{- with .Values.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "proxmox-csi-plugin.selectorLabels" . | nindent 8 }}
-    spec:
-      {{- if .Values.priorityClassName }}
-      priorityClassName: {{ .Values.priorityClassName }}
-      {{- end }}
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      enableServiceLinks: false
-      serviceAccountName: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-controller
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.controller.plugin.image.repository }}:{{ .Values.controller.plugin.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.controller.plugin.image.pullPolicy }}
-          args:
-            - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-            - "--cloud-config={{ .Values.configFile }}"
-          resources:
-            {{- toYaml .Values.controller.plugin.resources | nindent 12 }}
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
-            - name: cloud-config
-              mountPath: /etc/proxmox/
-        - name: csi-attacher
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.controller.attacher.image.repository }}:{{ .Values.controller.attacher.image.tag }}"
-          imagePullPolicy: {{ .Values.controller.attacher.image.pullPolicy }}
-          args:
-            - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-            - "--timeout={{ .Values.timeout }}"
-            - "--leader-election"
-            - "--default-fstype=ext4"
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
-          resources: {{ toYaml .Values.controller.attacher.resources | nindent 12 }}
-        - name: csi-provisioner
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.controller.provisioner.image.repository }}:{{ .Values.controller.provisioner.image.tag }}"
-          imagePullPolicy: {{ .Values.controller.provisioner.image.pullPolicy }}
-          args:
-            - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-            - "--timeout={{ .Values.timeout }}"
-            - "--leader-election"
-            - "--default-fstype=ext4"
-            - "--feature-gates=Topology=True"
-            - "--enable-capacity"
-            - "--capacity-ownerref-level=2"
-          env:
-            - name: NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
-          resources: {{ toYaml .Values.controller.provisioner.resources | nindent 12 }}
-        - name: csi-resizer
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.controller.resizer.image.repository }}:{{ .Values.controller.resizer.image.tag }}"
-          imagePullPolicy: {{ .Values.controller.resizer.image.pullPolicy }}
-          args:
-            - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-            - "--timeout={{ .Values.timeout }}"
-            - "--handle-volume-inuse-error=false"
-            - "--leader-election"
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
-          resources: {{ toYaml .Values.controller.resizer.resources | nindent 12 }}
-        - name: liveness-probe
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.livenessprobe.image.repository }}:{{ .Values.livenessprobe.image.tag }}"
-          imagePullPolicy: {{ .Values.livenessprobe.image.pullPolicy }}
-          args:
-            - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
-          resources: {{ toYaml .Values.livenessprobe.resources | nindent 12 }}
-      volumes:
-        - name: socket-dir
-          emptyDir: {}
-        {{- if .Values.existingConfigSecret }}
-        - name: cloud-config
-          secret:
-            secretName: {{ .Values.existingConfigSecret }}
-            items:
-              - key: {{ .Values.existingConfigSecretKey }}
-                path: config.yaml
-        {{- else }}
-        - name: cloud-config
-          secret:
-            secretName: {{ include "proxmox-csi-plugin.fullname" . }}
-        {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      topologySpreadConstraints:
-        - maxSkew: 1
-          topologyKey: kubernetes.io/hostname
-          whenUnsatisfiable: DoNotSchedule
-          labelSelector:
-            matchLabels:
-              {{- include "proxmox-csi-plugin.selectorLabels" . | nindent 14 }}

packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-role.yaml

@@ -1,21 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
-rules:
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    verbs: ["get", "watch", "list", "delete", "update", "create"]
-
-  - apiGroups: ["storage.k8s.io"]
-    resources: ["csistoragecapacities"]
-    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-  - apiGroups: [""]
-    resources: ["pods"]
-    verbs: ["get"]
-  - apiGroups: ["apps"]
-    resources: ["replicasets"]
-    verbs: ["get"]

packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/controller-rolebinding.yaml

@@ -1,26 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-controller
-    namespace: {{ .Release.Namespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ include "proxmox-csi-plugin.fullname" . }}-controller
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-controller
-    namespace: {{ .Release.Namespace }}

packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/csidriver.yaml

@@ -1,10 +0,0 @@
-apiVersion: storage.k8s.io/v1
-kind: CSIDriver
-metadata:
-  name: {{ .Values.provisionerName }}
-spec:
-  attachRequired: true
-  podInfoOnMount: true
-  storageCapacity: true
-  volumeLifecycleModes:
-  - Persistent

packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-clusterrole.yaml

@@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "proxmox-csi-plugin.fullname" . }}-node
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - nodes
-    verbs:
-      - get

packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-deployment.yaml

@@ -1,135 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: {{ include "proxmox-csi-plugin.fullname" . }}-node
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
-spec:
-  updateStrategy:
-    type: {{ .Values.updateStrategy.type }}
-  selector:
-    matchLabels:
-      {{- include "proxmox-csi-plugin-node.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "proxmox-csi-plugin-node.selectorLabels" . | nindent 8 }}
-    spec:
-      priorityClassName: system-node-critical
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      enableServiceLinks: false
-      serviceAccountName: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-node
-      securityContext:
-        runAsUser: 0
-        runAsGroup: 0
-      containers:
-        - name: {{ include "proxmox-csi-plugin.fullname" . }}-node
-          securityContext:
-            privileged: true
-            capabilities:
-              drop:
-              - ALL
-              add:
-              - SYS_ADMIN
-              - CHOWN
-              - DAC_OVERRIDE
-            seccompProfile:
-              type: RuntimeDefault
-          image: "{{ .Values.node.plugin.image.repository }}:{{ .Values.node.plugin.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.node.plugin.image.pullPolicy }}
-          args:
-            - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-            - "--node-id=$(NODE_NAME)"
-          env:
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-          resources: {{- toYaml .Values.node.plugin.resources | nindent 12 }}
-          volumeMounts:
-            - name: socket
-              mountPath: /csi
-            - name: kubelet
-              mountPath: /var/lib/kubelet
-              mountPropagation: Bidirectional
-            - name: dev
-              mountPath: /dev
-            - name: sys
-              mountPath: /sys
-        - name: csi-node-driver-registrar
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-              - ALL
-            # readOnlyRootFilesystem: true
-            seccompProfile:
-              type: RuntimeDefault
-          image: "{{ .Values.node.driverRegistrar.image.repository }}:{{ .Values.node.driverRegistrar.image.tag }}"
-          imagePullPolicy: {{ .Values.node.driverRegistrar.image.pullPolicy }}
-          args:
-            - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-            - "--kubelet-registration-path=/var/lib/kubelet/plugins/{{ .Values.provisionerName }}/csi.sock"
-          volumeMounts:
-            - name: socket
-              mountPath: /csi
-            - name: registration
-              mountPath: /registration
-          resources: {{- toYaml .Values.node.driverRegistrar.resources | nindent 12 }}
-        - name: liveness-probe
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-              - ALL
-            readOnlyRootFilesystem: true
-            seccompProfile:
-              type: RuntimeDefault
-          image: "{{ .Values.livenessprobe.image.repository }}:{{ .Values.livenessprobe.image.tag }}"
-          imagePullPolicy: {{ .Values.livenessprobe.image.pullPolicy }}
-          args:
-            - "-v={{ .Values.logVerbosityLevel }}"
-            - "--csi-address=unix:///csi/csi.sock"
-          volumeMounts:
-            - name: socket
-              mountPath: /csi
-          resources: {{- toYaml .Values.livenessprobe.resources | nindent 12 }}
-      volumes:
-        - name: socket
-          hostPath:
-            path: /var/lib/kubelet/plugins/{{ .Values.provisionerName }}/
-            type: DirectoryOrCreate
-        - name: registration
-          hostPath:
-            path: /var/lib/kubelet/plugins_registry/
-            type: Directory
-        - name: kubelet
-          hostPath:
-            path: /var/lib/kubelet
-            type: Directory
-        - name: dev
-          hostPath:
-            path: /dev
-            type: Directory
-        - name: sys
-          hostPath:
-            path: /sys
-            type: Directory
-      {{- with .Values.node.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.node.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/node-rolebinding.yaml

@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "proxmox-csi-plugin.fullname" . }}-node
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ include "proxmox-csi-plugin.fullname" . }}-node
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-node
-    namespace: {{ .Release.Namespace }}

packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/secrets.yaml

@@ -1,12 +0,0 @@
-{{- if ne (len .Values.config.clusters) 0 }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "proxmox-csi-plugin.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
-type: Opaque
-data:
-  config.yaml: {{ toYaml .Values.config | b64enc | quote }}
-{{- end }}

packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/serviceaccount.yaml

@@ -1,25 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-controller
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "proxmox-csi-plugin.serviceAccountName" . }}-node
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "proxmox-csi-plugin.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-{{- end }}

packages/system/proxmox-csi/charts/proxmox-csi-plugin/templates/storageclass.yaml

@@ -1,20 +0,0 @@
-{{- range $storage := .Values.storageClass }}
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: {{ $storage.name }}
-provisioner: {{ $.Values.provisionerName }}
-allowVolumeExpansion: true
-volumeBindingMode: WaitForFirstConsumer
-reclaimPolicy: {{ default "Delete" $storage.reclaimPolicy }}
-parameters:
-  csi.storage.k8s.io/fstype: {{ default "ext4" $storage.fstype }}
-  storage: {{ $storage.storage }}
-  {{- if $storage.cache }}
-  cache: {{  $storage.cache }}
-  {{- end }}
-  {{- if $storage.ssd }}
-  ssd: "true"
-  {{- end }}
----
-{{- end }}

packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.edge.yaml

@@ -1,30 +0,0 @@
-
-controller:
-  plugin:
-    image:
-      pullPolicy: Always
-      tag: edge
-
-node:
-  plugin:
-    image:
-      pullPolicy: Always
-      tag: edge
-
-  nodeSelector:
-    node.cloudprovider.kubernetes.io/platform: nocloud
-
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
-tolerations:
-  - key: node-role.kubernetes.io/control-plane
-    effect: NoSchedule
-
-storageClass:
-  - name: proxmox-data-xfs
-    storage: data
-    reclaimPolicy: Delete
-    fstype: xfs
-  - name: proxmox-data
-    storage: data
-    ssd: true

packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.talos.yaml

@@ -1,21 +0,0 @@
-
-node:
-  nodeSelector:
-    node.cloudprovider.kubernetes.io/platform: nocloud
-  tolerations:
-    - operator: Exists
-
-nodeSelector:
-  node-role.kubernetes.io/control-plane: ""
-tolerations:
-  - key: node-role.kubernetes.io/control-plane
-    effect: NoSchedule
-
-storageClass:
-  - name: proxmox-data-xfs
-    storage: data
-    reclaimPolicy: Delete
-    fstype: xfs
-  - name: proxmox-data
-    storage: data
-    reclaimPolicy: Delete

packages/system/proxmox-csi/charts/proxmox-csi-plugin/values.yaml

@@ -1,222 +0,0 @@
-# Default values for proxmox-csi-plugin.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-# -- Controller pods priorityClassName.
-priorityClassName: system-cluster-critical
-
-# -- Pods Service Account.
-# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-# -- CSI Driver provisioner name.
-# Currently, cannot be customized.
-provisionerName: csi.proxmox.sinextra.dev
-
-# -- Cluster name.
-# Currently, cannot be customized.
-clusterID: kubernetes
-
-# -- Log verbosity level. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md
-# for description of individual verbosity levels.
-logVerbosityLevel: 5
-
-# -- Connection timeout between sidecars.
-timeout: 3m
-
-# -- Proxmox cluster config stored in secrets.
-existingConfigSecret: ~
-# -- Proxmox cluster config stored in secrets key.
-existingConfigSecretKey: config.yaml
-
-# -- Proxmox cluster config path.
-configFile: /etc/proxmox/config.yaml
-
-# -- Proxmox cluster config.
-config:
-  clusters: []
-  #   - url: https://cluster-api-1.exmple.com:8006/api2/json
-  #     insecure: false
-  #     token_id: "login!name"
-  #     token_secret: "secret"
-  #     region: cluster-1
-
-# -- Storage class defenition.
-storageClass: []
-  # - name: proxmox-data-xfs
-  #   storage: data
-  #   reclaimPolicy: Delete
-  #   fstype: ext4|xfs
-  #
-  #   # https://pve.proxmox.com/wiki/Performance_Tweaks
-  #   cache: directsync|none|writeback|writethrough
-  #   ssd: true
-
-controller:
-  plugin:
-    # -- Controller CSI Driver.
-    image:
-      repository: ghcr.io/sergelogvinov/proxmox-csi-controller
-      pullPolicy: IfNotPresent
-      # Overrides the image tag whose default is the chart appVersion.
-      tag: ""
-    # -- Controller resource requests and limits.
-    # ref: https://kubernetes.io/docs/user-guide/compute-resources/
-    resources:
-      requests:
-        cpu: 10m
-        memory: 16Mi
-  attacher:
-    # -- CSI Attacher.
-    image:
-      repository: registry.k8s.io/sig-storage/csi-attacher
-      pullPolicy: IfNotPresent
-      tag: v4.3.0
-    # -- Attacher resource requests and limits.
-    # ref: https://kubernetes.io/docs/user-guide/compute-resources/
-    resources:
-      requests:
-        cpu: 10m
-        memory: 16Mi
-  provisioner:
-    # -- CSI Provisioner.
-    image:
-      repository: registry.k8s.io/sig-storage/csi-provisioner
-      pullPolicy: IfNotPresent
-      tag: v3.5.0
-    # -- Provisioner resource requests and limits.
-    # ref: https://kubernetes.io/docs/user-guide/compute-resources/
-    resources:
-      requests:
-        cpu: 10m
-        memory: 16Mi
-  resizer:
-    # -- CSI Resizer.
-    image:
-      repository: registry.k8s.io/sig-storage/csi-resizer
-      pullPolicy: IfNotPresent
-      tag: v1.8.0
-    # -- Resizer resource requests and limits.
-    # ref: https://kubernetes.io/docs/user-guide/compute-resources/
-    resources:
-      requests:
-        cpu: 10m
-        memory: 16Mi
-
-node:
-  plugin:
-    # -- Node CSI Driver.
-    image:
-      repository: ghcr.io/sergelogvinov/proxmox-csi-node
-      pullPolicy: IfNotPresent
-      # Overrides the image tag whose default is the chart appVersion.
-      tag: ""
-    # -- Node CSI Driver resource requests and limits.
-    # ref: https://kubernetes.io/docs/user-guide/compute-resources/
-    resources: {}
-  driverRegistrar:
-    # -- Node CSI driver registrar.
-    image:
-      repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
-      pullPolicy: IfNotPresent
-      tag: v2.8.0
-    # -- Node registrar resource requests and limits.
-    # ref: https://kubernetes.io/docs/user-guide/compute-resources/
-    resources:
-      requests:
-        cpu: 10m
-        memory: 16Mi
-
-  # -- Node labels for node-plugin assignment.
-  # ref: https://kubernetes.io/docs/user-guide/node-selection/
-  nodeSelector: {}
-
-  # -- Tolerations for node-plugin assignment.
-  # ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-  tolerations:
-    - key: node.kubernetes.io/unschedulable
-      operator: Exists
-      effect: NoSchedule
-    - key: node.kubernetes.io/disk-pressure
-      operator: Exists
-      effect: NoSchedule
-
-livenessprobe:
-  # -- Common livenessprobe sidecar.
-  image:
-    repository: registry.k8s.io/sig-storage/livenessprobe
-    pullPolicy: IfNotPresent
-    tag: v2.10.0
-  # -- Failure threshold for livenessProbe
-  failureThreshold: 5
-  # -- Initial delay seconds for livenessProbe
-  initialDelaySeconds: 10
-  # -- Timeout seconds for livenessProbe
-  timeoutSeconds: 10
-  # -- Period seconds for livenessProbe
-  periodSeconds: 60
-  # -- Liveness probe resource requests and limits.
-  # ref: https://kubernetes.io/docs/user-guide/compute-resources/
-  resources:
-    requests:
-      cpu: 10m
-      memory: 16Mi
-
-# -- Annotations for controller pod.
-# ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-podAnnotations: {}
-
-# -- Controller Security Context.
-# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
-podSecurityContext:
-  runAsNonRoot: true
-  runAsUser: 65532
-  runAsGroup: 65532
-  fsGroup: 65532
-  fsGroupChangePolicy: OnRootMismatch
-
-# -- Controller Container Security Context.
-# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
-securityContext:
-  allowPrivilegeEscalation: false
-  capabilities:
-    drop:
-    - ALL
-  seccompProfile:
-    type: RuntimeDefault
-  readOnlyRootFilesystem: true
-
-# -- Controller deployment update stategy type.
-# ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment
-updateStrategy:
-  type: RollingUpdate
-  rollingUpdate:
-    maxUnavailable: 1
-
-# -- Node labels for controller assignment.
-# ref: https://kubernetes.io/docs/user-guide/node-selection/
-nodeSelector: {}
-  # node-role.kubernetes.io/control-plane: ""
-
-# -- Tolerations for controller assignment.
-# ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
-tolerations: []
-  # - key: node-role.kubernetes.io/control-plane
-  #   effect: NoSchedule
-
-# -- Affinity for controller assignment.
-# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
-affinity: {}

packages/system/proxmox-csi/patches/namespace.patch

@@ -1,13 +0,0 @@
-diff --git a/apps/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml b/apps/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml
-index 0ed037f..32b065e 100644
---- a/apps/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml
-+++ b/apps/proxmox-csi/charts/proxmox-cloud-controller-manager/templates/rolebinding.yaml
-@@ -9,7 +9,7 @@ roleRef:
- subjects:
- - kind: ServiceAccount
-   name: {{ include "proxmox-cloud-controller-manager.fullname" . }}
--  namespace: kube-system
-+  namespace: {{ .Release.Namespace }}
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding

packages/system/proxmox-csi/tests/1.yaml

@@ -1,30 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: task-pv-claim
-spec:
-  storageClassName: proxmox-lvm
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 3Gi
----
-apiVersion: v1
-kind: Pod
-metadata:
-  name: task-pv-pod
-spec:
-  volumes:
-    - name: task-pv-storage
-      persistentVolumeClaim:
-        claimName: task-pv-claim
-  containers:
-    - name: task-pv-container
-      image: nginx
-      ports:
-        - containerPort: 80
-          name: "http-server"
-      volumeMounts:
-        - mountPath: "/usr/share/nginx/html"
-          name: task-pv-storage

packages/system/proxmox-csi/values.yaml

@@ -1,22 +0,0 @@
-proxmox-cloud-controller-manager:
-  fullnameOverride: proxmox-cloud-controller-manager
-  
-  enabledControllers:
-    - cloud-node
-    - cloud-node-lifecycle
-  
-  # Deploy CCM only on control-plane nodes
-  nodeSelector:
-    node-role.kubernetes.io/control-plane: ""
-  tolerations:
-    - key: node-role.kubernetes.io/control-plane
-      effect: NoSchedule
-
-proxmox-csi-plugin:
-  fullnameOverride: proxmox-csi-plugin
-
-  nodeSelector:
-    node-role.kubernetes.io/control-plane: ""
-  tolerations:
-    - key: node-role.kubernetes.io/control-plane
-      effect: NoSchedule