Apply review feedback

Author: mdnix

.gitignore

@@ -7,6 +7,7 @@
 /jsonnetfile.lock.json
 /crds
 /compiled
+/helm_values
 
 # Antora
 /_archive

Makefile

@@ -81,4 +81,4 @@ $(test_instances):
 
 .PHONY: clean
 clean: ## Clean the project
-	rm -rf .cache compiled dependencies vendor helmcharts jsonnetfile*.json || true
+	rm -rf .cache compiled dependencies vendor helmcharts helm_values jsonnetfile*.json || true

class/cloud-provider-openstack.yml

@@ -1,4 +1,36 @@
 parameters:
+  _os_ccm_chart:
+    "True":
+      input_paths:
+        - ${_base_directory}/helmcharts/openstack-cloud-controller-manager/${cloud_provider_openstack:charts:openstack-cloud-controller-manager:version}
+      input_type: helm
+      helm_params:
+        name: openstack-ccm
+        namespace: ${cloud_provider_openstack:namespace}
+      helm_values_files:
+        - ${_base_directory}/helm_values/ccm-values.yaml
+      output_path: cloud-provider-openstack/10_ccm_helm_chart
+    "False":
+      input_type: jsonnet
+      input_paths: []
+      output_path: cloud-provider-openstack/
+
+  _os_csi_chart:
+    "True":
+      input_paths:
+        - ${_base_directory}/helmcharts/openstack-cinder-csi/${cloud_provider_openstack:charts:openstack-cinder-csi:version}
+      input_type: helm
+      helm_params:
+        name: cinder-csi
+        namespace: ${cloud_provider_openstack:namespace}
+      helm_values_files:
+        - ${_base_directory}/helm_values/csi-values.yaml
+      output_path: cloud-provider-openstack/20_csi_helm_chart
+    "False":
+      input_type: jsonnet
+      input_paths: []
+      output_path: cloud-provider-openstack/
+
   kapitan:
     dependencies:
       - type: helm
@@ -17,21 +49,11 @@ parameters:
         input_type: jsonnet
         output_path: .
       - input_paths:
-          - ${_base_directory}/helmcharts/openstack-cloud-controller-manager/${cloud_provider_openstack:charts:openstack-cloud-controller-manager:version}
-        input_type: helm
-        helm_values: ${cloud_provider_openstack:ccm:helm_values}
-        helm_params:
-          name: openstack-ccm
-          namespace: ${cloud_provider_openstack:namespace}
-        output_path: cloud-provider-openstack/10_ccm_helm_chart
-      - input_paths:
-          - ${_base_directory}/helmcharts/openstack-cinder-csi/${cloud_provider_openstack:charts:openstack-cinder-csi:version}
-        input_type: helm
-        helm_values: ${cloud_provider_openstack:csi:helm_values}
-        helm_params:
-          name: cinder-csi
-          namespace: ${cloud_provider_openstack:namespace}
-        output_path: cloud-provider-openstack/20_csi_helm_chart
+          - ${_base_directory}/component/render-helm-values.jsonnet
+        input_type: jsonnet
+        output_path: ${_base_directory}/helm_values/
+      - ${_os_ccm_chart:${cloud_provider_openstack:ccm:enabled}}
+      - ${_os_csi_chart:${cloud_provider_openstack:csi:enabled}}
       - input_paths:
           - ${_base_directory}/component/main.jsonnet
         input_type: jsonnet

class/defaults.yml

@@ -3,6 +3,8 @@ parameters:
     =_metadata:
       multi_tenant: true
     namespace: syn-cloud-provider-openstack
+    namespace_labels: {}
+    namespace_annotations: {}
 
     charts:
       openstack-cloud-controller-manager:
@@ -34,6 +36,7 @@ parameters:
       route: {}
 
     ccm:
+      enabled: true
       cluster_name: ${cluster:name}
       service_account_name: cloud-controller-manager
       resources:
@@ -48,10 +51,10 @@ parameters:
       node_selector:
         node-role.kubernetes.io/control-plane: ""
       tolerations:
-        - key: node.cloudprovider.kubernetes.io/uninitialized
+        node.cloudprovider.kubernetes.io/uninitialized:
           value: "true"
           effect: NoSchedule
-        - key: node-role.kubernetes.io/control-plane
+        node-role.kubernetes.io/control-plane:
           effect: NoSchedule
       service_monitor:
         enabled: false
@@ -70,24 +73,31 @@ parameters:
           repository: ${cloud_provider_openstack:images:openstack_cloud_controller_manager:registry}/${cloud_provider_openstack:images:openstack_cloud_controller_manager:repository}
           tag: ${cloud_provider_openstack:images:openstack_cloud_controller_manager:tag}
         resources: ${cloud_provider_openstack:ccm:resources}
-        enabledControllers: ${cloud_provider_openstack:ccm:enabled_controllers}
         logVerbosityLevel: ${cloud_provider_openstack:ccm:log_verbosity_level}
         nodeSelector: ${cloud_provider_openstack:ccm:node_selector}
-        tolerations: ${cloud_provider_openstack:ccm:tolerations}
         serviceMonitor: ${cloud_provider_openstack:ccm:service_monitor}
         extraVolumes: ${cloud_provider_openstack:ccm:extra_volumes}
         extraVolumeMounts: ${cloud_provider_openstack:ccm:extra_volume_mounts}
 
     csi:
+      enabled: true
       cluster_id: ${cluster:name}
       fs_type: ext4
       volume_binding_mode: WaitForFirstConsumer
       log_verbosity_level: 2
       pod_monitor:
         enabled: false
         additionalLabels: {}
-      node_driver_daemonset_tolerations:
-        - operator: Exists
+      controller_plugin:
+        node_selector:
+          node-role.kubernetes.io/control-plane: ""
+        tolerations:
+          node-role.kubernetes.io/control-plane:
+            effect: NoSchedule
+      node_plugin:
+        tolerations:
+          "":
+            operator: Exists
       resources:
         controller:
           csi-provisioner:
@@ -155,12 +165,4 @@ parameters:
             httpEndpoint:
               enabled: ${cloud_provider_openstack:csi:pod_monitor:enabled}
               port: 8080
-            controllerPlugin:
-              nodeSelector:
-                node-role.kubernetes.io/control-plane: ""
-              tolerations:
-                - key: node-role.kubernetes.io/control-plane
-                  effect: NoSchedule
-            nodePlugin:
-              tolerations: ${cloud_provider_openstack:csi:node_driver_daemonset_tolerations}
             podMonitor: ${cloud_provider_openstack:csi:pod_monitor}

component/main.jsonnet

@@ -9,10 +9,10 @@ local renderValue(k, v) =
   if v == null then []
   else if std.isArray(v) then
     [ '%s=%s' % [ k, item ] for item in v if item != null ]
-  else if std.isBoolean(v) then
-    [ '%s=%s' % [ k, if v then 'true' else 'false' ] ]
+  else if std.isObject(v) then
+    error 'cloud_conf value for key "%s" must be scalar or array, got object' % k
   else
-    [ '%s=%s' % [ k, std.toString(v) ] ];
+    [ '%s=%s' % [ k, v ] ];
 
 local renderSection(name, dict) =
   local lines = std.flattenArrays(
@@ -74,17 +74,32 @@ local storageClasses = [
 
 local volumeSnapshotClasses = [
   local vsc = params.csi.volume_snapshot_classes[name];
+  local vscParams = std.get(vsc, 'parameters', {});
   kube._Object('snapshot.storage.k8s.io/v1', 'VolumeSnapshotClass', name) {
     driver: 'cinder.csi.openstack.org',
     deletionPolicy: vsc.deletion_policy,
-    [if std.length(vsc.parameters) > 0 then 'parameters']: vsc.parameters,
+    [if std.length(vscParams) > 0 then 'parameters']: vscParams,
   }
   for name in std.objectFields(params.csi.volume_snapshot_classes)
 ];
 
+local namespace = kube.Namespace(params.namespace) {
+  metadata+: {
+    labels+: {
+      [k]: params.namespace_labels[k]
+      for k in std.objectFields(params.namespace_labels)
+      if params.namespace_labels[k] != null
+    },
+    annotations+: {
+      [k]: params.namespace_annotations[k]
+      for k in std.objectFields(params.namespace_annotations)
+      if params.namespace_annotations[k] != null
+    },
+  },
+};
+
 {
-  [if params.namespace != 'kube-system' then '00_namespace']:
-    kube.Namespace(params.namespace),
+  [if params.namespace != 'kube-system' then '00_namespace']: namespace,
   '01_secret': secret,
   [if std.length(params.csi.storage_classes) > 0 then '10_storageclasses']:
     storageClasses,

component/render-helm-values.jsonnet

@@ -0,0 +1,36 @@
+local com = import 'lib/commodore.libjsonnet';
+local kap = import 'lib/kapitan.libjsonnet';
+
+local inv = kap.inventory();
+local params = inv.parameters.cloud_provider_openstack;
+
+local renderTolerations(tol) =
+  [
+    std.prune({ key: k } + tol[k])
+    for k in std.objectFields(tol)
+    if tol[k] != null
+  ];
+
+local ccm_values = params.ccm.helm_values {
+  enabledControllers: com.renderArray(params.ccm.enabled_controllers),
+  tolerations: renderTolerations(params.ccm.tolerations),
+};
+
+local csi_values = params.csi.helm_values {
+  csi+: {
+    plugin+: {
+      controllerPlugin: {
+        nodeSelector: std.prune(params.csi.controller_plugin.node_selector),
+        tolerations: renderTolerations(params.csi.controller_plugin.tolerations),
+      },
+      nodePlugin: {
+        tolerations: renderTolerations(params.csi.node_plugin.tolerations),
+      },
+    },
+  },
+};
+
+{
+  'ccm-values': ccm_values,
+  'csi-values': csi_values,
+}

docs/modules/ROOT/pages/index.adoc

@@ -1,8 +1,9 @@
-= cloud-provider-openstack
+= Cloud Provider OpenStack
 
 cloud-provider-openstack is a Commodore component to manage the https://github.com/kubernetes/cloud-provider-openstack[OpenStack Cloud Controller Manager] (CCM) and https://github.com/kubernetes/cloud-provider-openstack[Cinder CSI driver].
 
-Both sub-components are enabled by default and share a single `cloud.conf` Secret.
+The CCM and CSI driver are deployed into the same namespace and share a single `cloud.conf` Secret.
+Each sub-component is toggleable via the `ccm.enabled` and `csi.enabled` parameters.
 The CCM handles node initialization, node lifecycle, LoadBalancer Services (via Octavia), and optionally pod routes.
 The CSI driver provides persistent block storage using OpenStack Cinder volumes, with configurable StorageClasses and VolumeSnapshotClasses.