V1.2.7 && v1.2.8 Helm chart addition

deploy/helm/README.md

@@ -0,0 +1,48 @@
+# Hammerspace CSI Helm Charts
+
+This repository provides Helm charts to deploy the Hammerspace CSI driver components in a Kubernetes cluster. It supports deploying both **Controller** and **Node** plugins, along with configurable options such as timeouts and retry intervals.
+
+---
+## 🚀 How to Deploy the Chart
+
+1. **Add the Helm repository** (Published to GitHub Pages):
+	```bash
+	helm repo add hscsi https://github.com/hammer-space/csi-plugin/deploy/helm/repo
+	helm repo update
+	```
+
+2. **Install the chart into your cluster:**
+	```
+	helm install hscsi hscsi/ --namespace kube-system --create-namespace
+	```
+---
+
+## 📦 How to Package a New Version
+
+#### Navigate to the chart directory:
+```
+(v1.2.8) will be changed to dir name for which package need to be created
+cd deploy/helm/repo/v1.2.8
+```
+#### Create new package
+```
+helm package .hammerspace-helm-chart/
+```
+
+#### Update the index.yaml
+```
+cd ../repo
+helm repo index .
+```
+
+#### If hosted on GitHub Pages:
+
+Ensure index.yaml and .tgz files are committed to the branch (typically gh-pages)
+
+Add or update artifacthub-repo.yml next to index.yaml for Artifact Hub metadata
+
+#### How to Create a New Helm Chart
+If you need to add a new chart:
+```
+helm create new-chart
+```

deploy/helm/repo/artifacthub-repo.yaml

@@ -0,0 +1,5 @@
+repositoryID: ba19dd93-de8e-41da-b66c-4f5c557ee0f3  # use `uuidgen` to generate
+name: hammerspace-csi-chart
+displayName: Hammerspace CSI Helm Chart
+description: Helm chart for deploying the Hammerspace CSI plugin
+url: https://github.com/hammer-space/csi-plugin/deploy/helm/repo

deploy/helm/repo/index.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+entries:
+  hammerspace-csi:
+  - apiVersion: v2
+    appVersion: v1.2.8
+    created: "2025-08-22T06:21:31.000723783Z"
+    description: A Helm chart for the Hammerspace CSI driver
+    digest: c8d82095e2a9323ae7061faa7e6b971ce9df1c1685d0739020f8e2ccb558e3a1
+    icon: https://www.hammerspace.com/favicon.ico
+    name: hammerspace-csi
+    urls:
+    - v1.2.8/hammerspace-csi-1.2.8.tgz
+    version: 1.2.8
+  - apiVersion: v2
+    appVersion: v1.2.7
+    created: "2025-08-22T06:21:31.000159223Z"
+    description: A Helm chart for the Hammerspace CSI driver
+    digest: 342c39ef85e06e4ed13fdb2d392bcafbb73e64525e0036f15644d0af35f6412f
+    icon: https://www.hammerspace.com/favicon.ico
+    name: hammerspace-csi
+    urls:
+    - v1.2.7/hammerspace-csi-1.2.7.tgz
+    version: 1.2.7
+generated: "2025-08-22T06:21:30.999427348Z"

deploy/helm/repo/v1.2.7/hammerspace-helm-chart/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: hammerspace-csi
+description: A Helm chart for the Hammerspace CSI driver
+version: 1.2.7
+appVersion: "v1.2.7"
+icon: https://www.hammerspace.com/favicon.ico

deploy/helm/repo/v1.2.7/hammerspace-helm-chart/templates/configmap.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: csi-env-config
+  namespace: {{ .Values.namespace | default "kube-system" }}
+data:
+  MOUNT_CHECK_TIMEOUT: "{{ .Values.env.MOUNT_CHECK_TIMEOUT }}"
+  UNMOUNT_RETRY_COUNT: "{{ .Values.env.UNMOUNT_RETRY_COUNT }}"
+  UNMOUNT_RETRY_INTERVAL: "{{ .Values.env.UNMOUNT_RETRY_INTERVAL }}"

deploy/helm/repo/v1.2.7/hammerspace-helm-chart/templates/controller/rbac.yaml

@@ -0,0 +1,94 @@
+# This file is part of the Hammerspace CSI Driver project.
+# It defines the RBAC roles and bindings for the CSI provisioner component.
+# The provisioner is responsible for creating and managing PersistentVolumes
+# based on PersistentVolumeClaims in Kubernetes.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: csi-provisioner
+  namespace: {{ .Values.namespace }}
+---
+# This ClusterRole defines the permissions required by the CSI provisioner.
+# It allows the provisioner to manage PersistentVolumes, PersistentVolumeClaims,
+# and other related resources in the Kubernetes cluster.
+# It also allows the provisioner to interact with storage classes and volume snapshots.
+# The ClusterRole is bound to the csi-provisioner ServiceAccount.
+# This ClusterRoleBinding binds the csi-provisioner ServiceAccount to the csi-provisioner ClusterRole.
+# This allows the provisioner to perform the actions defined in the ClusterRole.
+# The ClusterRoleBinding is created in the same namespace as the provisioner ServiceAccount.
+# The ClusterRoleBinding is necessary for the provisioner to have the required permissions
+# to manage storage resources in the cluster.
+# The ClusterRoleBinding is created in the same namespace as the provisioner ServiceAccount.
+# This ClusterRoleBinding is specifically for the provisioner to manage volume attachments.
+# It allows the provisioner to update the status of volume attachments.
+# This is necessary for the provisioner to properly manage the lifecycle of volumes
+# and ensure that they are correctly attached to nodes.
+# The ClusterRoleBinding is created in the same namespace as the provisioner ServiceAccount.
+# This ClusterRoleBinding is specifically for the provisioner to manage volume attachment status.
+# It allows the provisioner to update the status of volume attachments.
+# This is necessary for the provisioner to properly manage the lifecycle of volumes
+# and ensure that they are correctly attached to nodes.
+# The ClusterRoleBinding is created in the same namespace as the provisioner ServiceAccount.
+# The ClusterRoleBinding is necessary for the provisioner to have the required permissions
+# to manage storage resources in the cluster.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: csi-provisioner
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "persistentvolumes", "persistentvolumeclaims", "nodes", "events", "endpoints", "secrets"]
+    verbs: ["list", "watch", "get", "create", "delete", "update", "patch"]
+  - apiGroups: ["storage.k8s.io", "snapshot.storage.k8s.io", "apiextensions.k8s.io"]
+    resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "volumesnapshotcontents/status", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotclasses", "customresourcedefinitions"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+---
+# This ClusterRoleBinding binds the csi-provisioner ServiceAccount to the csi-provisioner ClusterRole.
+# It allows the provisioner to perform the actions defined in the ClusterRole.
+# The ClusterRoleBinding is created in the same namespace as the provisioner ServiceAccount.
+# This ClusterRoleBinding is necessary for the provisioner to have the required permissions
+# to manage storage resources in the cluster.
+# The ClusterRoleBinding is created in the same namespace as the provisioner ServiceAccount.
+# This ClusterRoleBinding is specifically for the provisioner to manage volume attachments.
+# It allows the provisioner to update the status of volume attachments.
+# This is necessary for the provisioner to properly manage the lifecycle of volumes
+# and ensure that they are correctly attached to nodes.
+# The ClusterRoleBinding is created in the same namespace as the provisioner ServiceAccount.
+# This ClusterRoleBinding is specifically for the provisioner to manage volume attachment status.
+# It allows the provisioner to update the status of volume attachments.
+# This is necessary for the provisioner to properly manage the lifecycle of volumes
+# and ensure that they are correctly attached to nodes.
+# The ClusterRoleBinding is created in the same namespace as the provisioner ServiceAccount.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: csi-provisioner-binding
+subjects:
+  - kind: ServiceAccount
+    name: csi-provisioner
+    namespace: {{ .Values.namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-provisioner
+  apiGroup: rbac.authorization.k8s.io
+---
+# This ClusterRoleBinding is specifically for the provisioner to manage volume attachment status.
+# It allows the provisioner to update the status of volume attachments.
+# This is necessary for the provisioner to properly manage the lifecycle of volumes
+# and ensure that they are correctly attached to nodes.
+# The ClusterRoleBinding is created in the same namespace as the provisioner ServiceAccount.
+# This ClusterRoleBinding is necessary for the provisioner to have the required permissions
+# to manage storage resources in the cluster.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: csi-provisioner
+subjects:
+  - kind: ServiceAccount
+    name: csi-provisioner
+    namespace: {{ .Values.namespace }}
+roleRef:
+  kind: ClusterRole
+  name: csi-provisioner
+  apiGroup: rbac.authorization.k8s.io

deploy/helm/repo/v1.2.7/hammerspace-helm-chart/templates/controller/service.yaml

@@ -0,0 +1,24 @@
+# This file is part of the Hammerspace CSI Driver Helm Chart.
+# It defines the service for the CSI provisioner component.
+# The service is a headless service that allows the StatefulSet to manage the pods.
+kind: Service
+apiVersion: v1
+metadata:
+  name: csi-provisioner
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: csi-provisioner
+spec:
+  type: ClusterIP
+  clusterIP: None
+  # This is needed for the StatefulSet to work properly
+  # as it uses a headless service to manage the pods.
+  # The StatefulSet will create a DNS entry for the pods
+  # in the format <pod-name>.<service-name>.<namespace>.svc.cluster.local
+  # where <pod-name> is the name of the pod, <service-name> is the name of the service,
+  # and <namespace> is the namespace of the service.
+  # This allows the pods to communicate with each other using DNS.
+  # The StatefulSet will also create a DNS entry for the service in the format <service-name>.<namespace>.svc.cluster.local
+  # which allows the pods to communicate with the service
+  selector:
+    app: csi-provisioner

deploy/helm/repo/v1.2.7/hammerspace-helm-chart/templates/controller/statefulset.yaml

@@ -0,0 +1,113 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: csi-provisioner
+  namespace: {{ .Values.namespace }}
+spec:
+  serviceName: "csi-provisioner"
+  replicas: {{ .Values.controller.replicas }}
+  selector:
+    matchLabels:
+      app: csi-provisioner
+  template:
+    metadata:
+      labels:
+        app: csi-provisioner
+    spec:
+      serviceAccountName: csi-provisioner
+      hostNetwork: true
+      containers:
+        - name: csi-provisioner
+          imagePullPolicy: Always
+          image: {{ .Values.image.provisioner }}
+          args:
+            - "--csi-address=$(CSI_ENDPOINT)"
+            - "--timeout=60s"  # Recommended as shares may take some time to create
+            - "--v=5"
+          env:
+            - name: CSI_ENDPOINT
+              value: /var/lib/csi/hs-csi.sock
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/
+        - name: csi-attacher
+          imagePullPolicy: Always
+          image: {{ .Values.image.attacher }}
+          args:
+            - "--csi-address=$(CSI_ENDPOINT)"
+            - "--v=5"
+          env:
+            - name: CSI_ENDPOINT
+              value: /var/lib/csi/hs-csi.sock
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/
+        - name: csi-snapshotter
+          imagePullPolicy: Always
+          image: {{ .Values.image.snapshotter }}
+          args:
+            - "--csi-address=$(CSI_ENDPOINT)"
+            - "--v=5"
+          env:
+            - name: CSI_ENDPOINT
+              value: /var/lib/csi/hs-csi.sock
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/
+        - name: csi-resizer
+          imagePullPolicy: Always
+          image: {{ .Values.image.resizer }}
+          args:
+            - "--csi-address=$(CSI_ENDPOINT)"
+            - "--v=5"
+          env:
+            - name: CSI_ENDPOINT
+              value: /var/lib/csi/hs-csi.sock
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/
+        - name: hs-csi-plugin-controller
+          securityContext:
+            privileged: true
+            capabilities:
+              add: ["SYS_ADMIN"]
+            allowPrivilegeEscalation: true
+          imagePullPolicy: Always
+          image: {{ .Values.image.csiPlugin }}
+          envFrom:
+            - configMapRef:
+                name: csi-env-config
+          env:
+            - name: CSI_ENDPOINT
+              value: /var/lib/csi/hs-csi.sock
+            - name: HS_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: com.hammerspace.csi.credentials
+                  key: username
+            - name: HS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: com.hammerspace.csi.credentials
+                  key: password
+            - name: HS_ENDPOINT
+              valueFrom:
+                secretKeyRef:
+                  name: com.hammerspace.csi.credentials
+                  key: endpoint
+            - name: HS_TLS_VERIFY
+              value: "false"
+            - name: CSI_MAJOR_VERSION
+              value: "1"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/
+            - name: staging-dir
+              mountPath: /tmp
+              mountPropagation: Bidirectional
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
+        - name: staging-dir
+          hostPath:
+            path: /tmp

deploy/helm/repo/v1.2.7/hammerspace-helm-chart/templates/csidriver.yaml

@@ -0,0 +1,10 @@
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: com.hammerspace.csi
+spec:
+  podInfoOnMount: true
+  requiresRepublish: true
+  volumeLifecycleModes:
+    - Persistent
+  storageCapacity: true