Add support for custom Persistent Volumes to enable GCS storage

Author: seanson

charts/kubernetes-agent/README.md

@@ -24,12 +24,38 @@ The `main` branch will reflect the current development version of the chart. Thi
 | 1         | [release/kubernetes-agent/v1](https://github.com/OctopusDeploy/helm-charts/tree/release/kubernetes-agent/v1/charts/kubernetes-agent) | [here](https://github.com/OctopusDeploy/helm-charts/blob/release/kubernetes-agent/v1/charts/kubernetes-agent/README.md) | [here](https://github.com/OctopusDeploy/helm-charts/blob/release/kubernetes-agent/v1/charts/kubernetes-agent/values.yaml) |
 
 ### Migrations
+
 Version 2 of the helm chart introduces breaking changes to `values.yaml`; some elements were renamed, while others were moved.
 
 As such, upgrading from V1 to V2 of the helm chart requires user intervention.
 
 This is documented [here](./migrations.md).
 
+## Persistence
+
+By default unless `persistence.storageClassName` has been set this chart will deploy a local NFS storage provisioner.
+If using your own Storage Class, please ensure that you are using a ReadWriteMany (RWX) access mode class.
+
+### Custom Persistent Volumes
+
+If you are using an implementation that does not use standard StorageClasses for PersistentVolumeClaim management, such as the
+Google Cloud's [Cloud Storage FUSE CSI driver](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-storage-fuse-csi-driver-setup)
+then this chart can be configured to use a custom PV.
+
+As an example, using Cloud Storage FUSE CSI on Google Kubernetes Engine:
+
+```yaml
+persistence:
+  storageClassName: "gcs-storage"
+  customPersistentVolume:
+    enabled: true
+    csi:
+      driver: gcsfuse.csi.storage.gke.io
+      volumeHandle: transmit-octopus-deploy-staging # GCS Bucket Name
+    mountOptions:
+      - implicit-dirs
+```
+
 ## Maintainers
 
 | Name | Email | Url |
@@ -72,7 +98,7 @@ This is documented [here](./migrations.md).
 | agent.serviceAccount.name | string | Generates a name based on `agent.name` | The name of the service account for the agent pod |
 | agent.space | string | `"Default"` | The Space to register the agent in |
 | agent.tolerations | list | `[]` | The tolerations to apply to the agent pod |
-| agent.upgrade | object | `{"dockerAuth":{"password":"","registry":"","username":""}}` | Credentials used during agent-upgrade tasks. To be populated if encountering rate-limiting failures.  |
+| agent.upgrade | object | `{"dockerAuth":{"password":"","registry":"","username":""}}` | Credentials used during agent-upgrade tasks. To be populated if encountering rate-limiting failures. |
 | agent.username | string | `""` | The username of the user used to authenticate with the target Octopus Server |
 | agent.usernamePasswordSecretName | string | `""` | The name of an existing Secret that contains a base64-encoded username and password for an Octopus Server user. Values must be set in `data.username` and `data.password` in secret. |
 
@@ -109,6 +135,7 @@ This is documented [here](./migrations.md).
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| persistence.customPersistentVolume.enabled | bool | `false` | If enabled, the Google Cloud Storage FUSE CSI driver will attempt to provision persistent storage via bucket. Requires persistence.storageClassName to also be set. |
 | persistence.nfs.affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]},{"key":"kubernetes.io/arch","operator":"In","values":["arm64","amd64"]}]}]}}}` | The affinities to apply to the NFS pod |
 | persistence.nfs.image | object | `{"pullPolicy":"IfNotPresent","repository":"octopusdeploy/nfs-server","tag":"1.0.1"}` | The repository, pullPolicy & tag to use for the NFS server |
 | persistence.nfs.metadata | object | `{"annotations":{},"labels":{}}` | Additional metadata to add to the NFS pod & container |
@@ -147,6 +174,8 @@ This is documented [here](./migrations.md).
 |-----|------|---------|-------------|
 | imagePullSecrets | list | `[]` | custom registry pullSecret<br> See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod These are used for the tentacle and script pods |
 | nameOverride | string | `""` | Override the name of the app |
+| persistence.customPersistentVolume.csi | object | `{}` |  |
+| persistence.customPersistentVolume.mountOptions | list | `[]` |  |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

charts/kubernetes-agent/README.md.gotmpl

@@ -24,12 +24,39 @@ The `main` branch will reflect the current development version of the chart. Thi
 | 1         | [release/kubernetes-agent/v1](https://github.com/OctopusDeploy/helm-charts/tree/release/kubernetes-agent/v1/charts/kubernetes-agent) | [here](https://github.com/OctopusDeploy/helm-charts/blob/release/kubernetes-agent/v1/charts/kubernetes-agent/README.md) | [here](https://github.com/OctopusDeploy/helm-charts/blob/release/kubernetes-agent/v1/charts/kubernetes-agent/values.yaml) |
 
 ### Migrations
+
 Version 2 of the helm chart introduces breaking changes to `values.yaml`; some elements were renamed, while others were moved.
 
 As such, upgrading from V1 to V2 of the helm chart requires user intervention.
 
 This is documented [here](./migrations.md).
 
+## Persistence
+
+By default unless `persistence.storageClassName` has been set this chart will deploy a local NFS storage provisioner.
+If using your own Storage Class, please ensure that you are using a ReadWriteMany (RWX) access mode class.
+
+### Custom Persistent Volumes
+
+If you are using an implementation that does not use standard StorageClasses for PersistentVolumeClaim management, such as the
+Google Cloud's [Cloud Storage FUSE CSI driver](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-storage-fuse-csi-driver-setup)
+then this chart can be configured to use a custom PV.
+
+As an example, using Cloud Storage FUSE CSI on Google Kubernetes Engine:
+
+```yaml
+persistence:
+  storageClassName: "gcs-storage"
+  customPersistentVolume:
+    enabled: true
+    csi:
+      driver: gcsfuse.csi.storage.gke.io
+      volumeHandle: transmit-octopus-deploy-staging # GCS Bucket Name
+    mountOptions:
+      - implicit-dirs
+```
+
+
 {{ template "chart.maintainersSection" . }}
 
 {{ template "chart.valuesSection" . }}

charts/kubernetes-agent/templates/_helpers.tpl

@@ -141,6 +141,17 @@ The name of the PersistentVolumeClaim to configure
 {{- end }}
 {{- end }}
 
+{{/*
+The name of the PersistentVolume to configure
+*/}}
+{{- define "kubernetes-agent.pvName" -}}
+{{- if .Values.persistence.storageClassName }}
+{{- printf "%s-pvc" (include "kubernetes-agent.fullName" .) }}
+{{- else }}
+{{- include "nfs.pvName" . }}
+{{- end }}
+{{- end }}
+
 {{/* 
 Turns the imagePullSecrets map into a CSV.
 */}}

charts/kubernetes-agent/templates/custom-pv.yaml

@@ -0,0 +1,28 @@
+{{- if and .Values.persistence.storageClassName .Values.persistence.customPersistentVolume.enabled }}
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  annotations:
+    pv.kubernetes.io/provisioned-by: {{ .Values.persistence.customPersistentVolume.csi.driver }}
+  name: {{ include "kubernetes-agent.pvName" . }}
+  labels:
+    {{- include "kubernetes-agent.labels" . | nindent 4 }}
+spec:
+  capacity:
+    storage: {{ .Values.persistence.size }}
+  accessModes:
+    - ReadWriteMany
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: {{ .Values.persistence.storageClassName | quote }}
+  {{- with .Values.persistence.customPersistentVolume.mountOptions }}
+  mountOptions:
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  claimRef:
+    name: {{ include "kubernetes-agent.pvcName" . }}
+    namespace: {{ .Release.Namespace | quote }}
+  {{- with .Values.persistence.customPersistentVolume.csi }}
+  csi:
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/kubernetes-agent/tests/custom-pv_test.yaml

@@ -0,0 +1,86 @@
+suite: "persistence"
+release:
+  namespace: test-namespace
+templates:
+  - templates/custom-pv.yaml
+tests:
+  - it: "should match snapshot"
+    asserts:
+      - matchSnapshot: {}
+
+  - it: "is not created when storageClassName has a value and customPersistentVolume is not enabled"
+    set:
+      persistence:
+        storageClassName: "value"
+    asserts:
+      - hasDocuments:
+          count: 0
+
+  - it: "has Helm Release name in name"
+    set:
+      persistence:
+        storageClassName: "value"
+        customPersistentVolume:
+          enabled: true
+    asserts:
+      - matchRegex:
+          path: metadata.name
+          pattern: "RELEASE-NAME"
+
+  - it: "set storage capacity to be persistence size"
+    set:
+      persistence:
+        size: 100Gi
+        storageClassName: "value"
+        customPersistentVolume:
+          enabled: true
+    asserts:
+      - equal:
+          path: spec.capacity.storage
+          value: 100Gi
+
+  - it: "It passes CSI configuration correctly"
+    set:
+      persistence:
+        storageClassName: "value"
+        customPersistentVolume:
+          enabled: true
+          csi:
+            driver: custom.storage.k8s.io
+            volumeHandle: foo
+
+    asserts:
+      - equal:
+          path: spec.csi.driver
+          value: custom.storage.k8s.io
+      - equal:
+          path: spec.csi.volumeHandle
+          value: foo
+
+  - it: "It passes mount optionscorrectly"
+    set:
+      persistence:
+        storageClassName: "value"
+        customPersistentVolume:
+          enabled: true
+          mountOptions:
+            - "foo"
+
+    asserts:
+      - equal:
+          path: spec.mountOptions[0]
+          value: foo
+
+  - it: "uses the correct claimRef"
+    set:
+      persistence:
+        storageClassName: "value"
+        customPersistentVolume:
+          enabled: true
+    asserts:
+      - matchRegex:
+          path: spec.claimRef.name
+          pattern: "RELEASE-NAME"
+      - equal:
+          path: spec.claimRef.namespace
+          value: test-namespace