Merge "helm chart for local static volume provisioner"

charts/local-static-provisioner/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+name: provisioner
+description: local provisioner chart
+keywords:
+- storage
+- local
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 2.4.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: 2.4.0

charts/local-static-provisioner/templates/NOTES.txt

@@ -0,0 +1 @@
+provisioner installed

charts/local-static-provisioner/templates/_helpers.tpl

@@ -0,0 +1,42 @@
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "provisioner.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "provisioner.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "provisioner.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "provisioner.serviceAccountName" -}}
+{{- if .Values.common.serviceAccount.create -}}
+    {{ default (include "provisioner.fullname" .) .Values.common.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.common.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

charts/local-static-provisioner/templates/configmap.yaml

@@ -0,0 +1,59 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "provisioner.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+data:
+{{- if .Values.daemonset.nodeLabels }}
+  nodeLabelsForPV: |
+   {{- range $label := .Values.daemonset.nodeLabels }}
+    - {{$label}}
+   {{- end }}
+{{- end }}
+{{- if .Values.common.labelsForPV }}
+  labelsForPV: |
+   {{- range $label, $value := .Values.common.labelsForPV }}
+    {{$label}} : {{$value}}
+   {{- end }}
+{{- end }}
+{{- if .Values.common.useAlphaAPI }}
+  useAlphaAPI: "true"
+{{- end }}
+{{- if .Values.common.setPVOwnerRef }}
+  setPVOwnerRef: "true"
+{{- end }}
+{{- if .Values.common.useJobForCleaning }}
+  useJobForCleaning: "yes"
+{{- end}}
+{{- if .Values.common.useNodeNameOnly }}
+  useNodeNameOnly: "true"
+{{- end }}
+{{- if .Values.common.minResyncPeriod }}
+  minResyncPeriod: {{ .Values.common.minResyncPeriod | quote }}
+{{- end}}
+  storageClassMap: |
+    {{- range $classConfig := .Values.classes }}
+    {{ $classConfig.name }}:
+      hostDir: {{ $classConfig.hostDir }}
+      mountDir: {{ $classConfig.mountDir | default $classConfig.hostDir }}
+      {{- if $classConfig.blockCleanerCommand }}
+      blockCleanerCommand:
+      {{- range $val := $classConfig.blockCleanerCommand }}
+        - {{ $val | quote }}
+      {{- end}}
+      {{- end }}
+      {{- if $classConfig.volumeMode }}
+      volumeMode: {{ $classConfig.volumeMode }}
+      {{- end }}
+      {{- if $classConfig.fsType }}
+      fsType: {{ $classConfig.fsType }}
+      {{- end }}
+      {{- if $classConfig.namePattern }}
+      namePattern: {{ $classConfig.namePattern | quote }}
+      {{- end }}
+    {{- end }}

charts/local-static-provisioner/templates/daemonset.yaml

@@ -0,0 +1,103 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "provisioner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "provisioner.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "provisioner.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Values.daemonset.podLabels }}
+{{ .Values.daemonset.podLabels | toYaml | trim | indent 8 }}
+{{- end }}
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+{{- if .Values.daemonset.podAnnotations }}
+{{ .Values.daemonset.podAnnotations | toYaml | trim | indent 8 }}
+{{- end }}
+    spec:
+      serviceAccountName: {{ template "provisioner.serviceAccountName" . }}
+{{- if .Values.daemonset.priorityClassName }}
+      priorityClassName: {{.Values.daemonset.priorityClassName}}
+{{- end }}
+{{- if .Values.daemonset.nodeSelector }}
+      nodeSelector:
+        {{ toYaml .Values.daemonset.nodeSelector | nindent 8 }}
+{{- end }}
+{{- if .Values.daemonset.tolerations }}
+      tolerations:
+        {{ toYaml .Values.daemonset.tolerations | nindent 8 }}
+{{- end }}
+{{- if .Values.daemonset.affinity }}
+      affinity:
+        {{ toYaml .Values.daemonset.affinity | nindent 8 }}
+{{- end }}
+      containers:
+        - name: provisioner
+          image: {{ .Values.daemonset.image }}
+          {{- if .Values.daemonset.imagePullPolicy }}
+          imagePullPolicy: {{ .Values.daemonset.imagePullPolicy }}
+          {{- end }}
+          securityContext:
+            privileged: {{ .Values.daemonset.privileged }}
+{{- if .Values.daemonset.resources }}
+          resources:
+            {{ toYaml .Values.daemonset.resources | nindent 12 }}
+{{- end }}
+          env:
+          - name: MY_NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+          - name: MY_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: JOB_CONTAINER_IMAGE
+            value: {{ .Values.daemonset.image }}
+          {{- if .Values.daemonset.kubeConfigEnv }}
+          - name: KUBECONFIG
+            value: {{.Values.daemonset.kubeConfigEnv}}
+          {{- end }}
+          ports:
+          - name: metrics
+            containerPort: 8080
+          volumeMounts:
+            - name: provisioner-config
+              mountPath: /etc/provisioner/config
+              readOnly: true
+            {{- if .Values.common.mountDevVolume }}
+            - name: provisioner-dev
+              mountPath: /dev
+            {{- end }}
+            {{- range $classConfig := .Values.classes }}
+            - name: {{ $classConfig.name }}
+              mountPath: {{ $classConfig.mountDir | default $classConfig.hostDir }}
+              mountPropagation: HostToContainer
+            {{- end }}
+      volumes:
+        - name: provisioner-config
+          configMap:
+            name: {{ template "provisioner.fullname" . }}-config
+        {{- if .Values.common.mountDevVolume }}
+        - name: provisioner-dev
+          hostPath:
+            path: /dev
+        {{- end }}
+        {{- range $classConfig := .Values.classes }}
+        - name: {{ $classConfig.name }}
+          hostPath:
+            path: {{ $classConfig.hostDir }}
+        {{- end }}

charts/local-static-provisioner/templates/psp.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.common.rbac.pspEnabled -}}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "provisioner.fullname" . }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  allowPrivilegeEscalation: true
+  allowedHostPaths:
+  {{- if .Values.common.mountDevVolume }}
+  - pathPrefix: /dev
+  {{- end }}
+  {{- range $classConfig := .Values.classes }}
+  - pathPrefix: {{ $classConfig.hostDir }}
+  {{- end }}
+  fsGroup:
+    rule: RunAsAny
+  privileged: {{ .Values.daemonset.privileged }}
+  requiredDropCapabilities:
+  - ALL
+  runAsUser:
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+    rule: RunAsAny
+  volumes:
+  - configMap
+  - secret
+  - hostPath
+{{- end }}

charts/local-static-provisioner/templates/rbac.yaml

@@ -0,0 +1,131 @@
+{{- if .Values.common.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "provisioner.fullname" . }}-pv-binding
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "provisioner.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: system:persistent-volume-provisioner
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "provisioner.fullname" . }}-node-clusterrole
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+rules:
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "provisioner.fullname" . }}-node-binding
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "provisioner.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "provisioner.fullname" . }}-node-clusterrole
+  apiGroup: rbac.authorization.k8s.io
+{{- if .Values.common.useJobForCleaning }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "provisioner.fullname" . }}-jobs-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+rules:
+- apiGroups:
+    - 'batch'
+  resources:
+    - jobs
+  verbs:
+    - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "provisioner.fullname" . }}-jobs-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "provisioner.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ template "provisioner.fullname" . }}-jobs-role
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- if .Values.common.rbac.pspEnabled }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "provisioner.fullname" . }}-psp-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+rules:
+- apiGroups:
+    - policy
+  resources:
+    - podsecuritypolicies
+  resourceNames:
+    - {{ template "provisioner.fullname" . }}
+  verbs:
+    - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "provisioner.fullname" . }}-psp-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ template "provisioner.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: {{ template "provisioner.fullname" . }}-psp-role
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
+{{- end }}

charts/local-static-provisioner/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.common.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "provisioner.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/local-static-provisioner/templates/servicemonitor.yaml

@@ -0,0 +1,53 @@
+{{- if .Values.serviceMonitor.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "provisioner.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: 8080
+      name: metrics
+  selector:
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "provisioner.fullname" . }}
+  namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" . }}
+    app.kubernetes.io/name: {{ template "provisioner.name" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- range $k, $v := .Values.serviceMonitor.additionalLabels }}
+    {{ $k }}: {{ $v | quote }}
+    {{- end }}
+spec:
+  jobLabel: app.kubernetes.io/name
+  endpoints:
+  - port: metrics
+    interval: {{ .Values.serviceMonitor.interval }}
+    scheme: http
+{{- if .Values.serviceMonitor.relabelings }}
+    relabelings:
+      {{ toYaml .Values.serviceMonitor.relabelings | nindent 4 }}
+{{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "provisioner.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/local-static-provisioner/templates/storageclass.yaml

@@ -0,0 +1,27 @@
+{{- range $val := .Values.classes }}
+{{- if $val.storageClass }}
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: {{ $val.name }}
+  {{- if kindIs "map" $val.storageClass }}
+  {{- if $val.storageClass.isDefaultClass }}
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+  {{- end }}
+  {{- end }}
+  labels:
+    helm.sh/chart: {{ template "provisioner.chart" $ }}
+    app.kubernetes.io/name: {{ template "provisioner.name" $ }}
+    app.kubernetes.io/managed-by: {{ $.Release.Service }}
+    app.kubernetes.io/instance: {{ $.Release.Name }}
+provisioner: kubernetes.io/no-provisioner
+volumeBindingMode: WaitForFirstConsumer
+{{- if kindIs "map" $val.storageClass }}
+reclaimPolicy: {{ $val.storageClass.reclaimPolicy | default "Delete" }}
+{{- else }}
+reclaimPolicy: Delete
+{{- end }}
+{{- end }}
+{{- end }}

charts/local-static-provisioner/values.yaml

@@ -0,0 +1,184 @@
+#
+# Common options.
+#
+common:
+  #
+  # Defines whether to generate rbac roles
+  #
+  rbac:
+    # rbac.create: `true` if rbac resources should be created
+    create: true
+    # rbac.pspEnabled: `true` if PodSecurityPolicy resources should be created
+    pspEnabled: false
+  #
+  # Defines whether to generate a serviceAccount
+  #
+  serviceAccount:
+    # serviceAccount.create: Whether to create a service account or not
+    create: true
+    # serviceAccount.name: The name of the service account to create or use
+    name: ""
+  #
+  # Beta PV.NodeAffinity field is used by default. If running against pre-1.10
+  # k8s version, the `useAlphaAPI` flag must be enabled in the configMap.
+  #
+  useAlphaAPI: false
+  #
+  # Indicates if PVs should be dependents of the owner Node.
+  #
+  setPVOwnerRef: false
+  #
+  # Provisioner clean volumes in process by default. If set to true, provisioner
+  # will use Jobs to clean.
+  #
+  useJobForCleaning: false
+  #
+  # Provisioner name contains Node.UID by default. If set to true, the provisioner
+  # name will only use Node.Name.
+  #
+  useNodeNameOnly: false
+  #
+  # Resync period in reflectors will be random between minResyncPeriod and
+  # 2*minResyncPeriod. Default: 5m0s.
+  #
+  #minResyncPeriod: 5m0s
+  #
+  # Mount the host's `/dev/` by default so that block device symlinks can be
+  # resolved by the containers
+  #
+  mountDevVolume: true
+  #
+  # Map of label key-value pairs to apply to the PVs created by the
+  # provisioner. Uncomment to add labels to the list.
+  #
+  #labelsForPV:
+  #  pv-labels: can-be-selected
+#
+# Configure storage classes.
+#
+classes:
+- name: fast-disks # Defines name of storage classe.
+  # Path on the host where local volumes of this storage class are mounted
+  # under.
+  hostDir: /mnt/fast-disks
+  # Optionally specify mount path of local volumes. By default, we use same
+  # path as hostDir in container.
+  # mountDir: /mnt/fast-disks
+  # The volume mode of created PersistentVolume object. Default to Filesystem
+  # if not specified.
+  volumeMode: Filesystem
+  # Filesystem type to mount.
+  # It applies only when the source path is a block device,
+  # and desire volume mode is Filesystem.
+  # Must be a filesystem type supported by the host operating system.
+  fsType: ext4
+  # File name pattern to discover. By default, discover all file names.
+  namePattern: "*"
+  blockCleanerCommand:
+  #  Do a quick reset of the block device during its cleanup.
+  #  - "/scripts/quick_reset.sh"
+  #  or use dd to zero out block dev in two iterations by uncommenting these lines
+  #  - "/scripts/dd_zero.sh"
+  #  - "2"
+  # or run shred utility for 2 iteration.s
+     - "/scripts/shred.sh"
+     - "2"
+  # or blkdiscard utility by uncommenting the line below.
+  #  - "/scripts/blkdiscard.sh"
+  # Uncomment to create storage class object with default configuration.
+  # storageClass: true
+  # Uncomment to create storage class object and configure it.
+  # storageClass:
+    # reclaimPolicy: Delete # Available reclaim policies: Delete/Retain, defaults: Delete.
+    # isDefaultClass: true # set as default class
+#
+# Configure DaemonSet for provisioner.
+#
+daemonset:
+  #
+  # Defines annotations for each Pod in the DaemonSet.
+  #
+  podAnnotations: {}
+  #
+  # Defines labels for each Pod in the DaemonSet.
+  #
+  podLabels: {}
+  #
+  # Defines Provisioner's image name including container registry.
+  #
+  image: k8s.gcr.io/sig-storage/local-volume-provisioner:v2.4.0
+  #
+  # Defines Image download policy, see kubernetes documentation for available values.
+  #
+  #imagePullPolicy: Always
+  #
+  # Defines a name of the Pod Priority Class to use with the Provisioner DaemonSet
+  #
+  # Note that if you want to make it critical, specify "system-cluster-critical"
+  # or "system-node-critical" and deploy in kube-system namespace.
+  # Ref: https://k8s.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/#marking-pod-as-critical
+  #
+  #priorityClassName: system-node-critical
+  # If configured, nodeSelector will add a nodeSelector field to the DaemonSet PodSpec.
+  #
+  # NodeSelector constraint for local-volume-provisioner scheduling to nodes.
+  # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  nodeSelector: {}
+  #
+  # If configured KubeConfigEnv will (optionally) specify the location of kubeconfig file on the node.
+  #  kubeConfigEnv: KUBECONFIG
+  #
+  # List of node labels to be copied to the PVs created by the provisioner in a format:
+  #
+  #  nodeLabels:
+  #    - failure-domain.beta.kubernetes.io/zone
+  #    - failure-domain.beta.kubernetes.io/region
+  #
+  # If configured, tolerations will add a toleration field to the DaemonSet PodSpec.
+  #
+  # Node tolerations for local-volume-provisioner scheduling to nodes with taints.
+  # Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  tolerations: []
+  #
+  # If configured, affinity will add a affinity filed to the DeamonSet PodSpec.
+  # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+  affinity: {}
+  #
+  # If configured, resources will set the requests/limits field to the Daemonset PodSpec.
+  # Ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  resources: {}
+    # limits:
+    #   memory: "512Mi"
+    #   cpu: "1000m"
+    # requests:
+    #   memory: "32Mi"
+    #   cpu: "10m"
+  #
+  # If set to false, containers created by the Provisioner Daemonset will run without extra privileges.
+  privileged: true
+#
+# Configure Prometheus monitoring
+#
+serviceMonitor:
+  enabled: false
+  ## Interval at which Prometheus scrapes the provisioner
+  interval: 10s
+  # Namespace Prometheus is installed in defaults to release namespace
+  namespace:
+  ## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/coreos/prometheus-operator/tree/master/helm#tldr)
+  ## [Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus/templates/prometheus.yaml#L65)
+  ## [Kube Prometheus Selector Label](https://github.com/coreos/prometheus-operator/blob/master/helm/kube-prometheus/values.yaml#L298)
+  additionalLabels: {}
+  relabelings: []
+  # - sourceLabels: [__meta_kubernetes_pod_node_name]
+  #   separator: ;
+  #   regex: ^(.*)$
+  #   targetLabel: nodename
+  #   replacement: $1
+  #   action: replace
+
+#
+# Overrice the default chartname or releasename
+#
+nameOverride: ""
+fullnameOverride: ""