remove secrets from truenas storage provisioners

2023-11-01 09:49:26 -04:00
parent 3410213913
commit 053661c08c
4 changed files with 210 additions and 14 deletions
--- a/truenas-nfs-enc1.yaml
+++ b/truenas-nfs-enc1.yaml
@@ -0,0 +1,80 @@
+csiDriver:
+  name: "driveripper.zfs-nfs-enc1"
+
+storageClasses:
+- name: zfs-nfs-enc1
+  defaultClass: false
+  reclaimPolicy: Delete
+  volumeBindingMode: Immediate
+  allowVolumeExpansion: true
+  parameters:
+    fsType: nfs
+  mountOptions:
+  - async
+  - noatime
+  secrets:
+    provisioner-secret:
+    controller-publish-secret:
+    node-stage-secret:
+    node-publish-secret:
+    controller-expand-secret:
+
+volumeSnapshotClasses: []
+
+driver:
+  config:
+    driver: freenas-nfs
+    instance_id:
+    httpConnection:
+      protocol: https
+      host: driveripper.reeseapps.com
+      port: 8443
+      allowInsecure: false
+      # use only 1 of apiKey or username/password
+      # if both are present, apiKey is preferred
+      # apiKey is only available starting in TrueNAS-12
+      apiKey: ""
+      # username:
+      # password:
+      # use apiVersion 2 for TrueNAS-12 and up (will work on 11.x in some scenarios as well)
+      # leave unset for auto-detection
+      apiVersion: 2
+    sshConnection:
+      host: democratic-csi-server.reeselink.com
+      port: 22
+      username: democratic
+      # use either password or key
+      # password: ""
+      privateKey: ""
+    zfs:
+      cli:
+        sudoEnabled: true
+        paths:
+          zfs: /usr/sbin/zfs
+          zpool: /usr/sbin/zpool
+          sudo: /usr/bin/sudo
+          chroot: /usr/sbin/chroot
+      # can be used to set arbitrary values on the dataset/zvol
+      # can use handlebars templates with the parameters from the storage class/CO
+      datasetProperties:
+       "org.freenas:description": "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}"
+
+      datasetParentName: enc1/dcsi/nfs
+      # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap
+      # they may be siblings, but neither should be nested in the other
+      detachedSnapshotsDatasetParentName: enc1/dcsi/snaps
+      datasetEnableQuotas: true
+      datasetEnableReservation: false
+      datasetPermissionsMode: "0777"
+      datasetPermissionsUser: 0
+      datasetPermissionsGroup: 0
+    nfs:
+      shareCommentTemplate: "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}-{{ parameters.[csi.storage.k8s.io/pvc/name] }}"
+      shareHost: democratic-csi-server.reeselink.com
+      shareAlldirs: false
+      shareAllowedHosts: []
+      shareAllowedNetworks: []
+      shareMaprootUser: root
+      shareMaprootGroup: wheel
+      shareMapallUser: ""
+      shareMapallGroup: ""