projectsyn · mdnix · Apr 16, 2026 · Apr 15, 2026 · Apr 16, 2026
diff --git a/.gitignore b/.gitignore
@@ -7,6 +7,7 @@
 /jsonnetfile.lock.json
 /crds
 /compiled
+/helm_values
 
 # Antora
 /_archive

diff --git a/Makefile b/Makefile
@@ -81,4 +81,4 @@ $(test_instances):
 
 .PHONY: clean
 clean: ## Clean the project
-	rm -rf .cache compiled dependencies vendor helmcharts jsonnetfile*.json || true
+	rm -rf .cache compiled dependencies vendor helmcharts helm_values jsonnetfile*.json || true
diff --git a/Makefile.vars.mk b/Makefile.vars.mk
@@ -5,7 +5,7 @@ git_dir         ?= $(shell git rev-parse --git-common-dir)
 compiled_path   ?= compiled/$(COMPONENT_NAME)/$(COMPONENT_NAME)
 root_volume     ?= -v "$${PWD}:/$(COMPONENT_NAME)"
 compiled_volume ?= -v "$${PWD}/$(compiled_path):/$(COMPONENT_NAME)"
-commodore_args  ?= --search-paths . -n $(COMPONENT_NAME)
+commodore_args  ?= --search-paths ./dependencies --search-paths . -n $(COMPONENT_NAME)
 
 ifneq "$(git_dir)" ".git"
 	git_volume        ?= -v "$(git_dir):$(git_dir):ro"
@@ -50,4 +50,4 @@ KUBENT_IMAGE    ?= ghcr.io/doitintl/kube-no-trouble:latest
 KUBENT_DOCKER   ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)
 
 instance ?= defaults
-test_instances = tests/defaults.yml
+test_instances = tests/defaults.yml tests/cloud-config.yml
diff --git a/class/cloud-provider-openstack.yml b/class/cloud-provider-openstack.yml
@@ -1,10 +1,59 @@
 parameters:
+  _os_ccm_chart:
+    "True":
+      input_paths:
+        - ${_base_directory}/helmcharts/openstack-cloud-controller-manager/${cloud_provider_openstack:charts:openstack-cloud-controller-manager:version}
+      input_type: helm
+      helm_params:
+        name: openstack-ccm
+        namespace: ${cloud_provider_openstack:namespace:name}
+      helm_values_files:
+        - ${_base_directory}/helm_values/ccm-values.yaml
+      output_path: cloud-provider-openstack/10_ccm_helm_chart
+    "False":
+      input_type: jsonnet
+      input_paths: []
+      output_path: cloud-provider-openstack/
+
+  _os_csi_chart:
+    "True":
+      input_paths:
+        - ${_base_directory}/helmcharts/openstack-cinder-csi/${cloud_provider_openstack:charts:openstack-cinder-csi:version}
+      input_type: helm
+      helm_params:
+        name: cinder-csi
+        namespace: ${cloud_provider_openstack:namespace:name}
+      helm_values_files:
+        - ${_base_directory}/helm_values/csi-values.yaml
+      output_path: cloud-provider-openstack/20_csi_helm_chart
+    "False":
+      input_type: jsonnet
+      input_paths: []
+      output_path: cloud-provider-openstack/
+
   kapitan:
+    dependencies:
+      - type: helm
+        source: ${cloud_provider_openstack:charts:openstack-cloud-controller-manager:source}
+        version: ${cloud_provider_openstack:charts:openstack-cloud-controller-manager:version}
+        chart_name: openstack-cloud-controller-manager
+        output_path: ${_base_directory}/helmcharts/openstack-cloud-controller-manager/${cloud_provider_openstack:charts:openstack-cloud-controller-manager:version}
+      - type: helm
+        source: ${cloud_provider_openstack:charts:openstack-cinder-csi:source}
+        version: ${cloud_provider_openstack:charts:openstack-cinder-csi:version}
+        chart_name: openstack-cinder-csi
+        output_path: ${_base_directory}/helmcharts/openstack-cinder-csi/${cloud_provider_openstack:charts:openstack-cinder-csi:version}
     compile:
       - input_paths:
           - ${_base_directory}/component/app.jsonnet
         input_type: jsonnet
         output_path: .
+      - input_paths:
+          - ${_base_directory}/component/render-helm-values.jsonnet
+        input_type: jsonnet
+        output_path: ${_base_directory}/helm_values/
+      - ${_os_ccm_chart:${cloud_provider_openstack:ccm:enabled}}
+      - ${_os_csi_chart:${cloud_provider_openstack:csi:enabled}}
       - input_paths:
           - ${_base_directory}/component/main.jsonnet
         input_type: jsonnet

diff --git a/class/defaults.yml b/class/defaults.yml
@@ -2,4 +2,168 @@ parameters:
   cloud_provider_openstack:
     =_metadata:
       multi_tenant: true
-    namespace: syn-cloud-provider-openstack
+    namespace:
+      name: syn-cloud-provider-openstack
+      labels: {}
+      annotations: {}
+
+    charts:
+      openstack-cloud-controller-manager:
+        source: https://kubernetes.github.io/cloud-provider-openstack
+        version: "2.35.0"
+      openstack-cinder-csi:
+        source: https://kubernetes.github.io/cloud-provider-openstack
+        version: "2.35.0"
+
+    images:
+      openstack_cloud_controller_manager:
+        registry: registry.k8s.io
+        repository: provider-os/openstack-cloud-controller-manager
+        tag: v1.35.0
+      cinder_csi_plugin:
+        registry: registry.k8s.io
+        repository: provider-os/cinder-csi-plugin
+        tag: v1.35.0
+
+    cloud_config_secret_name: cloud-config
+
+    cloud_conf:
+      global: {}
+      networking: {}
+      load_balancer: {}
+      load_balancer_classes: {}
+      block_storage: {}
+      metadata: {}
+      route: {}
+
+    ccm:
+      enabled: true
+      cluster_name: ${cluster:name}
+      service_account_name: cloud-controller-manager
+      resources:
+        requests:
+          cpu: 50m
+          memory: 64Mi
+      enabled_controllers:
+        - cloud-node
+        - cloud-node-lifecycle
+        - service
+      log_verbosity_level: 2
+      node_selector:
+        node-role.kubernetes.io/control-plane: ""
+      tolerations:
+        node.cloudprovider.kubernetes.io/uninitialized:
+          value: "true"
+          effect: NoSchedule
+        node-role.kubernetes.io/control-plane:
+          effect: NoSchedule
+      service_monitor:
+        enabled: false
+        additionalLabels: {}
+      extra_volumes: []
+      extra_volume_mounts: []
+      helm_values:
+        secret:
+          enabled: true
+          create: false
+          name: ${cloud_provider_openstack:cloud_config_secret_name}
+        cluster:
+          name: ${cloud_provider_openstack:ccm:cluster_name}
+        serviceAccountName: ${cloud_provider_openstack:ccm:service_account_name}
+        image:
+          repository: ${cloud_provider_openstack:images:openstack_cloud_controller_manager:registry}/${cloud_provider_openstack:images:openstack_cloud_controller_manager:repository}
+          tag: ${cloud_provider_openstack:images:openstack_cloud_controller_manager:tag}
+        resources: ${cloud_provider_openstack:ccm:resources}
+        logVerbosityLevel: ${cloud_provider_openstack:ccm:log_verbosity_level}
+        nodeSelector: ${cloud_provider_openstack:ccm:node_selector}
+        serviceMonitor: ${cloud_provider_openstack:ccm:service_monitor}
+        extraVolumes: ${cloud_provider_openstack:ccm:extra_volumes}
+        extraVolumeMounts: ${cloud_provider_openstack:ccm:extra_volume_mounts}
+
+    csi:
+      enabled: true
+      cluster_id: ${cluster:name}
+      fs_type: ext4
+      volume_binding_mode: WaitForFirstConsumer
+      log_verbosity_level: 2
+      pod_monitor:
+        enabled: false
+        additionalLabels: {}
+      controller_plugin:
+        node_selector:
+          node-role.kubernetes.io/control-plane: ""
+        tolerations:
+          node-role.kubernetes.io/control-plane:
+            effect: NoSchedule
+      node_plugin:
+        tolerations:
+          "":
+            operator: Exists
+      resources:
+        controller:
+          csi-provisioner:
+            requests:
+              cpu: 20m
+              memory: 32Mi
+          csi-attacher:
+            requests:
+              cpu: 20m
+              memory: 32Mi
+          csi-resizer:
+            requests:
+              cpu: 20m
+              memory: 32Mi
+          csi-snapshotter:
+            requests:
+              cpu: 20m
+              memory: 32Mi
+          cinder-csi-plugin:
+            requests:
+              cpu: 20m
+              memory: 64Mi
+        node:
+          node-driver-registrar:
+            requests:
+              cpu: 20m
+              memory: 32Mi
+          cinder-csi-plugin:
+            requests:
+              cpu: 20m
+              memory: 64Mi
+      storage_classes: {}
+      volume_snapshot_classes: {}
+      helm_values:
+        secret:
+          enabled: true
+          create: false
+          hostMount: false
+          name: ${cloud_provider_openstack:cloud_config_secret_name}
+        clusterID: ${cloud_provider_openstack:csi:cluster_id}
+        logVerbosityLevel: ${cloud_provider_openstack:csi:log_verbosity_level}
+        storageClass:
+          enabled: false
+        csi:
+          provisioner:
+            resources: ${cloud_provider_openstack:csi:resources:controller:csi-provisioner}
+          attacher:
+            resources: ${cloud_provider_openstack:csi:resources:controller:csi-attacher}
+          resizer:
+            resources: ${cloud_provider_openstack:csi:resources:controller:csi-resizer}
+          snapshotter:
+            resources: ${cloud_provider_openstack:csi:resources:controller:csi-snapshotter}
+          nodeDriverRegistrar:
+            resources: ${cloud_provider_openstack:csi:resources:node:node-driver-registrar}
+          plugin:
+            image:
+              repository: ${cloud_provider_openstack:images:cinder_csi_plugin:registry}/${cloud_provider_openstack:images:cinder_csi_plugin:repository}
+              tag: ${cloud_provider_openstack:images:cinder_csi_plugin:tag}
+            volumes: []
+            volumeMounts:
+              - name: cloud-config
+                mountPath: /etc/config
+                readOnly: true
+            resources: ${cloud_provider_openstack:csi:resources:controller:cinder-csi-plugin}
+            httpEndpoint:
+              enabled: ${cloud_provider_openstack:csi:pod_monitor:enabled}
+              port: 8080
+            podMonitor: ${cloud_provider_openstack:csi:pod_monitor}
diff --git a/component/main.jsonnet b/component/main.jsonnet
@@ -1,10 +1,109 @@
-// main template for cloud-provider-openstack
 local kap = import 'lib/kapitan.libjsonnet';
 local kube = import 'lib/kube.libjsonnet';
+local sc = import 'lib/storageclass.libsonnet';
+
 local inv = kap.inventory();
-// The hiera parameters for the component
 local params = inv.parameters.cloud_provider_openstack;
 
-// Define outputs below
+local renderValue(k, v) =
+  if v == null then []
+  else if std.isArray(v) then
+    [ '%s=%s' % [ k, item ] for item in v if item != null ]
+  else if std.isObject(v) then
+    error 'cloud_conf value for key "%s" must be scalar or array, got object' % k
+  else
+    [ '%s=%s' % [ k, v ] ];
+
+local renderSection(name, dict) =
+  local lines = std.flattenArrays(
+    [ renderValue(k, dict[k]) for k in std.objectFields(dict) ]
+  );
+  if std.length(lines) == 0 then []
+  else [ '[%s]' % name ] + lines + [ '' ];
+
+local renderLBClasses(classes) =
+  std.flattenArrays([
+    renderSection('LoadBalancerClass "%s"' % cls, classes[cls])
+    for cls in std.objectFields(classes)
+    if std.length(std.objectFields(classes[cls])) > 0
+  ]);
+
+local renderCloudConf() =
+  std.join(
+    '\n',
+    renderSection('Global', params.cloud_conf.global) +
+    renderSection('Networking', params.cloud_conf.networking) +
+    renderSection('LoadBalancer', params.cloud_conf.load_balancer) +
+    renderLBClasses(params.cloud_conf.load_balancer_classes) +
+    renderSection('BlockStorage', params.cloud_conf.block_storage) +
+    renderSection('Metadata', params.cloud_conf.metadata) +
+    renderSection('Route', params.cloud_conf.route)
+  );
+
+local secret = kube.Secret(params.cloud_config_secret_name) {
+  metadata+: {
+    namespace: params.namespace.name,
+  },
+  data:: {},
+  stringData: {
+    'cloud.conf': renderCloudConf(),
+  },
+};
+
+local scParameters(scDef) =
+  local base =
+    if params.csi.fs_type != null && params.csi.fs_type != ''
+    then { fsType: params.csi.fs_type }
+    else {};
+  base + scDef.parameters;
+
+local storageClasses = [
+  local scDef = params.csi.storage_classes[name];
+  sc.storageClass(name) {
+    provisioner: 'cinder.csi.openstack.org',
+    reclaimPolicy: std.get(scDef, 'reclaim_policy', 'Delete'),
+    allowVolumeExpansion: std.get(scDef, 'allow_volume_expansion', true),
+    volumeBindingMode: params.csi.volume_binding_mode,
+    parameters: scParameters(scDef),
+    [if std.length(std.get(scDef, 'allowed_topologies', [])) > 0
+    then 'allowedTopologies']:
+      scDef.allowed_topologies,
+  }
+  for name in std.objectFields(params.csi.storage_classes)
+];
+
+local volumeSnapshotClasses = [
+  local vsc = params.csi.volume_snapshot_classes[name];
+  local vscParams = std.get(vsc, 'parameters', {});
+  kube._Object('snapshot.storage.k8s.io/v1', 'VolumeSnapshotClass', name) {
+    driver: 'cinder.csi.openstack.org',
+    deletionPolicy: vsc.deletion_policy,
+    [if std.length(vscParams) > 0 then 'parameters']: vscParams,
+  }
+  for name in std.objectFields(params.csi.volume_snapshot_classes)
+];
+
+local namespace = kube.Namespace(params.namespace.name) {
+  metadata+: {
+    labels+: {
+      [k]: params.namespace.labels[k]
+      for k in std.objectFields(params.namespace.labels)
+      if params.namespace.labels[k] != null
+    },
+    annotations+: {
+      [k]: params.namespace.annotations[k]
+      for k in std.objectFields(params.namespace.annotations)
+      if params.namespace.annotations[k] != null
+    },
+  },
+};
+
 {
+  [if params.namespace.name != 'kube-system' then '00_namespace']: namespace,
+  '01_secret': secret,
+  [if std.length(params.csi.storage_classes) > 0 then '10_storageclasses']:
+    storageClasses,
+  [if std.length(params.csi.volume_snapshot_classes) > 0
+  then '10_volumesnapshotclasses']:
+    volumeSnapshotClasses,
 }