From 261684fc3ffc7d2cb2faa5ea8dfca30ad0962d13 Mon Sep 17 00:00:00 2001
From: Clement Liaw <cliaw@crusoe.ai>
Date: Fri, 18 Oct 2024 15:36:09 -0700
Subject: [PATCH] feat: polish helm chart values/templating

---
 README.md                                     | 20 ++++++--------
 .../templates/controller.yaml                 | 11 ++++----
 charts/crusoe-csi-driver/templates/node.yaml  |  9 ++++---
 charts/crusoe-csi-driver/values.yaml          | 26 ++++++++++++++-----
 internal/driver/secrets.go                    |  4 +--
 5 files changed, 41 insertions(+), 29 deletions(-)

diff --git a/README.md b/README.md
index c260123..c590bfa 100644
--- a/README.md
+++ b/README.md
@@ -14,24 +14,20 @@ the [Crusoe Cloud RKE2 solution](https://github.com/crusoecloud/crusoe-ml-rke2)
 
 As the CSI Driver will communicate with the Crusoe Cloud API to orchestrate storage operations, you will have to set up
 credentials in your Kubernetes cluster which the driver can then use to communicate with the API. Here is a `.yaml` file 
-which can be modified with your credentials and applied to your cluster (using `kubectl apply -f credentials.yaml`).
+which can be modified with your credentials and applied to your cluster (using `kubectl apply -f credentials.yaml -n $CRUSOE_CSI_NAMESPACE`).
+
+By default, the driver will use the `crusoe-api-keys` secret.
 
 ```yaml
 apiVersion: v1
 data:
-  crusoe-csi-accesskey: <base-64 encoded Crusoe Token Access Key>
-kind: Secret
-type: Opaque
-metadata:
-  name: crusoe-csi-accesskey
----
-apiVersion: v1
-data:
-  crusoe-csi-secretkey: <base-64 encoded Crusoe Token Secret Key>
+  CRUSOE_CSI_ACCESS_KEY: <base-64 encoded Crusoe Access Key>
+  CRUSOE_CSI_SECRET_KEY: <base-64 encoded Crusoe Secret Key>
 kind: Secret
-type: Opaque
 metadata:
-  name: crusoe-csi-secretkey
+  name: crusoe-api-keys
+  namespace: crusoe-csi-driver
+
 ```
 
 ### Installing the Driver
diff --git a/charts/crusoe-csi-driver/templates/controller.yaml b/charts/crusoe-csi-driver/templates/controller.yaml
index a285bf8..7be7520 100644
--- a/charts/crusoe-csi-driver/templates/controller.yaml
+++ b/charts/crusoe-csi-driver/templates/controller.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
   name: {{.Release.Name }}-controller
 spec:
-  replicas: {{.Values.replicaCount }}
+  replicas: 1
   selector:
     matchLabels:
       app: {{.Release.Name }}
@@ -32,10 +32,7 @@ spec:
                   fieldPath: spec.nodeName
           envFrom:
             - secretRef:
-                name: crusoe-csi-accesskey
-                optional: false
-            - secretRef:
-                name: crusoe-csi-secretkey
+                name: {{.Values.secrets.crusoe_api_keys.secretName}}
                 optional: false
           volumeMounts:
             - name: socket-dir
@@ -45,6 +42,10 @@ spec:
               mountPropagation: "Bidirectional"
           securityContext:
             privileged: true
+          {{- with .Values.controller.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
         - name: csi-attacher
           image: registry.k8s.io/sig-storage/csi-attacher:v4.4.0
           args:
diff --git a/charts/crusoe-csi-driver/templates/node.yaml b/charts/crusoe-csi-driver/templates/node.yaml
index 0a1f644..22cf6fc 100644
--- a/charts/crusoe-csi-driver/templates/node.yaml
+++ b/charts/crusoe-csi-driver/templates/node.yaml
@@ -30,10 +30,7 @@ spec:
                   fieldPath: spec.nodeName
           envFrom:
             - secretRef:
-                name: crusoe-csi-accesskey
-                optional: false
-            - secretRef:
-                name: crusoe-csi-secretkey
+                name: {{.Values.secrets.crusoe_api_keys.secretName}}
                 optional: false
           volumeMounts:
             - name: socket-dir
@@ -45,6 +42,10 @@ spec:
               mountPath: /dev
           securityContext:
             privileged: true
+          {{- with .Values.node.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
         - name: csi-driver-registrar
           image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0
           args:
diff --git a/charts/crusoe-csi-driver/values.yaml b/charts/crusoe-csi-driver/values.yaml
index 53d2f6d..1f9b07f 100644
--- a/charts/crusoe-csi-driver/values.yaml
+++ b/charts/crusoe-csi-driver/values.yaml
@@ -1,14 +1,28 @@
 # Default values for crusoe-csi-driver.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
-replicaCount: 1
-
+driverName: "csi.crusoe.ai"
 image:
   repository: ghcr.io/crusoecloud/crusoe-csi-driver
   tag: "main"
 
-driverName: "csi.crusoe.ai"
-
-resources: {}
+secrets:
+  crusoe_api_keys:
+    secretName: "crusoe-api-keys"
+controller:
+  resources:
+    requests:
+      cpu: 100m
+      memory: 200Mi
+    limits:
+      cpu: 100m
+      memory: 200Mi
 
-ingress: {}
+node:
+  resources:
+    requests:
+      cpu: 100m
+      memory: 200Mi
+    limits:
+      cpu: 100m
+      memory: 200Mi
diff --git a/internal/driver/secrets.go b/internal/driver/secrets.go
index 60cabec..b2b2911 100644
--- a/internal/driver/secrets.go
+++ b/internal/driver/secrets.go
@@ -7,9 +7,9 @@ import (
 
 const (
 	SecretPath    = "/etc/secrets"
-	AccessKeyName = "crusoe-csi-accesskey"
+	AccessKeyName = "CRUSOE_CSI_ACCESS_KEY"
 	//nolint:gosec // we are not hardcoding credentials, just the env var to get them
-	SecretKeyName = "crusoe-csi-secretkey"
+	SecretKeyName = "CRUSOE_CSI_SECRET_KEY"
 )
 
 // Kubernetes provides two main ways of injecting secrets into pods: