feat(chart): add helm chart for zfs local pv (#247)

Signed-off-by: shubham <shubham.bajpai@mayadata.io>

deploy/helm/charts/templates/NOTES.txt

@@ -0,0 +1,5 @@
+The OpenEBS ZFS LocalPV has been installed. Check its status by running:
+$ kubectl get pods -n {{ .Release.Namespace }} -l role=openebs-zfs
+
+For more information, visit our Slack at https://openebs.io/community or view 
+the documentation online at http://docs.openebs.io/.

deploy/helm/charts/templates/_helpers.tpl

@@ -0,0 +1,116 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "zfslocalpv.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified localpv provisioner name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "zfslocalpv.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "zfslocalpv.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{/*
+Create the name of the service account for controller
+*/}}
+{{- define "zfslocalpv.zfsController.serviceAccountName" -}}
+{{- if .Values.serviceAccount.zfsController.create }}
+{{- default (include "zfslocalpv.fullname" .) .Values.serviceAccount.zfsController.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.zfsController.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "zfslocalpv.zfsNode.serviceAccountName" -}}
+{{- if .Values.serviceAccount.zfsNode.create }}
+{{- default (include "zfslocalpv.fullname" .) .Values.serviceAccount.zfsNode.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.zfsNode.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Define meta labels for openebs zfs-localpv components
+*/}}
+{{- define "zfslocalpv.common.metaLabels" -}}
+chart: {{ template "zfslocalpv.chart" . }}
+heritage: {{ .Release.Service }}
+openebs.io/version: {{ .Values.release.version | quote }}
+role: {{ .Values.role | quote }}
+{{- end -}}
+
+{{/*
+Create match labels for openebs zfs-localpv controller
+*/}}
+{{- define "zfslocalpv.zfsController.matchLabels" -}}
+app: {{ .Values.zfsController.componentName | quote }}
+release: {{ .Release.Name }}
+component: {{ .Values.zfsController.componentName | quote }}
+{{- end -}}
+
+{{/*
+Create component labels for zfslocalpv controller
+*/}}
+{{- define "zfslocalpv.zfsController.componentLabels" -}}
+openebs.io/component-name: {{ .Values.zfsController.componentName | quote }}
+{{- end -}}
+
+
+{{/*
+Create labels for openebs zfs-localpv controller
+*/}}
+{{- define "zfslocalpv.zfsController.labels" -}}
+{{ include "zfslocalpv.common.metaLabels" . }}
+{{ include "zfslocalpv.zfsController.matchLabels" . }}
+{{ include "zfslocalpv.zfsController.componentLabels" . }}
+{{- end -}}
+
+{{/*
+Create match labels for openebs zfs-localpv node daemon
+*/}}
+{{- define "zfslocalpv.zfsNode.matchLabels" -}}
+name: {{ .Values.zfsNode.componentName | quote }}
+release: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create component labels openebs zfs-localpv node daemon
+*/}}
+{{- define "zfslocalpv.zfsNode.componentLabels" -}}
+openebs.io/component-name: {{ .Values.zfsNode.componentName | quote }}
+{{- end -}}
+
+
+{{/*
+Create labels for openebs zfs-localpv node daemon
+*/}}
+{{- define "zfslocalpv.zfsNode.labels" -}}
+{{ include "zfslocalpv.common.metaLabels" . }}
+{{ include "zfslocalpv.zfsNode.matchLabels" . }}
+{{ include "zfslocalpv.zfsNode.componentLabels" . }}
+{{- end -}}

deploy/helm/charts/templates/configmap.yaml

@@ -0,0 +1,17 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: openebs-zfspv-bin
+  namespace: {{ .Release.Namespace }} # should be the same namespace where it is getting mounted
+  labels:
+    {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }}
+data:
+  zfs: |
+    #!/bin/sh
+    if [ -x /host/sbin/zfs ]; then
+      chroot /host /sbin/zfs "$@"
+    elif [ -x /host/usr/sbin/zfs ]; then
+      chroot /host /usr/sbin/zfs "$@"
+    else
+      chroot /host zfs "$@"
+    fi

deploy/helm/charts/templates/csidriver.yaml

@@ -0,0 +1,9 @@
+# Create the CSI Driver object
+apiVersion: storage.k8s.io/v1beta1
+kind: CSIDriver
+metadata:
+  name: zfs.csi.openebs.io
+spec:
+  # do not require volumeattachment
+  attachRequired: false
+  podInfoOnMount: false

deploy/helm/charts/templates/rbac.yaml

@@ -0,0 +1,164 @@
+{{- if .Values.serviceAccount.zfsController.create -}}
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: {{ .Values.serviceAccount.zfsController.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "zfslocalpv.zfsController.labels" . | nindent 4 }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-zfs-provisioner-role
+  labels:
+    {{- include "zfslocalpv.zfsController.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["*"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes", "services"]
+    verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses", "csinodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: ["*"]
+    resources: ["zfsvolumes", "zfssnapshots", "zfsbackups", "zfsrestores"]
+    verbs: ["*"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-zfs-provisioner-binding
+  labels:
+    {{- include "zfslocalpv.zfsController.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.zfsController.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: openebs-zfs-provisioner-role
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-zfs-snapshotter-role
+  labels:
+    {{- include "zfslocalpv.zfsController.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["create", "get", "list", "watch", "update", "delete"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list", "watch", "update"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents/status"]
+    verbs: ["update"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots/status"]
+    verbs: ["update"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["create", "list", "watch", "delete"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-zfs-snapshotter-binding
+  labels:
+    {{- include "zfslocalpv.zfsController.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.zfsController.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: openebs-zfs-snapshotter-role
+  apiGroup: rbac.authorization.k8s.io
+---
+{{- end }}
+{{- if .Values.serviceAccount.zfsNode.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.zfsNode.name }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-zfs-driver-registrar-role
+  labels:
+    {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes", "nodes", "services"]
+    verbs: ["get", "list"]
+  - apiGroups: ["*"]
+    resources: ["zfsvolumes", "zfssnapshots", "zfsbackups", "zfsrestores"]
+    verbs: ["get", "list", "watch", "create", "update", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: openebs-zfs-driver-registrar-binding
+  labels:
+    {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.serviceAccount.zfsNode.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: openebs-zfs-driver-registrar-role
+  apiGroup: rbac.authorization.k8s.io
+---
+{{- end }}

deploy/helm/charts/templates/zfs-contoller.yaml

@@ -0,0 +1,127 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "zfslocalpv.fullname" . }}-controller
+  {{- with .Values.zfsController.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "zfslocalpv.zfsController.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "zfslocalpv.zfsController.matchLabels" . | nindent 6 }}
+  serviceName: "{{ .Values.zfsController.serviceName }}"
+  replicas: {{ .Values.zfsController.replicas }}
+  template:
+    metadata:
+      {{- with .Values.zfsController.podAnnotations }}
+      annotations: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "zfslocalpv.zfsController.labels" . | nindent 8 }}
+        {{- with .Values.zfsController.podLabels}}
+        {{ toYaml . | nindent 8 }}
+        {{- end}}
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - openebs-zfs-controller
+            topologyKey: "kubernetes.io/hostname"
+      priorityClassName: system-cluster-critical
+      serviceAccount: {{ .Values.serviceAccount.zfsController.name }}
+      containers:
+        - name: {{ .Values.zfsController.resizer.name }}
+          image: "{{ .Values.zfsController.resizer.image.registry }}{{ .Values.zfsController.resizer.image.repository }}:{{ .Values.zfsController.resizer.image.tag }}"
+          args:
+            - "--v=5"
+            - "--csi-address=$(ADDRESS)"
+            - "--leader-election"
+          env:
+            - name: ADDRESS
+              value: /var/lib/csi/sockets/pluginproxy/csi.sock
+          imagePullPolicy: {{ .Values.zfsController.resizer.image.pullPolicy }}
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy/
+        - name: {{ .Values.zfsController.snapshotter.name }}
+          image: "{{ .Values.zfsController.snapshotter.image.registry }}{{ .Values.zfsController.snapshotter.image.repository }}:{{ .Values.zfsController.snapshotter.image.tag }}"
+          imagePullPolicy: {{ .Values.zfsController.snapshotter.image.pullPolicy }}
+          args:
+            - "--csi-address=$(ADDRESS)"
+            - "--leader-election"
+          env:
+            - name: ADDRESS
+              value: /var/lib/csi/sockets/pluginproxy/csi.sock
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy/
+        - name: {{ .Values.zfsController.snapshotController.name }}
+          image: "{{ .Values.zfsController.snapshotController.image.registry }}{{ .Values.zfsController.snapshotController.image.repository }}:{{ .Values.zfsController.snapshotController.image.tag }}"
+          args:
+            - "--v=5"
+            - "--leader-election=true"
+          imagePullPolicy: {{ .Values.zfsController.snapshotController.image.pullPolicy }}
+        - name: {{ .Values.zfsController.provisioner.name }}
+          image: "{{ .Values.zfsController.provisioner.image.registry }}{{ .Values.zfsController.provisioner.image.repository }}:{{ .Values.zfsController.provisioner.image.tag }}"
+          imagePullPolicy: {{ .Values.zfsController.provisioner.image.pullPolicy }}
+          args:
+            - "--csi-address=$(ADDRESS)"
+            - "--v=5"
+            - "--feature-gates=Topology=true"
+            - "--strict-topology"
+            - "--leader-election"
+            - "--extra-create-metadata=true"
+          env:
+            - name: ADDRESS
+              value: /var/lib/csi/sockets/pluginproxy/csi.sock
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy/
+        - name: {{ .Values.zfsPlugin.name }}
+          image: "{{ .Values.zfsPlugin.image.registry }}{{ .Values.zfsPlugin.image.repository }}:{{ .Values.zfsPlugin.image.tag }}"
+          imagePullPolicy: {{ .Values.zfsPlugin.image.pullPolicy }}
+          env:
+            - name: OPENEBS_CONTROLLER_DRIVER
+              value: controller
+            - name: OPENEBS_CSI_ENDPOINT
+              value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
+            - name: OPENEBS_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OPENEBS_IO_INSTALLER_TYPE
+              value: "zfs-localpv-helm"
+            - name: OPENEBS_IO_ENABLE_ANALYTICS
+              value: "{{ .Values.analytics.enabled }}"
+          args :
+            - "--endpoint=$(OPENEBS_CSI_ENDPOINT)"
+            - "--plugin=$(OPENEBS_CONTROLLER_DRIVER)"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /var/lib/csi/sockets/pluginproxy/
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
+{{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 2 }}
+{{- end }}
+{{- if .Values.zfsController.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.zfsController.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.zfsController.securityContext }}
+      securityContext:
+{{ toYaml .Values.zfsController.securityContext | indent 8 }}
+{{- end }}
+{{- if .Values.zfsController.tolerations }}
+      tolerations:
+{{ toYaml .Values.zfsController.tolerations | indent 8 }}
+{{- end }}

deploy/helm/charts/templates/zfs-node.yaml

@@ -0,0 +1,146 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: {{ template "zfslocalpv.fullname" . }}-node
+  {{- with .Values.zfsNode.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "zfslocalpv.zfsNode.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "zfslocalpv.zfsNode.matchLabels" . | nindent 6 }}
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: 100%
+    type: RollingUpdate
+  template:
+    metadata:
+      {{- with .Values.zfsNode.podAnnotations }}
+      annotations: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "zfslocalpv.zfsNode.labels" . | nindent 8 }}
+        {{- with .Values.zfsNode.podLabels}}
+        {{ toYaml . | nindent 8 }}
+        {{- end}}
+    spec:
+      priorityClassName: system-node-critical
+      serviceAccount: {{ .Values.serviceAccount.zfsNode.name }}
+      hostNetwork: true
+      containers:
+        - name: {{ .Values.zfsNode.driverRegistrar.name }}
+          image: "{{ .Values.zfsNode.driverRegistrar.image.registry }}{{ .Values.zfsNode.driverRegistrar.image.repository }}:{{ .Values.zfsNode.driverRegistrar.image.tag }}"
+          imagePullPolicy: {{ .Values.zfsNode.driverRegistrar.image.pullPolicy }}
+          args:
+            - "--v=5"
+            - "--csi-address=$(ADDRESS)"
+            - "--kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)"
+          lifecycle:
+            preStop:
+              exec:
+                command: ["/bin/sh", "-c", "rm -rf /registration/zfs-localpv /registration/zfs-localpv-reg.sock"]
+          env:
+            - name: ADDRESS
+              value: /plugin/csi.sock
+            - name: DRIVER_REG_SOCK_PATH
+              value: {{ .Values.zfsNode.kubeletDir }}plugins/zfs-localpv/csi.sock
+            - name: KUBE_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: NODE_DRIVER
+              value: openebs-zfs
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /plugin
+            - name: registration-dir
+              mountPath: /registration
+        - name: {{ .Values.zfsPlugin.name }}
+          securityContext:
+            privileged: true
+            allowPrivilegeEscalation: true
+          image: "{{ .Values.zfsPlugin.image.registry }}{{ .Values.zfsPlugin.image.repository }}:{{ .Values.zfsPlugin.image.tag }}"
+          imagePullPolicy: {{ .Values.zfsPlugin.image.pullPolicy }}
+          args:
+            - "--nodeid=$(OPENEBS_NODE_ID)"
+            - "--endpoint=$(OPENEBS_CSI_ENDPOINT)"
+            - "--plugin=$(OPENEBS_NODE_DRIVER)"
+          env:
+            - name: OPENEBS_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: OPENEBS_CSI_ENDPOINT
+              value: unix:///plugin/csi.sock
+            - name: OPENEBS_NODE_DRIVER
+              value: agent
+            - name: OPENEBS_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          volumeMounts:
+            - name: plugin-dir
+              mountPath: /plugin
+            - name: device-dir
+              mountPath: /dev
+            - name: encr-keys
+              mountPath: /home/keys
+            - name: chroot-zfs
+              mountPath: /sbin/zfs
+              subPath: zfs
+            - name: host-root
+              mountPath: /host
+              mountPropagation: "HostToContainer"
+              readOnly: true
+            - name: pods-mount-dir
+              mountPath: {{ .Values.zfsNode.kubeletDir }}
+              # needed so that any mounts setup inside this container are
+              # propagated back to the host machine.
+              mountPropagation: "Bidirectional"
+      volumes:
+        - name: device-dir
+          hostPath:
+            path: /dev
+            type: Directory
+        - name: encr-keys
+          hostPath:
+            path: /home/keys
+            type: DirectoryOrCreate
+        - name: chroot-zfs
+          configMap:
+            defaultMode: 0555
+            name: openebs-zfspv-bin
+        - name: host-root
+          hostPath:
+            path: /
+            type: Directory
+        - name: registration-dir
+          hostPath:
+            path: {{ .Values.zfsNode.kubeletDir }}plugins_registry/
+            type: DirectoryOrCreate
+        - name: plugin-dir
+          hostPath:
+            path: {{ .Values.zfsNode.kubeletDir }}plugins/zfs-localpv/
+            type: DirectoryOrCreate
+        - name: pods-mount-dir
+          hostPath:
+            path: {{ .Values.zfsNode.kubeletDir }}
+            type: Directory
+{{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 2 }}
+{{- end }}
+{{- if .Values.zfsNode.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.zfsNode.nodeSelector | indent 8 }}
+{{- end }}
+{{- if .Values.zfsNode.securityContext }}
+      securityContext:
+{{ toYaml .Values.zfsNode.securityContext | indent 8 }}
+{{- end }}
+{{- if .Values.zfsNode.tolerations }}
+      tolerations:
+{{ toYaml .Values.zfsNode.tolerations | indent 8 }}
+{{- end }}