{"id":19838507,"url":"https://github.com/metal-stack/duros-controller","last_synced_at":"2026-03-15T00:03:38.250Z","repository":{"id":40632537,"uuid":"319246441","full_name":"metal-stack/duros-controller","owner":"metal-stack","description":"kubernetes controller to deploy a lightbits storageclass into a cluster with proper authentication tokens","archived":false,"fork":false,"pushed_at":"2025-06-26T11:44:43.000Z","size":346,"stargazers_count":1,"open_issues_count":9,"forks_count":0,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-06-26T12:27:31.349Z","etag":null,"topics":["csi-driver","deployment","kubernetes","nvme-storage","nvmeovertcp"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/metal-stack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-12-07T08:05:47.000Z","updated_at":"2025-06-26T11:39:02.000Z","dependencies_parsed_at":"2022-07-20T13:48:00.934Z","dependency_job_id":"64fd260f-c438-425b-acf7-8d4f2f00d621","html_url":"https://github.com/metal-stack/duros-controller","commit_stats":null,"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/metal-stack/duros-controller","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/metal-stack%2Fduros-controller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/metal-stack%2Fduros-controller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/metal-stack%2Fduros-controller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/metal-stack%2Fduros-controller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/metal-stack","download_url":"https://codeload.github.com/metal-stack/duros-controller/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/metal-stack%2Fduros-controller/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264103671,"owners_count":23557980,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csi-driver","deployment","kubernetes","nvme-storage","nvmeovertcp"],"created_at":"2024-11-12T12:17:59.371Z","updated_at":"2026-03-15T00:03:38.221Z","avatar_url":"https://github.com/metal-stack.png","language":"Go","readme":"# duros-controller\n\nA Bridge between cloud-native and duros storage controller. This controller is responsible to create a project in the duros-api and an authentication token to access the duros storage.\nAfter the authentication token is created, it creates a storage class deployment in the shoot which itself authenticates against the duros storage to create/delete PV and mount them.\n\n## Architecture\n\n![Architecture](architecture.drawio.svg)\n\nThe Dataplane is built like this:\n\n![Dataplane](dataplane.drawio.svg)\n\n## Configuration\n\nThe configuration is done through a CustomResource in the shoot namespace in the seed. The Duros CustomResource contains a Reference to the metal-api project the Endpoints and the name of StorageClasses which should be created. The JWT Token is stored as StorageClass Secret.\nThe Gardener Extension Provider Metal will create a Duros CustomResource on shoot creation.\n\nExample CR which will reconcile 2 StorageClasses, one with 2 replicas, and one with 3 replicas.\n\n```yaml\n---\napiVersion: storage.metal-stack.io/v1\nkind: Duros\nmetadata:\n  namespace: duros\n  name: sample\nspec:\n  metalProjectID: 5820c4e7-fbd4-4e4b-a40b-2b83eb34bbe3\n  storageClasses:\n    - name: partition-silver\n      replicas: 2\n      compression: \"true\"\n    - name: partition-gold\n      replicas: 3\n      compression: \"true\"\n```\n\nEnsure you also have a ClusterwideNetworkPolicy deployed to have access to the duros storage servers with the required ports\n\n```yaml\n---\napiVersion: metal-stack.io/v1\nkind: ClusterwideNetworkPolicy\nmetadata:\n  name: allow-to-storage\n  namespace: firewall\nspec:\n  egress:\n  - ports:\n    - port: 443\n      protocol: TCP\n    - port: 4420\n      protocol: TCP\n    - port: 8009\n      protocol: TCP\n    to:\n    - cidr: 10.128.0.0/14\n```\n\n## Use Cases\n\nThere are several use cases during the lifecycle of storage consumed by customers.\n\n### First usage from a tenants project\n\nThere was no storage usage from a project before, e.g. because the customer created a new project and then a cluster is created.\nThen `gepm` will create the `Duros` CR and deploys the `duros-controller` into the shoot namespace in the seed.\nThe `duros-controller` will check if there is already a project present in the `duros-api` with the metal-api project ID and create it if it does not exist.\nA JWT Token with project permission is created and stored as secret in the shoot namespace.\nWith this Secret a `StorageClass` deployment in the shoot is created.\n\nThen the Cluster user is able to create PVs.\n\n### Second cluster in the same project\n\nIf a second cluster in the same project in the same partition is created, the `duros-controller` will see there is already a project present in the duros-api.\nA new secret for this cluster is created and stored StorageClass Secret.\n\n### Clusters are deleted\n\nIf a cluster is deleted, even if it is the latest in the project, storage volumes are not deleted. This enables customers to keep their storage and consume it in new clusters.\n\n### Storage Volume and Project list/delete\n\nThe cloud-api will add endpoints to list/delete duros volumes and list projects, this will be done through a grpc proxy as shown in the architecture.\nA Duros project will be deleted if the metal-api project is deleted. A check if there are no volumes present is also implemented.\n\n## Accounting\n\nAccounting of volumes is done with the kube-counter running in every shoot in the seed. Accounting of volumes currently not in use in any of the clusters\nare listed from the cloud-api and reported to the accounting-api.\n\n## Tenant separation\n\nHow tenant separation works is described more detailed [here](MULTITENANCY.md)\n\n## TODO\n\n- check if Gardener deletes PVC's after cluster deletion.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmetal-stack%2Fduros-controller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmetal-stack%2Fduros-controller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmetal-stack%2Fduros-controller/lists"}