From a467aa6f2ae7c1b523c933e7e38f3581b1313928 Mon Sep 17 00:00:00 2001 From: panigs7 <92028646+panigs7@users.noreply.github.com> Date: Tue, 6 Feb 2024 18:06:32 +0530 Subject: [PATCH] Cherry pick commits from 1.4.1 release (#450) * Bump_up_csm-operator_version_to_1.4.1 (#434) * Patch version support (#433) * Adding support of v2.9.1 for Pmax, Pscale, PFlex and unity * Updating module config version for Pmax, Pscale, PFlex and unity * Update storage_csm_powerflex.yaml * version changed to 2.9.1 * version changed to 2.9.1 * Enabling github actions for all branch * updated version to 2.9.1 for unity, powerflex, powerscale and powermax * Adding the support of PStore v2.9.1 * Adding the support of PFlex v2.9.1 * Version bumpup replication 1.7.1 * Bump up version for authorization, resiliency * update csi-metadata-retriever version to 1.6.1 * update reverseproxy version to 2.8.1 --------- Co-authored-by: KshitijaKakde <111420075+KshitijaKakde@users.noreply.github.com> Co-authored-by: Kshitija Kakde Co-authored-by: HarishH-DELL Co-authored-by: panigs7 * Update final manifests for posting of Operator 1.4.1 (#445) * Final manifest update and apex client (#447) * [bug-1120]: Update Authorization sidecar to use insecure flag (#442) * fix auth cert * remove constant * remove duplicate verbs * KRV-20573/csm status (#446) * add module status * Adding CSM Module status * Addressing the comments for PR * Making code reusable * Fix formatting issue * Resolving gosec issue --------- Co-authored-by: HarishH-DELL <109663924+HarishH-DELL@users.noreply.github.com> Co-authored-by: Adarsh Kumar Yadav <109620911+adarsh-dell@users.noreply.github.com> Co-authored-by: KshitijaKakde <111420075+KshitijaKakde@users.noreply.github.com> Co-authored-by: Kshitija Kakde Co-authored-by: HarishH-DELL Co-authored-by: Chiman Jain <36687396+chimanjain@users.noreply.github.com> Co-authored-by: Aaron Tye Co-authored-by: abhi16394 <32352976+abhi16394@users.noreply.github.com> --- .github/workflows/actions.yml | 2 +- Dockerfile | 2 +- Makefile | 2 +- bundle.Dockerfile | 2 +- ...ll-csm-operator.clusterserviceversion.yaml | 180 ++- bundle/metadata/annotations.yaml | 2 +- config/install/kustomization.yaml | 2 +- config/manager/kustomization.yaml | 2 +- ...ll-csm-operator.clusterserviceversion.yaml | 28 +- config/samples/kustomization.yaml | 1 + .../storage_v1_csm_connectivity_client.yaml | 35 + config/samples/storage_v1_csm_powerflex.yaml | 20 +- config/samples/storage_v1_csm_powermax.yaml | 18 +- config/samples/storage_v1_csm_powerscale.yaml | 24 +- config/samples/storage_v1_csm_powerstore.yaml | 14 +- config/samples/storage_v1_csm_unity.yaml | 8 +- deploy/olm/operator_community.yaml | 2 +- deploy/operator.yaml | 2 +- docker.mk | 8 +- .../driverconfig/common/default.yaml | 2 +- .../driverconfig/common/k8s-1.21-values.yaml | 2 +- .../driverconfig/common/k8s-1.22-values.yaml | 3 + .../driverconfig/common/k8s-1.24-values.yaml | 2 +- .../driverconfig/common/k8s-1.25-values.yaml | 2 +- .../driverconfig/common/k8s-1.26-values.yaml | 2 +- .../driverconfig/common/k8s-1.27-values.yaml | 2 +- .../driverconfig/common/k8s-1.28-values.yaml | 2 +- .../powerflex/v2.9.1/controller.yaml | 258 ++++ .../powerflex/v2.9.1}/csidriver.yaml | 0 .../v2.9.1}/driver-config-params.yaml | 0 .../driverconfig/powerflex/v2.9.1/node.yaml | 279 +++++ .../powerflex/v2.9.1}/upgrade-path.yaml | 0 .../powermax/v2.9.1/controller.yaml | 322 +++++ .../powermax/v2.9.1/csidriver.yaml | 23 + .../powermax/v2.9.1/driver-config-params.yaml | 21 + .../driverconfig/powermax/v2.9.1/node.yaml | 258 ++++ .../powermax/v2.9.1}/upgrade-path.yaml | 0 .../powerscale/v2.9.1/controller.yaml | 330 +++++ .../powerscale/v2.9.1/csidriver.yaml | 12 + .../v2.9.1/driver-config-params.yaml | 8 + .../driverconfig/powerscale/v2.9.1/node.yaml | 215 ++++ .../powerscale/v2.9.1/upgrade-path.yaml | 1 + .../powerstore/v2.9.1/controller.yaml | 270 ++++ .../powerstore/v2.9.1}/csidriver.yaml | 0 .../v2.9.1/driver-config-params.yaml | 29 + .../driverconfig/powerstore/v2.9.1/node.yaml | 244 ++++ .../powerstore/v2.9.1}/upgrade-path.yaml | 0 .../driverconfig/unity/v2.9.1/controller.yaml | 259 ++++ .../driverconfig/unity/v2.9.1}/csidriver.yaml | 0 .../unity/v2.9.1}/driver-config-params.yaml | 0 .../driverconfig/unity/v2.9.1/node.yaml | 189 +++ .../unity/v2.9.1}/upgrade-path.yaml | 0 .../app-mobility-controller-manager.yaml | 2 +- .../v1.0.0/velero-deployment.yaml | 2 +- .../authorization/v1.9.1/cert-manager.yaml | 1104 +++++++++++++++++ .../authorization/v1.9.1/container.yaml | 27 + .../authorization/v1.9.1/deployment.yaml | 499 ++++++++ .../authorization/v1.9.1/ingress.yaml | 33 + .../v1.9.1/nginx-ingress-controller.yaml | 663 ++++++++++ .../authorization/v1.9.1/policies.yaml | 265 ++++ .../authorization/v1.9.1/volumes.yaml | 6 + .../moduleconfig/common/cert-manager.yaml | 6 +- .../common/cert-manager/cert-manager.yaml | 6 +- .../moduleconfig/common/version-values.yaml | 16 + .../csireverseproxy/v2.8.1/controller.yaml | 105 ++ .../v1.7.0/karavi-metrics-powerflex.yaml | 1 + .../v1.7.0/karavi-metrics-powermax.yaml | 1 + .../v1.7.0/karavi-metrics-powerscale.yaml | 1 + .../v1.7.0/karavi-otel-collector.yaml | 1 + .../observability/v1.7.0/karavi-topology.yaml | 1 + .../{v1.5.0 => v1.7.1}/container.yaml | 2 +- .../{v1.5.0 => v1.7.1}/controller.yaml | 9 - .../replicationcrds.all.yaml | 0 .../replication/{v1.5.0 => v1.7.1}/rules.yaml | 0 .../container-powerflex-controller.yaml | 36 + .../v1.8.1/container-powerflex-node.yaml | 58 + .../container-powerscale-controller.yaml | 36 + .../v1.8.1/container-powerscale-node.yaml | 61 + .../container-powerstore-controller.yaml | 36 + .../v1.8.1/container-powerstore-node.yaml | 61 + .../resiliency/v1.8.1/controller-roles.yaml | 24 + .../resiliency/v1.8.1/node-roles.yaml | 21 + pkg/modules/application_mobility.go | 4 + pkg/modules/authorization_test.go | 2 +- pkg/modules/commonconfig.go | 1 + pkg/modules/observability.go | 5 + pkg/modules/testdata/cr_auth_proxy.yaml | 10 +- pkg/utils/status.go | 351 ++++-- samples/authorization/certificate_v191.yaml | 35 + .../csm_authorization_proxy_server_v191.yaml | 73 ++ samples/connectivity_client_v100.yaml | 8 +- samples/storage_csm_powerflex_v291.yaml | 399 ++++++ samples/storage_csm_powermax_v291.yaml | 417 +++++++ samples/storage_csm_powerscale_v291.yaml | 490 ++++++++ samples/storage_csm_powerstore_v291.yaml | 208 ++++ samples/storage_csm_unity_v291.yaml | 145 +++ .../v2.9.0 => badDriver/v2.9.1}/bad.yaml | 0 .../v2.9.1/controller.yaml} | 0 .../badDriver/v2.9.1/csidriver.yaml | 4 + .../v2.9.1/driver-config-params.yaml | 5 + .../badDriver/v2.9.1/upgrade-path.yaml | 4 + .../driverconfig/powerflex/v2.9.1/bad.yaml | 4 + .../{v2.9.0 => v2.9.1}/controller.yaml | 3 +- .../powerflex/v2.9.1/csidriver.yaml | 12 + .../v2.9.1/driver-config-params.yaml | 9 + .../powerflex/{v2.9.0 => v2.9.1}/node.yaml | 2 +- .../powerflex/v2.9.1/upgrade-path.yaml | 2 + .../driverconfig/powermax/v2.9.1/bad.yaml | 4 + .../{v2.9.0 => v2.9.1}/controller.yaml | 4 +- .../{v2.9.0 => v2.9.1}/csidriver.yaml | 0 .../driver-config-params.yaml | 0 .../powermax/{v2.9.0 => v2.9.1}/node.yaml | 2 +- .../powermax/v2.9.1/upgrade-path.yaml | 1 + .../driverconfig/powerscale/v2.9.1/bad.yaml | 4 + .../powerscale/v2.9.1/controller.yaml | 308 +++++ .../powerscale/v2.9.1/csidriver.yaml | 12 + .../v2.9.1/driver-config-params.yaml | 8 + .../driverconfig/powerscale/v2.9.1/node.yaml | 196 +++ .../powerscale/v2.9.1/upgrade-path.yaml | 1 + .../powerstore/{v2.9.0 => v2.9.1}/bad.yaml | 0 .../powerstore/{v2.9.0 => v2.9.1}/config.json | 0 .../{v2.9.0 => v2.9.1}/controller.yaml | 2 +- .../powerstore/v2.9.1/csidriver.yaml | 27 + .../driver-config-params.yaml | 0 .../powerstore/{v2.9.0 => v2.9.1}/node.yaml | 2 +- .../powerstore/v2.9.1/upgrade-path.yaml | 16 + .../unity/{v2.9.0 => v2.9.1}/bad.yaml | 0 .../unity/{v2.9.0 => v2.9.1}/config.json | 0 .../unity/{v2.9.0 => v2.9.1}/controller.yaml | 1 - .../driverconfig/unity/v2.9.1/csidriver.yaml | 12 + .../unity/v2.9.1/driver-config-params.yaml | 12 + .../unity/{v2.9.0 => v2.9.1}/node.yaml | 0 .../unity/v2.9.1/upgrade-path.yaml | 1 + ...sm_authorization_proxy_server_no_cert.yaml | 2 +- .../e2e/testfiles/storage_csm_powerflex.yaml | 6 +- .../storage_csm_powerflex_alt_vals_1.yaml | 4 +- .../storage_csm_powerflex_alt_vals_2.yaml | 6 +- .../storage_csm_powerflex_alt_vals_3.yaml | 6 +- .../storage_csm_powerflex_alt_vals_4.yaml | 6 +- .../storage_csm_powerflex_alt_vals_5.yaml | 6 +- .../testfiles/storage_csm_powerflex_auth.yaml | 4 +- .../storage_csm_powerflex_observability.yaml | 2 +- ...rage_csm_powerflex_observability_auth.yaml | 4 +- .../storage_csm_powerflex_replica.yaml | 2 +- .../storage_csm_powerflex_resiliency.yaml | 4 +- tests/e2e/testfiles/storage_csm_powermax.yaml | 4 +- .../storage_csm_powermax_observability.yaml | 8 +- .../e2e/testfiles/storage_csm_powerscale.yaml | 6 +- .../storage_csm_powerscale_alt_vals_1.yaml | 6 +- .../storage_csm_powerscale_alt_vals_2.yaml | 6 +- .../storage_csm_powerscale_alt_vals_3.yaml | 6 +- .../storage_csm_powerscale_auth.yaml | 4 +- ...storage_csm_powerscale_health_monitor.yaml | 6 +- .../storage_csm_powerscale_replica.yaml | 6 +- .../storage_csm_powerscale_resiliency.yaml | 4 +- .../e2e/testfiles/storage_csm_powerstore.yaml | 6 +- .../storage_csm_powerstore_resiliency.yaml | 6 +- tests/e2e/testfiles/storage_csm_unity.yaml | 6 +- tests/shared/common.go | 12 +- 159 files changed, 8787 insertions(+), 329 deletions(-) create mode 100644 config/samples/storage_v1_csm_connectivity_client.yaml create mode 100644 operatorconfig/driverconfig/powerflex/v2.9.1/controller.yaml rename {tests/config/driverconfig/powerflex/v2.9.0 => operatorconfig/driverconfig/powerflex/v2.9.1}/csidriver.yaml (100%) rename {tests/config/driverconfig/powerflex/v2.9.0 => operatorconfig/driverconfig/powerflex/v2.9.1}/driver-config-params.yaml (100%) create mode 100644 operatorconfig/driverconfig/powerflex/v2.9.1/node.yaml rename {tests/config/driverconfig/powerflex/v2.9.0 => operatorconfig/driverconfig/powerflex/v2.9.1}/upgrade-path.yaml (100%) create mode 100644 operatorconfig/driverconfig/powermax/v2.9.1/controller.yaml create mode 100644 operatorconfig/driverconfig/powermax/v2.9.1/csidriver.yaml create mode 100644 operatorconfig/driverconfig/powermax/v2.9.1/driver-config-params.yaml create mode 100644 operatorconfig/driverconfig/powermax/v2.9.1/node.yaml rename {tests/config/driverconfig/powermax/v2.9.0 => operatorconfig/driverconfig/powermax/v2.9.1}/upgrade-path.yaml (100%) create mode 100644 operatorconfig/driverconfig/powerscale/v2.9.1/controller.yaml create mode 100644 operatorconfig/driverconfig/powerscale/v2.9.1/csidriver.yaml create mode 100644 operatorconfig/driverconfig/powerscale/v2.9.1/driver-config-params.yaml create mode 100644 operatorconfig/driverconfig/powerscale/v2.9.1/node.yaml create mode 100644 operatorconfig/driverconfig/powerscale/v2.9.1/upgrade-path.yaml create mode 100644 operatorconfig/driverconfig/powerstore/v2.9.1/controller.yaml rename {tests/config/driverconfig/powerstore/v2.9.0 => operatorconfig/driverconfig/powerstore/v2.9.1}/csidriver.yaml (100%) create mode 100644 operatorconfig/driverconfig/powerstore/v2.9.1/driver-config-params.yaml create mode 100644 operatorconfig/driverconfig/powerstore/v2.9.1/node.yaml rename {tests/config/driverconfig/powerstore/v2.9.0 => operatorconfig/driverconfig/powerstore/v2.9.1}/upgrade-path.yaml (100%) create mode 100644 operatorconfig/driverconfig/unity/v2.9.1/controller.yaml rename {tests/config/driverconfig/unity/v2.9.0 => operatorconfig/driverconfig/unity/v2.9.1}/csidriver.yaml (100%) rename {tests/config/driverconfig/unity/v2.9.0 => operatorconfig/driverconfig/unity/v2.9.1}/driver-config-params.yaml (100%) create mode 100644 operatorconfig/driverconfig/unity/v2.9.1/node.yaml rename {tests/config/driverconfig/unity/v2.9.0 => operatorconfig/driverconfig/unity/v2.9.1}/upgrade-path.yaml (100%) create mode 100644 operatorconfig/moduleconfig/authorization/v1.9.1/cert-manager.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.9.1/container.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.9.1/deployment.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.9.1/ingress.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.9.1/nginx-ingress-controller.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml create mode 100644 operatorconfig/moduleconfig/authorization/v1.9.1/volumes.yaml create mode 100644 operatorconfig/moduleconfig/csireverseproxy/v2.8.1/controller.yaml rename operatorconfig/moduleconfig/replication/{v1.5.0 => v1.7.1}/container.yaml (94%) rename operatorconfig/moduleconfig/replication/{v1.5.0 => v1.7.1}/controller.yaml (96%) rename operatorconfig/moduleconfig/replication/{v1.5.0 => v1.7.1}/replicationcrds.all.yaml (100%) rename operatorconfig/moduleconfig/replication/{v1.5.0 => v1.7.1}/rules.yaml (100%) create mode 100644 operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-controller.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-node.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-controller.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-node.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-controller.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-node.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.8.1/controller-roles.yaml create mode 100644 operatorconfig/moduleconfig/resiliency/v1.8.1/node-roles.yaml create mode 100644 samples/authorization/certificate_v191.yaml create mode 100644 samples/authorization/csm_authorization_proxy_server_v191.yaml create mode 100644 samples/storage_csm_powerflex_v291.yaml create mode 100644 samples/storage_csm_powermax_v291.yaml create mode 100644 samples/storage_csm_powerscale_v291.yaml create mode 100644 samples/storage_csm_powerstore_v291.yaml create mode 100644 samples/storage_csm_unity_v291.yaml rename tests/config/driverconfig/{powerflex/v2.9.0 => badDriver/v2.9.1}/bad.yaml (100%) rename tests/config/driverconfig/{powermax/v2.9.0/bad.yaml => badDriver/v2.9.1/controller.yaml} (100%) create mode 100644 tests/config/driverconfig/badDriver/v2.9.1/csidriver.yaml create mode 100644 tests/config/driverconfig/badDriver/v2.9.1/driver-config-params.yaml create mode 100644 tests/config/driverconfig/badDriver/v2.9.1/upgrade-path.yaml create mode 100644 tests/config/driverconfig/powerflex/v2.9.1/bad.yaml rename tests/config/driverconfig/powerflex/{v2.9.0 => v2.9.1}/controller.yaml (99%) create mode 100644 tests/config/driverconfig/powerflex/v2.9.1/csidriver.yaml create mode 100644 tests/config/driverconfig/powerflex/v2.9.1/driver-config-params.yaml rename tests/config/driverconfig/powerflex/{v2.9.0 => v2.9.1}/node.yaml (99%) create mode 100644 tests/config/driverconfig/powerflex/v2.9.1/upgrade-path.yaml create mode 100644 tests/config/driverconfig/powermax/v2.9.1/bad.yaml rename tests/config/driverconfig/powermax/{v2.9.0 => v2.9.1}/controller.yaml (99%) rename tests/config/driverconfig/powermax/{v2.9.0 => v2.9.1}/csidriver.yaml (100%) rename tests/config/driverconfig/powermax/{v2.9.0 => v2.9.1}/driver-config-params.yaml (100%) rename tests/config/driverconfig/powermax/{v2.9.0 => v2.9.1}/node.yaml (99%) create mode 100644 tests/config/driverconfig/powermax/v2.9.1/upgrade-path.yaml create mode 100644 tests/config/driverconfig/powerscale/v2.9.1/bad.yaml create mode 100644 tests/config/driverconfig/powerscale/v2.9.1/controller.yaml create mode 100644 tests/config/driverconfig/powerscale/v2.9.1/csidriver.yaml create mode 100644 tests/config/driverconfig/powerscale/v2.9.1/driver-config-params.yaml create mode 100644 tests/config/driverconfig/powerscale/v2.9.1/node.yaml create mode 100644 tests/config/driverconfig/powerscale/v2.9.1/upgrade-path.yaml rename tests/config/driverconfig/powerstore/{v2.9.0 => v2.9.1}/bad.yaml (100%) rename tests/config/driverconfig/powerstore/{v2.9.0 => v2.9.1}/config.json (100%) rename tests/config/driverconfig/powerstore/{v2.9.0 => v2.9.1}/controller.yaml (99%) create mode 100644 tests/config/driverconfig/powerstore/v2.9.1/csidriver.yaml rename tests/config/driverconfig/powerstore/{v2.9.0 => v2.9.1}/driver-config-params.yaml (100%) rename tests/config/driverconfig/powerstore/{v2.9.0 => v2.9.1}/node.yaml (99%) create mode 100644 tests/config/driverconfig/powerstore/v2.9.1/upgrade-path.yaml rename tests/config/driverconfig/unity/{v2.9.0 => v2.9.1}/bad.yaml (100%) rename tests/config/driverconfig/unity/{v2.9.0 => v2.9.1}/config.json (100%) rename tests/config/driverconfig/unity/{v2.9.0 => v2.9.1}/controller.yaml (99%) create mode 100644 tests/config/driverconfig/unity/v2.9.1/csidriver.yaml create mode 100644 tests/config/driverconfig/unity/v2.9.1/driver-config-params.yaml rename tests/config/driverconfig/unity/{v2.9.0 => v2.9.1}/node.yaml (100%) create mode 100644 tests/config/driverconfig/unity/v2.9.1/upgrade-path.yaml diff --git a/.github/workflows/actions.yml b/.github/workflows/actions.yml index c1986739b..004110707 100644 --- a/.github/workflows/actions.yml +++ b/.github/workflows/actions.yml @@ -3,7 +3,7 @@ on: push: branches: [ main ] pull_request: - branches: [ main ] + branches: [ '**' ] jobs: code-check: name: Check Go formatting, linting, vetting diff --git a/Dockerfile b/Dockerfile index dc5664855..1d54c44f7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,7 +47,7 @@ LABEL vendor="Dell Inc." \ name="dell-csm-operator" \ summary="Operator for installing Dell CSI Drivers and Dell CSM Modules" \ description="Common Operator for installing various Dell CSI Drivers and Dell CSM Modules" \ - version="1.4.0" \ + version="1.4.1" \ license="Dell CSM Operator Apache License" # copy the licenses folder diff --git a/Makefile b/Makefile index ad765f2db..bca89389a 100644 --- a/Makefile +++ b/Makefile @@ -194,7 +194,7 @@ OPM = $(shell which opm) endif endif -# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v1.4.0). +# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v1.4.1). # These images MUST exist in a registry and be pull-able. BUNDLE_IMGS ?= $(BUNDLE_IMG) diff --git a/bundle.Dockerfile b/bundle.Dockerfile index 99b417d82..737fabddf 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -22,4 +22,4 @@ LABEL com.redhat.delivery.operator.bundle=true # Copy files to locations specified by labels. COPY bundle/manifests /manifests/ COPY bundle/metadata /metadata/ -COPY bundle/tests/scorecard /tests/scorecard/ \ No newline at end of file +COPY bundle/tests/scorecard /tests/scorecard/ diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index aa27a13e0..3c7d4daa2 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -4,6 +4,46 @@ metadata: annotations: alm-examples: |- [ + { + "apiVersion": "storage.dell.com/v1", + "kind": "ApexConnectivityClient", + "metadata": { + "name": "dell-connectivity-client", + "namespace": "dell-connectivity-client" + }, + "spec": { + "client": { + "common": { + "image": "dellemc/connectivity-client-docker-k8s:1.2.3", + "imagePullPolicy": "IfNotPresent", + "name": "connectivity-client-docker-k8s" + }, + "configVersion": "v1.0.0", + "connectionTarget": "connect-into.dell.com", + "csmClientType": "apexConnectivityClient", + "forceRemoveClient": true, + "initContainers": [ + { + "image": "dellemc/connectivity-client-docker-k8s:1.2.3", + "imagePullPolicy": "IfNotPresent", + "name": "connectivity-client-init" + } + ], + "sideCars": [ + { + "image": "bitnami/kubectl:1.28", + "imagePullPolicy": "IfNotPresent", + "name": "kubernetes-proxy" + }, + { + "image": "dellemc/connectivity-cert-persister-k8s:0.7.0", + "imagePullPolicy": "IfNotPresent", + "name": "cert-persister" + } + ] + } + } + }, { "apiVersion": "storage.dell.com/v1", "kind": "ContainerStorageModule", @@ -61,10 +101,10 @@ metadata: "value": "debug" } ], - "image": "dellemc/csi-isilon:v2.9.0", + "image": "dellemc/csi-isilon:v2.9.1", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.9.0", + "configVersion": "v2.9.1", "controller": { "envs": [ { @@ -155,11 +195,11 @@ metadata: "value": "true" } ], - "image": "dellemc/csm-authorization-sidecar:v1.9.0", + "image": "dellemc/csm-authorization-sidecar:v1.9.1", "name": "karavi-authorization-proxy" } ], - "configVersion": "v1.9.0", + "configVersion": "v1.9.1", "enabled": false, "name": "authorization" }, @@ -176,7 +216,7 @@ metadata: "value": "powerscale" } ], - "image": "dellemc/dell-csi-replicator:v1.7.0", + "image": "dellemc/dell-csi-replicator:v1.7.1", "name": "dell-csi-replicator" }, { @@ -202,11 +242,11 @@ metadata: "value": "5m" } ], - "image": "dellemc/dell-replication-controller:v1.7.0", + "image": "dellemc/dell-replication-controller:v1.7.1", "name": "dell-replication-controller-manager" } ], - "configVersion": "v1.7.0", + "configVersion": "v1.7.1", "enabled": false, "name": "replication" }, @@ -313,7 +353,7 @@ metadata: "--driverPath=csi-isilon.dellemc.com", "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" ], - "image": "dellemc/podmon:v1.8.0", + "image": "dellemc/podmon:v1.8.1", "imagePullPolicy": "IfNotPresent", "name": "podmon-controller" }, @@ -335,12 +375,12 @@ metadata: "value": "8083" } ], - "image": "dellemc/podmon:v1.8.0", + "image": "dellemc/podmon:v1.8.1", "imagePullPolicy": "IfNotPresent", "name": "podmon-node" } ], - "configVersion": "v1.8.0", + "configVersion": "v1.8.1", "enabled": false, "name": "resiliency" } @@ -404,10 +444,10 @@ metadata: "value": "" } ], - "image": "dellemc/csi-powermax:v2.9.0", + "image": "dellemc/csi-powermax:v2.9.1", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.9.0", + "configVersion": "v2.9.1", "controller": { "envs": [ { @@ -521,11 +561,11 @@ metadata: "value": "true" } ], - "image": "dellemc/csm-authorization-sidecar:v1.9.0", + "image": "dellemc/csm-authorization-sidecar:v1.9.1", "name": "karavi-authorization-proxy" } ], - "configVersion": "v1.9.0", + "configVersion": "v1.9.1", "enabled": false, "name": "authorization" }, @@ -542,7 +582,7 @@ metadata: "value": "powermax" } ], - "image": "dellemc/dell-csi-replicator:v1.7.0", + "image": "dellemc/dell-csi-replicator:v1.7.1", "name": "dell-csi-replicator" }, { @@ -568,11 +608,11 @@ metadata: "value": "5m" } ], - "image": "dellemc/dell-replication-controller:v1.7.0", + "image": "dellemc/dell-replication-controller:v1.7.1", "name": "dell-replication-controller-manager" } ], - "configVersion": "v1.7.0", + "configVersion": "v1.7.1", "enabled": false, "name": "replication" }, @@ -684,10 +724,10 @@ metadata: "value": "debug" } ], - "image": "dellemc/csi-powerstore:v2.9.0", + "image": "dellemc/csi-powerstore:v2.9.1", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.9.0", + "configVersion": "v2.9.1", "controller": { "envs": [ { @@ -765,7 +805,7 @@ metadata: "--driver-config-params=/powerstore-config-params/driver-config-params.yaml", "--driverPath=csi-powerstore.dellemc.com" ], - "image": "dellemc/podmon:v1.8.0", + "image": "dellemc/podmon:v1.8.1", "imagePullPolicy": "IfNotPresent", "name": "podmon-controller" }, @@ -787,12 +827,12 @@ metadata: "value": "8083" } ], - "image": "dellemc/podmon:v1.8.0", + "image": "dellemc/podmon:v1.8.1", "imagePullPolicy": "IfNotPresent", "name": "podmon-node" } ], - "configVersion": "v1.8.0", + "configVersion": "v1.8.1", "enabled": false, "name": "resiliency" } @@ -847,10 +887,10 @@ metadata: "value": "true" } ], - "image": "dellemc/csi-unity:v2.9.0", + "image": "dellemc/csi-unity:v2.9.1", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.9.0", + "configVersion": "v2.9.1", "controller": { "envs": [ { @@ -934,10 +974,10 @@ metadata: "value": "false" } ], - "image": "dellemc/csi-vxflexos:v2.9.0", + "image": "dellemc/csi-vxflexos:v2.9.1", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.9.0", + "configVersion": "v2.9.1", "controller": { "envs": [ { @@ -1045,11 +1085,11 @@ metadata: "value": "true" } ], - "image": "dellemc/csm-authorization-sidecar:v1.9.0", + "image": "dellemc/csm-authorization-sidecar:v1.9.1", "name": "karavi-authorization-proxy" } ], - "configVersion": "v1.9.0", + "configVersion": "v1.9.1", "enabled": false, "name": "authorization" }, @@ -1146,7 +1186,7 @@ metadata: "value": "powerflex" } ], - "image": "dellemc/dell-csi-replicator:v1.7.0", + "image": "dellemc/dell-csi-replicator:v1.7.1", "name": "dell-csi-replicator" }, { @@ -1172,11 +1212,11 @@ metadata: "value": "5m" } ], - "image": "dellemc/dell-replication-controller:v1.7.0", + "image": "dellemc/dell-replication-controller:v1.7.1", "name": "dell-replication-controller-manager" } ], - "configVersion": "v1.7.0", + "configVersion": "v1.7.1", "enabled": false, "name": "replication" }, @@ -1194,7 +1234,7 @@ metadata: "--mode=controller", "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" ], - "image": "dellemc/podmon:v1.8.0", + "image": "dellemc/podmon:v1.8.1", "imagePullPolicy": "IfNotPresent", "name": "podmon-controller" }, @@ -1215,12 +1255,12 @@ metadata: "value": "8083" } ], - "image": "dellemc/podmon:v1.8.0", + "image": "dellemc/podmon:v1.8.1", "imagePullPolicy": "IfNotPresent", "name": "podmon-node" } ], - "configVersion": "v1.8.0", + "configVersion": "v1.8.1", "enabled": false, "name": "resiliency" } @@ -1228,16 +1268,16 @@ metadata: } } ] - capabilities: Basic Install + capabilities: Seamless Upgrades categories: Storage - containerImage: docker.io/dellemc/dell-csm-operator:v1.4.0 - createdAt: "2023-12-22T09:14:07Z" + containerImage: docker.io/dellemc/dell-csm-operator:v1.4.1 + createdAt: "2024-02-02T08:59:42Z" description: Easily install and manage Dell’s CSI Drivers and CSM operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/dell/csm-operator support: Dell Technologies - name: dell-csm-operator.v1.4.0 + name: dell-csm-operator.v1.4.1 namespace: placeholder spec: apiservicedefinitions: {} @@ -3291,7 +3331,7 @@ spec: resources: - backups/finalizers verbs: - - upate + - update - apiGroups: - velero.io resources: @@ -3419,7 +3459,7 @@ spec: - --leader-elect command: - /manager - image: docker.io/dellemc/dell-csm-operator:v1.4.0 + image: docker.io/dellemc/dell-csm-operator:v1.4.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -3479,5 +3519,61 @@ spec: provider: name: Dell Technologies url: https://github.com/dell/csm-operator - replaces: dell-csm-operator.v1.3.0 - version: 1.4.0 + relatedImages: + - image: docker.io/dellemc/dell-csm-operator:v1.4.1 + name: dell-csm-operator + - image: docker.io/dellemc/csi-isilon:v2.9.1 + name: csi-isilon + - image: docker.io/dellemc/csi-powermax:v2.9.1 + name: csi-powermax + - image: docker.io/dellemc/csipowermax-reverseproxy:v2.8.1 + name: csipowermax-reverseproxy + - image: docker.io/dellemc/csi-powerstore:v2.9.1 + name: csi-powerstore + - image: docker.io/dellemc/csi-unity:v2.9.1 + name: csi-unity + - image: docker.io/dellemc/csi-vxflexos:v2.9.1 + name: csi-vxflexos + - image: docker.io/dellemc/sdc:4.5 + name: sdc + - image: docker.io/dellemc/csm-authorization-sidecar:v1.9.1 + name: karavi-authorization-proxy + - image: docker.io/dellemc/dell-csi-replicator:v1.7.1 + name: dell-csi-replicator + - image: docker.io/dellemc/dell-replication-controller:v1.7.1 + name: dell-replication-controller-manager + - image: docker.io/dellemc/csm-topology:v1.7.0 + name: topology + - image: docker.io/otel/opentelemetry-collector:0.42.0 + name: otel-collector + - image: docker.io/dellemc/csm-metrics-powerscale:v1.4.0 + name: metrics-powerscale + - image: docker.io/dellemc/csm-metrics-powermax:v1.2.0 + name: metrics-powermax + - image: docker.io/dellemc/csm-metrics-powerflex:v1.7.0 + name: metrics-powerflex + - image: docker.io/dellemc/podmon:v1.8.1 + name: podmon-node + - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + - image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 + name: attacher + - image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 + name: provisioner + - image: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 + name: snapshotter + - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + name: registrar + - image: registry.k8s.io/sig-storage/csi-resizer:v1.9.2 + name: resizer + - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 + name: externalhealthmonitorcontroller + - image: dellemc/csi-metadata-retriever:v1.6.1 + name: metadataretriever + - image: docker.io/dellemc/connectivity-client-docker-k8s:1.2.3 + name: dell-connectivity-client + - image: docker.io/dellemc/connectivity-cert-persister-k8s:0.7.0 + name: cert-persister + skips: + - dell-csm-operator.v1.4.0 + version: 1.4.1 diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index 37eb2e96e..6121835d1 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -6,7 +6,7 @@ annotations: operators.operatorframework.io.bundle.package.v1: dell-csm-operator operators.operatorframework.io.bundle.channels.v1: stable operators.operatorframework.io.bundle.channel.default.v1: stable - operators.operatorframework.io.metrics.builder: operator-sdk-v1.14.0+git + operators.operatorframework.io.metrics.builder: operator-sdk-v1.32.0 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 diff --git a/config/install/kustomization.yaml b/config/install/kustomization.yaml index 655ed64bb..5e19253e3 100644 --- a/config/install/kustomization.yaml +++ b/config/install/kustomization.yaml @@ -14,4 +14,4 @@ bases: images: - name: controller newName: docker.io/dellemc/dell-csm-operator - newTag: v1.4.0 + newTag: v1.4.1 diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index cc7f58961..74220b1c3 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ kind: Kustomization images: - name: controller newName: docker.io/dellemc/dell-csm-operator - newTag: v1.4.0 + newTag: v1.4.1 diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index 8b44f4cae..0126499d9 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -5,12 +5,12 @@ metadata: alm-examples: '[]' capabilities: Basic Install categories: Storage - containerImage: docker.io/dellemc/dell-csm-operator:v1.4.0 + containerImage: docker.io/dellemc/dell-csm-operator:v1.4.1 createdAt: "2022-03-29T11:59:59Z" description: Easily install and manage Dell’s CSI Drivers and CSM repository: https://github.com/dell/csm-operator support: Dell Technologies - name: dell-csm-operator.v1.4.0 + name: dell-csm-operator.v1.4.1 namespace: placeholder spec: apiservicedefinitions: {} @@ -1137,27 +1137,27 @@ spec: name: Dell Technologies url: https://github.com/dell/csm-operator relatedImages: - - image: docker.io/dellemc/dell-csm-operator:v1.4.0 + - image: docker.io/dellemc/dell-csm-operator:v1.4.1 name: dell-csm-operator - - image: docker.io/dellemc/csi-isilon:v2.9.0 + - image: docker.io/dellemc/csi-isilon:v2.9.1 name: csi-isilon - - image: docker.io/dellemc/csi-powermax:v2.9.0 + - image: docker.io/dellemc/csi-powermax:v2.9.1 name: csi-powermax - image: docker.io/dellemc/csipowermax-reverseproxy:v2.8.0 name: csipowermax-reverseproxy - - image: docker.io/dellemc/csi-powerstore:v2.9.0 + - image: docker.io/dellemc/csi-powerstore:v2.9.1 name: csi-powerstore - - image: docker.io/dellemc/csi-unity:v2.9.0 + - image: docker.io/dellemc/csi-unity:v2.9.1 name: csi-unity - - image: docker.io/dellemc/csi-vxflexos:v2.9.0 + - image: docker.io/dellemc/csi-vxflexos:v2.9.1 name: csi-vxflexos - image: docker.io/dellemc/sdc:4.5 name: sdc - - image: docker.io/dellemc/csm-authorization-sidecar:v1.9.0 + - image: docker.io/dellemc/csm-authorization-sidecar:v1.9.1 name: karavi-authorization-proxy - - image: docker.io/dellemc/dell-csi-replicator:v1.7.0 + - image: docker.io/dellemc/dell-csi-replicator:v1.7.1 name: dell-csi-replicator - - image: docker.io/dellemc/dell-replication-controller:v1.7.0 + - image: docker.io/dellemc/dell-replication-controller:v1.7.1 name: dell-replication-controller-manager - image: docker.io/dellemc/csm-topology:v1.7.0 name: topology @@ -1169,9 +1169,9 @@ spec: name: metrics-powermax - image: docker.io/dellemc/csm-metrics-powerflex:v1.7.0 name: metrics-powerflex - - image: docker.io/dellemc/podmon:v1.8.0 + - image: docker.io/dellemc/podmon:v1.8.1 name: podmon-node - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 name: kube-rbac-proxy - replaces: dell-csm-operator.v1.3.0 - version: 1.4.0 + replaces: dell-csm-operator.v1.4.0 + version: 1.4.1 diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml index 910019862..19b8a43f5 100644 --- a/config/samples/kustomization.yaml +++ b/config/samples/kustomization.yaml @@ -5,4 +5,5 @@ resources: - storage_v1_csm_powerstore.yaml - storage_v1_csm_unity.yaml - storage_v1_csm_powermax.yaml + - storage_v1_csm_connectivity_client.yaml #+kubebuilder:scaffold:manifestskustomizesamples \ No newline at end of file diff --git a/config/samples/storage_v1_csm_connectivity_client.yaml b/config/samples/storage_v1_csm_connectivity_client.yaml new file mode 100644 index 000000000..653ff7de9 --- /dev/null +++ b/config/samples/storage_v1_csm_connectivity_client.yaml @@ -0,0 +1,35 @@ +apiVersion: storage.dell.com/v1 +kind: ApexConnectivityClient +metadata: + name: dell-connectivity-client + namespace: dell-connectivity-client +spec: + client: + csmClientType: "apexConnectivityClient" + configVersion: v1.0.0 + connectionTarget: connect-into.dell.com + forceRemoveClient: true + common: + name: connectivity-client-docker-k8s + image: dellemc/connectivity-client-docker-k8s:1.2.3 + imagePullPolicy: IfNotPresent + initContainers: + - name: connectivity-client-init + image: dellemc/connectivity-client-docker-k8s:1.2.3 + imagePullPolicy: IfNotPresent + sideCars: + - name: kubernetes-proxy + image: bitnami/kubectl:1.28 + imagePullPolicy: IfNotPresent + - name: cert-persister + image: dellemc/connectivity-cert-persister-k8s:0.7.0 + imagePullPolicy: IfNotPresent +--- +apiVersion: v1 +kind: Secret +metadata: + name: connectivity-client-docker-k8s-cert + namespace: dell-connectivity-client +type: Opaque +data: + cert.pem: "" diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index 68f2b9817..4172da468 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -16,13 +16,13 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.9.0 + configVersion: v2.9.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "dellemc/csi-vxflexos:v2.9.0" + image: "dellemc/csi-vxflexos:v2.9.1" imagePullPolicy: IfNotPresent envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -187,10 +187,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -306,13 +306,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.7.0 + configVersion: v1.7.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.7.0 + image: dellemc/dell-csi-replicator:v1.7.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -327,7 +327,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.7.0 + image: dellemc/dell-replication-controller:v1.7.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -362,10 +362,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: podmon-controller - image: dellemc/podmon:v1.8.0 + image: dellemc/podmon:v1.8.1 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-vxflexos" @@ -379,7 +379,7 @@ spec: - "--mode=controller" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - name: podmon-node - image: dellemc/podmon:v1.8.0 + image: dellemc/podmon:v1.8.1 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml index 65e86613e..c392f1bed 100644 --- a/config/samples/storage_v1_csm_powermax.yaml +++ b/config/samples/storage_v1_csm_powermax.yaml @@ -31,8 +31,8 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerMax v2.9.0 driver - configVersion: v2.9.0 + # Config version for CSI PowerMax v2.9.1 driver + configVersion: v2.9.1 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 @@ -44,8 +44,8 @@ spec: forceUpdate: false forceRemoveDriver: true common: - # Image for CSI PowerMax driver v2.9.0 - image: dellemc/csi-powermax:v2.9.0 + # Image for CSI PowerMax driver v2.9.1 + image: dellemc/csi-powermax:v2.9.1 # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. @@ -256,10 +256,10 @@ spec: - name: authorization # enabled: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -277,13 +277,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.7.0 + configVersion: v1.7.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.7.0 + image: dellemc/dell-csi-replicator:v1.7.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -299,7 +299,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.7.0 + image: dellemc/dell-replication-controller:v1.7.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml index 0ae46c9fd..b6db5a9b2 100644 --- a/config/samples/storage_v1_csm_powerscale.yaml +++ b/config/samples/storage_v1_csm_powerscale.yaml @@ -16,16 +16,16 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerScale v2.9.0 driver - configVersion: v2.9.0 + # Config version for CSI PowerScale v2.9.1 driver + configVersion: v2.9.1 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet # Uninstall CSI Driver and/or modules when CR is deleted forceRemoveDriver: true common: - # Image for CSI PowerScale driver v2.9.0 - image: "dellemc/csi-isilon:v2.9.0" + # Image for CSI PowerScale driver v2.9.1 + image: "dellemc/csi-isilon:v2.9.1" imagePullPolicy: IfNotPresent envs: # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs @@ -265,10 +265,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -287,13 +287,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.7.0 + configVersion: v1.7.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.7.0 + image: dellemc/dell-csi-replicator:v1.7.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -309,7 +309,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.7.0 + image: dellemc/dell-replication-controller:v1.7.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -451,10 +451,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: podmon-controller - image: dellemc/podmon:v1.8.0 + image: dellemc/podmon:v1.8.1 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-isilon" @@ -469,7 +469,7 @@ spec: - "--driverPath=csi-isilon.dellemc.com" - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - name: podmon-node - image: dellemc/podmon:v1.8.0 + image: dellemc/podmon:v1.8.1 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/config/samples/storage_v1_csm_powerstore.yaml b/config/samples/storage_v1_csm_powerstore.yaml index 6fa4c928f..41a71731f 100644 --- a/config/samples/storage_v1_csm_powerstore.yaml +++ b/config/samples/storage_v1_csm_powerstore.yaml @@ -31,8 +31,8 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerStore v2.9.0 driver - configVersion: v2.9.0 + # Config version for CSI PowerStore v2.9.1 driver + configVersion: v2.9.1 # authSecret: This is the secret used to validate the default PowerStore secret used for installation # Allowed values: -config # For example: If the metadataName is set to powerstore, authSecret value should be set to powerstore-config @@ -43,8 +43,8 @@ spec: forceUpdate: false forceRemoveDriver: true common: - # Image for CSI PowerStore driver v2.9.0 - image: "dellemc/csi-powerstore:v2.9.0" + # Image for CSI PowerStore driver v2.9.1 + image: "dellemc/csi-powerstore:v2.9.1" imagePullPolicy: IfNotPresent envs: - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX @@ -169,10 +169,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: podmon-controller - image: dellemc/podmon:v1.8.0 + image: dellemc/podmon:v1.8.1 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-powerstore" @@ -187,7 +187,7 @@ spec: - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" - "--driverPath=csi-powerstore.dellemc.com" - name: podmon-node - image: dellemc/podmon:v1.8.0 + image: dellemc/podmon:v1.8.1 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/config/samples/storage_v1_csm_unity.yaml b/config/samples/storage_v1_csm_unity.yaml index 8d5c0ce44..0e9634c65 100644 --- a/config/samples/storage_v1_csm_unity.yaml +++ b/config/samples/storage_v1_csm_unity.yaml @@ -16,16 +16,16 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI Unity v2.9.0 driver - configVersion: v2.9.0 + # Config version for CSI Unity v2.9.1 driver + configVersion: v2.9.1 # Controller count replicas: 2 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - # Image for CSI Unity driver v2.9.0 - image: "dellemc/csi-unity:v2.9.0" + # Image for CSI Unity driver v2.9.1 + image: "dellemc/csi-unity:v2.9.1" imagePullPolicy: IfNotPresent envs: # X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. diff --git a/deploy/olm/operator_community.yaml b/deploy/olm/operator_community.yaml index f04ffad53..82bb1185b 100644 --- a/deploy/olm/operator_community.yaml +++ b/deploy/olm/operator_community.yaml @@ -5,7 +5,7 @@ metadata: namespace: test-csm-operator-olm spec: sourceType: grpc - image: docker.io/dellemc/dell-csm-operator:v1.4.0 + image: docker.io/dellemc/dell-csm-operator:v1.4.1 --- apiVersion: operators.coreos.com/v1 kind: OperatorGroup diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 35bd0c9f4..1e30dc944 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1255,7 +1255,7 @@ spec: - --leader-elect command: - /manager - image: docker.io/dellemc/dell-csm-operator:v1.4.0 + image: docker.io/dellemc/dell-csm-operator:v1.4.1 imagePullPolicy: Always livenessProbe: httpGet: diff --git a/docker.mk b/docker.mk index c837ab037..6dd82bbaa 100644 --- a/docker.mk +++ b/docker.mk @@ -14,11 +14,11 @@ BUNDLE_IMAGE_TAG_BASE_COMMUNITY ?= dell-csm-community-operator-bundle # Image tag base for community catalog images CATALOG_IMAGE_TAG_BASE_COMMUNITY ?= dell-csm-community-operator-catalog -# Operator version tagged with build number. For e.g. - v1.4.0.001 -VERSION ?= v1.4.0 +# Operator version tagged with build number. For e.g. - v1.4.1.001 +VERSION ?= v1.4.1 # Bundle Version is the semantic version(required by operator-sdk) -BUNDLE_VERSION ?= 1.4.0 +BUNDLE_VERSION ?= 1.4.1 # Timestamp local builds TIMESTAMP := $(shell date +%Y%m%d%H%M%S) @@ -37,5 +37,5 @@ IMG ?= "$(REGISTRY)/$(IMAGE_TAG_BASE):$(VERSION)" # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) BUNDLE_IMG ?= "$(REGISTRY)/$(BUNDLE_IMAGE_TAG_BASE_COMMUNITY):$(VERSION)" -# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v1.4.0). +# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v1.4.1). CATALOG_IMG ?= "$(REGISTRY)/$(CATALOG_IMAGE_TAG_BASE_COMMUNITY):$(VERSION)" diff --git a/operatorconfig/driverconfig/common/default.yaml b/operatorconfig/driverconfig/common/default.yaml index e99e071c5..bd530c10d 100644 --- a/operatorconfig/driverconfig/common/default.yaml +++ b/operatorconfig/driverconfig/common/default.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.6.0 + metadataretriever: dellemc/csi-metadata-retriever:v1.6.1 diff --git a/operatorconfig/driverconfig/common/k8s-1.21-values.yaml b/operatorconfig/driverconfig/common/k8s-1.21-values.yaml index 80fa1f535..b890eaad5 100644 --- a/operatorconfig/driverconfig/common/k8s-1.21-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.21-values.yaml @@ -27,5 +27,5 @@ images: sdcmonitor: dellemc/sdc:4.5 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.6.0 + metadataretriever: dellemc/csi-metadata-retriever:v1.6.1 diff --git a/operatorconfig/driverconfig/common/k8s-1.22-values.yaml b/operatorconfig/driverconfig/common/k8s-1.22-values.yaml index 99bb73ff9..ab08f7859 100644 --- a/operatorconfig/driverconfig/common/k8s-1.22-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.22-values.yaml @@ -25,3 +25,6 @@ images: # "images.sdcmonitor" defines the container images used to monitor sdc container sdcmonitor: dellemc/sdc:4.5 + + #"images.metadataretriever" defines the container images used for csi metadata retriever + metadataretriever: dellemc/csi-metadata-retriever:v1.6.1 diff --git a/operatorconfig/driverconfig/common/k8s-1.24-values.yaml b/operatorconfig/driverconfig/common/k8s-1.24-values.yaml index c7d8baa76..25661e650 100644 --- a/operatorconfig/driverconfig/common/k8s-1.24-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.24-values.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.6.0 \ No newline at end of file + metadataretriever: dellemc/csi-metadata-retriever:v1.6.1 \ No newline at end of file diff --git a/operatorconfig/driverconfig/common/k8s-1.25-values.yaml b/operatorconfig/driverconfig/common/k8s-1.25-values.yaml index c7d8baa76..25661e650 100644 --- a/operatorconfig/driverconfig/common/k8s-1.25-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.25-values.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.6.0 \ No newline at end of file + metadataretriever: dellemc/csi-metadata-retriever:v1.6.1 \ No newline at end of file diff --git a/operatorconfig/driverconfig/common/k8s-1.26-values.yaml b/operatorconfig/driverconfig/common/k8s-1.26-values.yaml index c7d8baa76..25661e650 100644 --- a/operatorconfig/driverconfig/common/k8s-1.26-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.26-values.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.6.0 \ No newline at end of file + metadataretriever: dellemc/csi-metadata-retriever:v1.6.1 \ No newline at end of file diff --git a/operatorconfig/driverconfig/common/k8s-1.27-values.yaml b/operatorconfig/driverconfig/common/k8s-1.27-values.yaml index c7d8baa76..25661e650 100644 --- a/operatorconfig/driverconfig/common/k8s-1.27-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.27-values.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.6.0 \ No newline at end of file + metadataretriever: dellemc/csi-metadata-retriever:v1.6.1 \ No newline at end of file diff --git a/operatorconfig/driverconfig/common/k8s-1.28-values.yaml b/operatorconfig/driverconfig/common/k8s-1.28-values.yaml index e99e071c5..bd530c10d 100644 --- a/operatorconfig/driverconfig/common/k8s-1.28-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.28-values.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.6.0 + metadataretriever: dellemc/csi-metadata-retriever:v1.6.1 diff --git a/operatorconfig/driverconfig/powerflex/v2.9.1/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.9.1/controller.yaml new file mode 100644 index 000000000..884a1baf8 --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.9.1/controller.yaml @@ -0,0 +1,258 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "update", "delete"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status","volumesnapshotcontents/status"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "update"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: + annotations: + com.dell.karavi-authorization-proxy: "true" +spec: + strategy: + rollingUpdate: + maxUnavailable: 1 + selector: + matchLabels: + name: -controller + replicas: 2 + template: + metadata: + labels: + name: -controller + spec: + affinity: + nodeSelector: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + serviceAccountName: -controller + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election=true" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--feature-gates=Topology=true" + - "--volume-name-prefix=k8s" + - "--volume-name-uuid-length=10" + - "--leader-election=true" + - "--timeout=120s" + - "--v=5" + - "--default-fstype=ext4" + - "--extra-create-metadata" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: csi-external-health-monitor-controller + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election=true" + - "--enable-node-watcher=true" + - "--http-endpoint=:8080" + - "--monitor-interval=60s" + - "--timeout=180s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=120s" + - "--v=5" + - "--leader-election=true" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.9.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election=true" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-vxflexos:v2.9.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-vxflexos.sh" ] + args: + - "--array-config=/vxflexos-config/config" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: false + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: false + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_QUOTA_ENABLED + value: + - name: X_CSI_POWERFLEX_EXTERNAL_ACCESS + value: + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: vxflexos-config + mountPath: /vxflexos-config + - name: vxflexos-config-params + mountPath: /vxflexos-config-params + - name: certs + mountPath: /certs + readOnly: true + volumes: + - name: socket-dir + emptyDir: + - name: vxflexos-config + secret: + secretName: -config + - name: vxflexos-config-params + configMap: + name: -config-params + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 diff --git a/tests/config/driverconfig/powerflex/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.9.1/csidriver.yaml similarity index 100% rename from tests/config/driverconfig/powerflex/v2.9.0/csidriver.yaml rename to operatorconfig/driverconfig/powerflex/v2.9.1/csidriver.yaml diff --git a/tests/config/driverconfig/powerflex/v2.9.0/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.9.1/driver-config-params.yaml similarity index 100% rename from tests/config/driverconfig/powerflex/v2.9.0/driver-config-params.yaml rename to operatorconfig/driverconfig/powerflex/v2.9.1/driver-config-params.yaml diff --git a/operatorconfig/driverconfig/powerflex/v2.9.1/node.yaml b/operatorconfig/driverconfig/powerflex/v2.9.1/node.yaml new file mode 100644 index 000000000..b6070724b --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.9.1/node.yaml @@ -0,0 +1,279 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "update", "delete"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: + annotations: + com.dell.karavi-authorization-proxy: "true" +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + driver.dellemc.com: dell-storage + spec: + serviceAccount: -node + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostPID: false + containers: + - name: driver + securityContext: + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: ["SYS_ADMIN"] + image: dellemc/csi-vxflexos:v2.9.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-vxflexos.sh" ] + args: + - "--array-config=/vxflexos-config/config" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: unix:///plugins/vxflexos.emc.dell.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/plugins/vxflexos.emc.dell.com/disks" + - name: X_CSI_ALLOW_RWO_MULTI_POD_ACCESS + value: false + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_APPROVE_SDC_ENABLED + value: + - name: X_CSI_RENAME_SDC_ENABLED + value: + - name: X_CSI_RENAME_SDC_PREFIX + value: + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: + - name: X_CSI_POWERFLEX_KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: driver-path + mountPath: /plugins/vxflexos.emc.dell.com + - name: volumedevices-path + mountPath: /plugins/kubernetes.io/csi/volumeDevices + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: noderoot + mountPath: /noderoot + - name: dev + mountPath: /dev + - name: vxflexos-config + mountPath: /vxflexos-config + - name: vxflexos-config-params + mountPath: /vxflexos-config-params + - name: certs + mountPath: /certs + readOnly: true + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/vxflexos.emc.dell.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + - name: sdc-monitor + securityContext: + privileged: true + image: dellemc/sdc:4.5 + imagePullPolicy: IfNotPresent + env: + - name: HOST_PID + value: "1" + - name: HOST_NET + value: "1" + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MODE + value: "monitoring" + volumeMounts: + - name: dev + mountPath: /dev + - name: os-release + mountPath: /host-os-release + - name: sdc-storage + mountPath: /storage + - name: udev-d + mountPath: /rules.d + initContainers: + - name: sdc + securityContext: + privileged: true + image: dellemc/sdc:4.5 + imagePullPolicy: IfNotPresent + env: + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MODE + value: "config" + - name: MDM + valueFrom: + secretKeyRef: + name: -config + key: MDM + - name: HOST_DRV_CFG_PATH + value: /opt/emc/scaleio/sdc/bin + volumeMounts: + - name: dev + mountPath: /dev + - name: os-release + mountPath: /host-os-release + - name: sdc-storage + mountPath: /storage + - name: udev-d + mountPath: /rules.d + - name: scaleio-path-opt + mountPath: /host_drv_cfg_path + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/vxflexos.emc.dell.com + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /plugins/kubernetes.io/csi/volumeDevices + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: noderoot + hostPath: + path: / + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: scaleio-path-opt + hostPath: + path: /opt/emc/scaleio/sdc/bin + type: DirectoryOrCreate + - name: sdc-storage + hostPath: + path: /var/emc-scaleio + type: DirectoryOrCreate + - name: udev-d + hostPath: + path: /etc/udev/rules.d + type: Directory + - name: os-release + hostPath: + path: /etc/os-release + type: File + - name: vxflexos-config + secret: + secretName: -config + - name: vxflexos-config-params + configMap: + name: -config-params + - name: usr-bin + hostPath: + path: /usr/bin + type: Directory + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: var-run + hostPath: + path: /var/run + type: Directory + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 diff --git a/tests/config/driverconfig/powerflex/v2.9.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerflex/v2.9.1/upgrade-path.yaml similarity index 100% rename from tests/config/driverconfig/powerflex/v2.9.0/upgrade-path.yaml rename to operatorconfig/driverconfig/powerflex/v2.9.1/upgrade-path.yaml diff --git a/operatorconfig/driverconfig/powermax/v2.9.1/controller.yaml b/operatorconfig/driverconfig/powermax/v2.9.1/controller.yaml new file mode 100644 index 000000000..5fdfee973 --- /dev/null +++ b/operatorconfig/driverconfig/powermax/v2.9.1/controller.yaml @@ -0,0 +1,322 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots", "volumesnapshots/status"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + app: -controller + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + app: -controller + spec: + serviceAccount: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + + containers: + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.9.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--timeout=180s" + - "--v=5" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--timeout=180s" + - "--worker-threads=6" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + - "--http-endpoint=:8080" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=pmax" + - "--volume-name-uuid-length=10" + - "--worker-threads=6" + - "--timeout=120s" + - "--v=5" + - "--feature-gates=Topology=true" + - "--leader-election" + - "--extra-create-metadata" + - "--default-fstype=ext4" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=180s" + - "--v=5" + - "--snapshot-name-prefix=pmsn" + - "--leader-election" + - "--snapshot-name-uuid-length=10" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-powermax:v2.9.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-powermax.sh" ] + env: + - name: X_CSI_POWERMAX_DRIVER_NAME + value: csi-powermax.dellemc.com + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MANAGED_ARRAYS + value: "" + - name: X_CSI_POWERMAX_ENDPOINT + value: "" + - name: X_CSI_K8S_CLUSTER_PREFIX + value: "" + - name: X_CSI_MODE + value: controller + - name: X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION + value: "true" + - name: X_CSI_POWERMAX_USER + valueFrom: + secretKeyRef: + key: username + name: powermax-creds + - name: X_CSI_POWERMAX_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: powermax-creds + - name: X_CSI_POWERMAX_DEBUG + value: "" + - name: X_CSI_POWERMAX_PORTGROUPS + value: "" + - name: X_CSI_GRPC_MAX_THREADS + value: "50" + - name: X_CSI_ENABLE_BLOCK + value: "true" + - name: X_CSI_TRANSPORT_PROTOCOL + value: "" + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_IG_NODENAME_TEMPLATE + value: "" + - name: X_CSI_IG_MODIFY_HOSTNAME + value: "" + - name: X_CSI_POWERMAX_PROXY_SERVICE_NAME + value: "csipowermax-reverseproxy" + - name: X_CSI_UNISPHERE_TIMEOUT + value: 5m + - name: X_CSI_POWERMAX_CONFIG_PATH + value: /powermax-config-params/driver-config-params.yaml + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_VSPHERE_ENABLED + value: "" + - name: X_CSI_VSPHERE_PORTGROUP + value: "" + - name: X_CSI_VSPHERE_HOSTNAME + value: "" + - name: X_CSI_VCENTER_HOST + value: "" + - name: X_CSI_VCENTER_USERNAME + valueFrom: + secretKeyRef: + key: username + name: vcenter-creds + optional: true + - name: X_CSI_VCENTER_PWD + valueFrom: + secretKeyRef: + key: password + name: vcenter-creds + optional: true + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: powermax-config-params + mountPath: -config-params + volumes: + - name: socket-dir + emptyDir: + - name: certs + secret: + secretName: -certs + optional: true + - name: powermax-config-params + configMap: + name: -config-params diff --git a/operatorconfig/driverconfig/powermax/v2.9.1/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.9.1/csidriver.yaml new file mode 100644 index 000000000..5bacf36ae --- /dev/null +++ b/operatorconfig/driverconfig/powermax/v2.9.1/csidriver.yaml @@ -0,0 +1,23 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-powermax.dellemc.com +spec: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent diff --git a/operatorconfig/driverconfig/powermax/v2.9.1/driver-config-params.yaml b/operatorconfig/driverconfig/powermax/v2.9.1/driver-config-params.yaml new file mode 100644 index 000000000..6dd1ecfc7 --- /dev/null +++ b/operatorconfig/driverconfig/powermax/v2.9.1/driver-config-params.yaml @@ -0,0 +1,21 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "TEXT" diff --git a/operatorconfig/driverconfig/powermax/v2.9.1/node.yaml b/operatorconfig/driverconfig/powermax/v2.9.1/node.yaml new file mode 100644 index 000000000..5082ca8a4 --- /dev/null +++ b/operatorconfig/driverconfig/powermax/v2.9.1/node.yaml @@ -0,0 +1,258 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + spec: + serviceAccount: -node + #nodeSelector: + #tolerations: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver + command: ["/csi-powermax.sh"] + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-powermax:v2.9.1 + imagePullPolicy: IfNotPresent + env: + - name: X_CSI_POWERMAX_DRIVER_NAME + value: csi-powermax.dellemc.com + - name: CSI_ENDPOINT + value: unix:///plugins/powermax.emc.dell.com/csi_sock + - name: X_CSI_MANAGED_ARRAYS + value: "" + - name: X_CSI_POWERMAX_ENDPOINT + value: "" + - name: X_CSI_K8S_CLUSTER_PREFIX + value: "" + - name: X_CSI_MODE + value: node + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/plugins/powermax.emc.dell.com/disks" + - name: X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION + value: true + - name: X_CSI_POWERMAX_USER + valueFrom: + secretKeyRef: + name: powermax-creds + key: username + - name: X_CSI_POWERMAX_PASSWORD + valueFrom: + secretKeyRef: + name: powermax-creds + key: password + - name: X_CSI_POWERMAX_NODENAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_POWERMAX_ISCSI_ENABLE_CHAP + value: "" + - name: X_CSI_POWERMAX_PROXY_SERVICE_NAME + value: "powermax-reverseproxy" + - name: X_CSI_ISCSI_CHROOT + value: noderoot + - name: X_CSI_GRPC_MAX_THREADS + value: "50" + - name: X_CSI_TRANSPORT_PROTOCOL + value: "" + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_POWERMAX_CONFIG_PATH + value: /powermax-config-params/driver-config-params.yaml + - name: X_CSI_POWERMAX_TOPOLOGY_CONFIG_PATH + value: /node-topology-config/topologyConfig.yaml + - name: X_CSI_IG_NODENAME_TEMPLATE + value: "" + - name: X_CSI_IG_MODIFY_HOSTNAME + value: "" + - name: X_CSI_POWERMAX_PORTGROUPS + value: "" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "" + - name: X_CSI_TOPOLOGY_CONTROL_ENABLED + value: "" + - name: X_CSI_VSPHERE_ENABLED + value: "" + - name: X_CSI_VSPHERE_PORTGROUP + value: "" + - name: X_CSI_VCENTER_HOST + value: "" + - name: X_CSI_VSPHERE_HOSTNAME + value: "" + - name: X_CSI_VCENTER_USERNAME + valueFrom: + secretKeyRef: + key: username + name: vcenter-creds + optional: true + - name: X_CSI_VCENTER_PWD + valueFrom: + secretKeyRef: + key: password + name: vcenter-creds + optional: true + volumeMounts: + - name: driver-path + mountPath: /plugins/powermax.emc.dell.com + - name: volumedevices-path + mountPath: /plugins/kubernetes.io/csi/volumeDevices + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: sys + mountPath: /sys + - name: noderoot + mountPath: /noderoot + - name: dbus-socket + mountPath: /run/dbus/system_bus_socket + - name: certs + mountPath: /certs + readOnly: true + - name: powermax-config-params + mountPath: /powermax-config-params + - name: node-topology-config + mountPath: /node-topology-config + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/powermax.emc.dell.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/powermax.emc.dell.com + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /plugins/kubernetes.io/csi/volumeDevices + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory + - name: noderoot + hostPath: + path: / + type: Directory + - name: dbus-socket + hostPath: + path: /run/dbus/system_bus_socket + type: Socket + - name: certs + secret: + secretName: -certs + optional: true + - name: powermax-config-params + configMap: + name: -config-params + - name: node-topology-config + configMap: + name: node-topology-config + optional: true diff --git a/tests/config/driverconfig/powermax/v2.9.0/upgrade-path.yaml b/operatorconfig/driverconfig/powermax/v2.9.1/upgrade-path.yaml similarity index 100% rename from tests/config/driverconfig/powermax/v2.9.0/upgrade-path.yaml rename to operatorconfig/driverconfig/powermax/v2.9.1/upgrade-path.yaml diff --git a/operatorconfig/driverconfig/powerscale/v2.9.1/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.9.1/controller.yaml new file mode 100644 index 000000000..4b868cf7c --- /dev/null +++ b/operatorconfig/driverconfig/powerscale/v2.9.1/controller.yaml @@ -0,0 +1,330 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + app: -controller + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + app: -controller + spec: + serviceAccount: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + + containers: + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.9.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--timeout=120s" + - "--v=5" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--timeout=180s" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--enable-node-watcher=false" + - "--monitor-interval=60s" + - "--timeout=180s" + - "--http-endpoint=:8080" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=k8s" + - "--volume-name-uuid-length=10" + - "--worker-threads=5" + - "--timeout=120s" + - "--v=5" + - "--feature-gates=Topology=true" + - "--leader-election" + - "--extra-create-metadata" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=120s" + - "--v=5" + - "--snapshot-name-prefix=snapshot" + - "--leader-election" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: csi-metadata-retriever + image: dellemc/csi-metadata-retriever:v1.6.1 + imagePullPolicy: Always + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=120s" + - "--v=5" + - "--leader-election" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + command: [ "/csi-metadata-retriever" ] + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: CSI_RETRIEVER_ENDPOINT + value: /var/run/csi/csi_retriever.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-isilon:v2.9.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-isilon" ] + args: + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: CSI_RETRIEVER_ENDPOINT + value: /var/run/csi/csi_retriever.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + - name: X_CSI_ISI_AUTH_TYPE + value: "0" + - name: X_CSI_VERBOSE + value: "1" + - name: X_CSI_ISI_PORT + value: "8080" + - name: X_CSI_ISI_AUTOPROBE + value: "true" + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + - name: X_CSI_ISI_ACCESS_ZONE + value: system + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + - name: X_CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_ISI_CONFIG_PATH + value: /isilon-configs/config + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: isilon-configs + mountPath: /isilon-configs + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params + volumes: + - name: socket-dir + emptyDir: + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: isilon-configs + secret: + secretName: -creds + - name: csi-isilon-config-params + configMap: + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.9.1/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.9.1/csidriver.yaml new file mode 100644 index 000000000..facd6cd6a --- /dev/null +++ b/operatorconfig/driverconfig/powerscale/v2.9.1/csidriver.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-isilon.dellemc.com +spec: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/operatorconfig/driverconfig/powerscale/v2.9.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerscale/v2.9.1/driver-config-params.yaml new file mode 100644 index 000000000..506503099 --- /dev/null +++ b/operatorconfig/driverconfig/powerscale/v2.9.1/driver-config-params.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug diff --git a/operatorconfig/driverconfig/powerscale/v2.9.1/node.yaml b/operatorconfig/driverconfig/powerscale/v2.9.1/node.yaml new file mode 100644 index 000000000..8f49a7d38 --- /dev/null +++ b/operatorconfig/driverconfig/powerscale/v2.9.1/node.yaml @@ -0,0 +1,215 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + spec: + serviceAccount: -node + #nodeSelector: + #tolerations: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver + command: ["/csi-isilon"] + args: + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-isilon:v2.9.1 + imagePullPolicy: IfNotPresent + env: + - name: CSI_ENDPOINT + value: /plugins/csi-isilon/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + - name: X_CSI_ISI_AUTH_TYPE + value: "0" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + - name: X_CSI_VERBOSE + value: "1" + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/plugins/csi-isilon/disks" + - name: X_CSI_ISI_PORT + value: "8080" + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + - name: X_CSI_ISI_AUTOPROBE + value: "true" + - name: X_CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: X_CSI_NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + - name: X_CSI_ISI_CONFIG_PATH + value: /isilon-configs/config + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + volumeMounts: + - name: driver-path + mountPath: /plugins/csi-isilon + - name: volumedevices-path + mountPath: /plugins/kubernetes.io/csi/volumeDevices + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: certs + mountPath: /certs + readOnly: true + - name: isilon-configs + mountPath: /isilon-configs + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/csi-isilon/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: usr-bin + hostPath: + path: /usr/bin + type: Directory + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: var-run + hostPath: + path: /var/run + type: Directory + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: csi-path + hostPath: + path: /plugins/kubernetes.io/csi + - name: driver-path + hostPath: + path: /plugins/csi-isilon + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /plugins/kubernetes.io/csi/volumeDevices + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: isilon-configs + secret: + secretName: -creds + - name: csi-isilon-config-params + configMap: + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.9.1/upgrade-path.yaml b/operatorconfig/driverconfig/powerscale/v2.9.1/upgrade-path.yaml new file mode 100644 index 000000000..a902cb64c --- /dev/null +++ b/operatorconfig/driverconfig/powerscale/v2.9.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.8.0 diff --git a/operatorconfig/driverconfig/powerstore/v2.9.1/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/controller.yaml new file mode 100644 index 000000000..a16762bac --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.9.1/controller.yaml @@ -0,0 +1,270 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["volumegroup.storage.dell.com"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + verbs: ["create", "list", "watch", "delete", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots", "volumesnapshots/status"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + name: -controller + replicas: 2 + template: + metadata: + labels: + name: -controller + spec: + serviceAccountName: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--worker-threads=130" + - "--resync=10s" + - "--timeout=130s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.9.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=csivol" + - "--volume-name-uuid-length=10" + - "--v=5" + - "--leader-election" + - "--default-fstype=ext4" + - "--extra-create-metadata" + - "--feature-gates=Topology=true" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--snapshot-name-prefix=csisnap" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--http-endpoint=:8080" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-powerstore:v2.9.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] + args: + - "--array-config=/powerstore-config/config" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + env: + - name: ENABLE_TRACING + value: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_DRIVER_NAME + value: "csi-powerstore.dellemc.com" + - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS + value: + - name: X_CSI_NFS_ACLS + value: "" + - name: X_CSI_POWERSTORE_CONFIG_PATH + value: /powerstore-config/config + - name: X_CSI_POWERSTORE_CONFIG_PARAMS_PATH + value: /powerstore-config-params/driver-config-params.yaml + - name: GOPOWERSTORE_DEBUG + value: true + - name: CSI_AUTO_ROUND_OFF_FILESYSTEM_SIZE + value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: powerstore-config + mountPath: /powerstore-config + - name: powerstore-config-params + mountPath: /powerstore-config-params + volumes: + - name: socket-dir + emptyDir: + - name: powerstore-config-params + configMap: + name: -config-params + - name: powerstore-config + secret: + secretName: -config \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/csidriver.yaml similarity index 100% rename from tests/config/driverconfig/powerstore/v2.9.0/csidriver.yaml rename to operatorconfig/driverconfig/powerstore/v2.9.1/csidriver.yaml diff --git a/operatorconfig/driverconfig/powerstore/v2.9.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/driver-config-params.yaml new file mode 100644 index 000000000..c775e7442 --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.9.1/driver-config-params.yaml @@ -0,0 +1,29 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "JSON" + PODMON_CONTROLLER_LOG_LEVEL: "debug" + PODMON_CONTROLLER_LOG_FORMAT: "JSON" + PODMON_NODE_LOG_LEVEL: "debug" + PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.9.1/node.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/node.yaml new file mode 100644 index 000000000..e1925f3a5 --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.9.1/node.yaml @@ -0,0 +1,244 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + driver.dellemc.com: dell-storage + spec: + #nodeSelector: + #tolerations: + serviceAccount: -node + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostIPC: true + containers: + - name: driver + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-powerstore:v2.9.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] + args: + - "--array-config=/powerstore-config/config" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + env: + - name: ENABLE_TRACING + value: + - name: CSI_ENDPOINT + value: unix:///plugins/csi-powerstore.dellemc.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_POWERSTORE_KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX + value: + - name: X_CSI_POWERSTORE_NODE_ID_PATH + value: /node-id + - name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE + value: + - name: X_CSI_POWERSTORE_NODE_CHROOT_PATH + value: /noderoot + - name: X_CSI_POWERSTORE_TMP_DIR + value: /plugins/csi-powerstore.dellemc.com/tmp + - name: X_CSI_DRIVER_NAME + value: "csi-powerstore.dellemc.com" + - name: X_CSI_FC_PORTS_FILTER_FILE_PATH + value: + - name: X_CSI_POWERSTORE_ENABLE_CHAP + value: "" + - name: X_CSI_POWERSTORE_CONFIG_PATH + value: /powerstore-config/config + - name: X_CSI_POWERSTORE_CONFIG_PARAMS_PATH + value: /powerstore-config-params/driver-config-params.yaml + - name: GOPOWERSTORE_DEBUG + value: "true" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + volumeMounts: + - name: driver-path + mountPath: /plugins/csi-powerstore.dellemc.com + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: sys + mountPath: /sys + - name: run + mountPath: /run + - name: node-id + mountPath: /node-id + - name: etciscsi + mountPath: /etc/iscsi + - name: mpath + mountPath: /etc/multipath.conf + - name: noderoot + mountPath: /noderoot + - name: powerstore-config + mountPath: /powerstore-config + - name: powerstore-config-params + mountPath: /powerstore-config-params + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/csi-powerstore.dellemc.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/csi-powerstore.dellemc.com + type: DirectoryOrCreate + - name: csi-path + hostPath: + path: /plugins/kubernetes.io/csi + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: node-id + hostPath: + path: /etc/machine-id + type: File + - name: etciscsi + hostPath: + path: /etc/iscsi + type: DirectoryOrCreate + - name: mpath + hostPath: + path: /etc/multipath.conf + type: FileOrCreate + - name: noderoot + hostPath: + path: / + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory + - name: run + hostPath: + path: /run + type: Directory + - name: powerstore-config-params + configMap: + name: -config-params + - name: powerstore-config + secret: + secretName: -config + - name: usr-bin + hostPath: + path: /usr/bin + type: Directory + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: var-run + hostPath: + path: /var/run + type: Directory diff --git a/tests/config/driverconfig/powerstore/v2.9.0/upgrade-path.yaml b/operatorconfig/driverconfig/powerstore/v2.9.1/upgrade-path.yaml similarity index 100% rename from tests/config/driverconfig/powerstore/v2.9.0/upgrade-path.yaml rename to operatorconfig/driverconfig/powerstore/v2.9.1/upgrade-path.yaml diff --git a/operatorconfig/driverconfig/unity/v2.9.1/controller.yaml b/operatorconfig/driverconfig/unity/v2.9.1/controller.yaml new file mode 100644 index 000000000..b0a0d209e --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.9.1/controller.yaml @@ -0,0 +1,259 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "create", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update","patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + app: -controller + replicas: 2 + template: + metadata: + labels: + app: -controller + spec: + serviceAccountName: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=csivol" + - "--volume-name-uuid-length=10" + - "--timeout=180s" + - "--worker-threads=6" + - "--v=5" + - "--feature-gates=Topology=true" + - "--strict-topology=true" + - "--leader-election" + - "--leader-election-namespace=" + - "--default-fstype=ext4" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--snapshot-name-prefix=csi-snap" + - "--snapshot-name-uuid-length=10" + - "--timeout=360s" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.9.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--http-endpoint=:8080" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-unity:v2.9.1 + args: + - "--driver-name=csi-unity.dellemc.com" + - "--driver-config=/unity-config/driver-config-params.yaml" + - "--driver-secret=/unity-secret/config" + imagePullPolicy: IfNotPresent + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_UNITY_AUTOPROBE + value: "true" + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: unity-config + mountPath: /unity-config + - name: unity-secret + mountPath: /unity-secret + volumes: + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: socket-dir + emptyDir: + - name: unity-config + configMap: + name: -config-params + - name: unity-secret + secret: + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.9.0/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.9.1/csidriver.yaml similarity index 100% rename from tests/config/driverconfig/unity/v2.9.0/csidriver.yaml rename to operatorconfig/driverconfig/unity/v2.9.1/csidriver.yaml diff --git a/tests/config/driverconfig/unity/v2.9.0/driver-config-params.yaml b/operatorconfig/driverconfig/unity/v2.9.1/driver-config-params.yaml similarity index 100% rename from tests/config/driverconfig/unity/v2.9.0/driver-config-params.yaml rename to operatorconfig/driverconfig/unity/v2.9.1/driver-config-params.yaml diff --git a/operatorconfig/driverconfig/unity/v2.9.1/node.yaml b/operatorconfig/driverconfig/unity/v2.9.1/node.yaml new file mode 100644 index 000000000..260f31198 --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.9.1/node.yaml @@ -0,0 +1,189 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + spec: + serviceAccountName: -node + hostIPC: true + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-unity:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--driver-name=csi-unity.dellemc.com" + - "--driver-config=/unity-config/driver-config-params.yaml" + - "--driver-secret=/unity-secret/config" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_UNITY_AUTOPROBE + value: "true" + - name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS + value: "false" + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/var/lib/kubelet/plugins/unity.emc.dell.com/disks" + - name: X_CSI_EPHEMERAL_STAGING_PATH + value: "/var/lib/kubelet/plugins/kubernetes.io/csi/pv/" + - name: X_CSI_ISCSI_CHROOT + value: "/noderoot" + - name: X_CSI_UNITY_NODENAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_UNITY_SYNC_NODEINFO_INTERVAL + value: "15" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + volumeMounts: + - name: driver-path + mountPath: /var/lib/kubelet/plugins/unity.emc.dell.com + - name: volumedevices-path + mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: noderoot + mountPath: /noderoot + - name: certs + mountPath: /certs + readOnly: true + - name: unity-config + mountPath: /unity-config + - name: unity-secret + mountPath: /unity-secret + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /var/lib/kubelet/plugins/unity.emc.dell.com + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: noderoot + hostPath: + path: / + type: Directory + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: unity-config + configMap: + name: -config-params + - name: unity-secret + secret: + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.9.0/upgrade-path.yaml b/operatorconfig/driverconfig/unity/v2.9.1/upgrade-path.yaml similarity index 100% rename from tests/config/driverconfig/unity/v2.9.0/upgrade-path.yaml rename to operatorconfig/driverconfig/unity/v2.9.1/upgrade-path.yaml diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager.yaml index c5600b0f7..5844f8044 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/app-mobility-controller-manager.yaml @@ -16,7 +16,7 @@ spec: kubectl.kubernetes.io/default-container: manager labels: control-plane: controller-manager - csm: application-mobility + csm: spec: containers: - args: diff --git a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-deployment.yaml b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-deployment.yaml index 11ad87f93..5f8217b2a 100644 --- a/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-deployment.yaml +++ b/operatorconfig/moduleconfig/application-mobility/v1.0.0/velero-deployment.yaml @@ -102,7 +102,7 @@ spec: metadata: labels: name: application-mobility-velero - csm: application-mobility + csm: app.kubernetes.io/name: application-mobility-velero app.kubernetes.io/instance: application-mobility diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/cert-manager.yaml new file mode 100644 index 000000000..ffc9f5f1f --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/cert-manager.yaml @@ -0,0 +1,1104 @@ +# Copyright 2021 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +# Source: cert-manager/templates/cainjector-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: -cert-manager-cainjector + namespace: "" + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +--- +# Source: cert-manager/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: -cert-manager + namespace: "" + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +--- +# Source: cert-manager/templates/webhook-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: -cert-manager-webhook + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-cainjector + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "create", "update", "patch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiregistration.k8s.io"] + resources: ["apiservices"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["auditregistration.k8s.io"] + resources: ["auditsinks"] + verbs: ["get", "list", "watch", "update"] +--- +# Source: cert-manager/templates/rbac.yaml +# Issuer controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-issuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["issuers", "issuers/status"] + verbs: ["update"] + - apiGroups: ["cert-manager.io"] + resources: ["issuers"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# ClusterIssuer controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-clusterissuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers", "clusterissuers/status"] + verbs: ["update"] + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# Certificates controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-certificates + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + verbs: ["update"] + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + verbs: ["get", "list", "watch"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["cert-manager.io"] + resources: ["certificates/finalizers", "certificaterequests/finalizers"] + verbs: ["update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders"] + verbs: ["create", "delete", "get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# Orders controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-orders + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders", "orders/status"] + verbs: ["update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders", "challenges"] + verbs: ["get", "list", "watch"] + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers", "issuers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges"] + verbs: ["create", "delete"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders/finalizers"] + verbs: ["update"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# Challenges controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-challenges + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + # Use to update challenge resource status + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges", "challenges/status"] + verbs: ["update"] + # Used to watch challenge resources + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges"] + verbs: ["get", "list", "watch"] + # Used to watch challenges, issuer and clusterissuer resources + - apiGroups: ["cert-manager.io"] + resources: ["issuers", "clusterissuers"] + verbs: ["get", "list", "watch"] + # Need to be able to retrieve ACME account private key to complete challenges + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + # Used to create events + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + # HTTP01 rules + - apiGroups: [""] + resources: ["pods", "services"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [ "networking.x-k8s.io" ] + resources: [ "httproutes" ] + verbs: ["get", "list", "watch", "create", "delete", "update"] + # We require the ability to specify a custom hostname when we are creating + # new ingress resources. + # See: https://github.com/openshift/origin/blob/21f191775636f9acadb44fa42beeb4f75b255532/pkg/route/apiserver/admission/ingress_admission.go#L84-L148 + - apiGroups: ["route.openshift.io"] + resources: ["routes/custom-host"] + verbs: ["create"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges/finalizers"] + verbs: ["update"] + # DNS01 rules (duplicated above) + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] +--- +# Source: cert-manager/templates/rbac.yaml +# ingress-shim controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-ingress-shim + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests"] + verbs: ["create", "update", "delete"] + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses/finalizers"] + verbs: ["update"] + - apiGroups: ["networking.x-k8s.io"] + resources: ["gateways", "httproutes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.x-k8s.io"] + resources: ["gateways/finalizers", "httproutes/finalizers"] + verbs: ["update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-view + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges", "orders"] + verbs: ["get", "list", "watch"] +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-edit + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges", "orders"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] +--- +# Source: cert-manager/templates/rbac.yaml +# Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-approve:cert-manager-io + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["signers"] + verbs: ["approve"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] +--- +# Source: cert-manager/templates/rbac.yaml +# Permission to: +# - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers +# - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-certificatesigningrequests + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests/status"] + verbs: ["update"] + - apiGroups: ["certificates.k8s.io"] + resources: ["signers"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + verbs: ["sign"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-webhook:subjectaccessreviews + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +rules: +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-cainjector + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-cainjector +subjects: + - name: -cert-manager-cainjector + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-issuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-issuers +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-clusterissuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-clusterissuers +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: -cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-certificates + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-certificates +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-orders + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-orders +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-challenges + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-challenges +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-ingress-shim + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-ingress-shim +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-approve:cert-manager-io + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-approve:cert-manager-io +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-certificatesigningrequests + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-certificatesigningrequests +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-webhook:subjectaccessreviews + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-webhook:subjectaccessreviews +subjects: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +# leader election rules +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -cert-manager-cainjector:leaderelection + namespace: kube-system + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +rules: + # Used for leader election by the controller + # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller + # see cmd/cainjector/start.go#L113 + # cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller + # see cmd/cainjector/start.go#L137 + # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + verbs: ["get", "update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + verbs: ["get", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create"] +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -cert-manager:leaderelection + namespace: kube-system + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + # Used for leader election by the controller + # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["cert-manager-controller"] + verbs: ["get", "update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["cert-manager-controller"] + verbs: ["get", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create"] +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -cert-manager-webhook:dynamic-serving + namespace: + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +rules: +- apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] +# It's not possible to grant CREATE permission on a single resourceName. +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +# grant cert-manager permission to manage the leaderelection configmap in the +# leader election namespace +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -cert-manager-cainjector:leaderelection + namespace: kube-system + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -cert-manager-cainjector:leaderelection +subjects: + - kind: ServiceAccount + name: -cert-manager-cainjector + namespace: +--- +# Source: cert-manager/templates/rbac.yaml +# grant cert-manager permission to manage the leaderelection configmap in the +# leader election namespace +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -cert-manager:leaderelection + namespace: kube-system + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -cert-manager:leaderelection +subjects: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager + namespace: +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -cert-manager-webhook:dynamic-serving + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -cert-manager-webhook:dynamic-serving +subjects: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: +--- +# Source: cert-manager/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: -cert-manager + namespace: "" + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +spec: + type: ClusterIP + ports: + - protocol: TCP + port: 9402 + name: tcp-prometheus-servicemonitor + targetPort: 9402 + selector: + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" +--- +# Source: cert-manager/templates/webhook-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: -cert-manager-webhook + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +spec: + type: ClusterIP + ports: + - name: https + port: 443 + protocol: TCP + targetPort: 10250 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" +--- +# Source: cert-manager/templates/cainjector-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: -cert-manager-cainjector + namespace: "" + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + template: + metadata: + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" + spec: + serviceAccountName: -cert-manager-cainjector + securityContext: + runAsNonRoot: true + containers: + - name: cert-manager + image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --leader-election-namespace=kube-system + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} +--- +# Source: cert-manager/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: -cert-manager + namespace: "" + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + template: + metadata: + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" + annotations: + prometheus.io/path: "/metrics" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' + spec: + serviceAccountName: -cert-manager + securityContext: + runAsNonRoot: true + containers: + - name: cert-manager + image: "quay.io/jetstack/cert-manager-controller:v1.6.1" + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + ports: + - containerPort: 9402 + protocol: TCP + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} +--- +# Source: cert-manager/templates/webhook-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: -cert-manager-webhook + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + template: + metadata: + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" + spec: + serviceAccountName: -cert-manager-webhook + securityContext: + runAsNonRoot: true + containers: + - name: cert-manager + image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + ports: + - name: https + protocol: TCP + containerPort: 10250 + livenessProbe: + httpGet: + path: /livez + port: 6080 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /healthz + port: 6080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} +--- +# Source: cert-manager/templates/webhook-mutating-webhook.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: -cert-manager-webhook + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" + annotations: + cert-manager.io/inject-ca-from-secret: "/cert-manager-webhook-ca" +webhooks: + - name: webhook.cert-manager.io + rules: + - apiGroups: + - "cert-manager.io" + - "acme.cert-manager.io" + apiVersions: + - "v1" + operations: + - CREATE + - UPDATE + resources: + - "*/*" + # We don't actually support `v1beta1` but is listed here as it is a + # required value for + # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025). + # The API server reads the supported versions in order, so _should always_ + # attempt a `v1` request which is understood by the cert-manager webhook. + # Any `v1beta1` request will return an error and fail closed for that + # resource (the whole object request is rejected). When we no longer + # support v1.16 we can remove `v1beta1` from this list. + admissionReviewVersions: ["v1", "v1beta1"] + # This webhook only accepts v1 cert-manager resources. + # Equivalent matchPolicy ensures that non-v1 resource requests are sent to + # this webhook (after the resources have been converted to v1). + matchPolicy: Equivalent + timeoutSeconds: 10 + failurePolicy: Fail + # Only include 'sideEffects' field in Kubernetes 1.12+ + sideEffects: None + clientConfig: + service: + name: -cert-manager-webhook + namespace: "" + path: /mutate +--- +# Source: cert-manager/templates/webhook-validating-webhook.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: -cert-manager-webhook + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" + annotations: + cert-manager.io/inject-ca-from-secret: "/cert-manager-webhook-ca" +webhooks: + - name: webhook.cert-manager.io + namespaceSelector: + matchExpressions: + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager + rules: + - apiGroups: + - "cert-manager.io" + - "acme.cert-manager.io" + apiVersions: + - "v1" + operations: + - CREATE + - UPDATE + resources: + - "*/*" + # We don't actually support `v1beta1` but is listed here as it is a + # required value for + # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025). + # The API server reads the supported versions in order, so _should always_ + # attempt a `v1` request which is understood by the cert-manager webhook. + # Any `v1beta1` request will return an error and fail closed for that + # resource (the whole object request is rejected). When we no longer + # support v1.16 we can remove `v1beta1` from this list. + admissionReviewVersions: ["v1", "v1beta1"] + # This webhook only accepts v1 cert-manager resources. + # Equivalent matchPolicy ensures that non-v1 resource requests are sent to + # this webhook (after the resources have been converted to v1). + matchPolicy: Equivalent + timeoutSeconds: 10 + failurePolicy: Fail + sideEffects: None + clientConfig: + service: + name: -cert-manager-webhook + namespace: "" + path: /validate \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/container.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/container.yaml new file mode 100644 index 000000000..d984bf00e --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/container.yaml @@ -0,0 +1,27 @@ +name: karavi-authorization-proxy +imagePullPolicy: IfNotPresent +image: dellemc/csm-authorization-sidecar:v1.9.1 +env: + - name: PROXY_HOST + value: "" + - name: INSECURE + value: "true" + - name: PLUGIN_IDENTIFIER + value: + - name: ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: proxy-authz-tokens + key: access + - name: REFRESH_TOKEN + valueFrom: + secretKeyRef: + name: proxy-authz-tokens + key: refresh +volumeMounts: + - name: karavi-authorization-config + mountPath: /etc/karavi-authorization/config + - name: proxy-server-root-certificate + mountPath: /etc/karavi-authorization/root-certificates + - name: + mountPath: /etc/karavi-authorization diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/deployment.yaml new file mode 100644 index 000000000..935fdbc80 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/deployment.yaml @@ -0,0 +1,499 @@ +# Proxy service +apiVersion: apps/v1 +kind: Deployment +metadata: + name: proxy-server + namespace: + labels: + app: proxy-server +spec: + replicas: 1 + selector: + matchLabels: + app: proxy-server + template: + metadata: + labels: + app: proxy-server + spec: + containers: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: storage-volume + mountPath: /etc/karavi-authorization/storage + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=authorization" + - "--enable-data" + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: storage-volume + secret: + secretName: karavi-storage-secret + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: proxy-server + namespace: +spec: + selector: + app: proxy-server + ports: + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 +--- +# Tenant Service +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tenant-service + namespace: + labels: + app: tenant-service +spec: + replicas: 1 + selector: + matchLabels: + app: tenant-service + template: + metadata: + labels: + app: tenant-service + spec: + containers: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: tenant-service + namespace: +spec: + selector: + app: tenant-service + ports: + - port: 50051 + targetPort: 50051 + name: grpc +--- +# Role Service +apiVersion: v1 +kind: ServiceAccount +metadata: + name: role-service + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: role-service +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: role-service +subjects: + - kind: ServiceAccount + name: role-service + namespace: +roleRef: + kind: ClusterRole + name: role-service + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: role-service + namespace: + labels: + app: role-service +spec: + replicas: 1 + selector: + matchLabels: + app: role-service + template: + metadata: + labels: + app: role-service + spec: + serviceAccountName: role-service + containers: + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: role-service + namespace: +spec: + selector: + app: role-service + ports: + - port: 50051 + targetPort: 50051 + name: grpc +--- +# Storage service +apiVersion: v1 +kind: ServiceAccount +metadata: + name: storage-service + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: storage-service +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "patch", "post"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: storage-service +subjects: + - kind: ServiceAccount + name: storage-service + namespace: +roleRef: + kind: ClusterRole + name: storage-service + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: storage-service + namespace: + labels: + app: storage-service +spec: + replicas: 1 + selector: + matchLabels: + app: storage-service + template: + metadata: + labels: + app: storage-service + spec: + serviceAccountName: storage-service + containers: + - name: storage-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: authorization + volumeMounts: + - name: storage-volume + mountPath: /etc/karavi-authorization/storage + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: storage-volume + secret: + secretName: karavi-storage-secret + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: storage-service + namespace: +spec: + selector: + app: storage-service + ports: + - port: 50051 + targetPort: 50051 + name: grpc +--- +# Redis +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-primary + namespace: + labels: + app: redis +spec: + selector: + matchLabels: + app: redis + role: primary + tier: backend + replicas: 1 + template: + metadata: + labels: + app: redis + role: primary + tier: backend + spec: + containers: + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data + volumes: + - name: redis-primary-volume + persistentVolumeClaim: + claimName: redis-primary-pv-claim +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: redis-primary-pv-claim + namespace: + labels: + app: redis-primary +spec: + accessModes: + - ReadWriteOnce + storageClassName: + resources: + requests: + storage: 8Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-commander + namespace: +spec: + replicas: 1 + selector: + matchLabels: + app: redis-commander + template: + metadata: + labels: + app: redis-commander + tier: backend + spec: + containers: + - name: redis-commander + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: + - name: redis-commander + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + namespace: +spec: + selector: + app: redis + ports: + - protocol: TCP + port: 6379 + targetPort: 6379 +--- +apiVersion: v1 +kind: Service +metadata: + name: redis-commander + namespace: +spec: + selector: + app: redis-commander + ports: + - protocol: TCP + port: 8081 + targetPort: 8081 +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: auth-resource-reader +rules: + - apiGroups: [""] + resources: ["secrets", "configmaps", "pods"] + verbs: ["get", "watch", "list", "patch", "create", "update", "delete"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["ingress-controller-leader"] + verbs: ["get", "update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:serviceaccounts:authorization +subjects: + - kind: Group + name: system:serviceaccounts:authorization + namespace: +roleRef: + kind: ClusterRole + name: auth-resource-reader + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: view +--- +# Grant OPA/kube-mgmt read-only access to resources. This lets kube-mgmt +# list configmaps to be loaded into OPA as policies. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: opa-viewer +roleRef: + kind: ClusterRole + name: view + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: Group + name: system:serviceaccounts:authorization + apiGroup: rbac.authorization.k8s.io +--- +# Define role for OPA/kube-mgmt to update configmaps with policy status. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: + name: configmap-modifier +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] +--- +# Grant OPA/kube-mgmt role defined above. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: + name: opa-configmap-modifier +roleRef: + kind: Role + name: configmap-modifier + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: Group + name: system:serviceaccounts:authorization + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/ingress.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/ingress.yaml new file mode 100644 index 000000000..9a7477ad3 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/ingress.yaml @@ -0,0 +1,33 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: proxy-server + namespace: +spec: + ingressClassName: + tls: + - hosts: + - + - + secretName: karavi-auth-tls + rules: + - host: + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: proxy-server + port: + number: 8080 + - host: + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: proxy-server + port: + number: 8080 diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/nginx-ingress-controller.yaml new file mode 100644 index 000000000..3bafbb56f --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/nginx-ingress-controller.yaml @@ -0,0 +1,663 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx + namespace: +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx + namespace: +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission + namespace: +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +- apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx + namespace: +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -ingress-nginx +subjects: +- kind: ServiceAccount + name: -ingress-nginx + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission + namespace: +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -ingress-nginx-admission +subjects: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -ingress-nginx +subjects: +- kind: ServiceAccount + name: -ingress-nginx + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -ingress-nginx-admission +subjects: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: +--- +apiVersion: v1 +data: + allow-snippet-annotations: "true" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller + namespace: +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller + namespace: +spec: + externalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller-admission + namespace: +spec: + ports: + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller + namespace: +spec: + minReadySeconds: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + template: + metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + spec: + containers: + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true + dnsPolicy: ClusterFirst + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: -ingress-nginx + terminationGracePeriodSeconds: 300 + volumes: + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-create + namespace: +spec: + ttlSecondsAfterFinished: 10 + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-create + spec: + containers: + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + serviceAccountName: -ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-patch + namespace: +spec: + ttlSecondsAfterFinished: 10 + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-patch + spec: + containers: + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + serviceAccountName: -ingress-nginx-admission +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: nginx +spec: + controller: k8s.io/ingress-nginx +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None + \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml new file mode 100644 index 000000000..0e7dc16bb --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/policies.yaml @@ -0,0 +1,265 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: common + namespace: +data: + common.rego: | + package karavi.common + default roles = {} + roles = {} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-create + namespace: +data: + volumes-create.rego: | + package karavi.volumes.create + + import data.karavi.common + default allow = false + + allow { + count(permitted_roles) != 0 + count(deny) == 0 + } + + deny[msg] { + common.roles == {} + msg := sprintf("no configured roles", []) + } + + deny[msg] { + count(permitted_roles) == 0 + msg := sprintf("no roles in [%s] allow the %s Kb request on %s/%s/%s", + [input.claims.roles, + input.request.volumeSizeInKb, + input.systemtype, + input.storagesystemid, + input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] >= to_number(input.request.volumeSizeInKb) + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] == 0 + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-delete + namespace: +data: + volumes-delete.rego: | + package karavi.volumes.delete + + import data.karavi.common + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + deny[msg] { + common.roles == {} + msg := sprintf("no role data found", []) + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-map + namespace: +data: + volumes-map.rego: | + package karavi.volumes.map + + import data.karavi.common + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + deny[msg] { + common.roles == {} + msg := sprintf("no role data found", []) + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: powermax-volumes-create + namespace: +data: + volumes-powermax-create.rego: | + package karavi.volumes.powermax.create + + import data.karavi.common + + default allow = false + + allow { + count(permitted_roles) != 0 + count(deny) == 0 + } + + deny[msg] { + common.roles == {} + msg := sprintf("no configured roles", []) + } + + deny[msg] { + count(permitted_roles) == 0 + msg := sprintf("no roles in [%s] allow the %v Kb request on %s/%s/%s", + [input.claims.roles, + input.request.volumeSizeInKb, + input.systemtype, + input.storagesystemid, + input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] >= to_number(input.request.volumeSizeInKb) + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] == 0 + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-unmap + namespace: +data: + volumes-unmap.rego: | + package karavi.volumes.unmap + + import data.karavi.common + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + deny[msg] { + common.roles == {} + msg := sprintf("no role data found", []) + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: sdc-approve + namespace: +data: + sdc-approve.rego: | + package karavi.sdc.approve + + import data.karavi.common + + # Allow requests by default. + default allow = true + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } diff --git a/operatorconfig/moduleconfig/authorization/v1.9.1/volumes.yaml b/operatorconfig/moduleconfig/authorization/v1.9.1/volumes.yaml new file mode 100644 index 000000000..ec4a5b445 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.9.1/volumes.yaml @@ -0,0 +1,6 @@ +- name: karavi-authorization-config + secret: + secretName: karavi-authorization-config +- name: proxy-server-root-certificate + secret: + secretName: proxy-server-root-certificate diff --git a/operatorconfig/moduleconfig/common/cert-manager.yaml b/operatorconfig/moduleconfig/common/cert-manager.yaml index d2691d807..266595462 100644 --- a/operatorconfig/moduleconfig/common/cert-manager.yaml +++ b/operatorconfig/moduleconfig/common/cert-manager.yaml @@ -829,7 +829,7 @@ spec: metadata: labels: app: cainjector - csm: cert-manager + csm: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: app.kubernetes.io/component: "cainjector" @@ -883,7 +883,7 @@ spec: metadata: labels: app: cert-manager - csm: cert-manager + csm: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: app.kubernetes.io/component: "controller" @@ -948,7 +948,7 @@ spec: metadata: labels: app: webhook - csm: cert-manager + csm: app.kubernetes.io/name: webhook app.kubernetes.io/instance: app.kubernetes.io/component: "webhook" diff --git a/operatorconfig/moduleconfig/common/cert-manager/cert-manager.yaml b/operatorconfig/moduleconfig/common/cert-manager/cert-manager.yaml index 9da0eacc9..b269d3477 100644 --- a/operatorconfig/moduleconfig/common/cert-manager/cert-manager.yaml +++ b/operatorconfig/moduleconfig/common/cert-manager/cert-manager.yaml @@ -5257,7 +5257,7 @@ spec: metadata: labels: app: cainjector - csm: cert-manager + csm: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" @@ -5311,7 +5311,7 @@ spec: metadata: labels: app: cert-manager - csm: cert-manager + csm: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" @@ -5376,7 +5376,7 @@ spec: metadata: labels: app: webhook - csm: cert-manager + csm: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" diff --git a/operatorconfig/moduleconfig/common/version-values.yaml b/operatorconfig/moduleconfig/common/version-values.yaml index 516d497ef..8349235a7 100644 --- a/operatorconfig/moduleconfig/common/version-values.yaml +++ b/operatorconfig/moduleconfig/common/version-values.yaml @@ -20,6 +20,11 @@ powerscale: replication: "v1.7.0" observability: "v1.7.0" resiliency: "v1.8.0" + v2.9.1: + authorization: "v1.9.1" + replication: "v1.7.1" + observability: "v1.7.0" + resiliency: "v1.8.1" powerflex: # List of Driver versions and modules that supports the version v2.7.0: @@ -37,6 +42,11 @@ powerflex: observability: "v1.7.0" replication: "v1.7.0" resiliency: "v1.8.0" + v2.9.1: + authorization: "v1.9.1" + observability: "v1.7.0" + replication: "v1.7.1" + resiliency: "v1.8.1" powerstore: # List of Driver versions and modules that supports the version v2.7.0: @@ -45,6 +55,8 @@ powerstore: resiliency: "v1.7.0" v2.9.0: resiliency: "v1.8.0" + v2.9.1: + resiliency: "v1.8.1" powermax: # List of Driver versions and modules that supports the version v2.7.0: @@ -59,3 +71,7 @@ powermax: csireverseproxy: "v2.8.0" authorization: "v1.9.0" replication: "v1.7.0" + v2.9.1: + csireverseproxy: "v2.8.1" + authorization: "v1.9.1" + replication: "v1.7.1" diff --git a/operatorconfig/moduleconfig/csireverseproxy/v2.8.1/controller.yaml b/operatorconfig/moduleconfig/csireverseproxy/v2.8.1/controller.yaml new file mode 100644 index 000000000..040acab90 --- /dev/null +++ b/operatorconfig/moduleconfig/csireverseproxy/v2.8.1/controller.yaml @@ -0,0 +1,105 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csipowermax-reverseproxy + namespace: +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csipowermax-reverseproxy + namespace: +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch", "get"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csipowermax-reverseproxy + namespace: +subjects: + - kind: ServiceAccount + name: csipowermax-reverseproxy + namespace: +roleRef: + kind: Role + name: csipowermax-reverseproxy + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: Service +metadata: + name: csipowermax-reverseproxy + namespace: +spec: + ports: + - port: + protocol: TCP + targetPort: 2222 + selector: + name: csipowermax-reverseproxy + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: csipowermax-reverseproxy + namespace: +spec: + replicas: 1 + selector: + matchLabels: + name: csipowermax-reverseproxy + template: + metadata: + labels: + name: csipowermax-reverseproxy + spec: + serviceAccountName: csipowermax-reverseproxy + containers: + - name: csipowermax-reverseproxy + # Replace this with the built image name + image: + imagePullPolicy: Always + env: + - name: X_CSI_REVPROXY_CONFIG_DIR + value: /etc/config/configmap + - name: X_CSI_REVPROXY_CONFIG_FILE_NAME + value: config.yaml + - name: X_CSI_REVRPOXY_IN_CLUSTER + value: "true" + - name: X_CSI_REVPROXY_TLS_CERT_DIR + value: /app/tls + - name: X_CSI_REVPROXY_WATCH_NAMESPACE + value: #Change this to the namespace where proxy will be installed + volumeMounts: + - name: configmap-volume + mountPath: /etc/config/configmap + - name: tls-secret + mountPath: /app/tls + - name: cert-dir + mountPath: /app/certs + volumes: + - name: configmap-volume + configMap: + name: + optional: true + - name: tls-secret + secret: + secretName: + - name: cert-dir + emptyDir: diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerflex.yaml index 7381234d0..8fa8668be 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerflex.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerflex.yaml @@ -110,6 +110,7 @@ spec: labels: app.kubernetes.io/name: karavi-metrics-powerflex app.kubernetes.io/instance: karavi + csm: spec: serviceAccount: karavi-metrics-powerflex-controller containers: diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powermax.yaml index 38894140a..174777097 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powermax.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powermax.yaml @@ -110,6 +110,7 @@ spec: labels: app.kubernetes.io/name: karavi-metrics-powermax app.kubernetes.io/instance: karavi + csm: spec: serviceAccountName: karavi-metrics-powermax-controller containers: diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerscale.yaml index 825ce4989..d1ba91cca 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerscale.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-metrics-powerscale.yaml @@ -112,6 +112,7 @@ spec: labels: app.kubernetes.io/name: karavi-metrics-powerscale app.kubernetes.io/instance: karavi + csm: spec: serviceAccount: karavi-metrics-powerscale-controller containers: diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-otel-collector.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-otel-collector.yaml index eb683173a..e531f4afc 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-otel-collector.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-otel-collector.yaml @@ -112,6 +112,7 @@ spec: labels: app.kubernetes.io/name: otel-collector app.kubernetes.io/instance: karavi-observability + csm: spec: volumes: - name: tls-secret diff --git a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-topology.yaml b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-topology.yaml index 6477e817f..730c4f69f 100644 --- a/operatorconfig/moduleconfig/observability/v1.7.0/karavi-topology.yaml +++ b/operatorconfig/moduleconfig/observability/v1.7.0/karavi-topology.yaml @@ -88,6 +88,7 @@ spec: labels: app.kubernetes.io/name: karavi-topology app.kubernetes.io/instance: karavi-observability + csm: spec: volumes: - name: karavi-topology-secret-volume diff --git a/operatorconfig/moduleconfig/replication/v1.5.0/container.yaml b/operatorconfig/moduleconfig/replication/v1.7.1/container.yaml similarity index 94% rename from operatorconfig/moduleconfig/replication/v1.5.0/container.yaml rename to operatorconfig/moduleconfig/replication/v1.7.1/container.yaml index c1c9a2340..22a3ecfc0 100644 --- a/operatorconfig/moduleconfig/replication/v1.5.0/container.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.1/container.yaml @@ -1,5 +1,5 @@ name: dell-csi-replicator -image: dellemc/dell-csi-replicator:v1.5.0 +image: dellemc/dell-csi-replicator:v1.7.1 imagePullPolicy: IfNotPresent args: - "--csi-address=$(ADDRESS)" diff --git a/operatorconfig/moduleconfig/replication/v1.5.0/controller.yaml b/operatorconfig/moduleconfig/replication/v1.7.1/controller.yaml similarity index 96% rename from operatorconfig/moduleconfig/replication/v1.5.0/controller.yaml rename to operatorconfig/moduleconfig/replication/v1.7.1/controller.yaml index 01cf1fda4..204b2ed6e 100644 --- a/operatorconfig/moduleconfig/replication/v1.5.0/controller.yaml +++ b/operatorconfig/moduleconfig/replication/v1.7.1/controller.yaml @@ -22,10 +22,8 @@ rules: resources: - customresourcedefinitions verbs: - - create - get - list - - update - watch - apiGroups: - apiextensions.k8s.io @@ -34,7 +32,6 @@ rules: verbs: - get - list - - patch - watch - apiGroups: - coordination.k8s.io @@ -260,12 +257,6 @@ spec: control-plane: controller-manager spec: serviceAccountName: dell-replication-controller-sa - initContainers: - - name: init-rg-migration - imagePullPolicy: Always - image: - command: - - /upgrade/migrate_rg.sh containers: - args: - --enable-leader-election diff --git a/operatorconfig/moduleconfig/replication/v1.5.0/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.7.1/replicationcrds.all.yaml similarity index 100% rename from operatorconfig/moduleconfig/replication/v1.5.0/replicationcrds.all.yaml rename to operatorconfig/moduleconfig/replication/v1.7.1/replicationcrds.all.yaml diff --git a/operatorconfig/moduleconfig/replication/v1.5.0/rules.yaml b/operatorconfig/moduleconfig/replication/v1.7.1/rules.yaml similarity index 100% rename from operatorconfig/moduleconfig/replication/v1.5.0/rules.yaml rename to operatorconfig/moduleconfig/replication/v1.7.1/rules.yaml diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-controller.yaml new file mode 100644 index 000000000..7e6087e72 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-controller.yaml @@ -0,0 +1,36 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: dellemc/podmon:v1.8.1 +imagePullPolicy: IfNotPresent +env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: vxflexos-config-params + mountPath: /vxflexos-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-node.yaml new file mode 100644 index 000000000..446399c32 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerflex-node.yaml @@ -0,0 +1,58 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: dellemc/podmon:v1.8.1 +imagePullPolicy: IfNotPresent +securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true +env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_PRIVATE_MOUNT_DIR + value: /var/lib/kubelet + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: kubelet-pods + mountPath: /pods + mountPropagation: "Bidirectional" + - name: driver-path + mountPath: /plugins/vxflexos.emc.dell.com + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: usr-bin + mountPath: /usr-bin + - name: var-run + mountPath: /var/run + - name: vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-controller.yaml new file mode 100644 index 000000000..0b82f0e3c --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-controller.yaml @@ -0,0 +1,36 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: dellemc/podmon:v1.8.1 +imagePullPolicy: IfNotPresent +env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-node.yaml new file mode 100644 index 000000000..64ab93892 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerscale-node.yaml @@ -0,0 +1,61 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: dellemc/podmon:v1.8.1 +imagePullPolicy: IfNotPresent +securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true +env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_PRIVATE_MOUNT_DIR + value: /var/lib/kubelet + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: kubelet-pods + mountPath: /pods + mountPropagation: "Bidirectional" + - name: driver-path + mountPath: /plugins/csi-isilon + mountPropagation: "Bidirectional" + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: usr-bin + mountPath: /usr-bin + - name: var-run + mountPath: /var/run + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-controller.yaml new file mode 100644 index 000000000..1b30812ca --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-controller.yaml @@ -0,0 +1,36 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: dellemc/podmon:v1.8.1 +imagePullPolicy: IfNotPresent +env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: powerstore-config-params + mountPath: /powerstore-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-node.yaml new file mode 100644 index 000000000..4c1d8f3f5 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/container-powerstore-node.yaml @@ -0,0 +1,61 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true +image: dellemc/podmon:v1.8.1 +imagePullPolicy: IfNotPresent +env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_PRIVATE_MOUNT_DIR + value: /var/lib/kubelet + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: kubelet-pods + mountPath: /pods + mountPropagation: "Bidirectional" + - name: driver-path + mountPath: /plugins/csi-powerstore.dellemc.com + mountPropagation: "Bidirectional" + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: usr-bin + mountPath: /usr-bin + - name: var-run + mountPath: /var/run + - name: powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/controller-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/controller-roles.yaml new file mode 100644 index 000000000..10abf39ec --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/controller-roles.yaml @@ -0,0 +1,24 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch"] +- apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "update", "delete"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.8.1/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.8.1/node-roles.yaml new file mode 100644 index 000000000..a5b98adef --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.8.1/node-roles.yaml @@ -0,0 +1,21 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "update", "delete"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file diff --git a/pkg/modules/application_mobility.go b/pkg/modules/application_mobility.go index 91d91ff52..9248a48e9 100644 --- a/pkg/modules/application_mobility.go +++ b/pkg/modules/application_mobility.go @@ -105,6 +105,8 @@ const ( AppMobCertManagerComponent = "cert-manager" // AppMobVeleroComponent - velero component AppMobVeleroComponent = "velero" + // CSMName - name + CSMName = "" ) // getAppMobilityModule - get instance of app mobility module @@ -250,6 +252,7 @@ func getAppMobilityModuleDeployment(op utils.OperatorConfig, cr csmv1.ContainerS } } + yamlString = strings.ReplaceAll(yamlString, CSMName, cr.Name) yamlString = strings.ReplaceAll(yamlString, AppMobNamespace, cr.Namespace) yamlString = strings.ReplaceAll(yamlString, ControllerImg, controllerImage) yamlString = strings.ReplaceAll(yamlString, ControllerImagePullPolicy, controllerImagePullPolicy) @@ -652,6 +655,7 @@ func getVelero(op utils.OperatorConfig, cr csmv1.ContainerStorageModule) (string } } + yamlString = strings.ReplaceAll(yamlString, CSMName, cr.Name) yamlString = strings.ReplaceAll(yamlString, AppMobNamespace, cr.Namespace) yamlString = strings.ReplaceAll(yamlString, VeleroImage, veleroImg) yamlString = strings.ReplaceAll(yamlString, VeleroImagePullPolicy, veleroImgPullPolicy) diff --git a/pkg/modules/authorization_test.go b/pkg/modules/authorization_test.go index 9fa9a5871..1bd6e92da 100644 --- a/pkg/modules/authorization_test.go +++ b/pkg/modules/authorization_test.go @@ -691,7 +691,7 @@ func TestAuthorizationIngress(t *testing.T) { return true, true, tmpCR, sourceClient, operatorConfig }, - "success - creating v1.9.0": func(*testing.T) (bool, bool, csmv1.ContainerStorageModule, ctrlClient.Client, utils.OperatorConfig) { + "success - creating v1.9.1": func(*testing.T) (bool, bool, csmv1.ContainerStorageModule, ctrlClient.Client, utils.OperatorConfig) { customResource, err := getCustomResource("./testdata/cr_auth_proxy.yaml") if err != nil { panic(err) diff --git a/pkg/modules/commonconfig.go b/pkg/modules/commonconfig.go index 059e8b3bf..7deb10719 100644 --- a/pkg/modules/commonconfig.go +++ b/pkg/modules/commonconfig.go @@ -90,6 +90,7 @@ func getCertManager(op utils.OperatorConfig, cr csmv1.ContainerStorageModule) (s YamlString = string(buf) certNamespace := cr.Namespace YamlString = strings.ReplaceAll(YamlString, CommonNamespace, certNamespace) + YamlString = strings.ReplaceAll(YamlString, CSMName, cr.Name) return YamlString, nil } diff --git a/pkg/modules/observability.go b/pkg/modules/observability.go index f7cc32c48..d85f0ea74 100644 --- a/pkg/modules/observability.go +++ b/pkg/modules/observability.go @@ -291,6 +291,7 @@ func getTopology(op utils.OperatorConfig, cr csmv1.ContainerStorageModule) (stri } } + YamlString = strings.ReplaceAll(YamlString, CSMName, cr.Name) YamlString = strings.ReplaceAll(YamlString, TopologyLogLevel, logLevel) YamlString = strings.ReplaceAll(YamlString, TopologyImage, topologyImage) return YamlString, nil @@ -354,6 +355,7 @@ func getOtelCollector(op utils.OperatorConfig, cr csmv1.ContainerStorageModule) } } + YamlString = strings.ReplaceAll(YamlString, CSMName, cr.Name) YamlString = strings.ReplaceAll(YamlString, OtelCollectorImage, otelCollectorImage) YamlString = strings.ReplaceAll(YamlString, NginxProxyImage, nginxProxyImage) return YamlString, nil @@ -499,6 +501,7 @@ func getPowerScaleMetricsObjects(op utils.OperatorConfig, cr csmv1.ContainerStor } } + YamlString = strings.ReplaceAll(YamlString, CSMName, cr.Name) YamlString = strings.ReplaceAll(YamlString, PowerScaleImage, pscaleImage) YamlString = strings.ReplaceAll(YamlString, PowerscaleLogLevel, logLevel) YamlString = strings.ReplaceAll(YamlString, PowerScaleMaxConcurrentQueries, maxConcurrentQueries) @@ -699,6 +702,7 @@ func getPowerFlexMetricsObject(op utils.OperatorConfig, cr csmv1.ContainerStorag } } + YamlString = strings.ReplaceAll(YamlString, CSMName, cr.Name) YamlString = strings.ReplaceAll(YamlString, PowerflexImage, pflexImage) YamlString = strings.ReplaceAll(YamlString, PowerflexLogLevel, logLevel) YamlString = strings.ReplaceAll(YamlString, PowerflexMaxConcurrentQueries, maxConcurrentQueries) @@ -919,6 +923,7 @@ func getPowerMaxMetricsObject(op utils.OperatorConfig, cr csmv1.ContainerStorage } } + YamlString = strings.ReplaceAll(YamlString, CSMName, cr.Name) YamlString = strings.ReplaceAll(YamlString, PmaxObsImage, pmaxImage) YamlString = strings.ReplaceAll(YamlString, PmaxLogLevel, logLevel) YamlString = strings.ReplaceAll(YamlString, PmaxLogFormat, logFormat) diff --git a/pkg/modules/testdata/cr_auth_proxy.yaml b/pkg/modules/testdata/cr_auth_proxy.yaml index 9cb30a7f3..14d685f62 100644 --- a/pkg/modules/testdata/cr_auth_proxy.yaml +++ b/pkg/modules/testdata/cr_auth_proxy.yaml @@ -9,16 +9,16 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.9.0 + configVersion: v1.9.1 forceRemoveModule: true components: - name: karavi-authorization-proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.9.0 - tenantService: dellemc/csm-authorization-tenant:v1.9.0 - roleService: dellemc/csm-authorization-role:v1.9.0 - storageService: dellemc/csm-authorization-storage:v1.9.0 + proxyService: dellemc/csm-authorization-proxy:v1.9.1 + tenantService: dellemc/csm-authorization-tenant:v1.9.q + roleService: dellemc/csm-authorization-role:v1.9.q + storageService: dellemc/csm-authorization-storage:v1.9.1 redis: redis:6.0.8-alpine commander: rediscommander/redis-commander:latest opa: openpolicyagent/opa diff --git a/pkg/utils/status.go b/pkg/utils/status.go index 3382f425f..0a1560a16 100644 --- a/pkg/utils/status.go +++ b/pkg/utils/status.go @@ -38,6 +38,11 @@ import ( var dMutex sync.RWMutex +var checkModuleStatus = map[csmv1.ModuleType]func(context.Context, *csmv1.ContainerStorageModule, ReconcileCSM, *csmv1.ContainerStorageModuleStatus) (bool, error){ + csmv1.Observability: observabilityStatusCheck, + csmv1.ApplicationMobility: appMobStatusCheck, +} + func getInt32(pointer *int32) int32 { if pointer == nil { return 0 @@ -243,11 +248,6 @@ func getDaemonSetStatus(ctx context.Context, instance *csmv1.ContainerStorageMod nodeName := instance.GetNodeName() - // Application-mobility has a different node name than the drivers - if instance.GetName() == "application-mobility" { - log.Infof("Changing nodeName for application-mobility") - nodeName = "application-mobility-node-agent" - } log.Infof("nodeName is %s", nodeName) err := cluster.ClusterCTRLClient.Get(ctx, t1.NamespacedName{Name: nodeName, Namespace: instance.GetNamespace()}, ds) @@ -262,17 +262,6 @@ func getDaemonSetStatus(ctx context.Context, instance *csmv1.ContainerStorageMod client.MatchingLabels{"app": label}, } - //if instance is AM, need to search for different named daemonset - if instance.GetName() == "application-mobility" { - log.Infof("Changing labels for application-mobility") - label = "application-mobility-node-agent" - opts = []client.ListOption{ - client.InNamespace(instance.GetNamespace()), - client.MatchingLabels{"name": label}, - } - - } - log.Infof("Label is %s", label) err = cluster.ClusterCTRLClient.List(ctx, podList, opts...) if err != nil { @@ -327,6 +316,11 @@ func getDaemonSetStatus(ctx context.Context, instance *csmv1.ContainerStorageMod func calculateState(ctx context.Context, instance *csmv1.ContainerStorageModule, r ReconcileCSM, newStatus *csmv1.ContainerStorageModuleStatus) (bool, error) { log := logger.GetLogger(ctx) running := false + //appEnabled := false + //var appRunning bool + //obsEnabled := false + //var obsRunning bool + //modrunning := false var err error = nil // TODO: Currently commented this block of code as the API used to get the latest deployment status is not working as expected // TODO: Can be uncommented once this issues gets sorted out @@ -347,44 +341,38 @@ func calculateState(ctx context.Context, instance *csmv1.ContainerStorageModule, log.Infof("daemonset expected [%d]", expected) log.Infof("daemonset nodeStatus.Available [%s]", nodeStatus.Available) - if instance.GetName() == "application-mobility" { - modrunning, err := statusForAppMob(ctx, instance, r, newStatus) - if err != nil { - log.Infof("statusForAppMob err msg [%s]", err.Error()) - } - if (controllerReplicas == controllerStatus.Available) && (fmt.Sprintf("%d", expected) == nodeStatus.Available) && modrunning { - running = true - newStatus.State = constants.Succeeded - } - log.Infof("calculate overall state [%s]", newStatus.State) - } else { - if (controllerReplicas == controllerStatus.Available) && (fmt.Sprintf("%d", expected) == nodeStatus.Available) { - running = true - newStatus.State = constants.Succeeded - } - log.Infof("calculate overall state [%s]", newStatus.State) + for _, module := range instance.Spec.Modules { + moduleStatus, exists := checkModuleStatus[module.Name] + if exists && module.Enabled { + moduleRunning, err := moduleStatus(ctx, instance, r, newStatus) + if err != nil { + log.Infof("status for Application-Mobility err msg [%s]", err.Error()) + } - } - //var err error = nil - // TODO: Uncomment this when the controller runtime API gets fixed - /* - if controllerErr != nil { - err = controllerErr - } - if daemonSetErr != nil { - err = daemonSetErr + if moduleRunning { + if (controllerReplicas == controllerStatus.Available) && (fmt.Sprintf("%d", expected) == nodeStatus.Available) { + running = true + newStatus.State = constants.Succeeded + } else { + newStatus.State = constants.Failed + } + + } else { + running = false + newStatus.State = constants.Failed + log.Infof("%s module not running", module) + break + + } } - if daemonSetErr != nil && controllerErr != nil { - err = fmt.Errorf("ControllerError: %s, Daemonseterror: %s", controllerErr.Error(), daemonSetErr.Error()) - log.Infof("calculate overall error msg [%s]", err.Error()) - } */ + } + log.Infof("calculate overall state [%s]", newStatus.State) if daemonSetErr != nil { err = daemonSetErr log.Infof("calculate Daemonseterror msg [%s]", daemonSetErr.Error()) } - //} SetStatus(ctx, r, instance, newStatus) return running, err } @@ -416,17 +404,11 @@ func calculateAccState(ctx context.Context, instance *csmv1.ApexConnectivityClie func SetStatus(ctx context.Context, r ReconcileCSM, instance *csmv1.ContainerStorageModule, newStatus *csmv1.ContainerStorageModuleStatus) { log := logger.GetLogger(ctx) - if instance.GetName() == "application-mobility" { - instance.GetCSMStatus().State = newStatus.State - log.Infow("Module State", "Controller", newStatus.ControllerStatus) - instance.GetCSMStatus().ControllerStatus = newStatus.ControllerStatus - } else { - instance.GetCSMStatus().State = newStatus.State - log.Infow("Driver State", "Controller", - newStatus.ControllerStatus, "Node", newStatus.NodeStatus) - instance.GetCSMStatus().ControllerStatus = newStatus.ControllerStatus - instance.GetCSMStatus().NodeStatus = newStatus.NodeStatus - } + instance.GetCSMStatus().State = newStatus.State + log.Infow("Driver State", "Controller", + newStatus.ControllerStatus, "Node", newStatus.NodeStatus) + instance.GetCSMStatus().ControllerStatus = newStatus.ControllerStatus + instance.GetCSMStatus().NodeStatus = newStatus.NodeStatus } // SetAccStatus of csm @@ -654,77 +636,238 @@ func WaitForNginxController(ctx context.Context, instance csmv1.ContainerStorage return wait.PollImmediate(time.Second, timeout, GetNginxControllerStatus(ctx, instance, r)) } -// checkForServices - Calculate success state for services deployed with app-mob -func checkForServices(ctx context.Context, instance *csmv1.ContainerStorageModule, r ReconcileCSM, newStatus *csmv1.ContainerStorageModuleStatus, isDaemonset bool) (bool, error) { +// statusForAppMob - calculate success state for application-mobility module +func appMobStatusCheck(ctx context.Context, instance *csmv1.ContainerStorageModule, r ReconcileCSM, newStatus *csmv1.ContainerStorageModuleStatus) (bool, error) { log := logger.GetLogger(ctx) - running := false - var err error = nil - if isDaemonset { - expected, nodeStatus, daemonSetErr := getDaemonSetStatus(ctx, instance, r) - newStatus.NodeStatus = nodeStatus - newStatus.State = constants.Failed - log.Infof("daemonset expected [%d]", expected) - log.Infof("daemonset nodeStatus.Available [%s]", nodeStatus.Available) - if fmt.Sprintf("%d", expected) == nodeStatus.Available { - running = true - newStatus.State = constants.Succeeded + veleroEnabled := false + certEnabled := false + var certManagerRunning bool + var certManagerCainInjectorRunning bool + var certManagerWebhookRunning bool + appMobRunning := false + veleroRunning := false + var daemonRunning bool + readyPods := 0 + expected := 2 + for _, m := range instance.Spec.Modules { + if m.Name == csmv1.ApplicationMobility { + for _, c := range m.Components { + if c.Name == "velero" { + if *c.Enabled { + veleroEnabled = true + } + } + if c.Name == "cert-manager" { + if *c.Enabled { + certEnabled = true + } + } + + } + } - if daemonSetErr != nil { - err = daemonSetErr - log.Infof("calculate Daemonseterror msg [%s]", daemonSetErr.Error()) + + } + + namespace := instance.GetNamespace() + opts := []client.ListOption{ + client.InNamespace(namespace), + //client.MatchingLabels{labelKey: label}, + } + + deploymentList := &appsv1.DeploymentList{} + err := r.GetClient().List(ctx, deploymentList, opts...) + if err != nil { + return false, err + } + + checkFn := func(deployment *appsv1.Deployment) bool { + return deployment.Status.ReadyReplicas == *deployment.Spec.Replicas + } + + for _, deployment := range deploymentList.Items { + deployment := deployment + switch deployment.Name { + case "cert-manager": + if certEnabled { + certManagerRunning = checkFn(&deployment) + } + case "cert-manager-cainjector": + if certEnabled { + certManagerCainInjectorRunning = checkFn(&deployment) + } + case "cert-manager-webhook": + if certEnabled { + certManagerWebhookRunning = checkFn(&deployment) + } + case "application-mobility-controller-manager": + appMobRunning = checkFn(&deployment) + case "application-mobility-velero": + if veleroEnabled { + veleroRunning = checkFn(&deployment) + } } - } else { - controllerReplicas := newStatus.ControllerStatus.Desired - controllerStatus := newStatus.ControllerStatus - newStatus.State = constants.Failed - log.Infof("AM deployment controllerReplicas [%s]", controllerReplicas) - log.Infof("AM deployment controllerStatus.Available [%s]", controllerStatus.Available) - if controllerReplicas == controllerStatus.Available { - running = true - newStatus.State = constants.Succeeded + } + + label := "application-mobility-node-agent" + opts = []client.ListOption{ + client.InNamespace(instance.GetNamespace()), + client.MatchingLabels{"name": label}, + } + + podList := &corev1.PodList{} + err = r.GetClient().List(ctx, podList, opts...) + if err != nil { + return false, err + } + + log.Info("podList: %+v\n", podList) + + for _, pod := range podList.Items { + if pod.Status.Phase == corev1.PodRunning { + readyPods++ } } - log.Infof("calculate overall state [%s] of module", newStatus.State) - return running, err + if readyPods == expected { + daemonRunning = true + } + + if certEnabled && veleroEnabled { + return appMobRunning && certManagerRunning && certManagerCainInjectorRunning && certManagerWebhookRunning && veleroRunning && daemonRunning, nil + } + + if !certEnabled && !veleroEnabled { + return appMobRunning && daemonRunning, nil + } + + if !certEnabled && veleroEnabled { + return appMobRunning && daemonRunning && veleroRunning, nil + } + + if certEnabled && !veleroEnabled { + return appMobRunning && certManagerCainInjectorRunning && certManagerRunning && certManagerWebhookRunning && daemonRunning, nil + } + + return false, nil } -// statusForAppMob - calculate success state for application-mobility module -func statusForAppMob(ctx context.Context, instance *csmv1.ContainerStorageModule, r ReconcileCSM, newStatus *csmv1.ContainerStorageModuleStatus) (bool, error) { +// observabilityStatusCheck - calculate success state for observability module +func observabilityStatusCheck(ctx context.Context, instance *csmv1.ContainerStorageModule, r ReconcileCSM, newStatus *csmv1.ContainerStorageModuleStatus) (bool, error) { + //log := logger.GetLogger(ctx) + // Observability launches three pods in the karavi namespace + //expectedObservabilityPods := 3 + //readyPods := 0 + topologyEnabled := false + otelEnabled := false + certEnabled := false + metricsEnabled := false + certManagerRunning := false + certManagerCainInjectorRunning := false + certManagerWebhookRunning := false + otelRunning := false + metricsRunning := false + topologyRunning := false - running := false - var appRunning bool - var velRunning bool - var certRunning bool - var restRunning bool - var err error = nil for _, m := range instance.Spec.Modules { - if m.Name == csmv1.ApplicationMobility { - appRunning, err = checkForServices(ctx, instance, r, newStatus, false) + if m.Name == csmv1.Observability { for _, c := range m.Components { - if c.Name == "velero" { + if c.Name == "topology" { if *c.Enabled { - velRunning, err = checkForServices(ctx, instance, r, newStatus, false) - if c.DeployNodeAgent { - restRunning, err = checkForServices(ctx, instance, r, newStatus, true) - } + topologyEnabled = true } - } else if c.Name == "cert-manager" { + } + if c.Name == "otel-collector" { if *c.Enabled { - certRunning, err = checkForServices(ctx, instance, r, newStatus, false) + otelEnabled = true + } + } + if c.Name == "cert-manager" { + if *c.Enabled { + certEnabled = true + } + } + if c.Name == fmt.Sprintf("metrics-%s", instance.Spec.Driver.CSIDriverType) { + if *c.Enabled { + metricsEnabled = true } - } } } + } + namespace := "karavi" + opts := []client.ListOption{ + client.InNamespace(namespace), + } + deploymentList := &appsv1.DeploymentList{} + err := r.GetClient().List(ctx, deploymentList, opts...) + if err != nil { + return false, err } - running = appRunning && velRunning && certRunning && restRunning + checkFn := func(deployment *appsv1.Deployment) bool { + return deployment.Status.ReadyReplicas == *deployment.Spec.Replicas + } - return running, err + for _, deployment := range deploymentList.Items { + deployment := deployment + switch deployment.Name { + case "otel-collector": + if otelEnabled { + otelRunning = checkFn(&deployment) + } + case fmt.Sprintf("%s-metrics-%s", namespace, instance.Spec.Driver.CSIDriverType): + if metricsEnabled { + metricsRunning = checkFn(&deployment) + } + case fmt.Sprintf("%s-topology", namespace): + if topologyEnabled { + topologyRunning = checkFn(&deployment) + } + } + } + + namespaceCert := instance.GetNamespace() + opts = []client.ListOption{ + client.InNamespace(namespaceCert), + //client.MatchingLabels{labelKey: label}, + } + + deploymentCertList := &appsv1.DeploymentList{} + err = r.GetClient().List(ctx, deploymentCertList, opts...) + if err != nil { + return false, err + } + + for _, deployment := range deploymentCertList.Items { + deployment := deployment + switch deployment.Name { + case "cert-manager": + if certEnabled { + certManagerRunning = checkFn(&deployment) + } + case "cert-manager-cainjector": + if certEnabled { + certManagerCainInjectorRunning = checkFn(&deployment) + } + case "cert-manager-webhook": + if certEnabled { + certManagerWebhookRunning = checkFn(&deployment) + } + } + } + + if certEnabled && otelEnabled && metricsEnabled && topologyEnabled { + return certManagerRunning && certManagerCainInjectorRunning && certManagerWebhookRunning && otelRunning && metricsRunning && topologyRunning, nil + } + + if !certEnabled && otelEnabled && metricsEnabled && topologyEnabled { + return otelRunning && metricsRunning && topologyRunning, nil + } + return false, nil } diff --git a/samples/authorization/certificate_v191.yaml b/samples/authorization/certificate_v191.yaml new file mode 100644 index 000000000..0483b828a --- /dev/null +++ b/samples/authorization/certificate_v191.yaml @@ -0,0 +1,35 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned + namespace: authorization +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: karavi-auth + namespace: authorization +spec: + secretName: karavi-auth-tls + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - dellemc + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - server auth + - client auth + dnsNames: + - csm-authorization.com + - authorization-ingress-nginx-controller.authorization.svc.cluster.local + issuerRef: + name: selfsigned + kind: Issuer + group: cert-manager.io diff --git a/samples/authorization/csm_authorization_proxy_server_v191.yaml b/samples/authorization/csm_authorization_proxy_server_v191.yaml new file mode 100644 index 000000000..a3c35abcc --- /dev/null +++ b/samples/authorization/csm_authorization_proxy_server_v191.yaml @@ -0,0 +1,73 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: authorization + namespace: authorization +spec: + modules: + # Authorization: enable csm-authorization proxy server for RBAC + - name: authorization-proxy-server + # enable: Enable/Disable csm-authorization + enabled: true + configVersion: v1.9.1 + forceRemoveModule: true + components: + - name: karavi-authorization-proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: dellemc/csm-authorization-proxy:v1.9.1 + tenantService: dellemc/csm-authorization-tenant:v1.9.1 + roleService: dellemc/csm-authorization-role:v1.9.1 + storageService: dellemc/csm-authorization-storage:v1.9.1 + redis: redis:6.0.8-alpine + commander: rediscommander/redis-commander:latest + opa: openpolicyagent/opa + opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 + envs: + # base hostname for the ingress rules that expose the services + # the proxy-server ingress will use this hostname + # Allowed values: string + # Default value: csm-authorization.com + - name: "PROXY_HOST" + value: "csm-authorization.com" + + # Proxy-service ingress configuration + # Default value: nginx + - name: "PROXY_INGRESS_CLASSNAME" + value: "nginx" + # An additional host rule for the proxy-server ingress + # Default value: authorization-ingress-nginx-controller.namespace.svc.cluster.local + - name: "PROXY_INGRESS_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + + # Specify storage class for redis. Otherwise, default storage class is used. + # Default value: None + - name: "REDIS_STORAGE_CLASS" + value: "" + + # enabled: Enable/Disable nginx ingress + # Allowed values: + # true: enable deployment of nginx ingress controller + # false: disable deployment of nginx ingress only if you have your own ingress controller + # Default value: true + - name: ingress-nginx + enabled: true + + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: csm-config-params + namespace: authorization +data: + csm-config-params.yaml: | + CONCURRENT_POWERFLEX_REQUESTS: 10 + LOG_LEVEL: debug diff --git a/samples/connectivity_client_v100.yaml b/samples/connectivity_client_v100.yaml index a694c275d..653ff7de9 100644 --- a/samples/connectivity_client_v100.yaml +++ b/samples/connectivity_client_v100.yaml @@ -11,18 +11,18 @@ spec: forceRemoveClient: true common: name: connectivity-client-docker-k8s - image: dellemc/connectivity-client-docker-k8s + image: dellemc/connectivity-client-docker-k8s:1.2.3 imagePullPolicy: IfNotPresent initContainers: - name: connectivity-client-init - image: dellemc/connectivity-client-docker-k8s + image: dellemc/connectivity-client-docker-k8s:1.2.3 imagePullPolicy: IfNotPresent sideCars: - name: kubernetes-proxy - image: bitnami/kubectl:latest + image: bitnami/kubectl:1.28 imagePullPolicy: IfNotPresent - name: cert-persister - image: dellemc/connectivity-cert-persister-k8s + image: dellemc/connectivity-cert-persister-k8s:0.7.0 imagePullPolicy: IfNotPresent --- apiVersion: v1 diff --git a/samples/storage_csm_powerflex_v291.yaml b/samples/storage_csm_powerflex_v291.yaml new file mode 100644 index 000000000..4172da468 --- /dev/null +++ b/samples/storage_csm_powerflex_v291.yaml @@ -0,0 +1,399 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: vxflexos + namespace: vxflexos +spec: + driver: + csiDriverType: "powerflex" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "File" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.9.1 + replicas: 1 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + image: "dellemc/csi-vxflexos:v2.9.1" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: "false" + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: "false" + - name: X_CSI_DEBUG + value: "true" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + - name: "CERT_SECRET_COUNT" + value: "0" + - name: X_CSI_QUOTA_ENABLED + value: "false" + + sideCars: + # 'k8s' represents a string prepended to each volume created by the CSI driver + - name: provisioner + args: ["--volume-name-prefix=k8s"] + + # sdc-monitor is disabled by default, due to high CPU usage + - name: sdc-monitor + enabled: false + image: dellemc/sdc:4.5 + envs: + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #do not add mdm value here if it is present in secret + + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + - name: csi-external-health-monitor-controller + enabled: false + args: ["--monitor-interval=60s"] + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_POWERFLEX_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. + # Allowed Values: x.x.x.x/xx or x.x.x.x + # Default Value: None + - name: X_CSI_POWERFLEX_EXTERNAL_ACCESS + value: + + #"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + + # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval + # Allowed values: + # true: enable SDC approval + # false: disable SDC approval + # Default value: false + - name: X_CSI_APPROVE_SDC_ENABLED + value: "false" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_RENAME_SDC_ENABLED: Enable/Disable rename of SDC + # Allowed values: + # true: enable renaming + # false: disable renaming + # Default value: false + - name: X_CSI_RENAME_SDC_ENABLED + value: "false" + + # X_CSI_RENAME_SDC_PREFIX: defines a string for prefix of the SDC name. + # "prefix" + "worker_node_hostname" should not exceed 31 chars. + # Default value: none + # Examples: "rhel-sdc", "sdc-test" + - name: X_CSI_RENAME_SDC_PREFIX + value: "" + + # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerFlex volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # If value is zero Container Orchestrator shall decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'maxVxflexosVolumesPerNode' is not set. + # Default value: "0" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + + + # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "node.tolerations" defines tolerations that would be applied to node daemonset + # Leave as blank to install node driver only on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + initContainers: + - image: dellemc/sdc:4.5 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + configVersion: v1.9.1 + components: + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.9.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: false + configVersion: v1.7.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: false + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:v1.7.0 + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: false + + - name: metrics-powerflex + # enabled: Enable/Disable PowerFlex metrics + enabled: false + # image: Defines PowerFlex metrics image. This shouldn't be changed + image: dellemc/csm-metrics-powerflex:v1.7.0 + envs: + # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERFLEX_SDC_METRICS_ENABLED: enable/disable collection of sdc metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_SDC_METRICS_ENABLED" + value: "true" + # POWERFLEX_VOLUME_METRICS_ENABLED: enable/disable collection of volume metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_VOLUME_METRICS_ENABLED" + value: "true" + # POWERFLEX_STORAGE_POOL_METRICS_ENABLED: enable/disable collection of storage pool metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_STORAGE_POOL_METRICS_ENABLED" + value: "true" + # POWERFLEX_SDC_IO_POLL_FREQUENCY: set polling frequency to get sdc metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_SDC_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_VOLUME_IO_POLL_FREQUENCY: set polling frequency to get volume metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_VOLUME_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_STORAGE_POOL_POLL_FREQUENCY" + value: "10" + # PowerFlex metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERFLEX_LOG_LEVEL" + value: "INFO" + # PowerFlex Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERFLEX_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + + # Replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.7.1 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.7.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerflex" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.7.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.8.1 + components: + - name: podmon-controller + image: dellemc/podmon:v1.8.1 + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-vxflexos" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityPollRate=5" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 3 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + - name: podmon-node + image: dellemc/podmon:v1.8.1 + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-vxflexos" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityPollRate=5" + # Below 3 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/samples/storage_csm_powermax_v291.yaml b/samples/storage_csm_powermax_v291.yaml new file mode 100644 index 000000000..d7a73f50d --- /dev/null +++ b/samples/storage_csm_powermax_v291.yaml @@ -0,0 +1,417 @@ +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: powermax + namespace: powermax +spec: + # Add fields here + driver: + csiDriverType: "powermax" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + # Config version for CSI PowerMax v2.9.1 driver + configVersion: v2.9.1 + # replica: Define the number of PowerMax controller nodes + # to deploy to the Kubernetes release + # Allowed values: n, where n > 0 + # Default value: None + replicas: 2 + # Default credential secret for Powermax, if not set it to "" + authSecret: powermax-creds + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + # Image for CSI PowerMax driver v2.9.1 + image: dellemc/csi-powermax:v2.9.1 + # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. + # Allowed values: + # Always: Always pull the image. + # IfNotPresent: Only pull the image if it does not already exist on the node. + # Never: Never pull the image. + # Default value: None + imagePullPolicy: IfNotPresent + envs: + # X_CSI_MANAGED_ARRAYS: Serial ID of the arrays that will be used for provisioning + # Default value: None + # Examples: "000000000001", "000000000002" + - name: X_CSI_MANAGED_ARRAYS + value: "000000000000,000000000001" + # X_CSI_POWERMAX_ENDPOINT: Address of the Unisphere server that is managing the PowerMax arrays + # In case of multi-array, provide an endpoint of locally attached array + # Default value: None + # Example: https://0.0.0.1:8443 + - name: X_CSI_POWERMAX_ENDPOINT + value: "https://0.0.0.0:8443/" + # X_CSI_K8S_CLUSTER_PREFIX: Define a prefix that is appended onto + # all resources created in the Array + # This should be unique per K8s/CSI deployment + # maximum length of this value is 3 characters + # Default value: None + # Examples: "XYZ", "EMC" + - name: X_CSI_K8S_CLUSTER_PREFIX + value: "XYZ" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + # X_CSI_POWERMAX_PORTGROUPS: Define the set of existing port groups that the driver will use. + # It is a comma separated list of portgroup names. + # Required only in case of iSCSI port groups + # Allowed values: iSCSI Port Group names + # Default value: None + # Examples: "pg1", "pg1, pg2" + - name: X_CSI_POWERMAX_PORTGROUPS + value: "" + # "X_CSI_TRANSPORT_PROTOCOL" can be "FC" or "FIBRE" for fibrechannel, + # "ISCSI" for iSCSI, or "" for autoselection. + # Allowed values: + # "FC" - Fiber Channel protocol + # "FIBER" - Fiber Channel protocol + # "ISCSI" - iSCSI protocol + # "" - Automatic selection of transport protocol + # Default value: "" + - name: X_CSI_TRANSPORT_PROTOCOL + value: "" + # X_CSI_POWERMAX_PROXY_SERVICE_NAME: Refers to the name of the proxy service in kubernetes + # Allowed values: "csipowermax-reverseproxy" + # default values: "csipowermax-reverseproxy" + - name: X_CSI_POWERMAX_PROXY_SERVICE_NAME + value: "csipowermax-reverseproxy" + # VMware/vSphere virtualization support + # set X_CSI_VSPHERE_ENABLED to true, if you to enable VMware virtualized environment support via RDM + # Allowed values: + # "true" - vSphere volumes are enabled + # "false" - vSphere volumes are disabled + # Default value: "false" + - name: "X_CSI_VSPHERE_ENABLED" + value: "false" + # X_CSI_VSPHERE_PORTGROUP: An existing portGroup that driver will use for vSphere + # recommended format: csi-x-VC-PG, x can be anything of user choice + # Allowed value: valid existing port group on the array + # Default value: "" + - name: "X_CSI_VSPHERE_PORTGROUP" + value: "" + # X_CSI_VSPHERE_HOSTNAME: An existing host(initiator group)/ host group(cascaded initiator group) that driver will use for vSphere + # this host should contain initiators from all the ESXs/ESXi host where the cluster is deployed + # recommended format: csi-x-VC-HN, x can be anything of user choice + # Allowed value: valid existing host/host group on the array + # Default value: "" + - name: "X_CSI_VSPHERE_HOSTNAME" + value: "" + # X_CSI_VCENTER_HOST: URL/endpoint of the vCenter where all the ESX are present + # Allowed value: valid vCenter host endpoint + # Default value: "" + - name: "X_CSI_VCENTER_HOST" + value: "" + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin- volume usage, volume condition + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # nodeSelector: Define node selection constraints for controller pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Allowed values: map of key-value pairs + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_POWERMAX_ISCSI_ENABLE_CHAP: Determine if the driver is going to configure + # ISCSI node databases on the nodes with the CHAP credentials + # If enabled, the CHAP secret must be provided in the credentials secret + # and set to the key "chapsecret" + # Allowed values: + # "true" - CHAP is enabled + # "false" - CHAP is disabled + # Default value: "false" + - name: X_CSI_POWERMAX_ISCSI_ENABLE_CHAP + value: "false" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin- volume usage, volume condition + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_TOPOLOGY_CONTROL_ENABLED provides a way to filter topology keys on a node based on array and transport protocol + # if enabled, user can create custom topology keys by editing node-topology-config configmap. + # Allowed values: + # true: enable the filtration based on config map + # false: disable the filtration based on config map + # Default value: false + - name: X_CSI_TOPOLOGY_CONTROL_ENABLED + value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerMax volumes that the controller can schedule on the node + # Allowed values: Any value greater than or equal to 0 + # Default value: "0" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations that would be applied to node daemonset + # Add/Remove tolerations as per requirement + # Leave as blank if you wish to not apply any tolerations + # Allowed values: map of key-value pairs + # Default value: None + tolerations: + - key: "node.kubernetes.io/memory-pressure" + operator: "Exists" + effect: "NoExecute" + - key: "node.kubernetes.io/disk-pressure" + operator: "Exists" + effect: "NoExecute" + - key: "node.kubernetes.io/network-unavailable" + operator: "Exists" + effect: "NoExecute" + sideCars: + # 'pmax' represents a string prepended to each volume created by the CSI driver + - name: provisioner + args: ["--volume-name-prefix=pmax"] + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: [ "--monitor-interval=60s" ] + + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure only when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + modules: + # CSI Powermax Reverseproxy is a mandatory module for Powermax + - name: csireverseproxy + # enabled: Always set to true + enabled: true + forceRemoveModule: true + configVersion: v2.8.1 + components: + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy + # Default value: None + # Example: "csipowermax-reverseproxy:v2.8.1" + image: dellemc/csipowermax-reverseproxy:v2.8.1 + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key + # Default value: None + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enabled: Enable/Disable csm-authorization + enabled: false + configVersion: v1.9.1 + components: + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.9.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + + # Replication: allows configuring replication module + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.7.1 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.7.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powermax + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powermax" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.7.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: false + configVersion: v1.7.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: false + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:v1.7.0 + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + enabled: false + + - name: metrics-powermax + # enabled: Enable/Disable PowerMax metrics + enabled: false + # image: Defines PowerMax metrics image. This shouldn't be changed + image: dellemc/csm-metrics-powermax:v1.2.0 + envs: + # POWERMAX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerMax + # Allowed values: int + # Default value: 10 + - name: "POWERMAX_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERMAX_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERMAX_CAPACITY_METRICS_ENABLED" + value: "true" + # POWERMAX_PERFORMANCE_METRICS_ENABLED: enable/disable collection of volume performance metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERMAX_PERFORMANCE_METRICS_ENABLED" + value: "true" + # POWERMAX_CAPACITY_POLL_FREQUENCY: set polling frequency to get capacity metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERMAX_CAPACITY_POLL_FREQUENCY" + value: "10" + # POWERMAX_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get volume performance data + # Allowed values: int + # Default value: 10 + - name: "POWERMAX_PERFORMANCE_POLL_FREQUENCY" + value: "10" + # PowerMax metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERMAX_LOG_LEVEL" + value: "INFO" + # PowerMax Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERMAX_LOG_FORMAT" + value: "TEXT" + # otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + # configMap name which has all array/endpoint related info + - name: "X_CSI_CONFIG_MAP_NAME" + value: "powermax-reverseproxy-config" diff --git a/samples/storage_csm_powerscale_v291.yaml b/samples/storage_csm_powerscale_v291.yaml new file mode 100644 index 000000000..b6db5a9b2 --- /dev/null +++ b/samples/storage_csm_powerscale_v291.yaml @@ -0,0 +1,490 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: isilon + namespace: isilon +spec: + driver: + csiDriverType: "isilon" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + # Config version for CSI PowerScale v2.9.1 driver + configVersion: v2.9.1 + authSecret: isilon-creds + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + # Uninstall CSI Driver and/or modules when CR is deleted + forceRemoveDriver: true + common: + # Image for CSI PowerScale driver v2.9.1 + image: "dellemc/csi-isilon:v2.9.1" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs + # Allowed Values: + # 0: log full content of the HTTP request and response + # 1: log without the HTTP response body + # 2: log only 1st line of the HTTP request and response + # Default value: 0 + - name: X_CSI_VERBOSE + value: "1" + + # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server + # This value acts as a default value for endpointPort, if not specified for a cluster config in secret + # Allowed value: valid port number + # Default value: 8080 + - name: X_CSI_ISI_PORT + value: "8080" + + # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. + # This value acts as a default value for isiPath, if not specified for a cluster config in secret + # Ensure that this path exists on PowerScale cluster. + # Allowed values: unix absolute path + # Default value: /ifs + # Examples: /ifs/data/csi, /ifs/engineering + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + + # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization + # Allowed values: + # true : do not probe all PowerScale clusters during driver initialization + # false: probe all PowerScale clusters during driver initialization + # Default value: false + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + + # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. + # Allowed values: + # true : enable auto probe. + # false: disable auto probe. + # Default value: false + - name: X_CSI_ISI_AUTOPROBE + value: "true" + + # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. + # Formerly this attribute was named as "X_CSI_ISI_INSECURE" + # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret + # Allowed values: + # true: skip OneFS API server's certificate verification + # false: verify OneFS API server's certificates + # Default value: true + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + + # X_CSI_ISI_AUTH_TYPE: Specify the authentication method to be used. + # Allowed values: + # 0: basic authentication + # 1: session-based authentication + # Default value: 0 + - name: X_CSI_ISI_AUTH_TYPE + value: "0" + + # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: + # has to be used for making connection to backend PowerScale Array. + # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. + # Allowed values: + # true : enable custom topology + # false: disable custom topology + # Default value: false + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + + # certSecretCount: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (isilon-cert-0..isilon-cert-n) + # Allowed values: n, where n > 0 + # Default value: None + - name: "CERT_SECRET_COUNT" + value: "1" + + # CSI driver log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "CSI_LOG_LEVEL" + value: "debug" + + controller: + envs: + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of controller deployment. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controller deployment, if required. + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of node daemonset + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the node daemonset, if required. + # Default value: None + tolerations: + # - key: "node.kubernetes.io/memory-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/disk-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/network-unavailable" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + sideCars: + - name: provisioner + args: ["--volume-name-prefix=csipscale"] + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + configVersion: v1.9.1 + components: + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.9.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + + # replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.7.1 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.7.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.7.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: false + configVersion: v1.7.0 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: false + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:v1.7.0 + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + enabled: false + + - name: metrics-powerscale + # enabled: Enable/Disable PowerScale metrics + enabled: false + # image: Defines PowerScale metrics image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-metrics-powerscale:v1.4.0 + envs: + # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale + # Allowed values: int + # Default value: 10 + - name: "POWERSCALE_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERSCALE_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_CAPACITY_METRICS_ENABLED" + value: "true" + # POWERSCALE_PERFORMANCE_METRICS_ENABLED: enable/disable collection of performance metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_PERFORMANCE_METRICS_ENABLED" + value: "true" + # POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data + # Allowed values: int + # Default value: 30 + - name: "POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY" + value: "30" + # POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get cluster performance metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY" + value: "20" + # POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY" + value: "30" + # ISICLIENT_INSECURE: set true/false to skip/verify OneFS API server's certificates + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_INSECURE" + value: "true" + # ISICLIENT_AUTH_TYPE: set 0/1 to enables session-based/basic Authentication + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_AUTH_TYPE" + value: "1" + # ISICLIENT_VERBOSE: set 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs + # Allowed values: 0,1,2 + # Default value: 0 + - name: "ISICLIENT_VERBOSE" + value: "0" + # PowerScale metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERSCALE_LOG_LEVEL" + value: "INFO" + # PowerScale Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERSCALE_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.8.1 + components: + - name: podmon-controller + image: dellemc/podmon:v1.8.1 + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 4 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driverPath=csi-isilon.dellemc.com" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - name: podmon-node + image: dellemc/podmon:v1.8.1 + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + # Below 4 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" + - "--mode=node" + - "--driverPath=csi-isilon.dellemc.com" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" diff --git a/samples/storage_csm_powerstore_v291.yaml b/samples/storage_csm_powerstore_v291.yaml new file mode 100644 index 000000000..41a71731f --- /dev/null +++ b/samples/storage_csm_powerstore_v291.yaml @@ -0,0 +1,208 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: powerstore + namespace: powerstore +spec: + driver: + csiDriverType: "powerstore" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + # Config version for CSI PowerStore v2.9.1 driver + configVersion: v2.9.1 + # authSecret: This is the secret used to validate the default PowerStore secret used for installation + # Allowed values: -config + # For example: If the metadataName is set to powerstore, authSecret value should be set to powerstore-config + authSecret: powerstore-config + # Controller count + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + # Image for CSI PowerStore driver v2.9.1 + image: "dellemc/csi-powerstore:v2.9.1" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX + value: "csi-node" + - name: X_CSI_FC_PORTS_FILTER_FILE_PATH + value: "/etc/fc-ports-filter" + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + - name: CSI_LOG_LEVEL + value: debug + + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + args: ["--volume-name-prefix=csivol"] + + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure only when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory + # This value will be the default value if a storage class and array config in secret + # do not contain the NFS ACL (nfsAcls) parameter specified + # Permissions can be specified in two formats: + # 1) Unix mode (NFSv3) + # 2) NFSv4 ACLs (NFSv4) + # NFSv4 ACLs are supported on NFSv4 share only. + # Allowed values: + # 1) Unix mode: valid octal mode number + # Examples: "0777", "777", "0755" + # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma + # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" + # Optional: true + # Default value: "0777" + # nfsAcls: "0777" + - name: X_CSI_NFS_ACLS + value: "0777" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERSTORE_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. + # Allowed Values: x.x.x.x/xx or x.x.x.x + # Default Value: + - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS + value: + + # nodeSelector: Define node selection constraints for controller pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # Set to "true" to enable ISCSI CHAP Authentication + # CHAP password will be autogenerated by driver + - name: "X_CSI_POWERSTORE_ENABLE_CHAP" + value: "false" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE: Defines the maximum PowerStore volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # Default value: "0" + - name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE + value: "0" + + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + modules: + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.8.1 + components: + - name: podmon-controller + image: dellemc/podmon:v1.8.1 + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-powerstore" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 4 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + - "--driverPath=csi-powerstore.dellemc.com" + - name: podmon-node + image: dellemc/podmon:v1.8.1 + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-powerstore" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + # Below 4 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/csi-powerstore.dellemc.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + - "--driverPath=csi-powerstore.dellemc.com" diff --git a/samples/storage_csm_unity_v291.yaml b/samples/storage_csm_unity_v291.yaml new file mode 100644 index 000000000..0e9634c65 --- /dev/null +++ b/samples/storage_csm_unity_v291.yaml @@ -0,0 +1,145 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: unity + namespace: unity +spec: + driver: + csiDriverType: "unity" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + # Config version for CSI Unity v2.9.1 driver + configVersion: v2.9.1 + # Controller count + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + # Image for CSI Unity driver v2.9.1 + image: "dellemc/csi-unity:v2.9.1" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. + # Allowed values: boolean + # Default value: "false" + # Examples : "true" , "false" + - name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS + value: "false" + - name: X_CSI_EPHEMERAL_STAGING_PATH + value: "/var/lib/kubelet/plugins/kubernetes.io/csi/pv/" + # X_CSI_ISCSI_CHROOT is the path to which the driver will chroot before + # running any iscsi commands. This value should only be set when instructed + # by technical support + - name: X_CSI_ISCSI_CHROOT + value: "/noderoot" + # X_CSI_UNITY_SYNC_NODEINFO_INTERVAL - Time interval to add node info to array. Default 15 minutes. Minimum value should be 1. + # Allowed values: integer + # Default value: 15 + # Examples : 0 , 2 + - name: X_CSI_UNITY_SYNC_NODEINFO_INTERVAL + value: "15" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: None + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + # CSI_LOG_LEVEL is used to set the logging level of the driver. + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "info" + - name: CSI_LOG_LEVEL + value: debug + # TENANT_NAME - Tenant name that need to added while adding host entry to the array. + # Allowed values: string + # Default value: "" + # Examples : "tenant2" , "tenant3" + - name: TENANT_NAME + value: "" + # CERT_SECRET_COUNT: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (unity-cert-0..unity-cert-n) + # This field is only verified if X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION is set to false + # Allowed values: n, where n > 0 + # Default value: None + - name: CERT_SECRET_COUNT + value: "1" + # X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION: Specifies if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. + # If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate + # Allowed values: + # true: skip Unisphere API server's certificate verification + # false: verify Unisphere API server's certificates + # Default value: true + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + args: ["--volume-name-prefix=csivol"] + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" diff --git a/tests/config/driverconfig/powerflex/v2.9.0/bad.yaml b/tests/config/driverconfig/badDriver/v2.9.1/bad.yaml similarity index 100% rename from tests/config/driverconfig/powerflex/v2.9.0/bad.yaml rename to tests/config/driverconfig/badDriver/v2.9.1/bad.yaml diff --git a/tests/config/driverconfig/powermax/v2.9.0/bad.yaml b/tests/config/driverconfig/badDriver/v2.9.1/controller.yaml similarity index 100% rename from tests/config/driverconfig/powermax/v2.9.0/bad.yaml rename to tests/config/driverconfig/badDriver/v2.9.1/controller.yaml diff --git a/tests/config/driverconfig/badDriver/v2.9.1/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.9.1/csidriver.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.9.1/csidriver.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.9.1/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.9.1/driver-config-params.yaml new file mode 100644 index 000000000..55d520672 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.9.1/driver-config-params.yaml @@ -0,0 +1,5 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml + \ No newline at end of file diff --git a/tests/config/driverconfig/badDriver/v2.9.1/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.9.1/upgrade-path.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.9.1/upgrade-path.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.9.1/bad.yaml b/tests/config/driverconfig/powerflex/v2.9.1/bad.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/powerflex/v2.9.1/bad.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.9.0/controller.yaml b/tests/config/driverconfig/powerflex/v2.9.1/controller.yaml similarity index 99% rename from tests/config/driverconfig/powerflex/v2.9.0/controller.yaml rename to tests/config/driverconfig/powerflex/v2.9.1/controller.yaml index 8e61d5c9e..d3c1242d0 100644 --- a/tests/config/driverconfig/powerflex/v2.9.0/controller.yaml +++ b/tests/config/driverconfig/powerflex/v2.9.1/controller.yaml @@ -206,11 +206,10 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-vxflexos:v2.9.0 + image: dellemc/csi-vxflexos:v2.9.1 imagePullPolicy: IfNotPresent command: [ "/csi-vxflexos.sh" ] args: - - "--leader-election" - "--array-config=/vxflexos-config/config" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" env: diff --git a/tests/config/driverconfig/powerflex/v2.9.1/csidriver.yaml b/tests/config/driverconfig/powerflex/v2.9.1/csidriver.yaml new file mode 100644 index 000000000..9fdb2dfa0 --- /dev/null +++ b/tests/config/driverconfig/powerflex/v2.9.1/csidriver.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-vxflexos.dellemc.com +spec: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: + - Persistent + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerflex/v2.9.1/driver-config-params.yaml b/tests/config/driverconfig/powerflex/v2.9.1/driver-config-params.yaml new file mode 100644 index 000000000..060d7ead6 --- /dev/null +++ b/tests/config/driverconfig/powerflex/v2.9.1/driver-config-params.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug + CSI_LOG_FORMAT: TEXT \ No newline at end of file diff --git a/tests/config/driverconfig/powerflex/v2.9.0/node.yaml b/tests/config/driverconfig/powerflex/v2.9.1/node.yaml similarity index 99% rename from tests/config/driverconfig/powerflex/v2.9.0/node.yaml rename to tests/config/driverconfig/powerflex/v2.9.1/node.yaml index d7e3959f4..b1acd48c2 100644 --- a/tests/config/driverconfig/powerflex/v2.9.0/node.yaml +++ b/tests/config/driverconfig/powerflex/v2.9.1/node.yaml @@ -82,7 +82,7 @@ spec: allowPrivilegeEscalation: true capabilities: add: ["SYS_ADMIN"] - image: dellemc/csi-vxflexos:v2.9.0 + image: dellemc/csi-vxflexos:v2.9.1 imagePullPolicy: IfNotPresent command: [ "/csi-vxflexos.sh" ] args: diff --git a/tests/config/driverconfig/powerflex/v2.9.1/upgrade-path.yaml b/tests/config/driverconfig/powerflex/v2.9.1/upgrade-path.yaml new file mode 100644 index 000000000..1a1170a4f --- /dev/null +++ b/tests/config/driverconfig/powerflex/v2.9.1/upgrade-path.yaml @@ -0,0 +1,2 @@ + +minUpgradePath: v2.8.0 diff --git a/tests/config/driverconfig/powermax/v2.9.1/bad.yaml b/tests/config/driverconfig/powermax/v2.9.1/bad.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/powermax/v2.9.1/bad.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powermax/v2.9.0/controller.yaml b/tests/config/driverconfig/powermax/v2.9.1/controller.yaml similarity index 99% rename from tests/config/driverconfig/powermax/v2.9.0/controller.yaml rename to tests/config/driverconfig/powermax/v2.9.1/controller.yaml index 63842a067..d308b608b 100644 --- a/tests/config/driverconfig/powermax/v2.9.0/controller.yaml +++ b/tests/config/driverconfig/powermax/v2.9.1/controller.yaml @@ -230,11 +230,9 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-powermax:v2.9.0 + image: dellemc/csi-powermax:v2.9.1 imagePullPolicy: IfNotPresent command: [ "/csi-powermax.sh" ] - args: - - "--leader-election" env: - name: X_CSI_POWERMAX_DRIVER_NAME value: csi-powermax.dellemc.com diff --git a/tests/config/driverconfig/powermax/v2.9.0/csidriver.yaml b/tests/config/driverconfig/powermax/v2.9.1/csidriver.yaml similarity index 100% rename from tests/config/driverconfig/powermax/v2.9.0/csidriver.yaml rename to tests/config/driverconfig/powermax/v2.9.1/csidriver.yaml diff --git a/tests/config/driverconfig/powermax/v2.9.0/driver-config-params.yaml b/tests/config/driverconfig/powermax/v2.9.1/driver-config-params.yaml similarity index 100% rename from tests/config/driverconfig/powermax/v2.9.0/driver-config-params.yaml rename to tests/config/driverconfig/powermax/v2.9.1/driver-config-params.yaml diff --git a/tests/config/driverconfig/powermax/v2.9.0/node.yaml b/tests/config/driverconfig/powermax/v2.9.1/node.yaml similarity index 99% rename from tests/config/driverconfig/powermax/v2.9.0/node.yaml rename to tests/config/driverconfig/powermax/v2.9.1/node.yaml index 6dc56a5a7..d0291e758 100644 --- a/tests/config/driverconfig/powermax/v2.9.0/node.yaml +++ b/tests/config/driverconfig/powermax/v2.9.1/node.yaml @@ -87,7 +87,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: dellemc/csi-powermax:v2.9.0 + image: dellemc/csi-powermax:v2.9.1 imagePullPolicy: IfNotPresent env: - name: X_CSI_POWERMAX_DRIVER_NAME diff --git a/tests/config/driverconfig/powermax/v2.9.1/upgrade-path.yaml b/tests/config/driverconfig/powermax/v2.9.1/upgrade-path.yaml new file mode 100644 index 000000000..a902cb64c --- /dev/null +++ b/tests/config/driverconfig/powermax/v2.9.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.8.0 diff --git a/tests/config/driverconfig/powerscale/v2.9.1/bad.yaml b/tests/config/driverconfig/powerscale/v2.9.1/bad.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.9.1/bad.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.9.1/controller.yaml b/tests/config/driverconfig/powerscale/v2.9.1/controller.yaml new file mode 100644 index 000000000..1fed6ca02 --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.9.1/controller.yaml @@ -0,0 +1,308 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + app: -controller + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + app: -controller + spec: + serviceAccount: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + + containers: + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.9.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--timeout=120s" + - "--v=5" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.4.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--timeout=180s" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--enable-node-watcher=false" + - "--monitor-interval=60s" + - "--timeout=180s" + - "--http-endpoint=:8080" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=k8s" + - "--volume-name-uuid-length=10" + - "--worker-threads=5" + - "--timeout=120s" + - "--v=5" + - "--feature-gates=Topology=true" + - "--leader-election" + - "--extra-create-metadata" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + - "--enable-capacity=false" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=120s" + - "--v=5" + - "--snapshot-name-prefix=snapshot" + - "--leader-election" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-isilon:v2.9.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-isilon" ] + args: + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + - name: X_CSI_ISI_AUTH_TYPE + value: "0" + - name: X_CSI_VERBOSE + value: "1" + - name: X_CSI_ISI_PORT + value: "8080" + - name: X_CSI_ISI_AUTOPROBE + value: "true" + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + - name: X_CSI_ISI_ACCESS_ZONE + value: system + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + - name: X_CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_ISI_CONFIG_PATH + value: /isilon-configs/config + - name: X_CSI_MAX_PATH_LIMIT + value: "false" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: isilon-configs + mountPath: /isilon-configs + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params + volumes: + - name: socket-dir + emptyDir: + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: isilon-configs + secret: + secretName: -creds + - name: csi-isilon-config-params + configMap: + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.9.1/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.9.1/csidriver.yaml new file mode 100644 index 000000000..a55f2843f --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.9.1/csidriver.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-isilon.dellemc.com +spec: + attachRequired: true + podInfoOnMount: true + storageCapacity: false + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/tests/config/driverconfig/powerscale/v2.9.1/driver-config-params.yaml b/tests/config/driverconfig/powerscale/v2.9.1/driver-config-params.yaml new file mode 100644 index 000000000..506503099 --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.9.1/driver-config-params.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug diff --git a/tests/config/driverconfig/powerscale/v2.9.1/node.yaml b/tests/config/driverconfig/powerscale/v2.9.1/node.yaml new file mode 100644 index 000000000..9ffcb36f1 --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.9.1/node.yaml @@ -0,0 +1,196 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + spec: + serviceAccount: -node + #nodeSelector: + #tolerations: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver + command: ["/csi-isilon"] + args: + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-isilon:v2.9.1 + imagePullPolicy: IfNotPresent + env: + - name: CSI_ENDPOINT + value: /plugins/csi-isilon/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + - name: X_CSI_VERBOSE + value: "1" + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/plugins/csi-isilon/disks" + - name: X_CSI_ISI_PORT + value: "8080" + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + - name: X_CSI_ISI_AUTOPROBE + value: "true" + - name: X_CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: X_CSI_NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + - name: X_CSI_ISI_CONFIG_PATH + value: /isilon-configs/config + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + - name: X_CSI_MAX_PATH_LIMIT + value: "false" + volumeMounts: + - name: driver-path + mountPath: /plugins/csi-isilon + - name: volumedevices-path + mountPath: /plugins/kubernetes.io/csi/volumeDevices + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: certs + mountPath: /certs + readOnly: true + - name: isilon-configs + mountPath: /isilon-configs + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/csi-isilon/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/csi-isilon + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /plugins/kubernetes.io/csi/volumeDevices + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: isilon-configs + secret: + secretName: -creds + - name: csi-isilon-config-params + configMap: + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.9.1/upgrade-path.yaml b/tests/config/driverconfig/powerscale/v2.9.1/upgrade-path.yaml new file mode 100644 index 000000000..a902cb64c --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.9.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.8.0 diff --git a/tests/config/driverconfig/powerstore/v2.9.0/bad.yaml b/tests/config/driverconfig/powerstore/v2.9.1/bad.yaml similarity index 100% rename from tests/config/driverconfig/powerstore/v2.9.0/bad.yaml rename to tests/config/driverconfig/powerstore/v2.9.1/bad.yaml diff --git a/tests/config/driverconfig/powerstore/v2.9.0/config.json b/tests/config/driverconfig/powerstore/v2.9.1/config.json similarity index 100% rename from tests/config/driverconfig/powerstore/v2.9.0/config.json rename to tests/config/driverconfig/powerstore/v2.9.1/config.json diff --git a/tests/config/driverconfig/powerstore/v2.9.0/controller.yaml b/tests/config/driverconfig/powerstore/v2.9.1/controller.yaml similarity index 99% rename from tests/config/driverconfig/powerstore/v2.9.0/controller.yaml rename to tests/config/driverconfig/powerstore/v2.9.1/controller.yaml index aa6e9a627..41abb750c 100644 --- a/tests/config/driverconfig/powerstore/v2.9.0/controller.yaml +++ b/tests/config/driverconfig/powerstore/v2.9.1/controller.yaml @@ -223,7 +223,7 @@ spec: - name: socket-dir mountPath: /var/run/csi - name: driver - image: dellemc/csi-powerstore:v2.9.0 + image: dellemc/csi-powerstore:v2.9.1 imagePullPolicy: IfNotPresent command: [ "/csi-powerstore" ] args: diff --git a/tests/config/driverconfig/powerstore/v2.9.1/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.9.1/csidriver.yaml new file mode 100644 index 000000000..1d6b34780 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.9.1/csidriver.yaml @@ -0,0 +1,27 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-powerstore.dellemc.com +spec: + storageCapacity: false + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.9.0/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.9.1/driver-config-params.yaml similarity index 100% rename from tests/config/driverconfig/powerstore/v2.9.0/driver-config-params.yaml rename to tests/config/driverconfig/powerstore/v2.9.1/driver-config-params.yaml diff --git a/tests/config/driverconfig/powerstore/v2.9.0/node.yaml b/tests/config/driverconfig/powerstore/v2.9.1/node.yaml similarity index 99% rename from tests/config/driverconfig/powerstore/v2.9.0/node.yaml rename to tests/config/driverconfig/powerstore/v2.9.1/node.yaml index 812d911a4..96c0bacda 100644 --- a/tests/config/driverconfig/powerstore/v2.9.0/node.yaml +++ b/tests/config/driverconfig/powerstore/v2.9.1/node.yaml @@ -91,7 +91,7 @@ spec: capabilities: add: ["SYS_ADMIN"] allowPrivilegeEscalation: true - image: dellemc/csi-powerstore:v2.9.0 + image: dellemc/csi-powerstore:v2.9.1 imagePullPolicy: IfNotPresent command: [ "/csi-powerstore" ] args: diff --git a/tests/config/driverconfig/powerstore/v2.9.1/upgrade-path.yaml b/tests/config/driverconfig/powerstore/v2.9.1/upgrade-path.yaml new file mode 100644 index 000000000..9b08e1904 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.9.1/upgrade-path.yaml @@ -0,0 +1,16 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +minUpgradePath: v2.8.0 \ No newline at end of file diff --git a/tests/config/driverconfig/unity/v2.9.0/bad.yaml b/tests/config/driverconfig/unity/v2.9.1/bad.yaml similarity index 100% rename from tests/config/driverconfig/unity/v2.9.0/bad.yaml rename to tests/config/driverconfig/unity/v2.9.1/bad.yaml diff --git a/tests/config/driverconfig/unity/v2.9.0/config.json b/tests/config/driverconfig/unity/v2.9.1/config.json similarity index 100% rename from tests/config/driverconfig/unity/v2.9.0/config.json rename to tests/config/driverconfig/unity/v2.9.1/config.json diff --git a/tests/config/driverconfig/unity/v2.9.0/controller.yaml b/tests/config/driverconfig/unity/v2.9.1/controller.yaml similarity index 99% rename from tests/config/driverconfig/unity/v2.9.0/controller.yaml rename to tests/config/driverconfig/unity/v2.9.1/controller.yaml index 94503df5f..0b55df66e 100644 --- a/tests/config/driverconfig/unity/v2.9.0/controller.yaml +++ b/tests/config/driverconfig/unity/v2.9.1/controller.yaml @@ -216,7 +216,6 @@ spec: - "--driver-name=csi-unity.dellemc.com" - "--driver-config=/unity-config/driver-config-params.yaml" - "--driver-secret=/unity-secret/config" - - "--leader-election" imagePullPolicy: IfNotPresent env: - name: CSI_ENDPOINT diff --git a/tests/config/driverconfig/unity/v2.9.1/csidriver.yaml b/tests/config/driverconfig/unity/v2.9.1/csidriver.yaml new file mode 100644 index 000000000..1ef295e21 --- /dev/null +++ b/tests/config/driverconfig/unity/v2.9.1/csidriver.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-unity.dellemc.com +spec: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/tests/config/driverconfig/unity/v2.9.1/driver-config-params.yaml b/tests/config/driverconfig/unity/v2.9.1/driver-config-params.yaml new file mode 100644 index 000000000..c49210aab --- /dev/null +++ b/tests/config/driverconfig/unity/v2.9.1/driver-config-params.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "info" + ALLOW_RWO_MULTIPOD_ACCESS: "false" + MAX_UNITY_VOLUMES_PER_NODE: 0 + SYNC_NODE_INFO_TIME_INTERVAL: 15 + TENANT_NAME: "" diff --git a/tests/config/driverconfig/unity/v2.9.0/node.yaml b/tests/config/driverconfig/unity/v2.9.1/node.yaml similarity index 100% rename from tests/config/driverconfig/unity/v2.9.0/node.yaml rename to tests/config/driverconfig/unity/v2.9.1/node.yaml diff --git a/tests/config/driverconfig/unity/v2.9.1/upgrade-path.yaml b/tests/config/driverconfig/unity/v2.9.1/upgrade-path.yaml new file mode 100644 index 000000000..46c8b747a --- /dev/null +++ b/tests/config/driverconfig/unity/v2.9.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.8.0 \ No newline at end of file diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml index f1d95df5c..fa1186fd6 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.9.0 + configVersion: v1.9.1 forceRemoveModule: true components: - name: karavi-authorization-proxy-server diff --git a/tests/e2e/testfiles/storage_csm_powerflex.yaml b/tests/e2e/testfiles/storage_csm_powerflex.yaml index 301196fc4..836b0f755 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex.yaml @@ -16,7 +16,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.9.0 + configVersion: v2.9.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -178,7 +178,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly @@ -350,7 +350,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.6.0 + configVersion: v1.8.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml index 30267547a..44582e881 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml @@ -168,10 +168,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml index b91d3637c..664a3b57a 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "None" - configVersion: v2.9.0 + configVersion: v2.9.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -168,10 +168,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml index f02570969..e83986db1 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.9.0 + configVersion: v2.9.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -169,10 +169,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml index 644267637..45df2add8 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.9.0 + configVersion: v2.9.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -168,10 +168,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_5.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_5.yaml index a9c0b34af..321439d6d 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_5.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_5.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.9.0 + configVersion: v2.9.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -168,10 +168,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml index 16deb205c..e0010645c 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.9.0 + configVersion: v2.9.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -137,7 +137,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml index 58802e8f1..ec0bdc400 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.9.0 + configVersion: v2.9.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml index e2b341a5e..811d3e34a 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.9.0 + configVersion: v2.9.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -138,7 +138,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml index 2c884f3e2..108318cd9 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.9.0 + configVersion: v2.9.1 replicas: 2 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false diff --git a/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml index 9c8fece8f..909abfadb 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml @@ -27,7 +27,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.9.0 + configVersion: v2.9.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -167,7 +167,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: true - configVersion: v1.6.0 + configVersion: v1.7.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powermax.yaml b/tests/e2e/testfiles/storage_csm_powermax.yaml index 48b985e86..d6531ce30 100644 --- a/tests/e2e/testfiles/storage_csm_powermax.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax.yaml @@ -44,8 +44,8 @@ spec: forceUpdate: false forceRemoveDriver: true common: - # Image for CSI PowerMax driver v2.9.0 - image: dellemc/csi-powermax:v2.9.0 + # Image for CSI PowerMax driver v2.9.1 + image: dellemc/csi-powermax:v2.9.1 # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml index 9d235011e..d0ac908b6 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml @@ -31,8 +31,8 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerMax v2.9.0 driver - configVersion: v2.9.0 + # Config version for CSI PowerMax v2.9.1 driver + configVersion: v2.9.1 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 @@ -44,8 +44,8 @@ spec: forceUpdate: false forceRemoveDriver: true common: - # Image for CSI PowerMax driver v2.9.0 - image: dellemc/csi-powermax:v2.9.0 + # Image for CSI PowerMax driver v2.9.1 + image: dellemc/csi-powermax:v2.9.1 # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. diff --git a/tests/e2e/testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/storage_csm_powerscale.yaml index acb3af627..f639c7b90 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.9.0 + configVersion: v2.9.1 authSecret: isilon-creds replicas: 1 dnsPolicy: ClusterFirstWithHostNet @@ -253,7 +253,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly @@ -436,7 +436,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.6.0 + configVersion: v1.7.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml index 837194827..8bbb3c3aa 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.9.0 + configVersion: v2.9.1 authSecret: csm-creds # currently fails with something about nodes taints etc replicas: 3 @@ -261,10 +261,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml index 9649a8182..3308d02e4 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "None" - configVersion: v2.9.0 + configVersion: v2.9.1 authSecret: csm-creds replicas: 1 dnsPolicy: ClusterFirstWithHostNet @@ -245,10 +245,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml index 11e8299d2..5aecb60c0 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.9.0 + configVersion: v2.9.1 authSecret: csm-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -245,10 +245,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml index c73853487..43543e8de 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.9.0 + configVersion: v2.9.1 authSecret: isilon-creds-auth replicas: 1 dnsPolicy: ClusterFirstWithHostNet @@ -244,7 +244,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml index 51f3eb1f4..87c4e8a9c 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.9.0 + configVersion: v2.9.1 authSecret: csm-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -245,10 +245,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.9.0 + image: dellemc/csm-authorization-sidecar:v1.9.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml index ee6c1b5f3..962ac924a 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.9.0 + configVersion: v2.9.1 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -245,7 +245,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly @@ -428,7 +428,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.6.0 + configVersion: v1.8.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml index 4e62fef23..16bcc6e79 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml @@ -26,7 +26,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.9.0 + configVersion: v2.9.1 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -263,7 +263,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: true - configVersion: v1.6.0 + configVersion: v1.7.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerstore.yaml b/tests/e2e/testfiles/storage_csm_powerstore.yaml index 777a312ae..90d4b5446 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore.yaml @@ -28,8 +28,8 @@ spec: # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" storageCapacity: false - # Config version for CSI PowerStore v2.9.0 driver - configVersion: v2.9.0 + # Config version for CSI PowerStore v2.9.1 driver + configVersion: v2.9.1 authSecret: powerstore-config # Controller count replicas: 2 @@ -153,7 +153,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml index a37aeed69..e959f34a3 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml @@ -28,8 +28,8 @@ spec: # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" storageCapacity: false - # Config version for CSI PowerStore v2.9.0 driver - configVersion: v2.9.0 + # Config version for CSI PowerStore v2.9.1 driver + configVersion: v2.9.1 authSecret: powerstore-config # Controller count replicas: 2 @@ -153,7 +153,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_unity.yaml b/tests/e2e/testfiles/storage_csm_unity.yaml index 717531134..fb37a4e4b 100644 --- a/tests/e2e/testfiles/storage_csm_unity.yaml +++ b/tests/e2e/testfiles/storage_csm_unity.yaml @@ -16,15 +16,15 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI Unity v2.9.0 driver - configVersion: v2.9.0 + # Config version for CSI Unity v2.9.1 driver + configVersion: v2.9.1 # Controller count replicas: 2 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - # Nightly Image for CSI Unity driver v2.9.0 + # Nightly Image for CSI Unity driver v2.9.1 image: "dellemc/csi-unity:nightly" imagePullPolicy: IfNotPresent envs: diff --git a/tests/shared/common.go b/tests/shared/common.go index ba3d35a5a..0c6beba53 100644 --- a/tests/shared/common.go +++ b/tests/shared/common.go @@ -27,16 +27,16 @@ import ( // ConfigVersions used for all unit tests const ( - PFlexConfigVersion string = "v2.9.0" + PFlexConfigVersion string = "v2.9.1" ConfigVersion string = "v2.7.0" UpgradeConfigVersion string = "v2.8.0" - JumpUpgradeConfigVersion string = "v2.9.0" + JumpUpgradeConfigVersion string = "v2.9.1" OldConfigVersion string = "v2.2.0" BadConfigVersion string = "v0" - PStoreConfigVersion string = "v2.9.0" - UnityConfigVersion string = "v2.9.0" - PScaleConfigVersion string = "v2.9.0" - PmaxConfigVersion string = "v2.9.0" + PStoreConfigVersion string = "v2.9.1" + UnityConfigVersion string = "v2.9.1" + PScaleConfigVersion string = "v2.9.1" + PmaxConfigVersion string = "v2.9.1" AccConfigVersion string = "v1.0.0" )