Skip to content

Commit

Permalink
Updating auto proxy code (#214)
Browse files Browse the repository at this point in the history
  • Loading branch information
boyamurthy authored Jun 1, 2023
1 parent 43272c4 commit 9c931de
Show file tree
Hide file tree
Showing 4 changed files with 92 additions and 7 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# If the csireverseproxy cert and key are provided, deploy a CA Issuer using the cert and key
{{- if ne .Values.certManager.selfSignedCert true }}
apiVersion: v1
data:
tls.crt: {{ .Values.certManager.certificateFile }}
tls.key: {{ .Values.certManager.privateKeyFile }}
kind: Secret
type: kubernetes.io/tls
metadata:
name: csirevproxy-tls-secret
namespace: {{ .Release.Namespace }}

---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: csirevproxy-issuer
namespace: {{ .Release.Namespace }}
spec:
ca:
secretName: csirevproxy-tls-secret
---
{{- else }}
# deploy a selfsigned-issuer
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: selfsigned-issuer
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}

---
{{- end }}

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: csirevproxy-tls-cert
namespace: {{ .Release.Namespace }}
spec:
secretName: csirevproxy-tls-secret
commonName: powermax-reverseproxy
duration: 2160h # 90d
renewBefore: 360h # 15d
subject:
organizations:
- dellemc
isCA: false
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
usages:
- server auth
- client auth
dnsNames:
- powermax-reverseproxy
- powermax-reverseproxy.powermax.svc.cluster.local
- reverseproxy
issuerRef:
{{- if ne .Values.certManager.selfSignedCert true }}
name: csirevproxy-issuer
{{- else }}
name: selfsigned-issuer
{{- end }}
kind: Issuer
group: cert-manager.io
---
2 changes: 1 addition & 1 deletion charts/csi-powermax/charts/csireverseproxy/values.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
image: dellemc/csipowermax-reverseproxy:v2.5.0
image: dellemc/csipowermax-reverseproxy:v2.6.0
port: 2222

# TLS secret which is used for setting up the proxy HTTPS server
Expand Down
12 changes: 6 additions & 6 deletions charts/csi-powermax/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -4,47 +4,47 @@ Return the appropriate sidecar images based on k8s version
{{- define "csi-powermax.attacherImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.2.0" -}}
{{- print "k8s.gcr.io/sig-storage/csi-attacher:v4.3.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{- define "csi-powermax.provisionerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.4.0" -}}
{{- print "k8s.gcr.io/sig-storage/csi-provisioner:v3.5.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{- define "csi-powermax.snapshotterImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.1" -}}
{{- print "k8s.gcr.io/sig-storage/csi-snapshotter:v6.2.2" -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{- define "csi-powermax.resizerImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.7.0" -}}
{{- print "k8s.gcr.io/sig-storage/csi-resizer:v1.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{- define "csi-powermax.registrarImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.6.3" -}}
{{- print "k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}

{{- define "csi-powermax.healthmonitorImage" -}}
{{- if eq .Capabilities.KubeVersion.Major "1" }}
{{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}}
{{- print "gcr.io/k8s-staging-sig-storage/csi-external-health-monitor-controller:v0.8.0" -}}
{{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}}
{{- end -}}
{{- end -}}
{{- end -}}
15 changes: 15 additions & 0 deletions charts/csi-powermax/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,21 @@ csireverseproxy:
# Default value: None
# Example: "StandAlone"
mode: StandAlone
# Auto-create TLS certificate for csi-reverseproxy
certManager:
# Set selfSignedCert to use a self-signed certificate
# Default value: true
selfSignedCert: true
# certificateFile has tls.key content in encoded format
# Allowed Values:
# - encoded base64 value of tls.crt: cat tls.crt | base64
# - comment the param, if selfsigned should be used
certificateFile: tls.crt.encoded64
# privateKeyFile has tls.key content in encoded format
# Allowed Values:
# - encoded base64 value of tls.key: cat tls.key | base64
# - comment the param, if selfsigned should be used
privateKeyFile: tls.key.encoded64
# clusterPrefix: Define a prefix that is appended onto
# all resources created in the Array
# This should be unique per K8s/CSI deployment
Expand Down

0 comments on commit 9c931de

Please sign in to comment.