diff --git a/Dockerfile b/Dockerfile index 9b90d19a3..21d0d9fdd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,7 +48,7 @@ LABEL vendor="Dell Inc." \ name="dell-csm-operator" \ summary="Operator for installing Dell CSI Drivers and Dell CSM Modules" \ description="Common Operator for installing various Dell CSI Drivers and Dell CSM Modules" \ - version="1.5.0" \ + version="1.5.1" \ license="Dell CSM Operator Apache License" # copy the licenses folder diff --git a/Makefile b/Makefile index 656832f7b..bcf9adf20 100644 --- a/Makefile +++ b/Makefile @@ -191,7 +191,7 @@ OPM = $(shell which opm) endif endif -# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v1.5.0). +# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v1.5.1). # These images MUST exist in a registry and be pull-able. BUNDLE_IMGS ?= $(BUNDLE_IMG) diff --git a/README.md b/README.md index f501bcad1..039708bd5 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ For any CSM Operator and driver issues, questions or feedback, join the [Dell Te Dell Container Storage Modules Operator has been tested and qualified with * Upstream Kubernetes cluster v1.27, v1.28, v1.29 - * OpenShift Clusters 4.13, 4.14 with RHEL 8.x & RHCOS worker nodes + * OpenShift Clusters 4.13, 4.14, 4.15 with RHEL 8.x & RHCOS worker nodes ## Installation diff --git a/bundle.Dockerfile b/bundle.Dockerfile index 27bc1770b..f5268118e 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -8,14 +8,14 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=dell-csm-operator LABEL operators.operatorframework.io.bundle.channels.v1=stable LABEL operators.operatorframework.io.bundle.channel.default.v1=stable -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.34.1 +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.34.2 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 # Labels for testing. LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ -LABEL com.redhat.openshift.versions=v4.13-v4.14 +LABEL com.redhat.openshift.versions=v4.13-v4.15 LABEL com.redhat.delivery.backport=false LABEL com.redhat.delivery.operator.bundle=true diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml index 4d2a61b72..302455c0d 100644 --- a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml +++ b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml @@ -101,10 +101,10 @@ metadata: "value": "debug" } ], - "image": "dellemc/csi-isilon:v2.10.0", + "image": "dellemc/csi-isilon:v2.10.1", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.10.0", + "configVersion": "v2.10.1", "controller": { "envs": [ { @@ -190,7 +190,7 @@ metadata: "name": "snapshotter" }, { - "image": "dellemc/csi-metadata-retriever:v1.7.2", + "image": "dellemc/csi-metadata-retriever:v1.7.3", "name": "csi-metadata-retriever" }, { @@ -217,11 +217,11 @@ metadata: "value": "true" } ], - "image": "dellemc/csm-authorization-sidecar:v1.10.0", + "image": "dellemc/csm-authorization-sidecar:v1.10.1", "name": "karavi-authorization-proxy" } ], - "configVersion": "v1.10.0", + "configVersion": "v1.10.1", "enabled": false, "name": "authorization" }, @@ -238,7 +238,7 @@ metadata: "value": "powerscale" } ], - "image": "dellemc/dell-csi-replicator:v1.8.0", + "image": "dellemc/dell-csi-replicator:v1.8.1", "name": "dell-csi-replicator" }, { @@ -264,11 +264,11 @@ metadata: "value": "5m" } ], - "image": "dellemc/dell-replication-controller:v1.8.0", + "image": "dellemc/dell-replication-controller:v1.8.1", "name": "dell-replication-controller-manager" } ], - "configVersion": "v1.8.0", + "configVersion": "v1.8.1", "enabled": false, "name": "replication" }, @@ -283,7 +283,7 @@ metadata: "value": "INFO" } ], - "image": "dellemc/csm-topology:v1.8.0", + "image": "dellemc/csm-topology:v1.8.1", "name": "topology", "privateKey": "" }, @@ -356,11 +356,11 @@ metadata: "value": "otel-collector:55680" } ], - "image": "dellemc/csm-metrics-powerscale:v1.5.0", + "image": "dellemc/csm-metrics-powerscale:v1.5.1", "name": "metrics-powerscale" } ], - "configVersion": "v1.8.0", + "configVersion": "v1.8.1", "enabled": false, "name": "observability" }, @@ -379,7 +379,7 @@ metadata: "--driverPath=csi-isilon.dellemc.com", "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" ], - "image": "dellemc/podmon:v1.9.0", + "image": "dellemc/podmon:v1.9.1", "imagePullPolicy": "IfNotPresent", "name": "podmon-controller" }, @@ -401,12 +401,12 @@ metadata: "value": "8083" } ], - "image": "dellemc/podmon:v1.9.0", + "image": "dellemc/podmon:v1.9.1", "imagePullPolicy": "IfNotPresent", "name": "podmon-node" } ], - "configVersion": "v1.9.0", + "configVersion": "v1.9.1", "enabled": false, "name": "resiliency" } @@ -470,10 +470,10 @@ metadata: "value": "" } ], - "image": "dellemc/csi-powermax:v2.10.0", + "image": "dellemc/csi-powermax:v2.10.1", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.10.0", + "configVersion": "v2.10.1", "controller": { "envs": [ { @@ -556,7 +556,7 @@ metadata: "name": "snapshotter" }, { - "image": "dellemc/csi-metadata-retriever:v1.7.2", + "image": "dellemc/csi-metadata-retriever:v1.7.3", "name": "csi-metadata-retriever" }, { @@ -587,11 +587,11 @@ metadata: "value": "powermax-reverseproxy-config" } ], - "image": "dellemc/csipowermax-reverseproxy:v2.9.0", + "image": "dellemc/csipowermax-reverseproxy:v2.9.1", "name": "csipowermax-reverseproxy" } ], - "configVersion": "v2.9.0", + "configVersion": "v2.9.1", "enabled": true, "forceRemoveModule": true, "name": "csireverseproxy" @@ -609,11 +609,11 @@ metadata: "value": "true" } ], - "image": "dellemc/csm-authorization-sidecar:v1.10.0", + "image": "dellemc/csm-authorization-sidecar:v1.10.1", "name": "karavi-authorization-proxy" } ], - "configVersion": "v1.10.0", + "configVersion": "v1.10.1", "enabled": false, "name": "authorization" }, @@ -630,7 +630,7 @@ metadata: "value": "powermax" } ], - "image": "dellemc/dell-csi-replicator:v1.8.0", + "image": "dellemc/dell-csi-replicator:v1.8.1", "name": "dell-csi-replicator" }, { @@ -656,11 +656,11 @@ metadata: "value": "5m" } ], - "image": "dellemc/dell-replication-controller:v1.8.0", + "image": "dellemc/dell-replication-controller:v1.8.1", "name": "dell-replication-controller-manager" } ], - "configVersion": "v1.8.0", + "configVersion": "v1.8.1", "enabled": false, "name": "replication" }, @@ -675,7 +675,7 @@ metadata: "value": "INFO" } ], - "image": "dellemc/csm-topology:v1.8.0", + "image": "dellemc/csm-topology:v1.8.1", "name": "topology", "privateKey": "" }, @@ -736,11 +736,11 @@ metadata: "value": "powermax-reverseproxy-config" } ], - "image": "dellemc/csm-metrics-powermax:v1.3.0", + "image": "dellemc/csm-metrics-powermax:v1.3.1", "name": "metrics-powermax" } ], - "configVersion": "v1.8.0", + "configVersion": "v1.8.1", "enabled": false, "name": "observability" } @@ -776,10 +776,10 @@ metadata: "value": "debug" } ], - "image": "dellemc/csi-powerstore:v2.10.0", + "image": "dellemc/csi-powerstore:v2.10.1", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.10.0", + "configVersion": "v2.10.1", "controller": { "envs": [ { @@ -850,7 +850,7 @@ metadata: "name": "snapshotter" }, { - "image": "dellemc/csi-metadata-retriever:v1.7.2", + "image": "dellemc/csi-metadata-retriever:v1.7.3", "name": "csi-metadata-retriever" }, { @@ -879,7 +879,7 @@ metadata: "--driver-config-params=/powerstore-config-params/driver-config-params.yaml", "--driverPath=csi-powerstore.dellemc.com" ], - "image": "dellemc/podmon:v1.9.0", + "image": "dellemc/podmon:v1.9.1", "imagePullPolicy": "IfNotPresent", "name": "podmon-controller" }, @@ -901,12 +901,12 @@ metadata: "value": "8083" } ], - "image": "dellemc/podmon:v1.9.0", + "image": "dellemc/podmon:v1.9.1", "imagePullPolicy": "IfNotPresent", "name": "podmon-node" } ], - "configVersion": "v1.9.0", + "configVersion": "v1.9.1", "enabled": false, "name": "resiliency" } @@ -961,10 +961,10 @@ metadata: "value": "true" } ], - "image": "dellemc/csi-unity:v2.10.0", + "image": "dellemc/csi-unity:v2.10.1", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.10.0", + "configVersion": "v2.10.1", "controller": { "envs": [ { @@ -1019,7 +1019,7 @@ metadata: "name": "snapshotter" }, { - "image": "dellemc/csi-metadata-retriever:v1.7.2", + "image": "dellemc/csi-metadata-retriever:v1.7.3", "name": "csi-metadata-retriever" }, { @@ -1070,10 +1070,10 @@ metadata: "value": "false" } ], - "image": "dellemc/csi-vxflexos:v2.10.0", + "image": "dellemc/csi-vxflexos:v2.10.1", "imagePullPolicy": "IfNotPresent" }, - "configVersion": "v2.10.0", + "configVersion": "v2.10.1", "controller": { "envs": [ { @@ -1161,7 +1161,7 @@ metadata: "name": "snapshotter" }, { - "image": "dellemc/csi-metadata-retriever:v1.7.2", + "image": "dellemc/csi-metadata-retriever:v1.7.3", "name": "csi-metadata-retriever" }, { @@ -1203,11 +1203,11 @@ metadata: "value": "true" } ], - "image": "dellemc/csm-authorization-sidecar:v1.10.0", + "image": "dellemc/csm-authorization-sidecar:v1.10.1", "name": "karavi-authorization-proxy" } ], - "configVersion": "v1.10.0", + "configVersion": "v1.10.1", "enabled": false, "name": "authorization" }, @@ -1222,7 +1222,7 @@ metadata: "value": "INFO" } ], - "image": "dellemc/csm-topology:v1.8.0", + "image": "dellemc/csm-topology:v1.8.1", "name": "topology", "privateKey": "" }, @@ -1287,11 +1287,11 @@ metadata: "value": "otel-collector:55680" } ], - "image": "dellemc/csm-metrics-powerflex:v1.8.0", + "image": "dellemc/csm-metrics-powerflex:v1.8.1", "name": "metrics-powerflex" } ], - "configVersion": "v1.8.0", + "configVersion": "v1.8.1", "enabled": false, "name": "observability" }, @@ -1308,7 +1308,7 @@ metadata: "value": "powerflex" } ], - "image": "dellemc/dell-csi-replicator:v1.8.0", + "image": "dellemc/dell-csi-replicator:v1.8.1", "name": "dell-csi-replicator" }, { @@ -1334,11 +1334,11 @@ metadata: "value": "5m" } ], - "image": "dellemc/dell-replication-controller:v1.8.0", + "image": "dellemc/dell-replication-controller:v1.8.1", "name": "dell-replication-controller-manager" } ], - "configVersion": "v1.8.0", + "configVersion": "v1.8.1", "enabled": false, "name": "replication" }, @@ -1356,7 +1356,7 @@ metadata: "--mode=controller", "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" ], - "image": "dellemc/podmon:v1.9.0", + "image": "dellemc/podmon:v1.9.1", "imagePullPolicy": "IfNotPresent", "name": "podmon-controller" }, @@ -1377,12 +1377,12 @@ metadata: "value": "8083" } ], - "image": "dellemc/podmon:v1.9.0", + "image": "dellemc/podmon:v1.9.1", "imagePullPolicy": "IfNotPresent", "name": "podmon-node" } ], - "configVersion": "v1.9.0", + "configVersion": "v1.9.1", "enabled": false, "name": "resiliency" } @@ -1392,8 +1392,8 @@ metadata: ] capabilities: Seamless Upgrades categories: Storage - containerImage: docker.io/dellemc/dell-csm-operator:v1.5.0 - createdAt: "2024-04-10T09:49:32Z" + containerImage: docker.io/dellemc/dell-csm-operator:v1.5.1 + createdAt: "2024-05-28T13:19:03Z" description: Easily install and manage Dell’s CSI Drivers and CSM features.operators.openshift.io/disconnected: "true" features.operators.openshift.io/fips-compliant: "false" @@ -1402,11 +1402,11 @@ metadata: features.operators.openshift.io/token-auth-aws: "false" features.operators.openshift.io/token-auth-azure: "false" features.operators.openshift.io/token-auth-gcp: "false" - operators.operatorframework.io/builder: operator-sdk-v1.34.1 + operators.operatorframework.io/builder: operator-sdk-v1.34.2 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/dell/csm-operator support: Dell Technologies - name: dell-csm-operator.v1.5.0 + name: dell-csm-operator.v1.5.1 namespace: placeholder spec: apiservicedefinitions: {} @@ -3665,7 +3665,7 @@ spec: template: metadata: annotations: - storage.dell.com/CSMVersion: v1.10.0 + storage.dell.com/CSMVersion: v1.10.2 labels: control-plane: controller-manager spec: @@ -3690,39 +3690,39 @@ spec: - /manager env: - name: RELATED_IMAGE_dell-csm-operator - value: docker.io/dellemc/dell-csm-operator:v1.5.0 + value: docker.io/dellemc/dell-csm-operator:v1.5.1 - name: RELATED_IMAGE_csi-isilon - value: docker.io/dellemc/csi-isilon:v2.10.0 + value: docker.io/dellemc/csi-isilon:v2.10.1 - name: RELATED_IMAGE_csi-powermax - value: docker.io/dellemc/csi-powermax:v2.10.0 + value: docker.io/dellemc/csi-powermax:v2.10.1 - name: RELATED_IMAGE_csipowermax-reverseproxy - value: docker.io/dellemc/csipowermax-reverseproxy:v2.9.0 + value: docker.io/dellemc/csipowermax-reverseproxy:v2.9.1 - name: RELATED_IMAGE_csi-powerstore - value: docker.io/dellemc/csi-powerstore:v2.10.0 + value: docker.io/dellemc/csi-powerstore:v2.10.1 - name: RELATED_IMAGE_csi-unity - value: docker.io/dellemc/csi-unity:v2.10.0 + value: docker.io/dellemc/csi-unity:v2.10.1 - name: RELATED_IMAGE_csi-vxflexos - value: docker.io/dellemc/csi-vxflexos:v2.10.0 + value: docker.io/dellemc/csi-vxflexos:v2.10.1 - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.1 - name: RELATED_IMAGE_karavi-authorization-proxy - value: docker.io/dellemc/csm-authorization-sidecar:v1.10.0 + value: docker.io/dellemc/csm-authorization-sidecar:v1.10.1 - name: RELATED_IMAGE_dell-csi-replicator - value: docker.io/dellemc/dell-csi-replicator:v1.8.0 + value: docker.io/dellemc/dell-csi-replicator:v1.8.1 - name: RELATED_IMAGE_dell-replication-controller-manager - value: docker.io/dellemc/dell-replication-controller:v1.8.0 + value: docker.io/dellemc/dell-replication-controller:v1.8.1 - name: RELATED_IMAGE_topology - value: docker.io/dellemc/csm-topology:v1.8.0 + value: docker.io/dellemc/csm-topology:v1.8.1 - name: RELATED_IMAGE_otel-collector value: docker.io/otel/opentelemetry-collector:0.42.0 - name: RELATED_IMAGE_metrics-powerscale - value: docker.io/dellemc/csm-metrics-powerscale:v1.5.0 + value: docker.io/dellemc/csm-metrics-powerscale:v1.5.1 - name: RELATED_IMAGE_metrics-powermax - value: docker.io/dellemc/csm-metrics-powermax:v1.3.0 + value: docker.io/dellemc/csm-metrics-powermax:v1.3.1 - name: RELATED_IMAGE_metrics-powerflex - value: docker.io/dellemc/csm-metrics-powerflex:v1.8.0 + value: docker.io/dellemc/csm-metrics-powerflex:v1.8.1 - name: RELATED_IMAGE_podmon-node - value: docker.io/dellemc/podmon:v1.9.0 + value: docker.io/dellemc/podmon:v1.9.1 - name: RELATED_IMAGE_kube-rbac-proxy value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: RELATED_IMAGE_attacher @@ -3738,12 +3738,12 @@ spec: - name: RELATED_IMAGE_externalhealthmonitorcontroller value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 - name: RELATED_IMAGE_metadataretriever - value: dellemc/csi-metadata-retriever:v1.7.2 + value: dellemc/csi-metadata-retriever:v1.7.3 - name: RELATED_IMAGE_dell-connectivity-client value: docker.io/dellemc/connectivity-client-docker-k8s:1.2.3 - name: RELATED_IMAGE_cert-persister value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - image: docker.io/dellemc/dell-csm-operator:v1.5.0 + image: docker.io/dellemc/dell-csm-operator:v1.5.1 imagePullPolicy: Always livenessProbe: httpGet: @@ -3804,39 +3804,39 @@ spec: name: Dell Technologies url: https://github.com/dell/csm-operator relatedImages: - - image: docker.io/dellemc/dell-csm-operator:v1.5.0 + - image: docker.io/dellemc/dell-csm-operator:v1.5.1 name: dell-csm-operator - - image: docker.io/dellemc/csi-isilon:v2.10.0 + - image: docker.io/dellemc/csi-isilon:v2.10.1 name: csi-isilon - - image: docker.io/dellemc/csi-powermax:v2.10.0 + - image: docker.io/dellemc/csi-powermax:v2.10.1 name: csi-powermax - - image: docker.io/dellemc/csipowermax-reverseproxy:v2.9.0 + - image: docker.io/dellemc/csipowermax-reverseproxy:v2.9.1 name: csipowermax-reverseproxy - - image: docker.io/dellemc/csi-powerstore:v2.10.0 + - image: docker.io/dellemc/csi-powerstore:v2.10.1 name: csi-powerstore - - image: docker.io/dellemc/csi-unity:v2.10.0 + - image: docker.io/dellemc/csi-unity:v2.10.1 name: csi-unity - - image: docker.io/dellemc/csi-vxflexos:v2.10.0 + - image: docker.io/dellemc/csi-vxflexos:v2.10.1 name: csi-vxflexos - image: docker.io/dellemc/sdc:4.5.1 name: sdc - - image: docker.io/dellemc/csm-authorization-sidecar:v1.10.0 + - image: docker.io/dellemc/csm-authorization-sidecar:v1.10.1 name: karavi-authorization-proxy - - image: docker.io/dellemc/dell-csi-replicator:v1.8.0 + - image: docker.io/dellemc/dell-csi-replicator:v1.8.1 name: dell-csi-replicator - - image: docker.io/dellemc/dell-replication-controller:v1.8.0 + - image: docker.io/dellemc/dell-replication-controller:v1.8.1 name: dell-replication-controller-manager - - image: docker.io/dellemc/csm-topology:v1.8.0 + - image: docker.io/dellemc/csm-topology:v1.8.1 name: topology - image: docker.io/otel/opentelemetry-collector:0.42.0 name: otel-collector - - image: docker.io/dellemc/csm-metrics-powerscale:v1.5.0 + - image: docker.io/dellemc/csm-metrics-powerscale:v1.5.1 name: metrics-powerscale - - image: docker.io/dellemc/csm-metrics-powermax:v1.3.0 + - image: docker.io/dellemc/csm-metrics-powermax:v1.3.1 name: metrics-powermax - - image: docker.io/dellemc/csm-metrics-powerflex:v1.8.0 + - image: docker.io/dellemc/csm-metrics-powerflex:v1.8.1 name: metrics-powerflex - - image: docker.io/dellemc/podmon:v1.9.0 + - image: docker.io/dellemc/podmon:v1.9.1 name: podmon-node - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 name: kube-rbac-proxy @@ -3852,12 +3852,12 @@ spec: name: resizer - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 name: externalhealthmonitorcontroller - - image: dellemc/csi-metadata-retriever:v1.7.2 + - image: dellemc/csi-metadata-retriever:v1.7.3 name: metadataretriever - image: docker.io/dellemc/connectivity-client-docker-k8s:1.2.3 name: dell-connectivity-client - image: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 name: cert-persister skips: - - dell-csm-operator.v1.4.3 - version: 1.5.0 + - dell-csm-operator.v1.5.0 + version: 1.5.1 diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index 765906674..2fd29fb7d 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -6,7 +6,7 @@ annotations: operators.operatorframework.io.bundle.package.v1: dell-csm-operator operators.operatorframework.io.bundle.channels.v1: stable operators.operatorframework.io.bundle.channel.default.v1: stable - operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.1 + operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.2 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 @@ -15,4 +15,4 @@ annotations: operators.operatorframework.io.test.config.v1: tests/scorecard/ # Annotations to specify supported OCP versions. - com.redhat.openshift.versions: v4.13-v4.14 \ No newline at end of file + com.redhat.openshift.versions: v4.13-v4.15 \ No newline at end of file diff --git a/config/install/kustomization.yaml b/config/install/kustomization.yaml index b0095c145..8557e7d41 100644 --- a/config/install/kustomization.yaml +++ b/config/install/kustomization.yaml @@ -14,4 +14,4 @@ bases: images: - name: controller newName: docker.io/dellemc/dell-csm-operator - newTag: v1.5.0 + newTag: v1.5.1 diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index e3bfce9e5..17136c9bb 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ kind: Kustomization images: - name: controller newName: docker.io/dellemc/dell-csm-operator - newTag: v1.5.0 + newTag: v1.5.1 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 61399f38c..0337b50a2 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -77,7 +77,7 @@ spec: name: RELATED_IMAGE_resizer - value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 name: RELATED_IMAGE_externalhealthmonitorcontroller - - value: dellemc/csi-metadata-retriever:v1.7.2 + - value: dellemc/csi-metadata-retriever:v1.7.3 name: RELATED_IMAGE_metadataretriever - value: docker.io/dellemc/connectivity-client-docker-k8s:1.2.3 name: RELATED_IMAGE_dell-connectivity-client diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml index c77a9c026..48211a5e9 100644 --- a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml @@ -5,7 +5,7 @@ metadata: alm-examples: '[]' capabilities: Seamless Upgrades categories: Storage - containerImage: docker.io/dellemc/dell-csm-operator:v1.5.0 + containerImage: docker.io/dellemc/dell-csm-operator:v1.5.1 createdAt: "2022-03-29T11:59:59Z" description: Easily install and manage Dell’s CSI Drivers and CSM features.operators.openshift.io/disconnected: "true" @@ -17,7 +17,7 @@ metadata: features.operators.openshift.io/token-auth-gcp: "false" repository: https://github.com/dell/csm-operator support: Dell Technologies - name: dell-csm-operator.v1.5.0 + name: dell-csm-operator.v1.5.1 namespace: placeholder spec: apiservicedefinitions: {} @@ -354,6 +354,11 @@ spec: displayName: Use Private CA Certs path: client.usePrivateCaCerts statusDescriptors: + - description: ClientStatus is the status of Client pods + displayName: ClientStatus + path: clientStatus + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses - description: State is the state of the client installation displayName: State path: state @@ -1136,36 +1141,16 @@ spec: displayName: Name path: modules[0].name statusDescriptors: - - description: Number of Available Controller pods - displayName: Available - path: controllerStatus.available - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Desired Controller pods - displayName: Desired - path: controllerStatus.desired + - description: ControllerStatus is the status of Controller pods + displayName: ControllerStatus + path: controllerStatus x-descriptors: - - urn:alm:descriptor:text - - description: Number of Failed Controller pods - displayName: Failed - path: controllerStatus.failed - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Available Node pods - displayName: Available - path: nodeStatus.available + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: NodeStatus is the status of Controller pods + displayName: NodeStatus + path: nodeStatus x-descriptors: - - urn:alm:descriptor:text - - description: Number of Desired Node pods - displayName: Desired - path: nodeStatus.desired - x-descriptors: - - urn:alm:descriptor:text - - description: Number of Failed Node pods - displayName: Failed - path: nodeStatus.failed - x-descriptors: - - urn:alm:descriptor:text + - urn:alm:descriptor:com.tectonic.ui:podStatuses - description: State is the state of the driver installation displayName: State path: state @@ -1238,6 +1223,43 @@ spec: provider: name: Dell Technologies url: https://github.com/dell/csm-operator + relatedImages: + - image: docker.io/dellemc/dell-csm-operator:v1.5.1 + name: dell-csm-operator + - image: docker.io/dellemc/csi-isilon:v2.10.1 + name: csi-isilon + - image: docker.io/dellemc/csi-powermax:v2.10.1 + name: csi-powermax + - image: docker.io/dellemc/csipowermax-reverseproxy:v2.9.1 + name: csipowermax-reverseproxy + - image: docker.io/dellemc/csi-powerstore:v2.10.1 + name: csi-powerstore + - image: docker.io/dellemc/csi-unity:v2.10.1 + name: csi-unity + - image: docker.io/dellemc/csi-vxflexos:v2.10.1 + name: csi-vxflexos + - image: docker.io/dellemc/sdc:4.5.1 + name: sdc + - image: docker.io/dellemc/csm-authorization-sidecar:v1.10.1 + name: karavi-authorization-proxy + - image: docker.io/dellemc/dell-csi-replicator:v1.8.1 + name: dell-csi-replicator + - image: docker.io/dellemc/dell-replication-controller:v1.8.1 + name: dell-replication-controller-manager + - image: docker.io/dellemc/csm-topology:v1.8.1 + name: topology + - image: docker.io/otel/opentelemetry-collector:0.42.0 + name: otel-collector + - image: docker.io/dellemc/csm-metrics-powerscale:v1.5.1 + name: metrics-powerscale + - image: docker.io/dellemc/csm-metrics-powermax:v1.3.1 + name: metrics-powermax + - image: docker.io/dellemc/csm-metrics-powerflex:v1.8.1 + name: metrics-powerflex + - image: docker.io/dellemc/podmon:v1.9.1 + name: podmon-node + - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy skips: - - dell-csm-operator.v1.4.3 - version: 1.5.0 + - dell-csm-operator.v1.5.0 + version: 1.5.1 diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml index 1e78dbae9..7cd23903e 100644 --- a/config/samples/storage_v1_csm_powerflex.yaml +++ b/config/samples/storage_v1_csm_powerflex.yaml @@ -16,13 +16,13 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "dellemc/csi-vxflexos:v2.10.0" + image: "dellemc/csi-vxflexos:v2.10.1" imagePullPolicy: IfNotPresent envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -55,7 +55,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 - name: csi-metadata-retriever - image: dellemc/csi-metadata-retriever:v1.7.2 + image: dellemc/csi-metadata-retriever:v1.7.3 # sdc-monitor is disabled by default, due to high CPU usage - name: sdc-monitor @@ -199,10 +199,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -216,14 +216,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -272,7 +272,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: false # image: Defines PowerFlex metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powerflex:v1.8.0 + image: dellemc/csm-metrics-powerflex:v1.8.1 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int @@ -334,13 +334,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -355,7 +355,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -390,10 +390,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: podmon-controller - image: dellemc/podmon:v1.9.0 + image: dellemc/podmon:v1.9.1 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-vxflexos" @@ -407,7 +407,7 @@ spec: - "--mode=controller" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - name: podmon-node - image: dellemc/podmon:v1.9.0 + image: dellemc/podmon:v1.9.1 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml index e24393853..e42741748 100644 --- a/config/samples/storage_v1_csm_powermax.yaml +++ b/config/samples/storage_v1_csm_powermax.yaml @@ -31,8 +31,8 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerMax v2.10.0 driver - configVersion: v2.10.0 + # Config version for CSI PowerMax v2.10.1 driver + configVersion: v2.10.1 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 @@ -44,8 +44,8 @@ spec: forceUpdate: false forceRemoveDriver: true common: - # Image for CSI PowerMax driver v2.10.0 - image: dellemc/csi-powermax:v2.10.0 + # Image for CSI PowerMax driver v2.10.1 + image: dellemc/csi-powermax:v2.10.1 # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. @@ -226,7 +226,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 - name: csi-metadata-retriever - image: dellemc/csi-metadata-retriever:v1.7.2 + image: dellemc/csi-metadata-retriever:v1.7.3 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false @@ -245,13 +245,13 @@ spec: # enabled: Always set to true enabled: true forceRemoveModule: true - configVersion: v2.9.0 + configVersion: v2.9.1 components: - name: csipowermax-reverseproxy # image: Define the container images used for the reverse proxy # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.0" - image: dellemc/csipowermax-reverseproxy:v2.9.0 + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:v2.9.1 envs: # "tlsSecret" defines the TLS secret that is created with certificate # and its associated key @@ -268,10 +268,10 @@ spec: - name: authorization # enabled: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -289,13 +289,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -311,7 +311,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -342,14 +342,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -398,7 +398,7 @@ spec: # enabled: Enable/Disable PowerMax metrics enabled: false # image: Defines PowerMax metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powermax:v1.3.0 + image: dellemc/csm-metrics-powermax:v1.3.1 envs: # POWERMAX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerMax # Allowed values: int diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml index 9cbac847f..8747d8205 100644 --- a/config/samples/storage_v1_csm_powerscale.yaml +++ b/config/samples/storage_v1_csm_powerscale.yaml @@ -16,16 +16,16 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerScale v2.10.0 driver - configVersion: v2.10.0 + # Config version for CSI PowerScale v2.10.1 driver + configVersion: v2.10.1 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet # Uninstall CSI Driver and/or modules when CR is deleted forceRemoveDriver: true common: - # Image for CSI PowerScale driver v2.10.0 - image: "dellemc/csi-isilon:v2.10.0" + # Image for CSI PowerScale driver v2.10.1 + image: "dellemc/csi-isilon:v2.10.1" imagePullPolicy: IfNotPresent envs: # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs @@ -260,7 +260,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 - name: csi-metadata-retriever - image: dellemc/csi-metadata-retriever:v1.7.2 + image: dellemc/csi-metadata-retriever:v1.7.3 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor enabled: false @@ -277,10 +277,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -299,13 +299,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -321,7 +321,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -353,14 +353,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -410,7 +410,7 @@ spec: enabled: false # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-metrics-powerscale:v1.5.0 + image: dellemc/csm-metrics-powerscale:v1.5.1 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int @@ -479,10 +479,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: podmon-controller - image: dellemc/podmon:v1.9.0 + image: dellemc/podmon:v1.9.1 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-isilon" @@ -497,7 +497,7 @@ spec: - "--driverPath=csi-isilon.dellemc.com" - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - name: podmon-node - image: dellemc/podmon:v1.9.0 + image: dellemc/podmon:v1.9.1 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/config/samples/storage_v1_csm_powerstore.yaml b/config/samples/storage_v1_csm_powerstore.yaml index d4c02ee0f..fb8eb9ea8 100644 --- a/config/samples/storage_v1_csm_powerstore.yaml +++ b/config/samples/storage_v1_csm_powerstore.yaml @@ -31,8 +31,8 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerStore v2.10.0 driver - configVersion: v2.10.0 + # Config version for CSI PowerStore v2.10.1 driver + configVersion: v2.10.1 # authSecret: This is the secret used to validate the default PowerStore secret used for installation # Allowed values: -config # For example: If the metadataName is set to powerstore, authSecret value should be set to powerstore-config @@ -43,8 +43,8 @@ spec: forceUpdate: false forceRemoveDriver: true common: - # Image for CSI PowerStore driver v2.10.0 - image: "dellemc/csi-powerstore:v2.10.0" + # Image for CSI PowerStore driver v2.10.1 + image: "dellemc/csi-powerstore:v2.10.1" imagePullPolicy: IfNotPresent envs: - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX @@ -73,7 +73,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 - name: csi-metadata-retriever - image: dellemc/csi-metadata-retriever:v1.7.2 + image: dellemc/csi-metadata-retriever:v1.7.3 # health monitor is disabled by default, refer to driver documentation before enabling it - name: external-health-monitor @@ -183,10 +183,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: podmon-controller - image: dellemc/podmon:v1.9.0 + image: dellemc/podmon:v1.9.1 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-powerstore" @@ -201,7 +201,7 @@ spec: - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" - "--driverPath=csi-powerstore.dellemc.com" - name: podmon-node - image: dellemc/podmon:v1.9.0 + image: dellemc/podmon:v1.9.1 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/config/samples/storage_v1_csm_unity.yaml b/config/samples/storage_v1_csm_unity.yaml index 0b4cbdc7e..9237535b2 100644 --- a/config/samples/storage_v1_csm_unity.yaml +++ b/config/samples/storage_v1_csm_unity.yaml @@ -16,16 +16,16 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI Unity v2.11.0 driver - configVersion: v2.11.0 + # Config version for CSI Unity v2.10.1 driver + configVersion: v2.10.1 # Controller count replicas: 2 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - # Image for CSI Unity driver v2.11.0 - image: "dellemc/csi-unity:v2.11.0" + # Image for CSI Unity driver v2.10.1 + image: "dellemc/csi-unity:v2.10.1" imagePullPolicy: IfNotPresent envs: # X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. @@ -93,7 +93,7 @@ spec: - name: snapshotter image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 - name: csi-metadata-retriever - image: dellemc/csi-metadata-retriever:v1.7.2 + image: dellemc/csi-metadata-retriever:v1.7.3 # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity # Configure when the storageCapacity is set as "true" # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m @@ -137,16 +137,6 @@ spec: - name: X_CSI_HEALTH_MONITOR_ENABLED value: "false" - # X_CSI_ALLOWED_NETWORKS: Custom networks for Unity export - # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. - # Allowed values: list of one or more networks - # Default value: None - # Provide them in the following format: "net1 net2" - # CIDR format should be used - # eg: "192.168.1.0/24 192.168.100.0/22" - - name: X_CSI_ALLOWED_NETWORKS - value: "" - # nodeSelector: Define node selection constraints for node pods. # For the pod to be eligible to run on a node, the node must have each # of the indicated key-value pairs as labels. diff --git a/controllers/csm_controller.go b/controllers/csm_controller.go index 855515cf4..10ebdbbc8 100644 --- a/controllers/csm_controller.go +++ b/controllers/csm_controller.go @@ -93,7 +93,7 @@ const ( CSMFinalizerName = "finalizer.dell.emc.com" // CSMVersion - - CSMVersion = "v1.10.0" + CSMVersion = "v1.10.2" ) var ( diff --git a/controllers/csm_controller_test.go b/controllers/csm_controller_test.go index a545a6f7d..f7bfaa4f5 100644 --- a/controllers/csm_controller_test.go +++ b/controllers/csm_controller_test.go @@ -879,7 +879,7 @@ func (suite *CSMControllerTestSuite) TestContentWatch() { expRateLimiter := workqueue.NewItemExponentialFailureRateLimiter(5*time.Millisecond, 120*time.Second) suite.createReconciler().SetupWithManager(nil, expRateLimiter, 1) close(StopWatch) - version, err := utils.GetModuleDefaultVersion("v2.4.0", "csi-isilon", csmv1.Authorization, "../operatorconfig") + version, err := utils.GetModuleDefaultVersion("v2.10.1", "csi-isilon", csmv1.Authorization, "../operatorconfig") assert.NotNil(suite.T(), err) assert.NotNil(suite.T(), version) } diff --git a/deploy/olm/operator_community.yaml b/deploy/olm/operator_community.yaml index 5d97ba56b..e532f8c9a 100644 --- a/deploy/olm/operator_community.yaml +++ b/deploy/olm/operator_community.yaml @@ -5,7 +5,7 @@ metadata: namespace: test-csm-operator-olm spec: sourceType: grpc - image: docker.io/dellemc/dell-csm-operator:v1.5.0 + image: docker.io/dellemc/dell-csm-operator:v1.5.1 --- apiVersion: operators.coreos.com/v1 kind: OperatorGroup diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 260030729..ae537b83c 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1248,7 +1248,7 @@ spec: template: metadata: annotations: - storage.dell.com/CSMVersion: v1.10.0 + storage.dell.com/CSMVersion: v1.10.2 labels: control-plane: controller-manager spec: @@ -1259,39 +1259,39 @@ spec: - /manager env: - name: RELATED_IMAGE_dell-csm-operator - value: docker.io/dellemc/dell-csm-operator:v1.5.0 + value: docker.io/dellemc/dell-csm-operator:v1.5.1 - name: RELATED_IMAGE_csi-isilon - value: docker.io/dellemc/csi-isilon:v2.10.0 + value: docker.io/dellemc/csi-isilon:v2.10.1 - name: RELATED_IMAGE_csi-powermax - value: docker.io/dellemc/csi-powermax:v2.10.0 + value: docker.io/dellemc/csi-powermax:v2.10.1 - name: RELATED_IMAGE_csipowermax-reverseproxy - value: docker.io/dellemc/csipowermax-reverseproxy:v2.9.0 + value: docker.io/dellemc/csipowermax-reverseproxy:v2.9.1 - name: RELATED_IMAGE_csi-powerstore - value: docker.io/dellemc/csi-powerstore:v2.10.0 + value: docker.io/dellemc/csi-powerstore:v2.10.1 - name: RELATED_IMAGE_csi-unity - value: docker.io/dellemc/csi-unity:v2.10.0 + value: docker.io/dellemc/csi-unity:v2.10.1 - name: RELATED_IMAGE_csi-vxflexos - value: docker.io/dellemc/csi-vxflexos:v2.10.0 + value: docker.io/dellemc/csi-vxflexos:v2.10.1 - name: RELATED_IMAGE_sdc value: docker.io/dellemc/sdc:4.5.1 - name: RELATED_IMAGE_karavi-authorization-proxy - value: docker.io/dellemc/csm-authorization-sidecar:v1.10.0 + value: docker.io/dellemc/csm-authorization-sidecar:v1.10.1 - name: RELATED_IMAGE_dell-csi-replicator - value: docker.io/dellemc/dell-csi-replicator:v1.8.0 + value: docker.io/dellemc/dell-csi-replicator:v1.8.1 - name: RELATED_IMAGE_dell-replication-controller-manager - value: docker.io/dellemc/dell-replication-controller:v1.8.0 + value: docker.io/dellemc/dell-replication-controller:v1.8.1 - name: RELATED_IMAGE_topology - value: docker.io/dellemc/csm-topology:v1.8.0 + value: docker.io/dellemc/csm-topology:v1.8.1 - name: RELATED_IMAGE_otel-collector value: docker.io/otel/opentelemetry-collector:0.42.0 - name: RELATED_IMAGE_metrics-powerscale - value: docker.io/dellemc/csm-metrics-powerscale:v1.5.0 + value: docker.io/dellemc/csm-metrics-powerscale:v1.5.1 - name: RELATED_IMAGE_metrics-powermax - value: docker.io/dellemc/csm-metrics-powermax:v1.3.0 + value: docker.io/dellemc/csm-metrics-powermax:v1.3.1 - name: RELATED_IMAGE_metrics-powerflex - value: docker.io/dellemc/csm-metrics-powerflex:v1.8.0 + value: docker.io/dellemc/csm-metrics-powerflex:v1.8.1 - name: RELATED_IMAGE_podmon-node - value: docker.io/dellemc/podmon:v1.9.0 + value: docker.io/dellemc/podmon:v1.9.1 - name: RELATED_IMAGE_kube-rbac-proxy value: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: RELATED_IMAGE_attacher @@ -1307,12 +1307,12 @@ spec: - name: RELATED_IMAGE_externalhealthmonitorcontroller value: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 - name: RELATED_IMAGE_metadataretriever - value: dellemc/csi-metadata-retriever:v1.7.2 + value: dellemc/csi-metadata-retriever:v1.7.3 - name: RELATED_IMAGE_dell-connectivity-client value: docker.io/dellemc/connectivity-client-docker-k8s:1.2.3 - name: RELATED_IMAGE_cert-persister value: docker.io/dellemc/connectivity-cert-persister-k8s:0.11.0 - image: docker.io/dellemc/dell-csm-operator:v1.5.0 + image: docker.io/dellemc/dell-csm-operator:v1.5.1 imagePullPolicy: Always livenessProbe: httpGet: diff --git a/docker.mk b/docker.mk index 29bdc88c0..ffc4103ef 100644 --- a/docker.mk +++ b/docker.mk @@ -14,11 +14,11 @@ BUNDLE_IMAGE_TAG_BASE_COMMUNITY ?= dell-csm-community-operator-bundle # Image tag base for community catalog images CATALOG_IMAGE_TAG_BASE_COMMUNITY ?= dell-csm-community-operator-catalog -# Operator version tagged with build number. For e.g. - v1.5.0.001 -VERSION ?= v1.5.0 +# Operator version tagged with build number. For e.g. - v1.5.1.001 +VERSION ?= v1.5.1 # Bundle Version is the semantic version(required by operator-sdk) -BUNDLE_VERSION ?= 1.5.0 +BUNDLE_VERSION ?= 1.5.1 # Timestamp local builds TIMESTAMP := $(shell date +%Y%m%d%H%M%S) @@ -37,5 +37,5 @@ IMG ?= "$(REGISTRY)/$(IMAGE_TAG_BASE):$(VERSION)" # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) BUNDLE_IMG ?= "$(REGISTRY)/$(BUNDLE_IMAGE_TAG_BASE_COMMUNITY):$(VERSION)" -# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v1.5.0). +# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v1.5.1). CATALOG_IMG ?= "$(REGISTRY)/$(CATALOG_IMAGE_TAG_BASE_COMMUNITY):$(VERSION)" diff --git a/operatorconfig/driverconfig/common/default.yaml b/operatorconfig/driverconfig/common/default.yaml index 09c351cfd..12b711955 100644 --- a/operatorconfig/driverconfig/common/default.yaml +++ b/operatorconfig/driverconfig/common/default.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5.1 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.7.2 + metadataretriever: dellemc/csi-metadata-retriever:v1.7.3 diff --git a/operatorconfig/driverconfig/common/k8s-1.24-values.yaml b/operatorconfig/driverconfig/common/k8s-1.24-values.yaml index 09c351cfd..12b711955 100644 --- a/operatorconfig/driverconfig/common/k8s-1.24-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.24-values.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5.1 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.7.2 + metadataretriever: dellemc/csi-metadata-retriever:v1.7.3 diff --git a/operatorconfig/driverconfig/common/k8s-1.25-values.yaml b/operatorconfig/driverconfig/common/k8s-1.25-values.yaml index 09c351cfd..12b711955 100644 --- a/operatorconfig/driverconfig/common/k8s-1.25-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.25-values.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5.1 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.7.2 + metadataretriever: dellemc/csi-metadata-retriever:v1.7.3 diff --git a/operatorconfig/driverconfig/common/k8s-1.26-values.yaml b/operatorconfig/driverconfig/common/k8s-1.26-values.yaml index 09c351cfd..12b711955 100644 --- a/operatorconfig/driverconfig/common/k8s-1.26-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.26-values.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5.1 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.7.2 + metadataretriever: dellemc/csi-metadata-retriever:v1.7.3 diff --git a/operatorconfig/driverconfig/common/k8s-1.27-values.yaml b/operatorconfig/driverconfig/common/k8s-1.27-values.yaml index 09c351cfd..12b711955 100644 --- a/operatorconfig/driverconfig/common/k8s-1.27-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.27-values.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5.1 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.7.2 + metadataretriever: dellemc/csi-metadata-retriever:v1.7.3 diff --git a/operatorconfig/driverconfig/common/k8s-1.28-values.yaml b/operatorconfig/driverconfig/common/k8s-1.28-values.yaml index 09c351cfd..12b711955 100644 --- a/operatorconfig/driverconfig/common/k8s-1.28-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.28-values.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5.1 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.7.2 + metadataretriever: dellemc/csi-metadata-retriever:v1.7.3 diff --git a/operatorconfig/driverconfig/common/k8s-1.29-values.yaml b/operatorconfig/driverconfig/common/k8s-1.29-values.yaml index 09c351cfd..12b711955 100644 --- a/operatorconfig/driverconfig/common/k8s-1.29-values.yaml +++ b/operatorconfig/driverconfig/common/k8s-1.29-values.yaml @@ -27,4 +27,4 @@ images: sdcmonitor: dellemc/sdc:4.5.1 #"images.metadataretriever" defines the container images used for csi metadata retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.7.2 + metadataretriever: dellemc/csi-metadata-retriever:v1.7.3 diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml new file mode 100644 index 000000000..f0a353a03 --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/controller.yaml @@ -0,0 +1,258 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "update", "delete"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status","volumesnapshotcontents/status"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "update"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: + annotations: + com.dell.karavi-authorization-proxy: "true" +spec: + strategy: + rollingUpdate: + maxUnavailable: 1 + selector: + matchLabels: + name: -controller + replicas: 2 + template: + metadata: + labels: + name: -controller + spec: + affinity: + nodeSelector: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + serviceAccountName: -controller + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election=true" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--feature-gates=Topology=true" + - "--volume-name-prefix=k8s" + - "--volume-name-uuid-length=10" + - "--leader-election=true" + - "--timeout=120s" + - "--v=5" + - "--default-fstype=ext4" + - "--extra-create-metadata" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: csi-external-health-monitor-controller + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election=true" + - "--enable-node-watcher=true" + - "--http-endpoint=:8080" + - "--monitor-interval=60s" + - "--timeout=180s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=120s" + - "--v=5" + - "--leader-election=true" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election=true" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-vxflexos:v2.10.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-vxflexos.sh" ] + args: + - "--array-config=/vxflexos-config/config" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: false + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: false + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_QUOTA_ENABLED + value: + - name: X_CSI_POWERFLEX_EXTERNAL_ACCESS + value: + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: vxflexos-config + mountPath: /vxflexos-config + - name: vxflexos-config-params + mountPath: /vxflexos-config-params + - name: certs + mountPath: /certs + readOnly: true + volumes: + - name: socket-dir + emptyDir: + - name: vxflexos-config + secret: + secretName: -config + - name: vxflexos-config-params + configMap: + name: -config-params + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml new file mode 100644 index 000000000..9fdb2dfa0 --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/csidriver.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-vxflexos.dellemc.com +spec: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: + - Persistent + - Ephemeral \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml new file mode 100644 index 000000000..060d7ead6 --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/driver-config-params.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug + CSI_LOG_FORMAT: TEXT \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml new file mode 100644 index 000000000..fab3f832d --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/node.yaml @@ -0,0 +1,287 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "update", "delete"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: + annotations: + com.dell.karavi-authorization-proxy: "true" +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + driver.dellemc.com: dell-storage + spec: + serviceAccount: -node + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostPID: false + containers: + - name: driver + securityContext: + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: ["SYS_ADMIN"] + image: dellemc/csi-vxflexos:v2.10.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-vxflexos.sh" ] + args: + - "--array-config=/vxflexos-config/config" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: unix:///plugins/vxflexos.emc.dell.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/plugins/vxflexos.emc.dell.com/disks" + - name: X_CSI_ALLOW_RWO_MULTI_POD_ACCESS + value: false + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_APPROVE_SDC_ENABLED + value: + - name: X_CSI_RENAME_SDC_ENABLED + value: + - name: X_CSI_RENAME_SDC_PREFIX + value: + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: + - name: X_CSI_POWERFLEX_KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: driver-path + mountPath: /plugins/vxflexos.emc.dell.com + - name: volumedevices-path + mountPath: /plugins/kubernetes.io/csi/volumeDevices + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: noderoot + mountPath: /noderoot + - name: dev + mountPath: /dev + - name: vxflexos-config + mountPath: /vxflexos-config + - name: vxflexos-config-params + mountPath: /vxflexos-config-params + - name: certs + mountPath: /certs + readOnly: true + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/vxflexos.emc.dell.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + - name: sdc-monitor + securityContext: + privileged: true + image: dellemc/sdc:4.5.1 + imagePullPolicy: IfNotPresent + env: + - name: HOST_PID + value: "1" + - name: HOST_NET + value: "1" + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MODE + value: "monitoring" + volumeMounts: + - name: dev + mountPath: /dev + - name: os-release + mountPath: /host-os-release + - name: sdc-storage + mountPath: /storage + - name: udev-d + mountPath: /rules.d + - name: host-opt-emc-path + mountPath: /host_opt_emc_path + initContainers: + - name: sdc + securityContext: + privileged: true + image: dellemc/sdc:4.5.1 + imagePullPolicy: IfNotPresent + env: + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MODE + value: "config" + - name: MDM + valueFrom: + secretKeyRef: + name: -config + key: MDM + - name: HOST_DRV_CFG_PATH + value: /opt/emc/scaleio/sdc/bin + volumeMounts: + - name: dev + mountPath: /dev + - name: os-release + mountPath: /host-os-release + - name: sdc-storage + mountPath: /storage + - name: udev-d + mountPath: /rules.d + - name: scaleio-path-opt + mountPath: /host_drv_cfg_path + - name: host-opt-emc-path + mountPath: /host_opt_emc_path + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/vxflexos.emc.dell.com + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /plugins/kubernetes.io/csi/volumeDevices + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: noderoot + hostPath: + path: / + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: scaleio-path-opt + hostPath: + path: /opt/emc/scaleio/sdc/bin + type: DirectoryOrCreate + - name: sdc-storage + hostPath: + path: /var/emc-scaleio + type: DirectoryOrCreate + - name: udev-d + hostPath: + path: /etc/udev/rules.d + type: Directory + - name: os-release + hostPath: + path: /etc/os-release + type: File + - name: host-opt-emc-path + hostPath: + path: /opt/emc + type: Directory + - name: vxflexos-config + secret: + secretName: -config + - name: vxflexos-config-params + configMap: + name: -config-params + - name: usr-bin + hostPath: + path: /usr/bin + type: Directory + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: var-run + hostPath: + path: /var/run + type: Directory + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 diff --git a/operatorconfig/driverconfig/powerflex/v2.10.1/upgrade-path.yaml b/operatorconfig/driverconfig/powerflex/v2.10.1/upgrade-path.yaml new file mode 100644 index 000000000..9b0f4961e --- /dev/null +++ b/operatorconfig/driverconfig/powerflex/v2.10.1/upgrade-path.yaml @@ -0,0 +1,2 @@ + +minUpgradePath: v2.10.0 diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml new file mode 100644 index 000000000..2df63bab5 --- /dev/null +++ b/operatorconfig/driverconfig/powermax/v2.10.1/controller.yaml @@ -0,0 +1,322 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots", "volumesnapshots/status"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + app: -controller + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + app: -controller + spec: + serviceAccount: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + + containers: + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--timeout=180s" + - "--v=5" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--timeout=180s" + - "--worker-threads=6" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + - "--http-endpoint=:8080" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=pmax" + - "--volume-name-uuid-length=10" + - "--worker-threads=6" + - "--timeout=120s" + - "--v=5" + - "--feature-gates=Topology=true" + - "--leader-election" + - "--extra-create-metadata" + - "--default-fstype=ext4" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=180s" + - "--v=5" + - "--snapshot-name-prefix=pmsn" + - "--leader-election" + - "--snapshot-name-uuid-length=10" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-powermax:v2.10.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-powermax.sh" ] + env: + - name: X_CSI_POWERMAX_DRIVER_NAME + value: csi-powermax.dellemc.com + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MANAGED_ARRAYS + value: "" + - name: X_CSI_POWERMAX_ENDPOINT + value: "" + - name: X_CSI_K8S_CLUSTER_PREFIX + value: "" + - name: X_CSI_MODE + value: controller + - name: X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION + value: "true" + - name: X_CSI_POWERMAX_USER + valueFrom: + secretKeyRef: + key: username + name: powermax-creds + - name: X_CSI_POWERMAX_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: powermax-creds + - name: X_CSI_POWERMAX_DEBUG + value: "" + - name: X_CSI_POWERMAX_PORTGROUPS + value: "" + - name: X_CSI_GRPC_MAX_THREADS + value: "50" + - name: X_CSI_ENABLE_BLOCK + value: "true" + - name: X_CSI_TRANSPORT_PROTOCOL + value: "" + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_IG_NODENAME_TEMPLATE + value: "" + - name: X_CSI_IG_MODIFY_HOSTNAME + value: "" + - name: X_CSI_POWERMAX_PROXY_SERVICE_NAME + value: "csipowermax-reverseproxy" + - name: X_CSI_UNISPHERE_TIMEOUT + value: 5m + - name: X_CSI_POWERMAX_CONFIG_PATH + value: /powermax-config-params/driver-config-params.yaml + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_VSPHERE_ENABLED + value: "" + - name: X_CSI_VSPHERE_PORTGROUP + value: "" + - name: X_CSI_VSPHERE_HOSTNAME + value: "" + - name: X_CSI_VCENTER_HOST + value: "" + - name: X_CSI_VCENTER_USERNAME + valueFrom: + secretKeyRef: + key: username + name: vcenter-creds + optional: true + - name: X_CSI_VCENTER_PWD + valueFrom: + secretKeyRef: + key: password + name: vcenter-creds + optional: true + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: powermax-config-params + mountPath: -config-params + volumes: + - name: socket-dir + emptyDir: + - name: certs + secret: + secretName: -certs + optional: true + - name: powermax-config-params + configMap: + name: -config-params diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml new file mode 100644 index 000000000..5bacf36ae --- /dev/null +++ b/operatorconfig/driverconfig/powermax/v2.10.1/csidriver.yaml @@ -0,0 +1,23 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-powermax.dellemc.com +spec: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/driver-config-params.yaml b/operatorconfig/driverconfig/powermax/v2.10.1/driver-config-params.yaml new file mode 100644 index 000000000..6dd1ecfc7 --- /dev/null +++ b/operatorconfig/driverconfig/powermax/v2.10.1/driver-config-params.yaml @@ -0,0 +1,21 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "TEXT" diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml b/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml new file mode 100644 index 000000000..e15f55b93 --- /dev/null +++ b/operatorconfig/driverconfig/powermax/v2.10.1/node.yaml @@ -0,0 +1,258 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + spec: + serviceAccount: -node + #nodeSelector: + #tolerations: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver + command: ["/csi-powermax.sh"] + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-powermax:v2.10.1 + imagePullPolicy: IfNotPresent + env: + - name: X_CSI_POWERMAX_DRIVER_NAME + value: csi-powermax.dellemc.com + - name: CSI_ENDPOINT + value: unix:///plugins/powermax.emc.dell.com/csi_sock + - name: X_CSI_MANAGED_ARRAYS + value: "" + - name: X_CSI_POWERMAX_ENDPOINT + value: "" + - name: X_CSI_K8S_CLUSTER_PREFIX + value: "" + - name: X_CSI_MODE + value: node + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/plugins/powermax.emc.dell.com/disks" + - name: X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION + value: true + - name: X_CSI_POWERMAX_USER + valueFrom: + secretKeyRef: + name: powermax-creds + key: username + - name: X_CSI_POWERMAX_PASSWORD + valueFrom: + secretKeyRef: + name: powermax-creds + key: password + - name: X_CSI_POWERMAX_NODENAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_POWERMAX_ISCSI_ENABLE_CHAP + value: "" + - name: X_CSI_POWERMAX_PROXY_SERVICE_NAME + value: "powermax-reverseproxy" + - name: X_CSI_ISCSI_CHROOT + value: noderoot + - name: X_CSI_GRPC_MAX_THREADS + value: "50" + - name: X_CSI_TRANSPORT_PROTOCOL + value: "" + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_POWERMAX_CONFIG_PATH + value: /powermax-config-params/driver-config-params.yaml + - name: X_CSI_POWERMAX_TOPOLOGY_CONFIG_PATH + value: /node-topology-config/topologyConfig.yaml + - name: X_CSI_IG_NODENAME_TEMPLATE + value: "" + - name: X_CSI_IG_MODIFY_HOSTNAME + value: "" + - name: X_CSI_POWERMAX_PORTGROUPS + value: "" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "" + - name: X_CSI_TOPOLOGY_CONTROL_ENABLED + value: "" + - name: X_CSI_VSPHERE_ENABLED + value: "" + - name: X_CSI_VSPHERE_PORTGROUP + value: "" + - name: X_CSI_VCENTER_HOST + value: "" + - name: X_CSI_VSPHERE_HOSTNAME + value: "" + - name: X_CSI_VCENTER_USERNAME + valueFrom: + secretKeyRef: + key: username + name: vcenter-creds + optional: true + - name: X_CSI_VCENTER_PWD + valueFrom: + secretKeyRef: + key: password + name: vcenter-creds + optional: true + volumeMounts: + - name: driver-path + mountPath: /plugins/powermax.emc.dell.com + - name: volumedevices-path + mountPath: /plugins/kubernetes.io/csi/volumeDevices + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: sys + mountPath: /sys + - name: noderoot + mountPath: /noderoot + - name: dbus-socket + mountPath: /run/dbus/system_bus_socket + - name: certs + mountPath: /certs + readOnly: true + - name: powermax-config-params + mountPath: /powermax-config-params + - name: node-topology-config + mountPath: /node-topology-config + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/powermax.emc.dell.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/powermax.emc.dell.com + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /plugins/kubernetes.io/csi/volumeDevices + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory + - name: noderoot + hostPath: + path: / + type: Directory + - name: dbus-socket + hostPath: + path: /run/dbus/system_bus_socket + type: Socket + - name: certs + secret: + secretName: -certs + optional: true + - name: powermax-config-params + configMap: + name: -config-params + - name: node-topology-config + configMap: + name: node-topology-config + optional: true diff --git a/operatorconfig/driverconfig/powermax/v2.10.1/upgrade-path.yaml b/operatorconfig/driverconfig/powermax/v2.10.1/upgrade-path.yaml new file mode 100644 index 000000000..18dba8549 --- /dev/null +++ b/operatorconfig/driverconfig/powermax/v2.10.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.10.0 diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml new file mode 100644 index 000000000..c25e5fbd8 --- /dev/null +++ b/operatorconfig/driverconfig/powerscale/v2.10.1/controller.yaml @@ -0,0 +1,330 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + app: -controller + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + app: -controller + spec: + serviceAccount: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + + containers: + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--timeout=120s" + - "--v=5" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--timeout=180s" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--enable-node-watcher=false" + - "--monitor-interval=60s" + - "--timeout=180s" + - "--http-endpoint=:8080" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=k8s" + - "--volume-name-uuid-length=10" + - "--worker-threads=5" + - "--timeout=120s" + - "--v=5" + - "--feature-gates=Topology=true" + - "--leader-election" + - "--extra-create-metadata" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=120s" + - "--v=5" + - "--snapshot-name-prefix=snapshot" + - "--leader-election" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: csi-metadata-retriever + image: dellemc/csi-metadata-retriever:v1.7.3 + imagePullPolicy: Always + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=120s" + - "--v=5" + - "--leader-election" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + command: [ "/csi-metadata-retriever" ] + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: CSI_RETRIEVER_ENDPOINT + value: /var/run/csi/csi_retriever.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-isilon:v2.10.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-isilon" ] + args: + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: CSI_RETRIEVER_ENDPOINT + value: /var/run/csi/csi_retriever.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + - name: X_CSI_ISI_AUTH_TYPE + value: "0" + - name: X_CSI_VERBOSE + value: "1" + - name: X_CSI_ISI_PORT + value: "8080" + - name: X_CSI_ISI_AUTOPROBE + value: "true" + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + - name: X_CSI_ISI_ACCESS_ZONE + value: system + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + - name: X_CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_ISI_CONFIG_PATH + value: /isilon-configs/config + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: isilon-configs + mountPath: /isilon-configs + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params + volumes: + - name: socket-dir + emptyDir: + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: isilon-configs + secret: + secretName: -creds + - name: csi-isilon-config-params + configMap: + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml new file mode 100644 index 000000000..facd6cd6a --- /dev/null +++ b/operatorconfig/driverconfig/powerscale/v2.10.1/csidriver.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-isilon.dellemc.com +spec: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerscale/v2.10.1/driver-config-params.yaml new file mode 100644 index 000000000..506503099 --- /dev/null +++ b/operatorconfig/driverconfig/powerscale/v2.10.1/driver-config-params.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml b/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml new file mode 100644 index 000000000..01b9bf64e --- /dev/null +++ b/operatorconfig/driverconfig/powerscale/v2.10.1/node.yaml @@ -0,0 +1,215 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + spec: + serviceAccount: -node + #nodeSelector: + #tolerations: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver + command: ["/csi-isilon"] + args: + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-isilon:v2.10.1 + imagePullPolicy: IfNotPresent + env: + - name: CSI_ENDPOINT + value: /plugins/csi-isilon/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + - name: X_CSI_ISI_AUTH_TYPE + value: "0" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + - name: X_CSI_VERBOSE + value: "1" + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/plugins/csi-isilon/disks" + - name: X_CSI_ISI_PORT + value: "8080" + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + - name: X_CSI_ISI_AUTOPROBE + value: "true" + - name: X_CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: X_CSI_NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + - name: X_CSI_ISI_CONFIG_PATH + value: /isilon-configs/config + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + volumeMounts: + - name: driver-path + mountPath: /plugins/csi-isilon + - name: volumedevices-path + mountPath: /plugins/kubernetes.io/csi/volumeDevices + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: certs + mountPath: /certs + readOnly: true + - name: isilon-configs + mountPath: /isilon-configs + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/csi-isilon/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: usr-bin + hostPath: + path: /usr/bin + type: Directory + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: var-run + hostPath: + path: /var/run + type: Directory + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: csi-path + hostPath: + path: /plugins/kubernetes.io/csi + - name: driver-path + hostPath: + path: /plugins/csi-isilon + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /plugins/kubernetes.io/csi/volumeDevices + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: isilon-configs + secret: + secretName: -creds + - name: csi-isilon-config-params + configMap: + name: -config-params diff --git a/operatorconfig/driverconfig/powerscale/v2.10.1/upgrade-path.yaml b/operatorconfig/driverconfig/powerscale/v2.10.1/upgrade-path.yaml new file mode 100644 index 000000000..18dba8549 --- /dev/null +++ b/operatorconfig/driverconfig/powerscale/v2.10.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.10.0 diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml new file mode 100644 index 000000000..eb6ddcf5b --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/controller.yaml @@ -0,0 +1,270 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["volumegroup.storage.dell.com"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + verbs: ["create", "list", "watch", "delete", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots", "volumesnapshots/status"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + name: -controller + replicas: 2 + template: + metadata: + labels: + name: -controller + spec: + serviceAccountName: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--worker-threads=130" + - "--resync=10s" + - "--timeout=130s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=csivol" + - "--volume-name-uuid-length=10" + - "--v=5" + - "--leader-election" + - "--default-fstype=ext4" + - "--extra-create-metadata" + - "--feature-gates=Topology=true" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--snapshot-name-prefix=csisnap" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--http-endpoint=:8080" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-powerstore:v2.10.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] + args: + - "--array-config=/powerstore-config/config" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + env: + - name: ENABLE_TRACING + value: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_DRIVER_NAME + value: "csi-powerstore.dellemc.com" + - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS + value: + - name: X_CSI_NFS_ACLS + value: "" + - name: X_CSI_POWERSTORE_CONFIG_PATH + value: /powerstore-config/config + - name: X_CSI_POWERSTORE_CONFIG_PARAMS_PATH + value: /powerstore-config-params/driver-config-params.yaml + - name: GOPOWERSTORE_DEBUG + value: true + - name: CSI_AUTO_ROUND_OFF_FILESYSTEM_SIZE + value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: powerstore-config + mountPath: /powerstore-config + - name: powerstore-config-params + mountPath: /powerstore-config-params + volumes: + - name: socket-dir + emptyDir: + - name: powerstore-config-params + configMap: + name: -config-params + - name: powerstore-config + secret: + secretName: -config \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml new file mode 100644 index 000000000..1d6b34780 --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/csidriver.yaml @@ -0,0 +1,27 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-powerstore.dellemc.com +spec: + storageCapacity: false + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent + - Ephemeral \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml new file mode 100644 index 000000000..c775e7442 --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/driver-config-params.yaml @@ -0,0 +1,29 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "JSON" + PODMON_CONTROLLER_LOG_LEVEL: "debug" + PODMON_CONTROLLER_LOG_FORMAT: "JSON" + PODMON_NODE_LOG_LEVEL: "debug" + PODMON_NODE_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml new file mode 100644 index 000000000..6f1f8c550 --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/node.yaml @@ -0,0 +1,244 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + driver.dellemc.com: dell-storage + spec: + #nodeSelector: + #tolerations: + serviceAccount: -node + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostIPC: true + containers: + - name: driver + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-powerstore:v2.10.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] + args: + - "--array-config=/powerstore-config/config" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + env: + - name: ENABLE_TRACING + value: + - name: CSI_ENDPOINT + value: unix:///plugins/csi-powerstore.dellemc.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_POWERSTORE_KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX + value: + - name: X_CSI_POWERSTORE_NODE_ID_PATH + value: /node-id + - name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE + value: + - name: X_CSI_POWERSTORE_NODE_CHROOT_PATH + value: /noderoot + - name: X_CSI_POWERSTORE_TMP_DIR + value: /plugins/csi-powerstore.dellemc.com/tmp + - name: X_CSI_DRIVER_NAME + value: "csi-powerstore.dellemc.com" + - name: X_CSI_FC_PORTS_FILTER_FILE_PATH + value: + - name: X_CSI_POWERSTORE_ENABLE_CHAP + value: "" + - name: X_CSI_POWERSTORE_CONFIG_PATH + value: /powerstore-config/config + - name: X_CSI_POWERSTORE_CONFIG_PARAMS_PATH + value: /powerstore-config-params/driver-config-params.yaml + - name: GOPOWERSTORE_DEBUG + value: "true" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + volumeMounts: + - name: driver-path + mountPath: /plugins/csi-powerstore.dellemc.com + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: sys + mountPath: /sys + - name: run + mountPath: /run + - name: node-id + mountPath: /node-id + - name: etciscsi + mountPath: /etc/iscsi + - name: mpath + mountPath: /etc/multipath.conf + - name: noderoot + mountPath: /noderoot + - name: powerstore-config + mountPath: /powerstore-config + - name: powerstore-config-params + mountPath: /powerstore-config-params + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/csi-powerstore.dellemc.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/csi-powerstore.dellemc.com + type: DirectoryOrCreate + - name: csi-path + hostPath: + path: /plugins/kubernetes.io/csi + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: node-id + hostPath: + path: /etc/machine-id + type: File + - name: etciscsi + hostPath: + path: /etc/iscsi + type: DirectoryOrCreate + - name: mpath + hostPath: + path: /etc/multipath.conf + type: FileOrCreate + - name: noderoot + hostPath: + path: / + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory + - name: run + hostPath: + path: /run + type: Directory + - name: powerstore-config-params + configMap: + name: -config-params + - name: powerstore-config + secret: + secretName: -config + - name: usr-bin + hostPath: + path: /usr/bin + type: Directory + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: var-run + hostPath: + path: /var/run + type: Directory diff --git a/operatorconfig/driverconfig/powerstore/v2.10.1/upgrade-path.yaml b/operatorconfig/driverconfig/powerstore/v2.10.1/upgrade-path.yaml new file mode 100644 index 000000000..c4d972f61 --- /dev/null +++ b/operatorconfig/driverconfig/powerstore/v2.10.1/upgrade-path.yaml @@ -0,0 +1,16 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +minUpgradePath: v2.10.0 diff --git a/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml b/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml new file mode 100644 index 000000000..463fe2381 --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.10.1/controller.yaml @@ -0,0 +1,259 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "create", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update","patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + app: -controller + replicas: 2 + template: + metadata: + labels: + app: -controller + spec: + serviceAccountName: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=csivol" + - "--volume-name-uuid-length=10" + - "--timeout=180s" + - "--worker-threads=6" + - "--v=5" + - "--feature-gates=Topology=true" + - "--strict-topology=true" + - "--leader-election" + - "--leader-election-namespace=" + - "--default-fstype=ext4" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--snapshot-name-prefix=csi-snap" + - "--snapshot-name-uuid-length=10" + - "--timeout=360s" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--http-endpoint=:8080" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-unity:v2.10.1 + args: + - "--driver-name=csi-unity.dellemc.com" + - "--driver-config=/unity-config/driver-config-params.yaml" + - "--driver-secret=/unity-secret/config" + imagePullPolicy: IfNotPresent + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_UNITY_AUTOPROBE + value: "true" + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: unity-config + mountPath: /unity-config + - name: unity-secret + mountPath: /unity-secret + volumes: + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: socket-dir + emptyDir: + - name: unity-config + configMap: + name: -config-params + - name: unity-secret + secret: + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml b/operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml new file mode 100644 index 000000000..1ef295e21 --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.10.1/csidriver.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-unity.dellemc.com +spec: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/operatorconfig/driverconfig/unity/v2.10.1/driver-config-params.yaml b/operatorconfig/driverconfig/unity/v2.10.1/driver-config-params.yaml new file mode 100644 index 000000000..c49210aab --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.10.1/driver-config-params.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "info" + ALLOW_RWO_MULTIPOD_ACCESS: "false" + MAX_UNITY_VOLUMES_PER_NODE: 0 + SYNC_NODE_INFO_TIME_INTERVAL: 15 + TENANT_NAME: "" diff --git a/operatorconfig/driverconfig/unity/v2.10.1/node.yaml b/operatorconfig/driverconfig/unity/v2.10.1/node.yaml new file mode 100644 index 000000000..ef69e5863 --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.10.1/node.yaml @@ -0,0 +1,189 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + spec: + serviceAccountName: -node + hostIPC: true + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-unity:v2.10.1 + imagePullPolicy: IfNotPresent + args: + - "--driver-name=csi-unity.dellemc.com" + - "--driver-config=/unity-config/driver-config-params.yaml" + - "--driver-secret=/unity-secret/config" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_UNITY_AUTOPROBE + value: "true" + - name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS + value: "false" + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/var/lib/kubelet/plugins/unity.emc.dell.com/disks" + - name: X_CSI_EPHEMERAL_STAGING_PATH + value: "/var/lib/kubelet/plugins/kubernetes.io/csi/pv/" + - name: X_CSI_ISCSI_CHROOT + value: "/noderoot" + - name: X_CSI_UNITY_NODENAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_UNITY_SYNC_NODEINFO_INTERVAL + value: "15" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + volumeMounts: + - name: driver-path + mountPath: /var/lib/kubelet/plugins/unity.emc.dell.com + - name: volumedevices-path + mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: noderoot + mountPath: /noderoot + - name: certs + mountPath: /certs + readOnly: true + - name: unity-config + mountPath: /unity-config + - name: unity-secret + mountPath: /unity-secret + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /var/lib/kubelet/plugins/unity.emc.dell.com + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: noderoot + hostPath: + path: / + type: Directory + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: unity-config + configMap: + name: -config-params + - name: unity-secret + secret: + secretName: -creds diff --git a/operatorconfig/driverconfig/unity/v2.10.1/upgrade-path.yaml b/operatorconfig/driverconfig/unity/v2.10.1/upgrade-path.yaml new file mode 100644 index 000000000..18dba8549 --- /dev/null +++ b/operatorconfig/driverconfig/unity/v2.10.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.10.0 diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml new file mode 100644 index 000000000..ffc9f5f1f --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/cert-manager.yaml @@ -0,0 +1,1104 @@ +# Copyright 2021 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +# Source: cert-manager/templates/cainjector-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: -cert-manager-cainjector + namespace: "" + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +--- +# Source: cert-manager/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: -cert-manager + namespace: "" + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +--- +# Source: cert-manager/templates/webhook-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: -cert-manager-webhook + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-cainjector + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "create", "update", "patch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiregistration.k8s.io"] + resources: ["apiservices"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["auditregistration.k8s.io"] + resources: ["auditsinks"] + verbs: ["get", "list", "watch", "update"] +--- +# Source: cert-manager/templates/rbac.yaml +# Issuer controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-issuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["issuers", "issuers/status"] + verbs: ["update"] + - apiGroups: ["cert-manager.io"] + resources: ["issuers"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# ClusterIssuer controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-clusterissuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers", "clusterissuers/status"] + verbs: ["update"] + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# Certificates controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-certificates + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] + verbs: ["update"] + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"] + verbs: ["get", "list", "watch"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["cert-manager.io"] + resources: ["certificates/finalizers", "certificaterequests/finalizers"] + verbs: ["update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders"] + verbs: ["create", "delete", "get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create", "update", "delete"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# Orders controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-orders + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders", "orders/status"] + verbs: ["update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders", "challenges"] + verbs: ["get", "list", "watch"] + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers", "issuers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges"] + verbs: ["create", "delete"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders/finalizers"] + verbs: ["update"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +# Challenges controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-challenges + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + # Use to update challenge resource status + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges", "challenges/status"] + verbs: ["update"] + # Used to watch challenge resources + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges"] + verbs: ["get", "list", "watch"] + # Used to watch challenges, issuer and clusterissuer resources + - apiGroups: ["cert-manager.io"] + resources: ["issuers", "clusterissuers"] + verbs: ["get", "list", "watch"] + # Need to be able to retrieve ACME account private key to complete challenges + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + # Used to create events + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + # HTTP01 rules + - apiGroups: [""] + resources: ["pods", "services"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [ "networking.x-k8s.io" ] + resources: [ "httproutes" ] + verbs: ["get", "list", "watch", "create", "delete", "update"] + # We require the ability to specify a custom hostname when we are creating + # new ingress resources. + # See: https://github.com/openshift/origin/blob/21f191775636f9acadb44fa42beeb4f75b255532/pkg/route/apiserver/admission/ingress_admission.go#L84-L148 + - apiGroups: ["route.openshift.io"] + resources: ["routes/custom-host"] + verbs: ["create"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges/finalizers"] + verbs: ["update"] + # DNS01 rules (duplicated above) + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] +--- +# Source: cert-manager/templates/rbac.yaml +# ingress-shim controller role +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-ingress-shim + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests"] + verbs: ["create", "update", "delete"] + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] + # We require these rules to support users with the OwnerReferencesPermissionEnforcement + # admission controller enabled: + # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement + - apiGroups: ["networking.k8s.io"] + resources: ["ingresses/finalizers"] + verbs: ["update"] + - apiGroups: ["networking.x-k8s.io"] + resources: ["gateways", "httproutes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["networking.x-k8s.io"] + resources: ["gateways/finalizers", "httproutes/finalizers"] + verbs: ["update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-view + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges", "orders"] + verbs: ["get", "list", "watch"] +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-edit + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["certificates", "certificaterequests", "issuers"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["challenges", "orders"] + verbs: ["create", "delete", "deletecollection", "patch", "update"] +--- +# Source: cert-manager/templates/rbac.yaml +# Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-approve:cert-manager-io + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["signers"] + verbs: ["approve"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] +--- +# Source: cert-manager/templates/rbac.yaml +# Permission to: +# - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers +# - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-controller-certificatesigningrequests + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +rules: + - apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["certificates.k8s.io"] + resources: ["certificatesigningrequests/status"] + verbs: ["update"] + - apiGroups: ["certificates.k8s.io"] + resources: ["signers"] + resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + verbs: ["sign"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: -cert-manager-webhook:subjectaccessreviews + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +rules: +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-cainjector + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-cainjector +subjects: + - name: -cert-manager-cainjector + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-issuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-issuers +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-clusterissuers + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-clusterissuers +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: -cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-certificates + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-certificates +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-orders + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-orders +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-challenges + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-challenges +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-ingress-shim + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-ingress-shim +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-approve:cert-manager-io + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-approve:cert-manager-io +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-controller-certificatesigningrequests + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "cert-manager" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-controller-certificatesigningrequests +subjects: + - name: -cert-manager + namespace: "" + kind: ServiceAccount +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: -cert-manager-webhook:subjectaccessreviews + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -cert-manager-webhook:subjectaccessreviews +subjects: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +# leader election rules +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -cert-manager-cainjector:leaderelection + namespace: kube-system + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +rules: + # Used for leader election by the controller + # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller + # see cmd/cainjector/start.go#L113 + # cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller + # see cmd/cainjector/start.go#L137 + # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + verbs: ["get", "update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"] + verbs: ["get", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create"] +--- +# Source: cert-manager/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -cert-manager:leaderelection + namespace: kube-system + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +rules: + # Used for leader election by the controller + # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688 + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["cert-manager-controller"] + verbs: ["get", "update", "patch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["cert-manager-controller"] + verbs: ["get", "update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create"] +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: -cert-manager-webhook:dynamic-serving + namespace: + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +rules: +- apiGroups: [""] + resources: ["secrets"] + resourceNames: ["cert-manager-webhook-ca"] + verbs: ["get", "list", "watch", "update"] +# It's not possible to grant CREATE permission on a single resourceName. +- apiGroups: [""] + resources: ["secrets"] + verbs: ["create"] +--- +# Source: cert-manager/templates/cainjector-rbac.yaml +# grant cert-manager permission to manage the leaderelection configmap in the +# leader election namespace +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -cert-manager-cainjector:leaderelection + namespace: kube-system + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -cert-manager-cainjector:leaderelection +subjects: + - kind: ServiceAccount + name: -cert-manager-cainjector + namespace: +--- +# Source: cert-manager/templates/rbac.yaml +# grant cert-manager permission to manage the leaderelection configmap in the +# leader election namespace +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -cert-manager:leaderelection + namespace: kube-system + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -cert-manager:leaderelection +subjects: + - apiGroup: "" + kind: ServiceAccount + name: -cert-manager + namespace: +--- +# Source: cert-manager/templates/webhook-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: -cert-manager-webhook:dynamic-serving + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -cert-manager-webhook:dynamic-serving +subjects: +- apiGroup: "" + kind: ServiceAccount + name: -cert-manager-webhook + namespace: +--- +# Source: cert-manager/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: -cert-manager + namespace: "" + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +spec: + type: ClusterIP + ports: + - protocol: TCP + port: 9402 + name: tcp-prometheus-servicemonitor + targetPort: 9402 + selector: + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" +--- +# Source: cert-manager/templates/webhook-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: -cert-manager-webhook + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +spec: + type: ClusterIP + ports: + - name: https + port: 443 + protocol: TCP + targetPort: 10250 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" +--- +# Source: cert-manager/templates/cainjector-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: -cert-manager-cainjector + namespace: "" + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + template: + metadata: + labels: + app: cainjector + app.kubernetes.io/name: cainjector + app.kubernetes.io/instance: + app.kubernetes.io/component: "cainjector" + app.kubernetes.io/version: "v1.6.1" + spec: + serviceAccountName: -cert-manager-cainjector + securityContext: + runAsNonRoot: true + containers: + - name: cert-manager + image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1" + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --leader-election-namespace=kube-system + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} +--- +# Source: cert-manager/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: -cert-manager + namespace: "" + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + template: + metadata: + labels: + app: cert-manager + app.kubernetes.io/name: cert-manager + app.kubernetes.io/instance: + app.kubernetes.io/component: "controller" + app.kubernetes.io/version: "v1.6.1" + annotations: + prometheus.io/path: "/metrics" + prometheus.io/scrape: 'true' + prometheus.io/port: '9402' + spec: + serviceAccountName: -cert-manager + securityContext: + runAsNonRoot: true + containers: + - name: cert-manager + image: "quay.io/jetstack/cert-manager-controller:v1.6.1" + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --cluster-resource-namespace=$(POD_NAMESPACE) + - --leader-election-namespace=kube-system + ports: + - containerPort: 9402 + protocol: TCP + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} +--- +# Source: cert-manager/templates/webhook-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: -cert-manager-webhook + namespace: "" + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + template: + metadata: + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" + spec: + serviceAccountName: -cert-manager-webhook + securityContext: + runAsNonRoot: true + containers: + - name: cert-manager + image: "quay.io/jetstack/cert-manager-webhook:v1.6.1" + imagePullPolicy: IfNotPresent + args: + - --v=2 + - --secure-port=10250 + - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) + - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca + - --dynamic-serving-dns-names=-cert-manager-webhook,-cert-manager-webhook.,-cert-manager-webhook..svc + ports: + - name: https + protocol: TCP + containerPort: 10250 + livenessProbe: + httpGet: + path: /livez + port: 6080 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /healthz + port: 6080 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + {} +--- +# Source: cert-manager/templates/webhook-mutating-webhook.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: -cert-manager-webhook + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" + annotations: + cert-manager.io/inject-ca-from-secret: "/cert-manager-webhook-ca" +webhooks: + - name: webhook.cert-manager.io + rules: + - apiGroups: + - "cert-manager.io" + - "acme.cert-manager.io" + apiVersions: + - "v1" + operations: + - CREATE + - UPDATE + resources: + - "*/*" + # We don't actually support `v1beta1` but is listed here as it is a + # required value for + # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025). + # The API server reads the supported versions in order, so _should always_ + # attempt a `v1` request which is understood by the cert-manager webhook. + # Any `v1beta1` request will return an error and fail closed for that + # resource (the whole object request is rejected). When we no longer + # support v1.16 we can remove `v1beta1` from this list. + admissionReviewVersions: ["v1", "v1beta1"] + # This webhook only accepts v1 cert-manager resources. + # Equivalent matchPolicy ensures that non-v1 resource requests are sent to + # this webhook (after the resources have been converted to v1). + matchPolicy: Equivalent + timeoutSeconds: 10 + failurePolicy: Fail + # Only include 'sideEffects' field in Kubernetes 1.12+ + sideEffects: None + clientConfig: + service: + name: -cert-manager-webhook + namespace: "" + path: /mutate +--- +# Source: cert-manager/templates/webhook-validating-webhook.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: -cert-manager-webhook + labels: + app: webhook + app.kubernetes.io/name: webhook + app.kubernetes.io/instance: + app.kubernetes.io/component: "webhook" + app.kubernetes.io/version: "v1.6.1" + annotations: + cert-manager.io/inject-ca-from-secret: "/cert-manager-webhook-ca" +webhooks: + - name: webhook.cert-manager.io + namespaceSelector: + matchExpressions: + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + - key: "name" + operator: "NotIn" + values: + - cert-manager + rules: + - apiGroups: + - "cert-manager.io" + - "acme.cert-manager.io" + apiVersions: + - "v1" + operations: + - CREATE + - UPDATE + resources: + - "*/*" + # We don't actually support `v1beta1` but is listed here as it is a + # required value for + # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025). + # The API server reads the supported versions in order, so _should always_ + # attempt a `v1` request which is understood by the cert-manager webhook. + # Any `v1beta1` request will return an error and fail closed for that + # resource (the whole object request is rejected). When we no longer + # support v1.16 we can remove `v1beta1` from this list. + admissionReviewVersions: ["v1", "v1beta1"] + # This webhook only accepts v1 cert-manager resources. + # Equivalent matchPolicy ensures that non-v1 resource requests are sent to + # this webhook (after the resources have been converted to v1). + matchPolicy: Equivalent + timeoutSeconds: 10 + failurePolicy: Fail + sideEffects: None + clientConfig: + service: + name: -cert-manager-webhook + namespace: "" + path: /validate \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/container.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/container.yaml new file mode 100644 index 000000000..3db560e5c --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/container.yaml @@ -0,0 +1,27 @@ +name: karavi-authorization-proxy +imagePullPolicy: IfNotPresent +image: dellemc/csm-authorization-sidecar:v1.10.1 +env: + - name: PROXY_HOST + value: "" + - name: INSECURE + value: "true" + - name: PLUGIN_IDENTIFIER + value: + - name: ACCESS_TOKEN + valueFrom: + secretKeyRef: + name: proxy-authz-tokens + key: access + - name: REFRESH_TOKEN + valueFrom: + secretKeyRef: + name: proxy-authz-tokens + key: refresh +volumeMounts: + - name: karavi-authorization-config + mountPath: /etc/karavi-authorization/config + - name: proxy-server-root-certificate + mountPath: /etc/karavi-authorization/root-certificates + - name: + mountPath: /etc/karavi-authorization diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml new file mode 100644 index 000000000..e6f3c7992 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/deployment.yaml @@ -0,0 +1,505 @@ +# Proxy service +apiVersion: apps/v1 +kind: Deployment +metadata: + name: proxy-server + namespace: + labels: + app: proxy-server +spec: + replicas: 1 + selector: + matchLabels: + app: proxy-server + template: + metadata: + labels: + csm: + app: proxy-server + spec: + containers: + - name: proxy-server + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + - "--tenant-service=tenant-service..svc.cluster.local:50051" + - "--role-service=role-service..svc.cluster.local:50051" + - "--storage-service=storage-service..svc.cluster.local:50051" + ports: + - containerPort: 8080 + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: storage-volume + mountPath: /etc/karavi-authorization/storage + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + - name: opa + image: + imagePullPolicy: IfNotPresent + args: + - "run" + - "--ignore=." + - "--server" + - "--log-level=debug" + ports: + - name: http + containerPort: 8181 + - name: kube-mgmt + image: + imagePullPolicy: IfNotPresent + args: + - "--policies=authorization" + - "--enable-data" + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: storage-volume + secret: + secretName: karavi-storage-secret + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: proxy-server + namespace: +spec: + selector: + app: proxy-server + ports: + - name: http + protocol: TCP + port: 8080 + targetPort: 8080 +--- +# Tenant Service +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tenant-service + namespace: + labels: + app: tenant-service +spec: + replicas: 1 + selector: + matchLabels: + app: tenant-service + template: + metadata: + labels: + csm: + app: tenant-service + spec: + containers: + - name: tenant-service + image: + imagePullPolicy: Always + args: + - "--redis-host=redis..svc.cluster.local:6379" + ports: + - containerPort: 50051 + name: grpc + volumeMounts: + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: tenant-service + namespace: +spec: + selector: + app: tenant-service + ports: + - port: 50051 + targetPort: 50051 + name: grpc +--- +# Role Service +apiVersion: v1 +kind: ServiceAccount +metadata: + name: role-service + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: role-service +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: role-service +subjects: + - kind: ServiceAccount + name: role-service + namespace: +roleRef: + kind: ClusterRole + name: role-service + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: role-service + namespace: + labels: + app: role-service +spec: + replicas: 1 + selector: + matchLabels: + app: role-service + template: + metadata: + labels: + csm: + app: role-service + spec: + serviceAccountName: role-service + containers: + - name: role-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: role-service + namespace: +spec: + selector: + app: role-service + ports: + - port: 50051 + targetPort: 50051 + name: grpc +--- +# Storage service +apiVersion: v1 +kind: ServiceAccount +metadata: + name: storage-service + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: storage-service +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "patch", "post"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: storage-service +subjects: + - kind: ServiceAccount + name: storage-service + namespace: +roleRef: + kind: ClusterRole + name: storage-service + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: storage-service + namespace: + labels: + app: storage-service +spec: + replicas: 1 + selector: + matchLabels: + app: storage-service + template: + metadata: + labels: + csm: + app: storage-service + spec: + serviceAccountName: storage-service + containers: + - name: storage-service + image: + imagePullPolicy: Always + ports: + - containerPort: 50051 + name: grpc + env: + - name: NAMESPACE + value: + volumeMounts: + - name: storage-volume + mountPath: /etc/karavi-authorization/storage + - name: config-volume + mountPath: /etc/karavi-authorization/config + - name: csm-config-params + mountPath: /etc/karavi-authorization/csm-config-params + volumes: + - name: storage-volume + secret: + secretName: karavi-storage-secret + - name: config-volume + secret: + secretName: karavi-config-secret + - name: csm-config-params + configMap: + name: csm-config-params +--- +apiVersion: v1 +kind: Service +metadata: + name: storage-service + namespace: +spec: + selector: + app: storage-service + ports: + - port: 50051 + targetPort: 50051 + name: grpc +--- +# Redis +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-primary + namespace: + labels: + app: redis +spec: + selector: + matchLabels: + app: redis + role: primary + tier: backend + replicas: 1 + template: + metadata: + labels: + csm: + app: redis + role: primary + tier: backend + spec: + containers: + - name: primary + image: + imagePullPolicy: IfNotPresent + args: ["--appendonly", "yes", "--appendfsync", "always"] + resources: + requests: + cpu: 100m + memory: 100Mi + ports: + - containerPort: 6379 + volumeMounts: + - name: redis-primary-volume + mountPath: /data + volumes: + - name: redis-primary-volume + persistentVolumeClaim: + claimName: redis-primary-pv-claim +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: redis-primary-pv-claim + namespace: + labels: + app: redis-primary +spec: + accessModes: + - ReadWriteOnce + storageClassName: + resources: + requests: + storage: 8Gi +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-commander + namespace: +spec: + replicas: 1 + selector: + matchLabels: + app: redis-commander + template: + metadata: + labels: + csm: + app: redis-commander + tier: backend + spec: + containers: + - name: redis-commander + image: + imagePullPolicy: IfNotPresent + env: + - name: REDIS_HOSTS + value: "rbac:redis..svc.cluster.local:6379" + - name: K8S_SIGTERM + value: "1" + ports: + - name: redis-commander + containerPort: 8081 + livenessProbe: + httpGet: + path: /favicon.png + port: 8081 + initialDelaySeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: "500m" + memory: "512M" + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + namespace: +spec: + selector: + app: redis + ports: + - protocol: TCP + port: 6379 + targetPort: 6379 +--- +apiVersion: v1 +kind: Service +metadata: + name: redis-commander + namespace: +spec: + selector: + app: redis-commander + ports: + - protocol: TCP + port: 8081 + targetPort: 8081 +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: auth-resource-reader +rules: + - apiGroups: [""] + resources: ["secrets", "configmaps", "pods"] + verbs: ["get", "watch", "list", "patch", "create", "update", "delete"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + resourceNames: ["ingress-controller-leader"] + verbs: ["get", "update"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:serviceaccounts:authorization +subjects: + - kind: Group + name: system:serviceaccounts:authorization + namespace: +roleRef: + kind: ClusterRole + name: auth-resource-reader + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: view +--- +# Grant OPA/kube-mgmt read-only access to resources. This lets kube-mgmt +# list configmaps to be loaded into OPA as policies. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: opa-viewer +roleRef: + kind: ClusterRole + name: view + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: Group + name: system:serviceaccounts:authorization + apiGroup: rbac.authorization.k8s.io +--- +# Define role for OPA/kube-mgmt to update configmaps with policy status. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: + name: configmap-modifier +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] +--- +# Grant OPA/kube-mgmt role defined above. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: + name: opa-configmap-modifier +roleRef: + kind: Role + name: configmap-modifier + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: Group + name: system:serviceaccounts:authorization + apiGroup: rbac.authorization.k8s.io diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/ingress.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/ingress.yaml new file mode 100644 index 000000000..a9de55512 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/ingress.yaml @@ -0,0 +1,42 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: proxy-server + namespace: +spec: + ingressClassName: + tls: + - hosts: + - + - + secretName: karavi-auth-tls + rules: + - host: + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: proxy-server + port: + number: 8080 + - host: + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: proxy-server + port: + number: 8080 + - http: + paths: + - backend: + service: + name: proxy-server + port: + number: 8080 + path: / + pathType: Prefix diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml new file mode 100644 index 000000000..eba2e6c84 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/local-provisioner.yaml @@ -0,0 +1,21 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: csm-authorization-local-storage +provisioner: kubernetes.io/no-provisioner +volumeBindingMode: WaitForFirstConsumer +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: csm-authorization-redis +spec: + capacity: + storage: 8Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Recycle + storageClassName: csm-authorization-local-storage + hostPath: + path: /csm-authorization/redis \ No newline at end of file diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml new file mode 100644 index 000000000..bd6feeab0 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/nginx-ingress-controller.yaml @@ -0,0 +1,664 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx + namespace: +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx + namespace: +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resourceNames: + - ingress-controller-leader + resources: + - configmaps + verbs: + - get + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +- apiGroups: + - coordination.k8s.io + resourceNames: + - ingress-controller-leader + resources: + - leases + verbs: + - get + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission + namespace: +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - nodes + - pods + - secrets + - namespaces + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + - get +- apiGroups: + - "" + resources: + - namespaces + resourceNames: + - authorization + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx + namespace: +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -ingress-nginx +subjects: +- kind: ServiceAccount + name: -ingress-nginx + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission + namespace: +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: -ingress-nginx-admission +subjects: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -ingress-nginx +subjects: +- kind: ServiceAccount + name: -ingress-nginx + namespace: +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: -ingress-nginx-admission +subjects: +- kind: ServiceAccount + name: -ingress-nginx-admission + namespace: +--- +apiVersion: v1 +data: + allow-snippet-annotations: "true" +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller + namespace: +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller + namespace: +spec: + externalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - appProtocol: http + name: http + port: 80 + protocol: TCP + targetPort: http + - appProtocol: https + name: https + port: 443 + protocol: TCP + targetPort: https + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller-admission + namespace: +spec: + ports: + - appProtocol: https + name: https-webhook + port: 443 + targetPort: webhook + selector: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-controller + namespace: +spec: + minReadySeconds: 0 + revisionHistoryLimit: 10 + selector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + template: + metadata: + labels: + csm: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + spec: + containers: + - args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/-ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/-ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --v=3 + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LD_PRELOAD + value: /usr/local/lib/libmimalloc.so + image: registry.k8s.io/ingress-nginx/controller:v1.4.0@sha256:34ee929b111ffc7aa426ffd409af44da48e5a0eea1eb2207994d9e0c0882d143 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - /wait-shutdown + livenessProbe: + failureThreshold: 5 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 80 + name: http + protocol: TCP + - containerPort: 443 + name: https + protocol: TCP + - containerPort: 8443 + name: webhook + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 90Mi + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + runAsUser: 101 + volumeMounts: + - mountPath: /usr/local/certificates/ + name: webhook-cert + readOnly: true + dnsPolicy: ClusterFirst + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: -ingress-nginx + terminationGracePeriodSeconds: 300 + volumes: + - name: webhook-cert + secret: + secretName: -ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-create + namespace: +spec: + ttlSecondsAfterFinished: 10 + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-create + spec: + containers: + - args: + - create + - --host=-ingress-nginx-controller-admission,-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc + - --namespace=$(POD_NAMESPACE) + - --secret-name=-ingress-nginx-admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: create + securityContext: + allowPrivilegeEscalation: false + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + serviceAccountName: -ingress-nginx-admission +--- +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-patch + namespace: +spec: + ttlSecondsAfterFinished: 10 + template: + metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission-patch + spec: + containers: + - args: + - patch + - --webhook-name=-ingress-nginx-admission + - --namespace=$(POD_NAMESPACE) + - --patch-mutating=false + - --secret-name=-ingress-nginx-admission + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v20220916-gd32f8c343@sha256:39c5b2e3310dc4264d638ad28d9d1d96c4cbb2b2dcfb52368fe4e3c63f61e10f + imagePullPolicy: IfNotPresent + name: patch + securityContext: + allowPrivilegeEscalation: false + nodeSelector: + kubernetes.io/os: linux + restartPolicy: OnFailure + securityContext: + fsGroup: 2000 + runAsNonRoot: true + runAsUser: 2000 + serviceAccountName: -ingress-nginx-admission +--- +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: nginx +spec: + controller: k8s.io/ingress-nginx +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app.kubernetes.io/component: admission-webhook + app.kubernetes.io/instance: + app.kubernetes.io/name: ingress-nginx + app.kubernetes.io/part-of: ingress-nginx + app.kubernetes.io/version: 1.1.3 + name: -ingress-nginx-admission +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: -ingress-nginx-controller-admission + namespace: + path: /networking/v1/ingresses + failurePolicy: Fail + matchPolicy: Equivalent + name: validate.nginx.ingress.kubernetes.io + rules: + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + sideEffects: None + diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml new file mode 100644 index 000000000..0e7dc16bb --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/policies.yaml @@ -0,0 +1,265 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: common + namespace: +data: + common.rego: | + package karavi.common + default roles = {} + roles = {} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-create + namespace: +data: + volumes-create.rego: | + package karavi.volumes.create + + import data.karavi.common + default allow = false + + allow { + count(permitted_roles) != 0 + count(deny) == 0 + } + + deny[msg] { + common.roles == {} + msg := sprintf("no configured roles", []) + } + + deny[msg] { + count(permitted_roles) == 0 + msg := sprintf("no roles in [%s] allow the %s Kb request on %s/%s/%s", + [input.claims.roles, + input.request.volumeSizeInKb, + input.systemtype, + input.storagesystemid, + input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] >= to_number(input.request.volumeSizeInKb) + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] == 0 + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-delete + namespace: +data: + volumes-delete.rego: | + package karavi.volumes.delete + + import data.karavi.common + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + deny[msg] { + common.roles == {} + msg := sprintf("no role data found", []) + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-map + namespace: +data: + volumes-map.rego: | + package karavi.volumes.map + + import data.karavi.common + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + deny[msg] { + common.roles == {} + msg := sprintf("no role data found", []) + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: powermax-volumes-create + namespace: +data: + volumes-powermax-create.rego: | + package karavi.volumes.powermax.create + + import data.karavi.common + + default allow = false + + allow { + count(permitted_roles) != 0 + count(deny) == 0 + } + + deny[msg] { + common.roles == {} + msg := sprintf("no configured roles", []) + } + + deny[msg] { + count(permitted_roles) == 0 + msg := sprintf("no roles in [%s] allow the %v Kb request on %s/%s/%s", + [input.claims.roles, + input.request.volumeSizeInKb, + input.systemtype, + input.storagesystemid, + input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] >= to_number(input.request.volumeSizeInKb) + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } + + permitted_roles[v] = y { + claimed_roles := split(input.claims.roles, ",") + + some i + a := claimed_roles[i] + common.roles[a] + + v := claimed_roles[i] + common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool] == 0 + y := to_number(common.roles[v].system_types[input.systemtype].system_ids[input.storagesystemid].pool_quotas[input.storagepool]) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: volumes-unmap + namespace: +data: + volumes-unmap.rego: | + package karavi.volumes.unmap + + import data.karavi.common + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + deny[msg] { + common.roles == {} + msg := sprintf("no role data found", []) + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: sdc-approve + namespace: +data: + sdc-approve.rego: | + package karavi.sdc.approve + + import data.karavi.common + + # Allow requests by default. + default allow = true + + default response = { + "allowed": true + } + response = { + "allowed": false, + "status": { + "reason": reason, + }, + } { + reason = concat(", ", deny) + reason != "" + } + + default claims = {} + claims = input.claims + deny[msg] { + claims == {} + msg := sprintf("missing claims", []) + } diff --git a/operatorconfig/moduleconfig/authorization/v1.10.1/volumes.yaml b/operatorconfig/moduleconfig/authorization/v1.10.1/volumes.yaml new file mode 100644 index 000000000..ec4a5b445 --- /dev/null +++ b/operatorconfig/moduleconfig/authorization/v1.10.1/volumes.yaml @@ -0,0 +1,6 @@ +- name: karavi-authorization-config + secret: + secretName: karavi-authorization-config +- name: proxy-server-root-certificate + secret: + secretName: proxy-server-root-certificate diff --git a/operatorconfig/moduleconfig/common/version-values.yaml b/operatorconfig/moduleconfig/common/version-values.yaml index f1bfe3be5..05df0d063 100644 --- a/operatorconfig/moduleconfig/common/version-values.yaml +++ b/operatorconfig/moduleconfig/common/version-values.yaml @@ -21,6 +21,11 @@ powerscale: replication: "v1.8.0" observability: "v1.8.0" resiliency: "v1.9.0" + v2.10.1: + authorization: "v1.10.1" + replication: "v1.8.1" + observability: "v1.8.1" + resiliency: "v1.9.1" powerflex: # List of Driver versions and modules that supports the version v2.8.0: @@ -48,6 +53,11 @@ powerflex: observability: "v1.8.0" replication: "v1.8.0" resiliency: "v1.9.0" + v2.10.1: + authorization: "v1.10.1" + observability: "v1.8.1" + replication: "v1.8.1" + resiliency: "v1.9.1" powerstore: # List of Driver versions and modules that supports the version v2.8.0: @@ -58,6 +68,8 @@ powerstore: resiliency: "v1.8.1" v2.10.0: resiliency: "v1.9.0" + v2.10.1: + resiliency: "v1.9.1" powermax: # List of Driver versions and modules that supports the version v2.8.0: @@ -76,3 +88,7 @@ powermax: csireverseproxy: "v2.9.0" authorization: "v1.10.0" replication: "v1.8.0" + v2.10.1: + csireverseproxy: "v2.9.1" + authorization: "v1.10.1" + replication: "v1.8.1" diff --git a/operatorconfig/moduleconfig/csireverseproxy/v2.9.1/controller.yaml b/operatorconfig/moduleconfig/csireverseproxy/v2.9.1/controller.yaml new file mode 100644 index 000000000..040acab90 --- /dev/null +++ b/operatorconfig/moduleconfig/csireverseproxy/v2.9.1/controller.yaml @@ -0,0 +1,105 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: csipowermax-reverseproxy + namespace: +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csipowermax-reverseproxy + namespace: +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch", "get"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: csipowermax-reverseproxy + namespace: +subjects: + - kind: ServiceAccount + name: csipowermax-reverseproxy + namespace: +roleRef: + kind: Role + name: csipowermax-reverseproxy + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: Service +metadata: + name: csipowermax-reverseproxy + namespace: +spec: + ports: + - port: + protocol: TCP + targetPort: 2222 + selector: + name: csipowermax-reverseproxy + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: csipowermax-reverseproxy + namespace: +spec: + replicas: 1 + selector: + matchLabels: + name: csipowermax-reverseproxy + template: + metadata: + labels: + name: csipowermax-reverseproxy + spec: + serviceAccountName: csipowermax-reverseproxy + containers: + - name: csipowermax-reverseproxy + # Replace this with the built image name + image: + imagePullPolicy: Always + env: + - name: X_CSI_REVPROXY_CONFIG_DIR + value: /etc/config/configmap + - name: X_CSI_REVPROXY_CONFIG_FILE_NAME + value: config.yaml + - name: X_CSI_REVRPOXY_IN_CLUSTER + value: "true" + - name: X_CSI_REVPROXY_TLS_CERT_DIR + value: /app/tls + - name: X_CSI_REVPROXY_WATCH_NAMESPACE + value: #Change this to the namespace where proxy will be installed + volumeMounts: + - name: configmap-volume + mountPath: /etc/config/configmap + - name: tls-secret + mountPath: /app/tls + - name: cert-dir + mountPath: /app/certs + volumes: + - name: configmap-volume + configMap: + name: + optional: true + - name: tls-secret + secret: + secretName: + - name: cert-dir + emptyDir: diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml new file mode 100644 index 000000000..03a3ff3f2 --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.8.1/custom-cert.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Secret +type: kubernetes.io/tls +metadata: + name: -secret + namespace: karavi +data: + # replace with actual base64-encoded certificate + tls.crt: + # replace with actual base64-encoded private key + tls.key: + +--- + +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: -issuer + namespace: karavi +spec: + ca: + secretName: -secret + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: + namespace: karavi +spec: + secretName: -tls + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - dell + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - server auth + - client auth + dnsNames: + - + - .karavi.svc.kubernetes.local + issuerRef: + name: -issuer + kind: Issuer + group: cert-manager.io diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml new file mode 100644 index 000000000..1586047b4 --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerflex.yaml @@ -0,0 +1,155 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: karavi-metrics-powerflex-controller + namespace: karavi + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: karavi-metrics-powerflex-controller +rules: + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes", "storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes", "nodes"] + verbs: ["list"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["*"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: karavi-metrics-powerflex-controller +subjects: + - kind: ServiceAccount + name: karavi-metrics-powerflex-controller + namespace: karavi +roleRef: + kind: ClusterRole + name: karavi-metrics-powerflex-controller + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: karavi-metrics-powerflex + app.kubernetes.io/instance: karavi + name: karavi-metrics-powerflex + namespace: karavi +spec: + type: ClusterIP + ports: + - name: karavi-metrics-powerflex + port: 2222 + targetPort: 2222 + selector: + app.kubernetes.io/name: karavi-metrics-powerflex + app.kubernetes.io/instance: karavi + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: karavi-metrics-powerflex-configmap + namespace: karavi +data: + karavi-metrics-powerflex.yaml : | + COLLECTOR_ADDR: + PROVISIONER_NAMES: csi-vxflexos.dellemc.com + POWERFLEX_SDC_METRICS_ENABLED: + POWERFLEX_SDC_IO_POLL_FREQUENCY: + POWERFLEX_VOLUME_IO_POLL_FREQUENCY: + POWERFLEX_VOLUME_METRICS_ENABLED: + POWERFLEX_STORAGE_POOL_METRICS_ENABLED: + POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: + POWERFLEX_MAX_CONCURRENT_QUERIES: + LOG_LEVEL: + LOG_FORMAT: + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: karavi +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug + CSI_LOG_FORMAT: TEXT + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: karavi-metrics-powerflex + namespace: karavi + labels: + app.kubernetes.io/name: karavi-metrics-powerflex + app.kubernetes.io/instance: karavi +spec: + selector: + matchLabels: + app.kubernetes.io/name: karavi-metrics-powerflex + app.kubernetes.io/instance: karavi + replicas: 1 + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: karavi-metrics-powerflex + app.kubernetes.io/instance: karavi + csm: + csmNamespace: + spec: + serviceAccount: karavi-metrics-powerflex-controller + containers: + - name: karavi-metrics-powerflex + image: + resources: {} + env: + - name: POWERFLEX_METRICS_ENDPOINT + value: "karavi-metrics-powerflex" + - name: POWERFLEX_METRICS_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TLS_ENABLED + value: "true" + volumeMounts: + - name: vxflexos-config + mountPath: /vxflexos-config + - name: tls-secret + mountPath: /etc/ssl/certs + readOnly: true + - name: karavi-metrics-powerflex-configmap + mountPath: /etc/config + volumes: + - name: vxflexos-config + secret: + secretName: -config + - name: tls-secret + secret: + secretName: otel-collector-tls + items: + - key: tls.crt + path: cert.crt + - name: karavi-metrics-powerflex-configmap + configMap: + name: karavi-metrics-powerflex-configmap + - name: vxflexos-config-params + configMap: + name: -config-params + restartPolicy: Always +status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml new file mode 100644 index 000000000..c691412b3 --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powermax.yaml @@ -0,0 +1,161 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: karavi-metrics-powermax-controller + namespace: karavi + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: karavi-metrics-powermax-controller +rules: + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes", "storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes", "nodes"] + verbs: ["list"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch", "get"] +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: karavi-metrics-powermax-controller +subjects: + - kind: ServiceAccount + name: karavi-metrics-powermax-controller + namespace: karavi +roleRef: + kind: ClusterRole + name: karavi-metrics-powermax-controller + apiGroup: rbac.authorization.k8s.io + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: karavi-metrics-powermax + app.kubernetes.io/instance: karavi + name: karavi-metrics-powermax + namespace: karavi +spec: + type: ClusterIP + ports: + - name: karavi-metrics-powermax + port: 8081 + targetPort: 8081 + selector: + app.kubernetes.io/name: karavi-metrics-powermax + app.kubernetes.io/instance: karavi + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: karavi-metrics-powermax-configmap + namespace: karavi +data: + karavi-metrics-powermax.yaml : | + COLLECTOR_ADDR: + PROVISIONER_NAMES: csi-powermax.dellemc.com + POWERMAX_CAPACITY_METRICS_ENABLED: + POWERMAX_CAPACITY_POLL_FREQUENCY: + POWERMAX_PERFORMANCE_METRICS_ENABLED: + POWERMAX_PERFORMANCE_POLL_FREQUENCY: + POWERMAX_MAX_CONCURRENT_QUERIES: + LOG_LEVEL: + LOG_FORMAT: + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: karavi +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug + CSI_LOG_FORMAT: TEXT + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: karavi-metrics-powermax + namespace: karavi + labels: + app.kubernetes.io/name: karavi-metrics-powermax + app.kubernetes.io/instance: karavi +spec: + selector: + matchLabels: + app.kubernetes.io/name: karavi-metrics-powermax + app.kubernetes.io/instance: karavi + replicas: 1 + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: karavi-metrics-powermax + app.kubernetes.io/instance: karavi + csm: + csmNamespace: + spec: + serviceAccountName: karavi-metrics-powermax-controller + containers: + - name: karavi-metrics-powermax + image: + resources: {} + env: + - name: POWERMAX_METRICS_ENDPOINT + value: "karavi-metrics-powermax" + - name: POWERMAX_METRICS_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TLS_ENABLED + value: "true" + - name: SSL_CERT_DIR + value: /certs + volumeMounts: + - name: + mountPath: /etc/reverseproxy + - name: tls-secret + mountPath: /etc/ssl/certs + readOnly: true + - name: karavi-metrics-powermax-configmap + mountPath: /etc/config + - name: certs + mountPath: /certs + volumes: + - name: certs + emptyDir: { } + - name: + configMap: + name: + - name: tls-secret + secret: + secretName: otel-collector-tls + items: + - key: tls.crt + path: cert.crt + - name: karavi-metrics-powermax-configmap + configMap: + name: karavi-metrics-powermax-configmap + - name: powermax-config-params + configMap: + name: -config-params + restartPolicy: Always +status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml new file mode 100644 index 000000000..408cd3d32 --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-metrics-powerscale.yaml @@ -0,0 +1,158 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: karavi-metrics-powerscale-controller + namespace: karavi + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: karavi-metrics-powerscale-controller +rules: + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes", "storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes", "nodes"] + verbs: ["list"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["*"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: karavi-metrics-powerscale-controller +subjects: + - kind: ServiceAccount + name: karavi-metrics-powerscale-controller + namespace: karavi +roleRef: + kind: ClusterRole + name: karavi-metrics-powerscale-controller + apiGroup: rbac.authorization.k8s.io + +--- + +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: karavi-metrics-powerscale + app.kubernetes.io/instance: karavi + name: karavi-metrics-powerscale + namespace: karavi +spec: + type: ClusterIP + ports: + - name: karavi-metrics-powerscale + port: 8080 + targetPort: 8080 + selector: + app.kubernetes.io/name: karavi-metrics-powerscale + app.kubernetes.io/instance: karavi + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: karavi-metrics-powerscale-configmap + namespace: karavi +data: + karavi-metrics-powerscale.yaml : | + COLLECTOR_ADDR: + PROVISIONER_NAMES: csi-isilon.dellemc.com + POWERSCALE_MAX_CONCURRENT_QUERIES: + POWERSCALE_CAPACITY_METRICS_ENABLED: + POWERSCALE_PERFORMANCE_METRICS_ENABLED: + POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: + POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: + POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: + POWERSCALE_ISICLIENT_INSECURE: + POWERSCALE_ISICLIENT_AUTH_TYPE: + POWERSCALE_ISICLIENT_VERBOSE: + LOG_LEVEL: + LOG_FORMAT: + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: karavi +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: karavi-metrics-powerscale + namespace: karavi + labels: + app.kubernetes.io/name: karavi-metrics-powerscale + app.kubernetes.io/instance: karavi +spec: + selector: + matchLabels: + app.kubernetes.io/name: karavi-metrics-powerscale + app.kubernetes.io/instance: karavi + replicas: 1 + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: karavi-metrics-powerscale + app.kubernetes.io/instance: karavi + csm: + csmNamespace: + spec: + serviceAccount: karavi-metrics-powerscale-controller + containers: + - name: karavi-metrics-powerscale + image: + resources: {} + env: + - name: POWERSCALE_METRICS_ENDPOINT + value: "karavi-metrics-powerscale" + - name: POWERSCALE_METRICS_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: TLS_ENABLED + value: "true" + volumeMounts: + - name: isilon-creds + mountPath: /isilon-creds + - name: tls-secret + mountPath: /etc/ssl/certs + readOnly: true + - name: karavi-metrics-powerscale-configmap + mountPath: /etc/config + volumes: + - name: isilon-creds + secret: + secretName: -creds + - name: tls-secret + secret: + secretName: otel-collector-tls + items: + - key: tls.crt + path: cert.crt + - name: karavi-metrics-powerscale-configmap + configMap: + name: karavi-metrics-powerscale-configmap + - name: csi-isilon-config-params + configMap: + name: -config-params + restartPolicy: Always +status: {} + diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml new file mode 100644 index 000000000..57a79e6a3 --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-otel-collector.yaml @@ -0,0 +1,154 @@ +apiVersion: v1 +data: + otel-collector-config.yaml: |- + receivers: + otlp: + protocols: + grpc: + endpoint: 0.0.0.0:55680 + tls: + cert_file: /etc/ssl/certs/tls.crt + key_file: /etc/ssl/certs/tls.key + + exporters: + prometheus: + endpoint: 0.0.0.0:8889 + logging: + + extensions: + health_check: {} + + service: + extensions: [health_check] + pipelines: + metrics: + receivers: [otlp] + processors: [] + exporters: [logging,prometheus] +kind: ConfigMap +metadata: + name: otel-collector-config + namespace: karavi + +--- + +apiVersion: v1 +data: + nginx.conf: |- + worker_processes 1; + events { + worker_connections 1024; + } + + pid /tmp/nginx.pid; + + http { + include mime.types; + default_type application/octet-stream; + sendfile on; + keepalive_timeout 65; + server { + listen 8443 ssl; + server_name localhost; + ssl_certificate /etc/ssl/certs/tls.crt; + ssl_certificate_key /etc/ssl/certs/tls.key; + ssl_protocols TLSv1.2; + ssl_ciphers AESGCM:-aNULL:-DH:-kRSA:@STRENGTH; + ssl_prefer_server_ciphers on; + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:8889/; + } + } + } +kind: ConfigMap +metadata: + name: nginx-config + namespace: karavi + +--- + +apiVersion: v1 +kind: Service +metadata: + name: otel-collector + namespace: karavi + labels: + app.kubernetes.io/name: otel-collector + app.kubernetes.io/instance: karavi-observability +spec: + type: ClusterIP + ports: + - port: 55680 + targetPort: 55680 + name: receiver + - port: 8443 + targetPort: 8443 + name: exporter-https + selector: + app.kubernetes.io/name: otel-collector + app.kubernetes.io/instance: karavi-observability + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: otel-collector + namespace: karavi + labels: + app.kubernetes.io/name: otel-collector + app.kubernetes.io/instance: karavi-observability +spec: + selector: + matchLabels: + app.kubernetes.io/name: otel-collector + app.kubernetes.io/instance: karavi-observability + replicas: 1 + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: otel-collector + app.kubernetes.io/instance: karavi-observability + csm: + csmNamespace: + spec: + volumes: + - name: tls-secret + secret: + secretName: otel-collector-tls + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - name: nginx-config + configMap: + name: nginx-config + - name: otel-collector-config + configMap: + name: otel-collector-config + containers: + - name: nginx-proxy + image: + volumeMounts: + - name: tls-secret + mountPath: /etc/ssl/certs + - name: nginx-config + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + - name: otel-collector + image: + args: + - --config=/etc/otel-collector-config.yaml + resources: {} + volumeMounts: + - name: otel-collector-config + mountPath: /etc/otel-collector-config.yaml + subPath: otel-collector-config.yaml + - name: tls-secret + mountPath: /etc/ssl/certs + restartPolicy: Always +status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml new file mode 100644 index 000000000..375ba4c4c --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.8.1/karavi-topology.yaml @@ -0,0 +1,122 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: karavi-topology-configmap + namespace: karavi +data: + karavi-topology.yaml: | + PROVISIONER_NAMES: csi-isilon.dellemc.com,csi-vxflexos.dellemc.com, csi-powermax.dellemc.com + LOG_LEVEL: + LOG_FORMAT: text + ZIPKIN_URI: "" + ZIPKIN_SERVICE_NAME: karavi-topology + ZIPKIN_PROBABILITY: 0.0 + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: karavi-observability-topology-controller + namespace: karavi + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: karavi-observability-topology-controller +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["list"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: karavi-observability-topology-controller +subjects: + - kind: ServiceAccount + name: karavi-observability-topology-controller + namespace: karavi +roleRef: + kind: ClusterRole + name: karavi-observability-topology-controller + apiGroup: rbac.authorization.k8s.io + +--- + +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: karavi-topology + app.kubernetes.io/instance: karavi-observability + name: karavi-topology + namespace: karavi +spec: + type: ClusterIP + ports: + - name: karavi-topology + port: 8443 + targetPort: 8443 + selector: + app.kubernetes.io/name: karavi-topology + app.kubernetes.io/instance: karavi-observability + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: karavi-topology + namespace: karavi + labels: + app.kubernetes.io/name: karavi-topology + app.kubernetes.io/instance: karavi-observability +spec: + selector: + matchLabels: + app.kubernetes.io/name: karavi-topology + app.kubernetes.io/instance: karavi-observability + replicas: 1 + strategy: {} + template: + metadata: + labels: + app.kubernetes.io/name: karavi-topology + app.kubernetes.io/instance: karavi-observability + csm: + csmNamespace: + spec: + volumes: + - name: karavi-topology-secret-volume + secret: + secretName: karavi-topology-tls + items: + - key: tls.crt + path: localhost.crt + - key: tls.key + path: localhost.key + - name: karavi-topology-configmap + configMap: + name: karavi-topology-configmap + serviceAccount: karavi-observability-topology-controller + containers: + - name: karavi-topology + image: + resources: {} + env: + - name: PORT + value: "8443" + - name: DEBUG + value: "false" + volumeMounts: + - name: karavi-topology-secret-volume + mountPath: "/certs" + - name: karavi-topology-configmap + mountPath: "/etc/config" + restartPolicy: Always +status: {} diff --git a/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml b/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml new file mode 100644 index 000000000..9aa62cf3c --- /dev/null +++ b/operatorconfig/moduleconfig/observability/v1.8.1/selfsigned-cert.yaml @@ -0,0 +1,37 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: karavi +spec: + selfSigned: {} + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: + namespace: karavi +spec: + secretName: -tls + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - dell + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - server auth + - client auth + dnsNames: + - + - .karavi.svc.kubernetes.local + issuerRef: + name: selfsigned-issuer + kind: Issuer + group: cert-manager.io diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/container.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/container.yaml new file mode 100644 index 000000000..bb75eb537 --- /dev/null +++ b/operatorconfig/moduleconfig/replication/v1.8.1/container.yaml @@ -0,0 +1,24 @@ +name: dell-csi-replicator +image: dellemc/dell-csi-replicator:v1.8.1 +imagePullPolicy: IfNotPresent +args: + - "--csi-address=$(ADDRESS)" + - "--leader-election=true" + - "--worker-threads=2" + - "--retry-interval-start=1s" + - "--retry-interval-max=300s" + - "--timeout=300s" + - "--context-prefix=" + - "--prefix=" +env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: X_CSI_REPLICATION_CONFIG_DIR + value: / + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: driver-config-params.yaml +volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: + mountPath: / diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml new file mode 100644 index 000000000..204b2ed6e --- /dev/null +++ b/operatorconfig/moduleconfig/replication/v1.8.1/controller.yaml @@ -0,0 +1,304 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: dell-replication-controller +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dell-replication-controller-sa + namespace: dell-replication-controller +secrets: +- name: replication-secret +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: dell-replication-manager-role +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions/status + verbs: + - get + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - replication.storage.dell.com + resources: + - dellcsireplicationgroups/status + verbs: + - get + - patch + - update +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - watch +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dell-replication-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dell-replication-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: v1 +kind: Secret +metadata: + name: replication-secret + namespace: dell-replication-controller + annotations: + kubernetes.io/service-account.name: dell-replication-controller-sa + kubernetes.io/service-account.namespace: dell-replication-controller +type: kubernetes.io/service-account-token +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dell-replication-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dell-replication-manager-role +subjects: +- kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dell-replication-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dell-replication-proxy-role +subjects: +- kind: ServiceAccount + name: dell-replication-controller-sa + namespace: dell-replication-controller +--- +apiVersion: v1 +data: + config.yaml: | + clusterId: "" + targets: [] + CSI_LOG_LEVEL: "" +kind: ConfigMap +metadata: + name: dell-replication-controller-config + namespace: dell-replication-controller +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: dell-replication-controller-manager-metrics-service + namespace: dell-replication-controller +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + name: dell-replication-controller-manager + namespace: dell-replication-controller +spec: + replicas: + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + labels: + control-plane: controller-manager + spec: + serviceAccountName: dell-replication-controller-sa + containers: + - args: + - --enable-leader-election + - --prefix=replication.storage.dell.com + command: + - /dell-replication-controller + env: + - name: X_CSI_REPLICATION_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: X_CSI_REPLICATION_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: X_CSI_REPLICATION_IN_CLUSTER + value: "true" + - name: X_CSI_REPLICATION_WATCH_NAMESPACE + value: dell-replication-controller + - name: X_CSI_REPLICATION_CONFIG_DIR + value: /app/config + - name: X_CSI_REPLICATION_CERT_DIR + value: /app/certs + - name: X_CSI_REPLICATION_CONFIG_FILE_NAME + value: config + image: + imagePullPolicy: Always + name: manager + resources: + requests: + cpu: 100m + memory: 100Mi + volumeMounts: + - mountPath: /app/config + name: configmap-volume + - mountPath: /app/certs + name: cert-dir + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: null + name: cert-dir + - configMap: + name: dell-replication-controller-config + optional: true + name: configmap-volume diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml new file mode 100644 index 000000000..33f4265af --- /dev/null +++ b/operatorconfig/moduleconfig/replication/v1.8.1/replicationcrds.all.yaml @@ -0,0 +1,260 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: dellcsimigrationgroups.replication.storage.dell.com +spec: + group: replication.storage.dell.com + names: + kind: DellCSIMigrationGroup + listKind: DellCSIMigrationGroupList + plural: dellcsimigrationgroups + shortNames: + - mg + singular: dellcsimigrationgroup + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Source ID + jsonPath: .spec.sourceID + name: Source ID + type: string + - description: Target ID + jsonPath: .spec.targetID + name: Target ID + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIMigrationGroupSpec defines the desired state of DellCSIMigrationGroup + properties: + driverName: + type: string + migrationGroupAttributes: + additionalProperties: + type: string + type: object + sourceID: + type: string + targetID: + type: string + required: + - driverName + - migrationGroupAttributes + - sourceID + - targetID + type: object + status: + description: DellCSIMigrationGroupStatus defines the observed state of + DellCSIMigrationGroup + properties: + lastAction: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.2 + creationTimestamp: null + name: dellcsireplicationgroups.replication.storage.dell.com +spec: + group: replication.storage.dell.com + names: + kind: DellCSIReplicationGroup + listKind: DellCSIReplicationGroupList + plural: dellcsireplicationgroups + shortNames: + - rg + singular: dellcsireplicationgroup + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + - description: State of the CR + jsonPath: .status.state + name: State + type: string + - description: Protection Group ID + jsonPath: .spec.protectionGroupId + name: PG ID + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.state + name: Link State + type: string + - description: Replication Link State + jsonPath: .status.replicationLinkState.lastSuccessfulUpdate + name: Last LinkState Update + type: string + name: v1 + schema: + openAPIV3Schema: + description: DellCSIReplicationGroup is the Schema for the dellcsireplicationgroups + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DellCSIReplicationGroupSpec defines the desired state of + DellCSIReplicationGroup + properties: + action: + type: string + driverName: + type: string + protectionGroupAttributes: + additionalProperties: + type: string + type: object + protectionGroupId: + type: string + remoteClusterId: + type: string + remoteProtectionGroupAttributes: + additionalProperties: + type: string + type: object + remoteProtectionGroupId: + type: string + requestParametersClass: + type: string + required: + - action + - driverName + - protectionGroupId + - remoteClusterId + - remoteProtectionGroupId + type: object + status: + description: DellCSIReplicationGroupStatus defines the observed state + of DellCSIReplicationGroup + properties: + conditions: + items: + description: LastAction - Stores the last updated action + properties: + condition: + description: Condition is the last known condition of the Custom + Resource + type: string + errorMessage: + description: ErrorMessage is the last error message associated + with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: + type: string + type: object + type: object + type: array + lastAction: + description: LastAction - Stores the last updated action + properties: + condition: + description: Condition is the last known condition of the Custom + Resource + type: string + errorMessage: + description: ErrorMessage is the last error message associated + with the condition + type: string + firstFailure: + description: FirstFailure is the first time this action failed + format: date-time + type: string + time: + description: Time is the time stamp for the last action update + format: date-time + type: string + actionAttributes: + description: ActionAttributes content unique on response to an action + additionalProperties: + type: string + type: object + type: object + remoteState: + type: string + replicationLinkState: + description: ReplicationLinkState - Stores the Replication Link State + properties: + errorMessage: + description: ErrorMessage is the last error message associated + with the link state + type: string + isSource: + description: IsSource indicates if this site is primary + type: boolean + lastSuccessfulUpdate: + description: LastSuccessfulUpdate is the time stamp for the last + state update + format: date-time + type: string + state: + description: State is the last reported state of the Replication + Link + type: string + required: + - isSource + type: object + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml b/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml new file mode 100644 index 000000000..aba283635 --- /dev/null +++ b/operatorconfig/moduleconfig/replication/v1.8.1/rules.yaml @@ -0,0 +1,9 @@ + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["replication.storage.dell.com"] + resources: ["dellcsireplicationgroups/status"] + verbs: ["get", "patch", "update"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml new file mode 100644 index 000000000..fc7b5d209 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-controller.yaml @@ -0,0 +1,36 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: dellemc/podmon:v1.9.1 +imagePullPolicy: IfNotPresent +env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: vxflexos-config-params + mountPath: /vxflexos-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml new file mode 100644 index 000000000..aae9c2303 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerflex-node.yaml @@ -0,0 +1,58 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: dellemc/podmon:v1.9.1 +imagePullPolicy: IfNotPresent +securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true +env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_PRIVATE_MOUNT_DIR + value: /var/lib/kubelet + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: kubelet-pods + mountPath: /pods + mountPropagation: "Bidirectional" + - name: driver-path + mountPath: /plugins/vxflexos.emc.dell.com + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: usr-bin + mountPath: /usr-bin + - name: var-run + mountPath: /var/run + - name: vxflexos-config-params + mountPath: /vxflexos-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml new file mode 100644 index 000000000..dae17977e --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-controller.yaml @@ -0,0 +1,36 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: dellemc/podmon:v1.9.1 +imagePullPolicy: IfNotPresent +env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml new file mode 100644 index 000000000..cc03c334e --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerscale-node.yaml @@ -0,0 +1,61 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: dellemc/podmon:v1.9.1 +imagePullPolicy: IfNotPresent +securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true +env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_PRIVATE_MOUNT_DIR + value: /var/lib/kubelet + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: kubelet-pods + mountPath: /pods + mountPropagation: "Bidirectional" + - name: driver-path + mountPath: /plugins/csi-isilon + mountPropagation: "Bidirectional" + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: usr-bin + mountPath: /usr-bin + - name: var-run + mountPath: /var/run + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml new file mode 100644 index 000000000..fef783c30 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-controller.yaml @@ -0,0 +1,36 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +image: dellemc/podmon:v1.9.1 +imagePullPolicy: IfNotPresent +env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: powerstore-config-params + mountPath: /powerstore-config-params \ No newline at end of file diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml new file mode 100644 index 000000000..7fc0517d2 --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/container-powerstore-node.yaml @@ -0,0 +1,61 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +name: podmon +securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true +image: dellemc/podmon:v1.9.1 +imagePullPolicy: IfNotPresent +env: + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_PRIVATE_MOUNT_DIR + value: /var/lib/kubelet + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +volumeMounts: + - name: kubelet-pods + mountPath: /pods + mountPropagation: "Bidirectional" + - name: driver-path + mountPath: /plugins/csi-powerstore.dellemc.com + mountPropagation: "Bidirectional" + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: usr-bin + mountPath: /usr-bin + - name: var-run + mountPath: /var/run + - name: powerstore-config-params + mountPath: /powerstore-config-params diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/controller-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/controller-roles.yaml new file mode 100644 index 000000000..10abf39ec --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/controller-roles.yaml @@ -0,0 +1,24 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch"] +- apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "update", "delete"] diff --git a/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml b/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml new file mode 100644 index 000000000..a5b98adef --- /dev/null +++ b/operatorconfig/moduleconfig/resiliency/v1.9.1/node-roles.yaml @@ -0,0 +1,21 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "update", "delete"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] \ No newline at end of file diff --git a/pkg/modules/testdata/cr_auth_proxy.yaml b/pkg/modules/testdata/cr_auth_proxy.yaml index 644045f8f..c741cee03 100644 --- a/pkg/modules/testdata/cr_auth_proxy.yaml +++ b/pkg/modules/testdata/cr_auth_proxy.yaml @@ -9,16 +9,16 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.10.1 forceRemoveModule: true components: - name: karavi-authorization-proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.10.0 - tenantService: dellemc/csm-authorization-tenant:v1.10.0 - roleService: dellemc/csm-authorization-role:v1.10.0 - storageService: dellemc/csm-authorization-storage:v1.10.0 + proxyService: dellemc/csm-authorization-proxy:v1.10.1 + tenantService: dellemc/csm-authorization-tenant:v1.10.1 + roleService: dellemc/csm-authorization-role:v1.10.1 + storageService: dellemc/csm-authorization-storage:v1.10.1 redis: redis:6.0.8-alpine commander: rediscommander/redis-commander:latest opa: openpolicyagent/opa diff --git a/pkg/modules/testdata/cr_auth_proxy_no_redis.yaml b/pkg/modules/testdata/cr_auth_proxy_no_redis.yaml index a27eacb18..348dc02d2 100644 --- a/pkg/modules/testdata/cr_auth_proxy_no_redis.yaml +++ b/pkg/modules/testdata/cr_auth_proxy_no_redis.yaml @@ -9,16 +9,16 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.10.1 forceRemoveModule: true components: - name: karavi-authorization-proxy-server # enable: Enable/Disable csm-authorization proxy server enabled: true - proxyService: dellemc/csm-authorization-proxy:v1.10.0 - tenantService: dellemc/csm-authorization-tenant:v1.10.0 - roleService: dellemc/csm-authorization-role:v1.10.0 - storageService: dellemc/csm-authorization-storage:v1.10.0 + proxyService: dellemc/csm-authorization-proxy:v1.10.1 + tenantService: dellemc/csm-authorization-tenant:v1.10.1 + roleService: dellemc/csm-authorization-role:v1.10.1 + storageService: dellemc/csm-authorization-storage:v1.10.1 redis: redis:6.0.8-alpine commander: rediscommander/redis-commander:latest opa: openpolicyagent/opa diff --git a/pkg/modules/testdata/cr_powerflex_observability.yaml b/pkg/modules/testdata/cr_powerflex_observability.yaml index eef25b9fd..71d62bcd8 100644 --- a/pkg/modules/testdata/cr_powerflex_observability.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability.yaml @@ -11,13 +11,13 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "dellemc/csi-vxflexos:v2.10.0" + image: "dellemc/csi-vxflexos:v2.10.1" imagePullPolicy: IfNotPresent envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -136,14 +136,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates # Allowed values: string certificate: "" @@ -188,7 +188,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: true # image: Defines PowerFlex metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powerflex:v1.8.0 + image: dellemc/csm-metrics-powerflex:v1.8.1 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml index 6924a0159..599609220 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert.yaml @@ -16,13 +16,13 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "dellemc/csi-vxflexos:v2.9.1" + image: "dellemc/csi-vxflexos:v2.10.1" imagePullPolicy: IfNotPresent envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -187,14 +187,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.7.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.7.0 + image: dellemc/csm-topology:v1.8.1 # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates # Allowed values: string certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lVVThsYncza09ITk5QSXppRitJb3NUT3pSZVZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daRXhDekFKQmdOVkJBWVRBbFZUTVJFd0R3WURWUVFJREFoT1pYY2dXVzl5YXpFUk1BOEdBMVVFQnd3SQpUbVYzSUZsdmNtc3hEVEFMQmdOVkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVZTUJZR0ExVUVBd3dQClNtOXZjMlZ3Y0drSUNBZ0lDQWdJTVNVd0l3WUpLb1pJaHZjTkFRa0JGaFpxYjI5elpYQndhVjlzZFc1aFFHUmwKYkd3dVkyOXRNQjRYRFRJME1ESXlNVEU0TWpRME1sb1hEVEkwTURVeU1URTRNalEwTWxvd2daRXhDekFKQmdOVgpCQVlUQWxWVE1SRXdEd1lEVlFRSURBaE9aWGNnV1c5eWF6RVJNQThHQTFVRUJ3d0lUbVYzSUZsdmNtc3hEVEFMCkJnTlZCQW9NQkVSbGJHd3hEREFLQmdOVkJBc01BMGxUUnpFWU1CWUdBMVVFQXd3UFNtOXZjMlZ3Y0drSUNBZ0kKQ0FnSU1TVXdJd1lKS29aSWh2Y05BUWtCRmhacWIyOXpaWEJ3YVY5c2RXNWhRR1JsYkd3dVkyOXRNSUlCSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5SXhkZ04wNDdnZk41T0h3SHFhMjlHNWd3dDkzCmVidnEwZVdnZE5RWXUvUU91YktoQ3JWYUN6QXBzTGhRcnlhOEM4OWtTM3VmRHNLM3o3aHJIRXhnblc4ZzdGL1cKTjVpaXYzcU9GcDk2ZVc4VFR5UHJhVktKV3psay9xSWhWdkhGVGxTbk5jcmJTZW45RkhxZmR4RnA3ejNVSXdtVQprZk8vTTQ1RHkrcDU2cmdqOW4vSTYvVmtpMWVxalBIN1dZTnZJQXJNa0pvZTBhSFlVSTdqa3dEZ1N6ZE1jMnM3ClI5NWxQTFY1MDgxdFNCWTJtNno0VGt1dktQdG1RZ1pML3JKL2lHUTBLVTkyYmRFUC9USDVSeEkyRHZ2U3BQSzUKUkhzTEhPVDdUZWV5NGJXU1VQemJTRzBRQUE0b1JyNTV2M1VYbmlmMExwNEQ0OU5xcHRSK0VzZkx2d0lEQVFBQgpvMU13VVRBZEJnTlZIUTRFRmdRVVlZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dId1lEVlIwakJCZ3dGb0FVCllZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBS2dWUjRvQjhlb0hNWTZ2Tm9WUERJd29NU3d2eGUyWnVDN0N0bkRvRUJjUzlrQU12TURqRwpzeFN2b0o2TXlXckpNaUt4aDJmekdGcS9FVWxDcHdKUEwvNTlTYmR3cG54UUxGWjdyZkVjMS9WQ3dOUHcxM0pEClBnZmsvZnd6QVNEcS9mWm5pTmVldHpCa2dQdEdMWDFsU051OHFNSUZHczR0QlpZZS8xNnJ4VFFpMzRsUk56QVUKMlA2YTM3YjhWVU9yRUNhTTlOdUFaY3FWSjRiODhvNXBQSkRldm5Hb3JPOHRMQWhvT3kyclB5QnJKaVhNQ0ZKMAo4TzVQS1NrSlJyQ2x1enBPeEtxUURONTlmVDdYNEp6VzI3MVhqQlIzWVdJTUdha08rSnRUdEwyUDNBWXdtd2E1CnNibUV0UU5rSjNraDhneVNVL2p4WnQrVWVUVWRJYWxDV0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" @@ -239,7 +239,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: true # image: Defines PowerFlex metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powerflex:v1.7.0 + image: dellemc/csm-metrics-powerflex:v1.8.1 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int diff --git a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml index ad08bb28a..71e5c7ba4 100644 --- a/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml +++ b/pkg/modules/testdata/cr_powerflex_observability_custom_cert_missing_key.yaml @@ -16,13 +16,13 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - image: "dellemc/csi-vxflexos:v2.9.1" + image: "dellemc/csi-vxflexos:v2.10.1" imagePullPolicy: IfNotPresent envs: - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT @@ -187,14 +187,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.7.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.7.0 + image: dellemc/csm-topology:v1.8.1 # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates # Allowed values: string certificate: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVCVENDQXUyZ0F3SUJBZ0lVVThsYncza09ITk5QSXppRitJb3NUT3pSZVZNd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2daRXhDekFKQmdOVkJBWVRBbFZUTVJFd0R3WURWUVFJREFoT1pYY2dXVzl5YXpFUk1BOEdBMVVFQnd3SQpUbVYzSUZsdmNtc3hEVEFMQmdOVkJBb01CRVJsYkd3eEREQUtCZ05WQkFzTUEwbFRSekVZTUJZR0ExVUVBd3dQClNtOXZjMlZ3Y0drSUNBZ0lDQWdJTVNVd0l3WUpLb1pJaHZjTkFRa0JGaFpxYjI5elpYQndhVjlzZFc1aFFHUmwKYkd3dVkyOXRNQjRYRFRJME1ESXlNVEU0TWpRME1sb1hEVEkwTURVeU1URTRNalEwTWxvd2daRXhDekFKQmdOVgpCQVlUQWxWVE1SRXdEd1lEVlFRSURBaE9aWGNnV1c5eWF6RVJNQThHQTFVRUJ3d0lUbVYzSUZsdmNtc3hEVEFMCkJnTlZCQW9NQkVSbGJHd3hEREFLQmdOVkJBc01BMGxUUnpFWU1CWUdBMVVFQXd3UFNtOXZjMlZ3Y0drSUNBZ0kKQ0FnSU1TVXdJd1lKS29aSWh2Y05BUWtCRmhacWIyOXpaWEJ3YVY5c2RXNWhRR1JsYkd3dVkyOXRNSUlCSWpBTgpCZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5SXhkZ04wNDdnZk41T0h3SHFhMjlHNWd3dDkzCmVidnEwZVdnZE5RWXUvUU91YktoQ3JWYUN6QXBzTGhRcnlhOEM4OWtTM3VmRHNLM3o3aHJIRXhnblc4ZzdGL1cKTjVpaXYzcU9GcDk2ZVc4VFR5UHJhVktKV3psay9xSWhWdkhGVGxTbk5jcmJTZW45RkhxZmR4RnA3ejNVSXdtVQprZk8vTTQ1RHkrcDU2cmdqOW4vSTYvVmtpMWVxalBIN1dZTnZJQXJNa0pvZTBhSFlVSTdqa3dEZ1N6ZE1jMnM3ClI5NWxQTFY1MDgxdFNCWTJtNno0VGt1dktQdG1RZ1pML3JKL2lHUTBLVTkyYmRFUC9USDVSeEkyRHZ2U3BQSzUKUkhzTEhPVDdUZWV5NGJXU1VQemJTRzBRQUE0b1JyNTV2M1VYbmlmMExwNEQ0OU5xcHRSK0VzZkx2d0lEQVFBQgpvMU13VVRBZEJnTlZIUTRFRmdRVVlZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dId1lEVlIwakJCZ3dGb0FVCllZakFuMmdHQXVDalB3NVZINVI3amNsWElwd3dEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBS2dWUjRvQjhlb0hNWTZ2Tm9WUERJd29NU3d2eGUyWnVDN0N0bkRvRUJjUzlrQU12TURqRwpzeFN2b0o2TXlXckpNaUt4aDJmekdGcS9FVWxDcHdKUEwvNTlTYmR3cG54UUxGWjdyZkVjMS9WQ3dOUHcxM0pEClBnZmsvZnd6QVNEcS9mWm5pTmVldHpCa2dQdEdMWDFsU051OHFNSUZHczR0QlpZZS8xNnJ4VFFpMzRsUk56QVUKMlA2YTM3YjhWVU9yRUNhTTlOdUFaY3FWSjRiODhvNXBQSkRldm5Hb3JPOHRMQWhvT3kyclB5QnJKaVhNQ0ZKMAo4TzVQS1NrSlJyQ2x1enBPeEtxUURONTlmVDdYNEp6VzI3MVhqQlIzWVdJTUdha08rSnRUdEwyUDNBWXdtd2E1CnNibUV0UU5rSjNraDhneVNVL2p4WnQrVWVUVWRJYWxDV0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" @@ -239,7 +239,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: true # image: Defines PowerFlex metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powerflex:v1.7.0 + image: dellemc/csm-metrics-powerflex:v1.8.1 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int diff --git a/pkg/modules/testdata/cr_powerflex_replica.yaml b/pkg/modules/testdata/cr_powerflex_replica.yaml index 1cfa5f0a8..ab8752a36 100644 --- a/pkg/modules/testdata/cr_powerflex_replica.yaml +++ b/pkg/modules/testdata/cr_powerflex_replica.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -22,7 +22,7 @@ spec: enabled: true components: - name: dell-csi-replicator - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: - name: "X_CSI_REPLICATION_PREFIX" value: "replication.storage.dell.com" @@ -31,7 +31,7 @@ spec: - name: dell-replication-controller-manager - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: - name: "TARGET_CLUSTERS_IDS" value: "test-target-cluster-1,test-target-cluster-2" diff --git a/pkg/modules/testdata/cr_powerflex_resiliency.yaml b/pkg/modules/testdata/cr_powerflex_resiliency.yaml index 470d59b48..23af5a811 100644 --- a/pkg/modules/testdata/cr_powerflex_resiliency.yaml +++ b/pkg/modules/testdata/cr_powerflex_resiliency.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -25,10 +25,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: podmon-controller - image: dellemc/podmon:v1.9.0 + image: dellemc/podmon:v1.9.1 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-vxflexos" @@ -42,7 +42,7 @@ spec: - "--mode=controller" - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - name: podmon-node - image: dellemc/podmon:v1.9.0 + image: dellemc/podmon:v1.9.1 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/pkg/modules/testdata/cr_powermax_observability.yaml b/pkg/modules/testdata/cr_powermax_observability.yaml index 02c4f094b..ab8b6b9eb 100644 --- a/pkg/modules/testdata/cr_powermax_observability.yaml +++ b/pkg/modules/testdata/cr_powermax_observability.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: test-powermax-creds replicas: 1 common: - image: "dellemc/csi-powermax:v2.10.0" + image: "dellemc/csi-powermax:v2.10.1" imagePullPolicy: IfNotPresent modules: @@ -18,14 +18,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -50,7 +50,7 @@ spec: # enabled: Enable/Disable PowerMax metrics enabled: true # image: Defines PowerMax metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powermax:v1.3.0 + image: dellemc/csm-metrics-powermax:v1.3.1 envs: # POWERMAX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerMax # Allowed values: int @@ -100,7 +100,7 @@ spec: enabled: false components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powermax_replica.yaml b/pkg/modules/testdata/cr_powermax_replica.yaml index 865872569..b83a0ad8e 100644 --- a/pkg/modules/testdata/cr_powermax_replica.yaml +++ b/pkg/modules/testdata/cr_powermax_replica.yaml @@ -18,11 +18,11 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: test-powermax-creds replicas: 1 common: - image: "dellemc/csi-powermax:v2.10.0" + image: "dellemc/csi-powermax:v2.10.1" imagePullPolicy: IfNotPresent modules: @@ -30,7 +30,7 @@ spec: enabled: true components: - name: dell-csi-replicator - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: - name: "X_CSI_REPLICATION_PREFIX" value: "replication.storage.dell.com/" @@ -39,7 +39,7 @@ spec: - name: dell-replication-controller-manager - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: - name: "TARGET_CLUSTERS_IDS" value: "test-target-cluster-1,test-target-cluster-2" diff --git a/pkg/modules/testdata/cr_powermax_reverseproxy.yaml b/pkg/modules/testdata/cr_powermax_reverseproxy.yaml index 068095b38..0e0805f62 100644 --- a/pkg/modules/testdata/cr_powermax_reverseproxy.yaml +++ b/pkg/modules/testdata/cr_powermax_reverseproxy.yaml @@ -18,11 +18,11 @@ metadata: spec: driver: csiDriverType: "powermax" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: powermax-creds replicas: 1 common: - image: "dellemc/csi-powermax:v2.10.0" + image: "dellemc/csi-powermax:v2.10.1" imagePullPolicy: IfNotPresent modules: @@ -30,13 +30,13 @@ spec: - name: "csireverseproxy" # enabled: Always set to true enabled: true - configVersion: v2.9.0 + configVersion: v2.9.1 components: - name: csipowermax-reverseproxy # image: Define the container images used for the reverse proxy # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.0" - image: dellemc/csipowermax-reverseproxy:v2.9.0 + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:v2.9.1 envs: # "tlsSecret" defines the TLS secret that is created with certificate # and its associated key @@ -53,7 +53,7 @@ spec: enabled: false components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_auth.yaml b/pkg/modules/testdata/cr_powerscale_auth.yaml index f56d2cfdf..0b220c7cf 100644 --- a/pkg/modules/testdata/cr_powerscale_auth.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: isilon-creds-custom replicas: 1 common: - image: "dellemc/csi-isilon:v2.10.0" + image: "dellemc/csi-isilon:v2.10.1" imagePullPolicy: IfNotPresent modules: @@ -19,7 +19,7 @@ spec: enabled: true components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml b/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml index c5fa0664c..6b1636083 100644 --- a/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml +++ b/pkg/modules/testdata/cr_powerscale_auth_validate_cert.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.9.0 + configVersion: v2.10.1 authSecret: isilon-creds-custom replicas: 1 common: - image: "dellemc/csi-isilon:v2.9.0" + image: "dellemc/csi-isilon:v2.10.1" imagePullPolicy: IfNotPresent modules: @@ -19,7 +19,7 @@ spec: enabled: true components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_observability.yaml b/pkg/modules/testdata/cr_powerscale_observability.yaml index 3d17dc1ee..d227c4f1d 100644 --- a/pkg/modules/testdata/cr_powerscale_observability.yaml +++ b/pkg/modules/testdata/cr_powerscale_observability.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: isilon-creds replicas: 1 common: - image: "dellemc/csi-isilon:v2.10.0" + image: "dellemc/csi-isilon:v2.10.1" imagePullPolicy: IfNotPresent modules: @@ -18,14 +18,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -51,7 +51,7 @@ spec: enabled: true # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-metrics-powerscale:v1.5.0 + image: dellemc/csm-metrics-powerscale:v1.5.1 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int @@ -118,7 +118,7 @@ spec: enabled: false components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" diff --git a/pkg/modules/testdata/cr_powerscale_replica.yaml b/pkg/modules/testdata/cr_powerscale_replica.yaml index 69b48e6de..c7bbb96ff 100644 --- a/pkg/modules/testdata/cr_powerscale_replica.yaml +++ b/pkg/modules/testdata/cr_powerscale_replica.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: isilon-creds replicas: 1 common: - image: "dellemc/csi-isilon:v2.10.0" + image: "dellemc/csi-isilon:v2.10.1" imagePullPolicy: IfNotPresent modules: @@ -18,7 +18,7 @@ spec: enabled: true components: - name: dell-csi-replicator - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: - name: "X_CSI_REPLICATION_PREFIX" value: "replication.storage.dell.com" @@ -27,7 +27,7 @@ spec: - name: dell-replication-controller-manager - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: - name: "TARGET_CLUSTERS_IDS" value: "test-target-cluster-1,test-target-cluster-2" diff --git a/pkg/modules/testdata/cr_powerscale_resiliency.yaml b/pkg/modules/testdata/cr_powerscale_resiliency.yaml index 02bf1c1d1..cf3356115 100644 --- a/pkg/modules/testdata/cr_powerscale_resiliency.yaml +++ b/pkg/modules/testdata/cr_powerscale_resiliency.yaml @@ -6,11 +6,11 @@ metadata: spec: driver: csiDriverType: "isilon" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: isilon-creds-custom replicas: 1 common: - image: "dellemc/csi-isilon:v2.10.0" + image: "dellemc/csi-isilon:v2.10.1" imagePullPolicy: IfNotPresent modules: @@ -21,10 +21,10 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: podmon-controller - image: dellemc/podmon:v1.9.0 + image: dellemc/podmon:v1.9.1 imagePullPolicy: IfNotPresent args: - "--labelvalue=csi-isilon" @@ -39,7 +39,7 @@ spec: - "--driverPath=csi-isilon.dellemc.com" - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - name: podmon-node - image: dellemc/podmon:v1.9.0 + image: dellemc/podmon:v1.9.1 imagePullPolicy: IfNotPresent envs: # podmonAPIPort: Defines the port to be used within the kubernetes cluster diff --git a/pkg/modules/testdata/cr_powerstore_resiliency.yaml b/pkg/modules/testdata/cr_powerstore_resiliency.yaml index d5f957e0c..4e088b35e 100644 --- a/pkg/modules/testdata/cr_powerstore_resiliency.yaml +++ b/pkg/modules/testdata/cr_powerstore_resiliency.yaml @@ -6,16 +6,16 @@ metadata: spec: driver: csiDriverType: "powerstore" - configVersion: v2.8.0 + configVersion: v2.10.1 authSecret: powerstore-creds replicas: 1 common: - image: "dellemc/csi-powerstore:v2.8.0" + image: "dellemc/csi-powerstore:v2.10.1" imagePullPolicy: IfNotPresent modules: - name: resiliency - configVersion: "v1.7.0" + configVersion: "v1.9.1" enabled: true components: - name: podmon-controller diff --git a/pkg/utils/status.go b/pkg/utils/status.go index d8b05ee15..e0455dc37 100644 --- a/pkg/utils/status.go +++ b/pkg/utils/status.go @@ -441,10 +441,6 @@ func UpdateStatus(ctx context.Context, instance *csmv1.ContainerStorageModule, r log.Error(err, " Failed to update CR status") return err } - if err != nil { - log.Error(err, " Failed to update CR status") - return err - } log.Info("Update done") return merr } diff --git a/samples/authorization/certificate_v1101.yaml b/samples/authorization/certificate_v1101.yaml new file mode 100644 index 000000000..0483b828a --- /dev/null +++ b/samples/authorization/certificate_v1101.yaml @@ -0,0 +1,35 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned + namespace: authorization +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: karavi-auth + namespace: authorization +spec: + secretName: karavi-auth-tls + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - dellemc + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - server auth + - client auth + dnsNames: + - csm-authorization.com + - authorization-ingress-nginx-controller.authorization.svc.cluster.local + issuerRef: + name: selfsigned + kind: Issuer + group: cert-manager.io diff --git a/samples/authorization/csm_authorization_proxy_server_v1101.yaml b/samples/authorization/csm_authorization_proxy_server_v1101.yaml new file mode 100644 index 000000000..72104f658 --- /dev/null +++ b/samples/authorization/csm_authorization_proxy_server_v1101.yaml @@ -0,0 +1,74 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: authorization + namespace: authorization +spec: + modules: + # Authorization: enable csm-authorization proxy server for RBAC + - name: authorization-proxy-server + # enable: Enable/Disable csm-authorization + enabled: true + configVersion: v1.10.1 + forceRemoveModule: true + components: + - name: karavi-authorization-proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: dellemc/csm-authorization-proxy:v1.10.1 + tenantService: dellemc/csm-authorization-tenant:v1.10.1 + roleService: dellemc/csm-authorization-role:v1.10.1 + storageService: dellemc/csm-authorization-storage:v1.10.1 + redis: redis:6.0.8-alpine + commander: rediscommander/redis-commander:latest + opa: openpolicyagent/opa + opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 + envs: + # proxy-server ingress will use this hostname + # NOTE: an additional hostname can be configured in the PROXY_INGRESS_HOST environment variable + # NOTE: proxy-server ingress is configured to accept IP address connections so hostnames are not required + - name: "PROXY_HOST" + value: "csm-authorization.com" + + # Proxy-service ingress configuration + # Default value: nginx + - name: "PROXY_INGRESS_CLASSNAME" + value: "nginx" + # An additional host rule for the proxy-server ingress + # Default value: authorization-ingress-nginx-controller.namespace.svc.cluster.local + - name: "PROXY_INGRESS_HOST" + value: "authorization-ingress-nginx-controller.authorization.svc.cluster.local" + + # by default, csm-authorization will deploy a local (https://kubernetes.io/docs/concepts/storage/storage-classes/#local) volume for redis + # to use a different storage class for redis, specify the name of the storage class + # NOTE: the storage class must NOT be a storage class provisioned by a CSI driver using this installation of CSM Authorization + # Default value: None + - name: "REDIS_STORAGE_CLASS" + value: "" + + # enabled: Enable/Disable nginx ingress + # Allowed values: + # true: enable deployment of nginx ingress controller + # false: disable deployment of nginx ingress only if you have your own ingress controller + # Default value: true + - name: ingress-nginx + enabled: true + + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: csm-config-params + namespace: authorization +data: + csm-config-params.yaml: | + CONCURRENT_POWERFLEX_REQUESTS: 10 + LOG_LEVEL: debug diff --git a/samples/storage_csm_powerflex_v2101.yaml b/samples/storage_csm_powerflex_v2101.yaml new file mode 100644 index 000000000..7cd23903e --- /dev/null +++ b/samples/storage_csm_powerflex_v2101.yaml @@ -0,0 +1,427 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: vxflexos + namespace: vxflexos +spec: + driver: + csiDriverType: "powerflex" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "File" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + configVersion: v2.10.1 + replicas: 1 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + image: "dellemc/csi-vxflexos:v2.10.1" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: "false" + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: "false" + - name: X_CSI_DEBUG + value: "true" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + - name: "CERT_SECRET_COUNT" + value: "0" + - name: X_CSI_QUOTA_ENABLED + value: "false" + + sideCars: + # 'k8s' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + args: ["--volume-name-prefix=k8s"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + - name: csi-metadata-retriever + image: dellemc/csi-metadata-retriever:v1.7.3 + + # sdc-monitor is disabled by default, due to high CPU usage + - name: sdc-monitor + enabled: false + image: dellemc/sdc:4.5.1 + envs: + - name: HOST_PID + value: "1" + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #do not add mdm value here if it is present in secret + + # health monitor is disabled by default, refer to driver documentation before enabling it + # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED to "true". + - name: csi-external-health-monitor-controller + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_POWERFLEX_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. + # Allowed Values: x.x.x.x/xx or x.x.x.x + # Default Value: None + - name: X_CSI_POWERFLEX_EXTERNAL_ACCESS + value: + + #"controller.nodeSelector" defines what nodes would be selected for pods of controller deployment + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "controller.tolerations" defines tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + + # X_CSI_APPROVE_SDC_ENABLED: Enables/Disable SDC approval + # Allowed values: + # true: enable SDC approval + # false: disable SDC approval + # Default value: false + - name: X_CSI_APPROVE_SDC_ENABLED + value: "false" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_RENAME_SDC_ENABLED: Enable/Disable rename of SDC + # Allowed values: + # true: enable renaming + # false: disable renaming + # Default value: false + - name: X_CSI_RENAME_SDC_ENABLED + value: "false" + + # X_CSI_RENAME_SDC_PREFIX: defines a string for prefix of the SDC name. + # "prefix" + "worker_node_hostname" should not exceed 31 chars. + # Default value: none + # Examples: "rhel-sdc", "sdc-test" + - name: X_CSI_RENAME_SDC_PREFIX + value: "" + + # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerFlex volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # If value is zero Container Orchestrator shall decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'maxVxflexosVolumesPerNode' is not set. + # Default value: "0" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + + + # "node.nodeSelector" defines what nodes would be selected for pods of node daemonset + # Leave as blank to use all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # node-role.kubernetes.io/master: "" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # "node.tolerations" defines tolerations that would be applied to node daemonset + # Leave as blank to install node driver only on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoSchedule" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + initContainers: + - image: dellemc/sdc:4.5.1 + imagePullPolicy: IfNotPresent + name: sdc + envs: + - name: MDM + value: "10.xx.xx.xx,10.xx.xx.xx" #provide MDM value + + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + configVersion: v1.10.1 + components: + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.10.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: false + configVersion: v1.8.1 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: false + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:v1.8.1 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + - name: cert-manager + enabled: false + + - name: metrics-powerflex + # enabled: Enable/Disable PowerFlex metrics + enabled: false + # image: Defines PowerFlex metrics image. This shouldn't be changed + image: dellemc/csm-metrics-powerflex:v1.8.1 + envs: + # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERFLEX_SDC_METRICS_ENABLED: enable/disable collection of sdc metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_SDC_METRICS_ENABLED" + value: "true" + # POWERFLEX_VOLUME_METRICS_ENABLED: enable/disable collection of volume metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_VOLUME_METRICS_ENABLED" + value: "true" + # POWERFLEX_STORAGE_POOL_METRICS_ENABLED: enable/disable collection of storage pool metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERFLEX_STORAGE_POOL_METRICS_ENABLED" + value: "true" + # POWERFLEX_SDC_IO_POLL_FREQUENCY: set polling frequency to get sdc metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_SDC_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_VOLUME_IO_POLL_FREQUENCY: set polling frequency to get volume metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_VOLUME_IO_POLL_FREQUENCY" + value: "10" + # POWERFLEX_STORAGE_POOL_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERFLEX_STORAGE_POOL_POLL_FREQUENCY" + value: "10" + # PowerFlex metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERFLEX_LOG_LEVEL" + value: "INFO" + # PowerFlex Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERFLEX_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + + # Replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.8.1 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.8.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerflex" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.8.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.9.1 + components: + - name: podmon-controller + image: dellemc/podmon:v1.9.1 + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-vxflexos" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityPollRate=5" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 3 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + - name: podmon-node + image: dellemc/podmon:v1.9.1 + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-vxflexos" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityPollRate=5" + # Below 3 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" diff --git a/samples/storage_csm_powermax_v2101.yaml b/samples/storage_csm_powermax_v2101.yaml new file mode 100644 index 000000000..e42741748 --- /dev/null +++ b/samples/storage_csm_powermax_v2101.yaml @@ -0,0 +1,445 @@ +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: powermax + namespace: powermax +spec: + # Add fields here + driver: + csiDriverType: "powermax" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + # Config version for CSI PowerMax v2.10.1 driver + configVersion: v2.10.1 + # replica: Define the number of PowerMax controller nodes + # to deploy to the Kubernetes release + # Allowed values: n, where n > 0 + # Default value: None + replicas: 2 + # Default credential secret for Powermax, if not set it to "" + authSecret: powermax-creds + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + # Image for CSI PowerMax driver v2.10.1 + image: dellemc/csi-powermax:v2.10.1 + # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. + # Allowed values: + # Always: Always pull the image. + # IfNotPresent: Only pull the image if it does not already exist on the node. + # Never: Never pull the image. + # Default value: None + imagePullPolicy: IfNotPresent + envs: + # X_CSI_MANAGED_ARRAYS: Serial ID of the arrays that will be used for provisioning + # Default value: None + # Examples: "000000000001", "000000000002" + - name: X_CSI_MANAGED_ARRAYS + value: "000000000000,000000000001" + # X_CSI_POWERMAX_ENDPOINT: Address of the Unisphere server that is managing the PowerMax arrays + # In case of multi-array, provide an endpoint of locally attached array + # Default value: None + # Example: https://0.0.0.1:8443 + - name: X_CSI_POWERMAX_ENDPOINT + value: "https://0.0.0.0:8443/" + # X_CSI_K8S_CLUSTER_PREFIX: Define a prefix that is appended onto + # all resources created in the Array + # This should be unique per K8s/CSI deployment + # maximum length of this value is 3 characters + # Default value: None + # Examples: "XYZ", "EMC" + - name: X_CSI_K8S_CLUSTER_PREFIX + value: "XYZ" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + # X_CSI_POWERMAX_PORTGROUPS: Define the set of existing port groups that the driver will use. + # It is a comma separated list of portgroup names. + # Required only in case of iSCSI port groups + # Allowed values: iSCSI Port Group names + # Default value: None + # Examples: "pg1", "pg1, pg2" + - name: X_CSI_POWERMAX_PORTGROUPS + value: "" + # "X_CSI_TRANSPORT_PROTOCOL" can be "FC" or "FIBRE" for fibrechannel, + # "ISCSI" for iSCSI, or "" for autoselection. + # Allowed values: + # "FC" - Fiber Channel protocol + # "FIBER" - Fiber Channel protocol + # "ISCSI" - iSCSI protocol + # "" - Automatic selection of transport protocol + # Default value: "" + - name: X_CSI_TRANSPORT_PROTOCOL + value: "" + # X_CSI_POWERMAX_PROXY_SERVICE_NAME: Refers to the name of the proxy service in kubernetes + # Allowed values: "csipowermax-reverseproxy" + # default values: "csipowermax-reverseproxy" + - name: X_CSI_POWERMAX_PROXY_SERVICE_NAME + value: "csipowermax-reverseproxy" + # VMware/vSphere virtualization support + # set X_CSI_VSPHERE_ENABLED to true, if you to enable VMware virtualized environment support via RDM + # Allowed values: + # "true" - vSphere volumes are enabled + # "false" - vSphere volumes are disabled + # Default value: "false" + - name: "X_CSI_VSPHERE_ENABLED" + value: "false" + # X_CSI_VSPHERE_PORTGROUP: An existing portGroup that driver will use for vSphere + # recommended format: csi-x-VC-PG, x can be anything of user choice + # Allowed value: valid existing port group on the array + # Default value: "" + - name: "X_CSI_VSPHERE_PORTGROUP" + value: "" + # X_CSI_VSPHERE_HOSTNAME: An existing host(initiator group)/ host group(cascaded initiator group) that driver will use for vSphere + # this host should contain initiators from all the ESXs/ESXi host where the cluster is deployed + # recommended format: csi-x-VC-HN, x can be anything of user choice + # Allowed value: valid existing host/host group on the array + # Default value: "" + - name: "X_CSI_VSPHERE_HOSTNAME" + value: "" + # X_CSI_VCENTER_HOST: URL/endpoint of the vCenter where all the ESX are present + # Allowed value: valid vCenter host endpoint + # Default value: "" + - name: "X_CSI_VCENTER_HOST" + value: "" + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin- volume usage, volume condition + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # nodeSelector: Define node selection constraints for controller pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations that would be applied to controller deployment + # Leave as blank to install controller on worker nodes + # Allowed values: map of key-value pairs + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_POWERMAX_ISCSI_ENABLE_CHAP: Determine if the driver is going to configure + # ISCSI node databases on the nodes with the CHAP credentials + # If enabled, the CHAP secret must be provided in the credentials secret + # and set to the key "chapsecret" + # Allowed values: + # "true" - CHAP is enabled + # "false" - CHAP is disabled + # Default value: "false" + - name: X_CSI_POWERMAX_ISCSI_ENABLE_CHAP + value: "false" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin- volume usage, volume condition + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_TOPOLOGY_CONTROL_ENABLED provides a way to filter topology keys on a node based on array and transport protocol + # if enabled, user can create custom topology keys by editing node-topology-config configmap. + # Allowed values: + # true: enable the filtration based on config map + # false: disable the filtration based on config map + # Default value: false + - name: X_CSI_TOPOLOGY_CONTROL_ENABLED + value: "false" + # X_CSI_MAX_VOLUMES_PER_NODE: Defines the maximum PowerMax volumes that the controller can schedule on the node + # Allowed values: Any value greater than or equal to 0 + # Default value: "0" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations that would be applied to node daemonset + # Add/Remove tolerations as per requirement + # Leave as blank if you wish to not apply any tolerations + # Allowed values: map of key-value pairs + # Default value: None + tolerations: + - key: "node.kubernetes.io/memory-pressure" + operator: "Exists" + effect: "NoExecute" + - key: "node.kubernetes.io/disk-pressure" + operator: "Exists" + effect: "NoExecute" + - key: "node.kubernetes.io/network-unavailable" + operator: "Exists" + effect: "NoExecute" + sideCars: + # 'pmax' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + args: ["--volume-name-prefix=pmax"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + - name: csi-metadata-retriever + image: dellemc/csi-metadata-retriever:v1.7.3 + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: [ "--monitor-interval=60s" ] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure only when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + modules: + # CSI Powermax Reverseproxy is a mandatory module for Powermax + - name: csireverseproxy + # enabled: Always set to true + enabled: true + forceRemoveModule: true + configVersion: v2.9.1 + components: + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy + # Default value: None + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:v2.9.1 + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key + # Default value: None + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enabled: Enable/Disable csm-authorization + enabled: false + configVersion: v1.10.1 + components: + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.10.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + + # Replication: allows configuring replication module + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.8.1 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.8.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powermax + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powermax" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.8.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: false + configVersion: v1.8.1 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: false + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:v1.8.1 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + enabled: false + + - name: metrics-powermax + # enabled: Enable/Disable PowerMax metrics + enabled: false + # image: Defines PowerMax metrics image. This shouldn't be changed + image: dellemc/csm-metrics-powermax:v1.3.1 + envs: + # POWERMAX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerMax + # Allowed values: int + # Default value: 10 + - name: "POWERMAX_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERMAX_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERMAX_CAPACITY_METRICS_ENABLED" + value: "true" + # POWERMAX_PERFORMANCE_METRICS_ENABLED: enable/disable collection of volume performance metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERMAX_PERFORMANCE_METRICS_ENABLED" + value: "true" + # POWERMAX_CAPACITY_POLL_FREQUENCY: set polling frequency to get capacity metrics data + # Allowed values: int + # Default value: 10 + - name: "POWERMAX_CAPACITY_POLL_FREQUENCY" + value: "10" + # POWERMAX_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get volume performance data + # Allowed values: int + # Default value: 10 + - name: "POWERMAX_PERFORMANCE_POLL_FREQUENCY" + value: "10" + # PowerMax metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERMAX_LOG_LEVEL" + value: "INFO" + # PowerMax Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERMAX_LOG_FORMAT" + value: "TEXT" + # otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + # configMap name which has all array/endpoint related info + - name: "X_CSI_CONFIG_MAP_NAME" + value: "powermax-reverseproxy-config" diff --git a/samples/storage_csm_powerscale_v2101.yaml b/samples/storage_csm_powerscale_v2101.yaml new file mode 100644 index 000000000..8747d8205 --- /dev/null +++ b/samples/storage_csm_powerscale_v2101.yaml @@ -0,0 +1,518 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: isilon + namespace: isilon +spec: + driver: + csiDriverType: "isilon" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + # Config version for CSI PowerScale v2.10.1 driver + configVersion: v2.10.1 + authSecret: isilon-creds + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + # Uninstall CSI Driver and/or modules when CR is deleted + forceRemoveDriver: true + common: + # Image for CSI PowerScale driver v2.10.1 + image: "dellemc/csi-isilon:v2.10.1" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs + # Allowed Values: + # 0: log full content of the HTTP request and response + # 1: log without the HTTP response body + # 2: log only 1st line of the HTTP request and response + # Default value: 0 + - name: X_CSI_VERBOSE + value: "1" + + # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server + # This value acts as a default value for endpointPort, if not specified for a cluster config in secret + # Allowed value: valid port number + # Default value: 8080 + - name: X_CSI_ISI_PORT + value: "8080" + + # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. + # This value acts as a default value for isiPath, if not specified for a cluster config in secret + # Ensure that this path exists on PowerScale cluster. + # Allowed values: unix absolute path + # Default value: /ifs + # Examples: /ifs/data/csi, /ifs/engineering + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + + # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization + # Allowed values: + # true : do not probe all PowerScale clusters during driver initialization + # false: probe all PowerScale clusters during driver initialization + # Default value: false + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + + # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. + # Allowed values: + # true : enable auto probe. + # false: disable auto probe. + # Default value: false + - name: X_CSI_ISI_AUTOPROBE + value: "true" + + # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. + # Formerly this attribute was named as "X_CSI_ISI_INSECURE" + # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret + # Allowed values: + # true: skip OneFS API server's certificate verification + # false: verify OneFS API server's certificates + # Default value: true + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + + # X_CSI_ISI_AUTH_TYPE: Specify the authentication method to be used. + # Allowed values: + # 0: basic authentication + # 1: session-based authentication + # Default value: 0 + - name: X_CSI_ISI_AUTH_TYPE + value: "0" + + # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label .dellemc.com/: + # has to be used for making connection to backend PowerScale Array. + # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. + # Allowed values: + # true : enable custom topology + # false: disable custom topology + # Default value: false + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: "/var/lib/kubelet" + + # certSecretCount: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (isilon-cert-0..isilon-cert-n) + # Allowed values: n, where n > 0 + # Default value: None + - name: "CERT_SECRET_COUNT" + value: "1" + + # CSI driver log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "CSI_LOG_LEVEL" + value: "debug" + + controller: + envs: + # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota + # on a newly provisioned volume. + # This requires SmartQuotas to be enabled on PowerScale cluster. + # Allowed values: + # true: set quota for volume + # false: do not set quota for volume + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + + # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. + # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. + # Default value: System + # Examples: System, zone1 + - name: X_CSI_ISI_ACCESS_ZONE + value: "System" + + # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS: Ignore unresolvable hosts on the OneFS. + # When set to true, OneFS allows new host to add to existing export list though any of the existing hosts from the + # same exports are unresolvable/doesn't exist anymore. + # Allowed values: + # true: ignore existing unresolvable hosts and append new host to the existing export + # false: exhibits OneFS default behavior i.e. if any of existing hosts are unresolvable while adding new one it fails + # Default value: false + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of controller deployment. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controller deployment, if required. + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + node: + envs: + # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. + # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. + # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. + # Allowed values: n, where n >= 0 + # Default value: 0 + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + + # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export + # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. + # Allowed values: list of one or more networks + # Default value: None + # Provide them in the following format: "[net1, net2]" + # CIDR format should be used + # eg: "[192.168.1.0/24, 192.168.100.0/22]" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin- volume status, volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # X_CSI_MAX_PATH_LIMIT: this parameter is used for setting the maximum Path length for the given volume. + # Default value: 192 + # Examples: 192, 256 + - name: X_CSI_MAX_PATH_LIMIT + value: "192" + + # nodeSelector: Define node selection constraints for pods of node daemonset + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the node daemonset, if required. + # Default value: None + tolerations: + # - key: "node.kubernetes.io/memory-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/disk-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/network-unavailable" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + sideCars: + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + args: ["--volume-name-prefix=csipscale"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + - name: csi-metadata-retriever + image: dellemc/csi-metadata-retriever:v1.7.3 + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: false + configVersion: v1.10.1 + components: + - name: karavi-authorization-proxy + image: dellemc/csm-authorization-sidecar:v1.10.1 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + + # replication: allows to configure replication + # Replication CRDs must be installed before installing driver + - name: replication + # enabled: Enable/Disable replication feature + # Allowed values: + # true: enable replication feature(install dell-csi-replicator sidecar) + # false: disable replication feature(do not install dell-csi-replicator sidecar) + # Default value: false + enabled: false + configVersion: v1.8.1 + components: + - name: dell-csi-replicator + # image: Image to use for dell-csi-replicator. This shouldn't be changed + # Allowed values: string + # Default value: None + image: dellemc/dell-csi-replicator:v1.8.1 + envs: + # replicationPrefix: prefix to prepend to storage classes parameters + # Allowed values: string + # Default value: replication.storage.dell.com + - name: "X_CSI_REPLICATION_PREFIX" + value: "replication.storage.dell.com" + # replicationContextPrefix: prefix to use for naming of resources created by replication feature + # Allowed values: string + # Default value: powerstore + - name: "X_CSI_REPLICATION_CONTEXT_PREFIX" + value: "powerscale" + + - name: dell-replication-controller-manager + # image: Defines controller image. This shouldn't be changed + # Allowed values: string + image: dellemc/dell-replication-controller:v1.8.1 + envs: + # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID + # Set the value to "self" in case of stretched/single cluster configuration + # Allowed values: string + - name: "TARGET_CLUSTERS_IDS" + value: "target-cluster-1" + # Replication log level + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "debug" + - name: "REPLICATION_CTRL_LOG_LEVEL" + value: "debug" + + # replicas: Defines number of controller replicas + # Allowed values: int + # Default value: 1 + - name: "REPLICATION_CTRL_REPLICAS" + value: "1" + # retryIntervalMin: Initial retry interval of failed reconcile request. + # It doubles with each failure, upto retry-interval-max + # Allowed values: time + - name: "RETRY_INTERVAL_MIN" + value: "1s" + # RETRY_INTERVAL_MAX: Maximum retry interval of failed reconcile request + # Allowed values: time + - name: "RETRY_INTERVAL_MAX" + value: "5m" + + # observability: allows to configure observability + - name: observability + # enabled: Enable/Disable observability + enabled: false + configVersion: v1.8.1 + components: + - name: topology + # enabled: Enable/Disable topology + enabled: false + # image: Defines karavi-topology image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-topology:v1.8.1 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # topology log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "TOPOLOGY_LOG_LEVEL" + value: "INFO" + + - name: otel-collector + # enabled: Enable/Disable OpenTelemetry Collector + enabled: false + # image: Defines otel-collector image. This shouldn't be changed + # Allowed values: string + image: otel/opentelemetry-collector:0.42.0 + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + envs: + # image of nginx proxy image + # Allowed values: string + # Default value: "nginxinc/nginx-unprivileged:1.20" + - name: "NGINX_PROXY_IMAGE" + value: "nginxinc/nginx-unprivileged:1.20" + + - name: cert-manager + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: false + enabled: false + + - name: metrics-powerscale + # enabled: Enable/Disable PowerScale metrics + enabled: false + # image: Defines PowerScale metrics image. This shouldn't be changed + # Allowed values: string + image: dellemc/csm-metrics-powerscale:v1.5.1 + envs: + # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale + # Allowed values: int + # Default value: 10 + - name: "POWERSCALE_MAX_CONCURRENT_QUERIES" + value: "10" + # POWERSCALE_CAPACITY_METRICS_ENABLED: enable/disable collection of capacity metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_CAPACITY_METRICS_ENABLED" + value: "true" + # POWERSCALE_PERFORMANCE_METRICS_ENABLED: enable/disable collection of performance metrics + # Allowed values: ture, false + # Default value: true + - name: "POWERSCALE_PERFORMANCE_METRICS_ENABLED" + value: "true" + # POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY: set polling frequency to get cluster capacity metrics data + # Allowed values: int + # Default value: 30 + - name: "POWERSCALE_CLUSTER_CAPACITY_POLL_FREQUENCY" + value: "30" + # POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY: set polling frequency to get cluster performance metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_CLUSTER_PERFORMANCE_POLL_FREQUENCY" + value: "20" + # POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY: set polling frequency to get Quota capacity metrics data + # Allowed values: int + # Default value: 20 + - name: "POWERSCALE_QUOTA_CAPACITY_POLL_FREQUENCY" + value: "30" + # ISICLIENT_INSECURE: set true/false to skip/verify OneFS API server's certificates + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_INSECURE" + value: "true" + # ISICLIENT_AUTH_TYPE: set 0/1 to enables session-based/basic Authentication + # Allowed values: ture, false + # Default value: true + - name: "ISICLIENT_AUTH_TYPE" + value: "1" + # ISICLIENT_VERBOSE: set 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs + # Allowed values: 0,1,2 + # Default value: 0 + - name: "ISICLIENT_VERBOSE" + value: "0" + # PowerScale metrics log level + # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC + # Default value: "INFO" + - name: "POWERSCALE_LOG_LEVEL" + value: "INFO" + # PowerScale Metrics Output logs in the specified format + # Valid values: TEXT, JSON + # Default value: "TEXT" + - name: "POWERSCALE_LOG_FORMAT" + value: "TEXT" + # Otel collector address + # Allowed values: String + # Default value: "otel-collector:55680" + - name: "COLLECTOR_ADDRESS" + value: "otel-collector:55680" + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.9.1 + components: + - name: podmon-controller + image: dellemc/podmon:v1.9.1 + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 4 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driverPath=csi-isilon.dellemc.com" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + - name: podmon-node + image: dellemc/podmon:v1.9.1 + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-isilon" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + # Below 4 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" + - "--mode=node" + - "--driverPath=csi-isilon.dellemc.com" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" diff --git a/samples/storage_csm_powerstore_v2101.yaml b/samples/storage_csm_powerstore_v2101.yaml new file mode 100644 index 000000000..fb8eb9ea8 --- /dev/null +++ b/samples/storage_csm_powerstore_v2101.yaml @@ -0,0 +1,222 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: powerstore + namespace: powerstore +spec: + driver: + csiDriverType: "powerstore" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + # Config version for CSI PowerStore v2.10.1 driver + configVersion: v2.10.1 + # authSecret: This is the secret used to validate the default PowerStore secret used for installation + # Allowed values: -config + # For example: If the metadataName is set to powerstore, authSecret value should be set to powerstore-config + authSecret: powerstore-config + # Controller count + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + # Image for CSI PowerStore driver v2.10.1 + image: "dellemc/csi-powerstore:v2.10.1" + imagePullPolicy: IfNotPresent + envs: + - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX + value: "csi-node" + - name: X_CSI_FC_PORTS_FILTER_FILE_PATH + value: "/etc/fc-ports-filter" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + - name: CSI_LOG_LEVEL + value: debug + + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + args: ["--volume-name-prefix=csivol"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + - name: csi-metadata-retriever + image: dellemc/csi-metadata-retriever:v1.7.3 + + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure only when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + controller: + envs: + # X_CSI_NFS_ACLS: enables setting permissions on NFS mount directory + # This value will be the default value if a storage class and array config in secret + # do not contain the NFS ACL (nfsAcls) parameter specified + # Permissions can be specified in two formats: + # 1) Unix mode (NFSv3) + # 2) NFSv4 ACLs (NFSv4) + # NFSv4 ACLs are supported on NFSv4 share only. + # Allowed values: + # 1) Unix mode: valid octal mode number + # Examples: "0777", "777", "0755" + # 2) NFSv4 acls: valid NFSv4 acls, seperated by comma + # Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" + # Optional: true + # Default value: "0777" + # nfsAcls: "0777" + - name: X_CSI_NFS_ACLS + value: "0777" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERSTORE_EXTERNAL_ACCESS: Allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries. + # Allowed Values: x.x.x.x/xx or x.x.x.x + # Default Value: + - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS + value: + + # nodeSelector: Define node selection constraints for controller pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # Set to "true" to enable ISCSI CHAP Authentication + # CHAP password will be autogenerated by driver + - name: "X_CSI_POWERSTORE_ENABLE_CHAP" + value: "false" + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + # X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE: Defines the maximum PowerStore volumes that can be created per node + # Allowed values: Any value greater than or equal to 0 + # Default value: "0" + - name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE + value: "0" + + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + + modules: + - name: resiliency + # enabled: Enable/Disable Resiliency feature + # Allowed values: + # true: enable Resiliency feature(deploy podmon sidecar) + # false: disable Resiliency feature(do not deploy podmon sidecar) + # Default value: false + enabled: false + configVersion: v1.9.1 + components: + - name: podmon-controller + image: dellemc/podmon:v1.9.1 + imagePullPolicy: IfNotPresent + args: + - "--labelvalue=csi-powerstore" + - "--arrayConnectivityPollRate=60" + - "--skipArrayConnectionValidation=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + - "--arrayConnectivityConnectionLossThreshold=3" + # Below 4 args should not be modified. + - "--csisock=unix:/var/run/csi/csi.sock" + - "--mode=controller" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + - "--driverPath=csi-powerstore.dellemc.com" + - name: podmon-node + image: dellemc/podmon:v1.9.1 + imagePullPolicy: IfNotPresent + envs: + # podmonAPIPort: Defines the port to be used within the kubernetes cluster + # Allowed values: Any valid and free port (string) + # Default value: 8083 + - name: "X_CSI_PODMON_API_PORT" + value: "8083" + args: + - "--labelvalue=csi-powerstore" + - "--arrayConnectivityPollRate=60" + - "--leaderelection=false" + - "--driverPodLabelValue=dell-storage" + - "--ignoreVolumelessPods=false" + # Below 4 args should not be modified. + - "--csisock=unix:/var/lib/kubelet/plugins/csi-powerstore.dellemc.com/csi_sock" + - "--mode=node" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + - "--driverPath=csi-powerstore.dellemc.com" diff --git a/samples/storage_csm_unity_v2101.yaml b/samples/storage_csm_unity_v2101.yaml new file mode 100644 index 000000000..9237535b2 --- /dev/null +++ b/samples/storage_csm_unity_v2101.yaml @@ -0,0 +1,157 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: unity + namespace: unity +spec: + driver: + csiDriverType: "unity" + csiDriverSpec: + # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. + # Allowed values: ReadWriteOnceWithFSType, File , None + # Default value: ReadWriteOnceWithFSType + fSGroupPolicy: "ReadWriteOnceWithFSType" + # storageCapacity: Helps the scheduler to schedule the pod on a node satisfying the topology constraints, only if the requested capacity is available on the storage array + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + storageCapacity: true + # Config version for CSI Unity v2.10.1 driver + configVersion: v2.10.1 + # Controller count + replicas: 2 + dnsPolicy: ClusterFirstWithHostNet + forceUpdate: false + forceRemoveDriver: true + common: + # Image for CSI Unity driver v2.10.1 + image: "dellemc/csi-unity:v2.10.1" + imagePullPolicy: IfNotPresent + envs: + # X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. + # Allowed values: boolean + # Default value: "false" + # Examples : "true" , "false" + - name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS + value: "false" + - name: X_CSI_EPHEMERAL_STAGING_PATH + value: "/var/lib/kubelet/plugins/kubernetes.io/csi/pv/" + # X_CSI_ISCSI_CHROOT is the path to which the driver will chroot before + # running any iscsi commands. This value should only be set when instructed + # by technical support + - name: X_CSI_ISCSI_CHROOT + value: "/noderoot" + # X_CSI_UNITY_SYNC_NODEINFO_INTERVAL - Time interval to add node info to array. Default 15 minutes. Minimum value should be 1. + # Allowed values: integer + # Default value: 15 + # Examples : 0 , 2 + - name: X_CSI_UNITY_SYNC_NODEINFO_INTERVAL + value: "15" + # Specify kubelet config dir path. + # Ensure that the config.yaml file is present at this path. + # Default value: /var/lib/kubelet + - name: KUBELET_CONFIG_DIR + value: /var/lib/kubelet + # CSI_LOG_LEVEL is used to set the logging level of the driver. + # Allowed values: "error", "warn"/"warning", "info", "debug" + # Default value: "info" + - name: CSI_LOG_LEVEL + value: debug + # TENANT_NAME - Tenant name that need to added while adding host entry to the array. + # Allowed values: string + # Default value: "" + # Examples : "tenant2" , "tenant3" + - name: TENANT_NAME + value: "" + # CERT_SECRET_COUNT: Represents number of certificate secrets, which user is going to create for + # ssl authentication. (unity-cert-0..unity-cert-n) + # This field is only verified if X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION is set to false + # Allowed values: n, where n > 0 + # Default value: None + - name: CERT_SECRET_COUNT + value: "1" + # X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION: Specifies if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. + # If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate + # Allowed values: + # true: skip Unisphere API server's certificate verification + # false: verify Unisphere API server's certificates + # Default value: true + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + + sideCars: + # 'csivol' represents a string prepended to each volume created by the CSI driver + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + args: ["--volume-name-prefix=csivol"] + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + - name: csi-metadata-retriever + image: dellemc/csi-metadata-retriever:v1.7.3 + # Uncomment the following to configure how often external-provisioner polls the driver to detect changed capacity + # Configure when the storageCapacity is set as "true" + # Allowed values: 1m,2m,3m,...,10m,...,60m etc. Default value: 5m + #- name: provisioner + # args: ["--capacity-poll-interval=5m"] + + # health monitor is disabled by default, refer to driver documentation before enabling it + - name: external-health-monitor + enabled: false + args: ["--monitor-interval=60s"] + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + controller: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition. + # Install the 'external-health-monitor' sidecar accordingly. + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" + node: + envs: + # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage + # Allowed values: + # true: enable checking of health condition of CSI volumes + # false: disable checking of health condition of CSI volumes + # Default value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + + # nodeSelector: Define node selection constraints for node pods. + # For the pod to be eligible to run on a node, the node must have each + # of the indicated key-value pairs as labels. + # Leave as blank to consider all nodes + # Allowed values: map of key-value pairs + # Default value: None + nodeSelector: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # node-role.kubernetes.io/control-plane: "" + + # tolerations: Define tolerations for the controllers, if required. + # Leave as blank to install controller on worker nodes + # Default value: None + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoSchedule" diff --git a/tests/config/driverconfig/badDriver/v2.10.1/bad.yaml b/tests/config/driverconfig/badDriver/v2.10.1/bad.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.10.1/bad.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.1/controller.yaml b/tests/config/driverconfig/badDriver/v2.10.1/controller.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.10.1/controller.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.1/csidriver.yaml b/tests/config/driverconfig/badDriver/v2.10.1/csidriver.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.10.1/csidriver.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/badDriver/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/badDriver/v2.10.1/driver-config-params.yaml new file mode 100644 index 000000000..55d520672 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.10.1/driver-config-params.yaml @@ -0,0 +1,5 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml + \ No newline at end of file diff --git a/tests/config/driverconfig/badDriver/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/badDriver/v2.10.1/upgrade-path.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/badDriver/v2.10.1/upgrade-path.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.10.1/bad.yaml b/tests/config/driverconfig/powerflex/v2.10.1/bad.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/powerflex/v2.10.1/bad.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml b/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml new file mode 100644 index 000000000..f0a353a03 --- /dev/null +++ b/tests/config/driverconfig/powerflex/v2.10.1/controller.yaml @@ -0,0 +1,258 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "update", "delete"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update", "create", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status","volumesnapshotcontents/status"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete", "update"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: + annotations: + com.dell.karavi-authorization-proxy: "true" +spec: + strategy: + rollingUpdate: + maxUnavailable: 1 + selector: + matchLabels: + name: -controller + replicas: 2 + template: + metadata: + labels: + name: -controller + spec: + affinity: + nodeSelector: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + serviceAccountName: -controller + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election=true" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--feature-gates=Topology=true" + - "--volume-name-prefix=k8s" + - "--volume-name-uuid-length=10" + - "--leader-election=true" + - "--timeout=120s" + - "--v=5" + - "--default-fstype=ext4" + - "--extra-create-metadata" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: csi-external-health-monitor-controller + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election=true" + - "--enable-node-watcher=true" + - "--http-endpoint=:8080" + - "--monitor-interval=60s" + - "--timeout=180s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=120s" + - "--v=5" + - "--leader-election=true" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election=true" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-vxflexos:v2.10.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-vxflexos.sh" ] + args: + - "--array-config=/vxflexos-config/config" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_VXFLEXOS_ENABLESNAPSHOTCGDELETE + value: false + - name: X_CSI_VXFLEXOS_ENABLELISTVOLUMESNAPSHOT + value: false + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_QUOTA_ENABLED + value: + - name: X_CSI_POWERFLEX_EXTERNAL_ACCESS + value: + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: vxflexos-config + mountPath: /vxflexos-config + - name: vxflexos-config-params + mountPath: /vxflexos-config-params + - name: certs + mountPath: /certs + readOnly: true + volumes: + - name: socket-dir + emptyDir: + - name: vxflexos-config + secret: + secretName: -config + - name: vxflexos-config-params + configMap: + name: -config-params + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 diff --git a/tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml new file mode 100644 index 000000000..9fdb2dfa0 --- /dev/null +++ b/tests/config/driverconfig/powerflex/v2.10.1/csidriver.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-vxflexos.dellemc.com +spec: + fsGroupPolicy: ReadWriteOnceWithFSType + attachRequired: true + podInfoOnMount: true + storageCapacity: false + volumeLifecycleModes: + - Persistent + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml new file mode 100644 index 000000000..060d7ead6 --- /dev/null +++ b/tests/config/driverconfig/powerflex/v2.10.1/driver-config-params.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug + CSI_LOG_FORMAT: TEXT \ No newline at end of file diff --git a/tests/config/driverconfig/powerflex/v2.10.1/node.yaml b/tests/config/driverconfig/powerflex/v2.10.1/node.yaml new file mode 100644 index 000000000..f9dcbad91 --- /dev/null +++ b/tests/config/driverconfig/powerflex/v2.10.1/node.yaml @@ -0,0 +1,279 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "update", "delete"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: + annotations: + com.dell.karavi-authorization-proxy: "true" +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + driver.dellemc.com: dell-storage + spec: + serviceAccount: -node + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostPID: false + containers: + - name: driver + securityContext: + privileged: true + allowPrivilegeEscalation: true + capabilities: + add: ["SYS_ADMIN"] + image: dellemc/csi-vxflexos:v2.10.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-vxflexos.sh" ] + args: + - "--array-config=/vxflexos-config/config" + - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: unix:///plugins/vxflexos.emc.dell.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/plugins/vxflexos.emc.dell.com/disks" + - name: X_CSI_ALLOW_RWO_MULTI_POD_ACCESS + value: false + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_APPROVE_SDC_ENABLED + value: + - name: X_CSI_RENAME_SDC_ENABLED + value: + - name: X_CSI_RENAME_SDC_PREFIX + value: + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: + - name: X_CSI_POWERFLEX_KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: driver-path + mountPath: /plugins/vxflexos.emc.dell.com + - name: volumedevices-path + mountPath: /plugins/kubernetes.io/csi/volumeDevices + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: noderoot + mountPath: /noderoot + - name: dev + mountPath: /dev + - name: vxflexos-config + mountPath: /vxflexos-config + - name: vxflexos-config-params + mountPath: /vxflexos-config-params + - name: certs + mountPath: /certs + readOnly: true + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/vxflexos.emc.dell.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + - name: sdc-monitor + securityContext: + privileged: true + image: dellemc/sdc:4.5.1 + imagePullPolicy: IfNotPresent + env: + - name: HOST_PID + value: "1" + - name: HOST_NET + value: "1" + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MODE + value: "monitoring" + volumeMounts: + - name: dev + mountPath: /dev + - name: os-release + mountPath: /host-os-release + - name: sdc-storage + mountPath: /storage + - name: udev-d + mountPath: /rules.d + initContainers: + - name: sdc + securityContext: + privileged: true + image: dellemc/sdc:4.5.1 + imagePullPolicy: IfNotPresent + env: + - name: NODENAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MODE + value: "config" + - name: MDM + valueFrom: + secretKeyRef: + name: -config + key: MDM + - name: HOST_DRV_CFG_PATH + value: /opt/emc/scaleio/sdc/bin + volumeMounts: + - name: dev + mountPath: /dev + - name: os-release + mountPath: /host-os-release + - name: sdc-storage + mountPath: /storage + - name: udev-d + mountPath: /rules.d + - name: scaleio-path-opt + mountPath: /host_drv_cfg_path + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/vxflexos.emc.dell.com + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /plugins/kubernetes.io/csi/volumeDevices + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: noderoot + hostPath: + path: / + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: scaleio-path-opt + hostPath: + path: /opt/emc/scaleio/sdc/bin + type: DirectoryOrCreate + - name: sdc-storage + hostPath: + path: /var/emc-scaleio + type: DirectoryOrCreate + - name: udev-d + hostPath: + path: /etc/udev/rules.d + type: Directory + - name: os-release + hostPath: + path: /etc/os-release + type: File + - name: vxflexos-config + secret: + secretName: -config + - name: vxflexos-config-params + configMap: + name: -config-params + - name: usr-bin + hostPath: + path: /usr/bin + type: Directory + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: var-run + hostPath: + path: /var/run + type: Directory + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 diff --git a/tests/config/driverconfig/powerflex/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/powerflex/v2.10.1/upgrade-path.yaml new file mode 100644 index 000000000..7781fa191 --- /dev/null +++ b/tests/config/driverconfig/powerflex/v2.10.1/upgrade-path.yaml @@ -0,0 +1,3 @@ + +minUpgradePath: v2.9.1 + diff --git a/tests/config/driverconfig/powermax/v2.10.1/bad.yaml b/tests/config/driverconfig/powermax/v2.10.1/bad.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/powermax/v2.10.1/bad.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powermax/v2.10.1/controller.yaml b/tests/config/driverconfig/powermax/v2.10.1/controller.yaml new file mode 100644 index 000000000..857d69418 --- /dev/null +++ b/tests/config/driverconfig/powermax/v2.10.1/controller.yaml @@ -0,0 +1,326 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots", "volumesnapshots/status"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + app: -controller + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + app: -controller + spec: + serviceAccount: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + + containers: + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--timeout=180s" + - "--v=5" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--timeout=180s" + - "--worker-threads=6" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + - "--http-endpoint=:8080" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=pmax" + - "--volume-name-uuid-length=10" + - "--worker-threads=6" + - "--timeout=120s" + - "--v=5" + - "--feature-gates=Topology=true" + - "--leader-election" + - "--extra-create-metadata" + - "--default-fstype=ext4" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=180s" + - "--v=5" + - "--snapshot-name-prefix=pmsn" + - "--leader-election" + - "--snapshot-name-uuid-length=10" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-powermax:v2.10.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-powermax.sh" ] + env: + - name: X_CSI_POWERMAX_DRIVER_NAME + value: csi-powermax.dellemc.com + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MANAGED_ARRAYS + value: "" + - name: X_CSI_POWERMAX_ENDPOINT + value: "" + - name: X_CSI_K8S_CLUSTER_PREFIX + value: "" + - name: X_CSI_MODE + value: controller + - name: X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION + value: "true" + - name: X_CSI_POWERMAX_USER + valueFrom: + secretKeyRef: + key: username + name: powermax-creds + - name: X_CSI_POWERMAX_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: powermax-creds + - name: X_CSI_POWERMAX_DEBUG + value: "" + - name: X_CSI_POWERMAX_PORTGROUPS + value: "" + - name: X_CSI_GRPC_MAX_THREADS + value: "50" + - name: X_CSI_ENABLE_BLOCK + value: "true" + - name: X_CSI_TRANSPORT_PROTOCOL + value: "" + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_IG_NODENAME_TEMPLATE + value: "" + - name: X_CSI_IG_MODIFY_HOSTNAME + value: "" + - name: X_CSI_POWERMAX_PROXY_SERVICE_NAME + value: "powermax-reverseproxy" + - name: X_CSI_REPLICATION_CONTEXT_PREFIX + value: powermax/ + - name: X_CSI_REPLICATION_PREFIX + value: replication.storage.dell.com/ + - name: X_CSI_UNISPHERE_TIMEOUT + value: 5m + - name: X_CSI_POWERMAX_CONFIG_PATH + value: /powermax-config-params/driver-config-params.yaml + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_VSPHERE_ENABLED + value: "" + - name: X_CSI_VSPHERE_PORTGROUP + value: "" + - name: X_CSI_VSPHERE_HOSTNAME + value: "" + - name: X_CSI_VCENTER_HOST + value: "" + - name: X_CSI_VCENTER_USERNAME + valueFrom: + secretKeyRef: + key: username + name: vcenter-creds + optional: true + - name: X_CSI_VCENTER_PWD + valueFrom: + secretKeyRef: + key: password + name: vcenter-creds + optional: true + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: powermax-config-params + mountPath: /csi-powermax-config-params + volumes: + - name: socket-dir + emptyDir: + - name: certs + secret: + secretName: -certs + optional: true + - name: powermax-config-params + configMap: + name: -config-params diff --git a/tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml new file mode 100644 index 000000000..fcbf5531e --- /dev/null +++ b/tests/config/driverconfig/powermax/v2.10.1/csidriver.yaml @@ -0,0 +1,23 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-powermax.dellemc.com +spec: + attachRequired: true + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + storageCapacity: false + volumeLifecycleModes: + - Persistent diff --git a/tests/config/driverconfig/powermax/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powermax/v2.10.1/driver-config-params.yaml new file mode 100644 index 000000000..2755e8a33 --- /dev/null +++ b/tests/config/driverconfig/powermax/v2.10.1/driver-config-params.yaml @@ -0,0 +1,21 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "JSON" diff --git a/tests/config/driverconfig/powermax/v2.10.1/node.yaml b/tests/config/driverconfig/powermax/v2.10.1/node.yaml new file mode 100644 index 000000000..a021317a1 --- /dev/null +++ b/tests/config/driverconfig/powermax/v2.10.1/node.yaml @@ -0,0 +1,254 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + spec: + serviceAccount: -node + #nodeSelector: + #tolerations: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver + command: ["/csi-powermax.sh"] + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-powermax:v2.10.1 + imagePullPolicy: IfNotPresent + env: + - name: X_CSI_POWERMAX_DRIVER_NAME + value: csi-powermax.dellemc.com + - name: CSI_ENDPOINT + value: unix:///plugins/powermax.emc.dell.com/csi_sock + - name: X_CSI_MANAGED_ARRAYS + value: "" + - name: X_CSI_POWERMAX_ENDPOINT + value: "" + - name: X_CSI_K8S_CLUSTER_PREFIX + value: "" + - name: X_CSI_MODE + value: node + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/plugins/powermax.emc.dell.com/disks" + - name: X_CSI_POWERMAX_SKIP_CERTIFICATE_VALIDATION + value: true + - name: X_CSI_POWERMAX_USER + valueFrom: + secretKeyRef: + name: powermax-creds + key: username + - name: X_CSI_POWERMAX_PASSWORD + valueFrom: + secretKeyRef: + name: powermax-creds + key: password + - name: X_CSI_POWERMAX_NODENAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_POWERMAX_ISCSI_ENABLE_CHAP + value: "" + - name: X_CSI_POWERMAX_PROXY_SERVICE_NAME + value: "powermax-reverseproxy" + - name: X_CSI_ISCSI_CHROOT + value: noderoot + - name: X_CSI_GRPC_MAX_THREADS + value: "50" + - name: X_CSI_TRANSPORT_PROTOCOL + value: "" + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_POWERMAX_CONFIG_PATH + value: /powermax-config-params/driver-config-params.yaml + - name: X_CSI_POWERMAX_TOPOLOGY_CONFIG_PATH + value: /node-topology-config/topologyConfig.yaml + - name: X_CSI_IG_NODENAME_TEMPLATE + value: "" + - name: X_CSI_IG_MODIFY_HOSTNAME + value: "" + - name: X_CSI_POWERMAX_PORTGROUPS + value: "" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_TOPOLOGY_CONTROL_ENABLED + value: "" + - name: X_CSI_VSPHERE_ENABLED + value: "" + - name: X_CSI_VSPHERE_PORTGROUP + value: "" + - name: X_CSI_VCENTER_HOST + value: "" + - name: X_CSI_VCENTER_USERNAME + valueFrom: + secretKeyRef: + key: username + name: vcenter-creds + optional: true + - name: X_CSI_VCENTER_PWD + valueFrom: + secretKeyRef: + key: password + name: vcenter-creds + optional: true + volumeMounts: + - name: driver-path + mountPath: /plugins/powermax.emc.dell.com + - name: volumedevices-path + mountPath: /plugins/kubernetes.io/csi/volumeDevices + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: sys + mountPath: /sys + - name: noderoot + mountPath: /noderoot + - name: dbus-socket + mountPath: /run/dbus/system_bus_socket + - name: certs + mountPath: /certs + readOnly: true + - name: powermax-config-params + mountPath: /powermax-config-params + - name: node-topology-config + mountPath: /node-topology-config + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/powermax.emc.dell.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/powermax.emc.dell.com + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /plugins/kubernetes.io/csi/volumeDevices + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory + - name: noderoot + hostPath: + path: / + type: Directory + - name: dbus-socket + hostPath: + path: /run/dbus/system_bus_socket + type: Socket + - name: certs + secret: + secretName: -certs + optional: true + - name: powermax-config-params + configMap: + name: -config-params + - name: node-topology-config + configMap: + name: node-topology-config + optional: true diff --git a/tests/config/driverconfig/powermax/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/powermax/v2.10.1/upgrade-path.yaml new file mode 100644 index 000000000..db2ac7d31 --- /dev/null +++ b/tests/config/driverconfig/powermax/v2.10.1/upgrade-path.yaml @@ -0,0 +1,2 @@ +minUpgradePath: v2.9.1 + diff --git a/tests/config/driverconfig/powerscale/v2.10.1/bad.yaml b/tests/config/driverconfig/powerscale/v2.10.1/bad.yaml new file mode 100644 index 000000000..f90b8b7a7 --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.10.1/bad.yaml @@ -0,0 +1,4 @@ +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml b/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml new file mode 100644 index 000000000..f05a9bdf9 --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.10.1/controller.yaml @@ -0,0 +1,312 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + app: -controller + replicas: 2 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: + app: -controller + spec: + serviceAccount: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + + containers: + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--timeout=120s" + - "--v=5" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--timeout=180s" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--enable-node-watcher=false" + - "--monitor-interval=60s" + - "--timeout=180s" + - "--http-endpoint=:8080" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=k8s" + - "--volume-name-uuid-length=10" + - "--worker-threads=5" + - "--timeout=120s" + - "--v=5" + - "--feature-gates=Topology=true" + - "--leader-election" + - "--extra-create-metadata" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + - "--enable-capacity=false" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--timeout=120s" + - "--v=5" + - "--snapshot-name-prefix=snapshot" + - "--leader-election" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-isilon:v2.10.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-isilon" ] + args: + - "--leader-election" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + - name: X_CSI_ISI_AUTH_TYPE + value: "0" + - name: X_CSI_VERBOSE + value: "1" + - name: X_CSI_ISI_PORT + value: "8080" + - name: X_CSI_ISI_AUTOPROBE + value: "true" + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + - name: X_CSI_ISI_ACCESS_ZONE + value: system + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS + value: "0777" + - name: X_CSI_ISI_IGNORE_UNRESOLVABLE_HOSTS + value: "false" + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + - name: X_CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_ISI_CONFIG_PATH + value: /isilon-configs/config + - name: X_CSI_MAX_PATH_LIMIT + value: "false" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: isilon-configs + mountPath: /isilon-configs + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params + volumes: + - name: socket-dir + emptyDir: + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: isilon-configs + secret: + secretName: -creds + - name: csi-isilon-config-params + configMap: + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml new file mode 100644 index 000000000..a55f2843f --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.10.1/csidriver.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-isilon.dellemc.com +spec: + attachRequired: true + podInfoOnMount: true + storageCapacity: false + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent + - Ephemeral diff --git a/tests/config/driverconfig/powerscale/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powerscale/v2.10.1/driver-config-params.yaml new file mode 100644 index 000000000..506503099 --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.10.1/driver-config-params.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: debug diff --git a/tests/config/driverconfig/powerscale/v2.10.1/node.yaml b/tests/config/driverconfig/powerscale/v2.10.1/node.yaml new file mode 100644 index 000000000..0ca8799c6 --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.10.1/node.yaml @@ -0,0 +1,196 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [ "security.openshift.io" ] + resourceNames: [ "privileged" ] + resources: [ "securitycontextconstraints" ] + verbs: [ "use" ] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + spec: + serviceAccount: -node + #nodeSelector: + #tolerations: + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver + command: ["/csi-isilon"] + args: + - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-isilon:v2.10.1 + imagePullPolicy: IfNotPresent + env: + - name: CSI_ENDPOINT + value: /plugins/csi-isilon/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION + value: "true" + - name: X_CSI_ALLOWED_NETWORKS + value: "" + - name: X_CSI_VERBOSE + value: "1" + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/plugins/csi-isilon/disks" + - name: X_CSI_ISI_PORT + value: "8080" + - name: X_CSI_ISI_PATH + value: "/ifs/data/csi" + - name: X_CSI_ISI_NO_PROBE_ON_START + value: "false" + - name: X_CSI_ISI_AUTOPROBE + value: "true" + - name: X_CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: X_CSI_NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_ISI_QUOTA_ENABLED + value: "true" + - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED + value: "false" + - name: X_CSI_ISI_CONFIG_PATH + value: /isilon-configs/config + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "0" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "false" + - name: X_CSI_MAX_PATH_LIMIT + value: "false" + volumeMounts: + - name: driver-path + mountPath: /plugins/csi-isilon + - name: volumedevices-path + mountPath: /plugins/kubernetes.io/csi/volumeDevices + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: certs + mountPath: /certs + readOnly: true + - name: isilon-configs + mountPath: /isilon-configs + - name: csi-isilon-config-params + mountPath: /csi-isilon-config-params + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/csi-isilon/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/csi-isilon + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /plugins/kubernetes.io/csi/volumeDevices + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: isilon-configs + secret: + secretName: -creds + - name: csi-isilon-config-params + configMap: + name: -config-params diff --git a/tests/config/driverconfig/powerscale/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/powerscale/v2.10.1/upgrade-path.yaml new file mode 100644 index 000000000..9c02efc7d --- /dev/null +++ b/tests/config/driverconfig/powerscale/v2.10.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.9.1 diff --git a/tests/config/driverconfig/powerstore/v2.10.1/bad.yaml b/tests/config/driverconfig/powerstore/v2.10.1/bad.yaml new file mode 100644 index 000000000..a85d0f248 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.10.1/bad.yaml @@ -0,0 +1,19 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +this snfoiasga + is + + 843*&(*(% invalid YAml \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.1/config.json b/tests/config/driverconfig/powerstore/v2.10.1/config.json new file mode 100644 index 000000000..b90989ebe --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.10.1/config.json @@ -0,0 +1,12 @@ +[ + { + "username": "admin", + "password": "password", + "globalID": "unique" , + "blockProtocol": "auto", + "endpoint": "https://10.0.0.1/api/rest", + "skipCertificateValidation": true, + "nasName": "nas-server" , + "nfsAcls": "0777" + } +] \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml b/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml new file mode 100644 index 000000000..14e455317 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.10.1/controller.yaml @@ -0,0 +1,270 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update", "patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["volumegroup.storage.dell.com"] + resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"] + verbs: ["create", "list", "watch", "delete", "update"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots", "volumesnapshots/status"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + name: -controller + replicas: 2 + template: + metadata: + labels: + name: -controller + spec: + serviceAccountName: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - -controller + topologyKey: kubernetes.io/hostname + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--worker-threads=130" + - "--resync=10s" + - "--timeout=130s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=csivol" + - "--volume-name-uuid-length=10" + - "--v=5" + - "--leader-election" + - "--default-fstype=ext4" + - "--extra-create-metadata" + - "--feature-gates=Topology=true" + - "--enable-capacity=false" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + - "--snapshot-name-prefix=csisnap" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--http-endpoint=:8080" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + - "--leader-election-renew-deadline=10s" + - "--leader-election-lease-duration=15s" + - "--leader-election-retry-period=5s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-powerstore:v2.10.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] + args: + - "--array-config=/powerstore-config/config" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + env: + - name: ENABLE_TRACING + value: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_DRIVER_NAME + value: "csi-powerstore.dellemc.com" + - name: X_CSI_POWERSTORE_EXTERNAL_ACCESS + value: + - name: X_CSI_NFS_ACLS + value: "" + - name: X_CSI_POWERSTORE_CONFIG_PATH + value: /powerstore-config/config + - name: X_CSI_POWERSTORE_CONFIG_PARAMS_PATH + value: /powerstore-config-params/driver-config-params.yaml + - name: GOPOWERSTORE_DEBUG + value: true + - name: CSI_AUTO_ROUND_OFF_FILESYSTEM_SIZE + value: false + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: powerstore-config + mountPath: /powerstore-config + - name: powerstore-config-params + mountPath: /powerstore-config-params + volumes: + - name: socket-dir + emptyDir: + - name: powerstore-config-params + configMap: + name: -config-params + - name: powerstore-config + secret: + secretName: -config \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml b/tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml new file mode 100644 index 000000000..1d6b34780 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.10.1/csidriver.yaml @@ -0,0 +1,27 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# + +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-powerstore.dellemc.com +spec: + storageCapacity: false + podInfoOnMount: true + fsGroupPolicy: ReadWriteOnceWithFSType + volumeLifecycleModes: + - Persistent + - Ephemeral \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml new file mode 100644 index 000000000..94ce0ee14 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.10.1/driver-config-params.yaml @@ -0,0 +1,25 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "debug" + CSI_LOG_FORMAT: "JSON" \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.1/node.yaml b/tests/config/driverconfig/powerstore/v2.10.1/node.yaml new file mode 100644 index 000000000..a8cb341fd --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.10.1/node.yaml @@ -0,0 +1,244 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + driver.dellemc.com: dell-storage + spec: + #nodeSelector: + #tolerations: + serviceAccount: -node + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + hostIPC: true + containers: + - name: driver + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-powerstore:v2.10.1 + imagePullPolicy: IfNotPresent + command: [ "/csi-powerstore" ] + args: + - "--array-config=/powerstore-config/config" + - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" + env: + - name: ENABLE_TRACING + value: + - name: CSI_ENDPOINT + value: unix:///plugins/csi-powerstore.dellemc.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_POWERSTORE_KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: X_CSI_POWERSTORE_NODE_NAME_PREFIX + value: + - name: X_CSI_POWERSTORE_NODE_ID_PATH + value: /node-id + - name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE + value: + - name: X_CSI_POWERSTORE_NODE_CHROOT_PATH + value: /noderoot + - name: X_CSI_POWERSTORE_TMP_DIR + value: /plugins/csi-powerstore.dellemc.com/tmp + - name: X_CSI_DRIVER_NAME + value: "csi-powerstore.dellemc.com" + - name: X_CSI_FC_PORTS_FILTER_FILE_PATH + value: + - name: X_CSI_POWERSTORE_ENABLE_CHAP + value: "" + - name: X_CSI_POWERSTORE_CONFIG_PATH + value: /powerstore-config/config + - name: X_CSI_POWERSTORE_CONFIG_PARAMS_PATH + value: /powerstore-config-params/driver-config-params.yaml + - name: GOPOWERSTORE_DEBUG + value: "true" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + volumeMounts: + - name: driver-path + mountPath: /plugins/csi-powerstore.dellemc.com + - name: csi-path + mountPath: /plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: sys + mountPath: /sys + - name: run + mountPath: /run + - name: node-id + mountPath: /node-id + - name: etciscsi + mountPath: /etc/iscsi + - name: mpath + mountPath: /etc/multipath.conf + - name: noderoot + mountPath: /noderoot + - name: powerstore-config + mountPath: /powerstore-config + - name: powerstore-config-params + mountPath: /powerstore-config-params + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/plugins/csi-powerstore.dellemc.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /plugins/csi-powerstore.dellemc.com + type: DirectoryOrCreate + - name: csi-path + hostPath: + path: /plugins/kubernetes.io/csi + - name: pods-path + hostPath: + path: /pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: node-id + hostPath: + path: /etc/machine-id + type: File + - name: etciscsi + hostPath: + path: /etc/iscsi + type: DirectoryOrCreate + - name: mpath + hostPath: + path: /etc/multipath.conf + type: FileOrCreate + - name: noderoot + hostPath: + path: / + type: Directory + - name: sys + hostPath: + path: /sys + type: Directory + - name: run + hostPath: + path: /run + type: Directory + - name: powerstore-config-params + configMap: + name: -config-params + - name: powerstore-config + secret: + secretName: -config + - name: usr-bin + hostPath: + path: /usr/bin + type: Directory + - name: kubelet-pods + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: var-run + hostPath: + path: /var/run + type: Directory \ No newline at end of file diff --git a/tests/config/driverconfig/powerstore/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/powerstore/v2.10.1/upgrade-path.yaml new file mode 100644 index 000000000..1b35f7460 --- /dev/null +++ b/tests/config/driverconfig/powerstore/v2.10.1/upgrade-path.yaml @@ -0,0 +1,16 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +minUpgradePath: v2.9.1 \ No newline at end of file diff --git a/tests/config/driverconfig/unity/v2.10.1/bad.yaml b/tests/config/driverconfig/unity/v2.10.1/bad.yaml new file mode 100644 index 000000000..89aaa9556 --- /dev/null +++ b/tests/config/driverconfig/unity/v2.10.1/bad.yaml @@ -0,0 +1,19 @@ +# +# +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +this snfoiasga + is + + 843*&(*(% invalid YAml diff --git a/tests/config/driverconfig/unity/v2.10.1/config.json b/tests/config/driverconfig/unity/v2.10.1/config.json new file mode 100644 index 000000000..77550649a --- /dev/null +++ b/tests/config/driverconfig/unity/v2.10.1/config.json @@ -0,0 +1,12 @@ +[ + { + "arrayId": "AB1234567890" , + "username": "admin", + "password": "password", + "endpoint": "https://10.0.0.1/", + "skipCertificateValidation": true, + "isDefault": true + } +] + + diff --git a/tests/config/driverconfig/unity/v2.10.1/controller.yaml b/tests/config/driverconfig/unity/v2.10.1/controller.yaml new file mode 100644 index 000000000..15a427036 --- /dev/null +++ b/tests/config/driverconfig/unity/v2.10.1/controller.yaml @@ -0,0 +1,259 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -controller + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +rules: + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["get", "list", "watch", "create", "delete", "update","patch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "create", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update","patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["csi.storage.k8s.io"] + resources: ["csinodeinfos"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] +# below for snapshotter + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents"] + verbs: ["create", "get", "list", "watch", "update", "delete", "patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots/status"] + verbs: ["update"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments/status"] + verbs: ["patch"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "list", "watch", "delete"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotcontents/status"] + verbs: ["update", "patch"] + # below for resizer + - apiGroups: [""] + resources: ["persistentvolumeclaims/status"] + verbs: ["update", "patch"] + # Permissions for CSIStorageCapacity + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -controller +subjects: + - kind: ServiceAccount + name: -controller + namespace: +roleRef: + kind: ClusterRole + name: -controller + apiGroup: rbac.authorization.k8s.io +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: -controller + namespace: +spec: + selector: + matchLabels: + app: -controller + replicas: 2 + template: + metadata: + labels: + app: -controller + spec: + serviceAccountName: -controller + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - -controller + topologyKey: "kubernetes.io/hostname" + containers: + - name: attacher + image: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: provisioner + image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--volume-name-prefix=csivol" + - "--volume-name-uuid-length=10" + - "--timeout=180s" + - "--worker-threads=6" + - "--v=5" + - "--feature-gates=Topology=true" + - "--strict-topology=true" + - "--leader-election" + - "--leader-election-namespace=" + - "--default-fstype=ext4" + - "--enable-capacity=true" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval=5m" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: snapshotter + image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--snapshot-name-prefix=csi-snap" + - "--snapshot-name-uuid-length=10" + - "--timeout=360s" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: resizer + image: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + imagePullPolicy: IfNotPresent + args: + - "--csi-address=$(ADDRESS)" + - "--v=5" + - "--leader-election" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: external-health-monitor + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + imagePullPolicy: IfNotPresent + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - "--leader-election" + - "--http-endpoint=:8080" + - "--enable-node-watcher=true" + - "--monitor-interval=60s" + - "--timeout=180s" + env: + - name: ADDRESS + value: /var/run/csi/csi.sock + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: driver + image: dellemc/csi-unity:v2.9.1 + args: + - "--driver-name=csi-unity.dellemc.com" + - "--driver-config=/unity-config/driver-config-params.yaml" + - "--driver-secret=/unity-secret/config" + imagePullPolicy: IfNotPresent + env: + - name: CSI_ENDPOINT + value: /var/run/csi/csi.sock + - name: X_CSI_MODE + value: controller + - name: X_CSI_UNITY_AUTOPROBE + value: "true" + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + volumeMounts: + - name: socket-dir + mountPath: /var/run/csi + - name: certs + mountPath: /certs + readOnly: true + - name: unity-config + mountPath: /unity-config + - name: unity-secret + mountPath: /unity-secret + volumes: + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: socket-dir + emptyDir: + - name: unity-config + configMap: + name: -config-params + - name: unity-secret + secret: + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.10.1/csidriver.yaml b/tests/config/driverconfig/unity/v2.10.1/csidriver.yaml new file mode 100644 index 000000000..1ef295e21 --- /dev/null +++ b/tests/config/driverconfig/unity/v2.10.1/csidriver.yaml @@ -0,0 +1,12 @@ +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi-unity.dellemc.com +spec: + attachRequired: true + podInfoOnMount: true + storageCapacity: true + volumeLifecycleModes: + - Persistent + - Ephemeral + fsGroupPolicy: ReadWriteOnceWithFSType \ No newline at end of file diff --git a/tests/config/driverconfig/unity/v2.10.1/driver-config-params.yaml b/tests/config/driverconfig/unity/v2.10.1/driver-config-params.yaml new file mode 100644 index 000000000..c49210aab --- /dev/null +++ b/tests/config/driverconfig/unity/v2.10.1/driver-config-params.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: -config-params + namespace: +data: + driver-config-params.yaml: | + CSI_LOG_LEVEL: "info" + ALLOW_RWO_MULTIPOD_ACCESS: "false" + MAX_UNITY_VOLUMES_PER_NODE: 0 + SYNC_NODE_INFO_TIME_INTERVAL: 15 + TENANT_NAME: "" diff --git a/tests/config/driverconfig/unity/v2.10.1/node.yaml b/tests/config/driverconfig/unity/v2.10.1/node.yaml new file mode 100644 index 000000000..7de3cced1 --- /dev/null +++ b/tests/config/driverconfig/unity/v2.10.1/node.yaml @@ -0,0 +1,189 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: -node + namespace: +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +rules: + - apiGroups: [""] + resources: ["persistentvolumes"] + verbs: ["create", "delete", "get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "create", "update", "patch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["privileged"] + resources: ["securitycontextconstraints"] + verbs: ["use"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: -node +subjects: + - kind: ServiceAccount + name: -node + namespace: +roleRef: + kind: ClusterRole + name: -node + apiGroup: rbac.authorization.k8s.io +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: -node + namespace: +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: -node + template: + metadata: + labels: + app: -node + spec: + serviceAccountName: -node + hostIPC: true + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - name: driver + securityContext: + privileged: true + capabilities: + add: ["SYS_ADMIN"] + allowPrivilegeEscalation: true + image: dellemc/csi-unity:nightly + imagePullPolicy: IfNotPresent + args: + - "--driver-name=csi-unity.dellemc.com" + - "--driver-config=/unity-config/driver-config-params.yaml" + - "--driver-secret=/unity-secret/config" + env: + - name: CSI_ENDPOINT + value: unix:///var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock + - name: X_CSI_MODE + value: node + - name: X_CSI_UNITY_AUTOPROBE + value: "true" + - name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS + value: "false" + - name: X_CSI_PRIVATE_MOUNT_DIR + value: "/var/lib/kubelet/plugins/unity.emc.dell.com/disks" + - name: X_CSI_EPHEMERAL_STAGING_PATH + value: "/var/lib/kubelet/plugins/kubernetes.io/csi/pv/" + - name: X_CSI_ISCSI_CHROOT + value: "/noderoot" + - name: X_CSI_UNITY_NODENAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: SSL_CERT_DIR + value: /certs + - name: X_CSI_UNITY_SYNC_NODEINFO_INTERVAL + value: "15" + - name: X_CSI_HEALTH_MONITOR_ENABLED + value: "" + - name: X_CSI_UNITY_SKIP_CERTIFICATE_VALIDATION + value: "true" + volumeMounts: + - name: driver-path + mountPath: /var/lib/kubelet/plugins/unity.emc.dell.com + - name: volumedevices-path + mountPath: /var/lib/kubelet/plugins/kubernetes.io/csi + mountPropagation: "Bidirectional" + - name: pods-path + mountPath: /var/lib/kubelet/pods + mountPropagation: "Bidirectional" + - name: dev + mountPath: /dev + - name: noderoot + mountPath: /noderoot + - name: certs + mountPath: /certs + readOnly: true + - name: unity-config + mountPath: /unity-config + - name: unity-secret + mountPath: /unity-secret + - name: registrar + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0 + args: + - "--v=5" + - "--csi-address=$(ADDRESS)" + - --kubelet-registration-path=/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock + env: + - name: ADDRESS + value: /csi/csi_sock + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + volumeMounts: + - name: registration-dir + mountPath: /registration + - name: driver-path + mountPath: /csi + volumes: + - name: registration-dir + hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: DirectoryOrCreate + - name: driver-path + hostPath: + path: /var/lib/kubelet/plugins/unity.emc.dell.com + type: DirectoryOrCreate + - name: volumedevices-path + hostPath: + path: /var/lib/kubelet/plugins/kubernetes.io/csi + type: DirectoryOrCreate + - name: pods-path + hostPath: + path: /var/lib/kubelet/pods + type: Directory + - name: dev + hostPath: + path: /dev + type: Directory + - name: noderoot + hostPath: + path: / + type: Directory + - name: certs + projected: + sources: + - secret: + name: -certs-0 + items: + - key: cert-0 + path: cert-0 + - name: unity-config + configMap: + name: -config-params + - name: unity-secret + secret: + secretName: -creds diff --git a/tests/config/driverconfig/unity/v2.10.1/upgrade-path.yaml b/tests/config/driverconfig/unity/v2.10.1/upgrade-path.yaml new file mode 100644 index 000000000..d2ee9ff0f --- /dev/null +++ b/tests/config/driverconfig/unity/v2.10.1/upgrade-path.yaml @@ -0,0 +1 @@ +minUpgradePath: v2.9.1 \ No newline at end of file diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml index bdbddd00f..ceec4392c 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex.yaml @@ -16,7 +16,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.8.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false diff --git a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml index e09aeb061..89a974dfb 100644 --- a/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/csm_application_mobility_with_pflex_alt.yaml @@ -16,7 +16,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.8.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false diff --git a/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml b/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml index 03a516d61..cff34b918 100644 --- a/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml +++ b/tests/e2e/testfiles/application-mobility-templates/powerflex_noAM.yaml @@ -16,7 +16,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.8.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server.yaml index a94038516..4c6614bb5 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.10.1 forceRemoveModule: true components: - name: karavi-authorization-proxy-server diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_default_redis.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_default_redis.yaml index de4a60769..4a6c3fe68 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_default_redis.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_default_redis.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.10.1 forceRemoveModule: true components: - name: karavi-authorization-proxy-server diff --git a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml index a94038516..4c6614bb5 100644 --- a/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml +++ b/tests/e2e/testfiles/authorization-templates/csm_authorization_proxy_server_no_cert.yaml @@ -9,7 +9,7 @@ spec: - name: authorization-proxy-server # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.10.1 forceRemoveModule: true components: - name: karavi-authorization-proxy-server diff --git a/tests/e2e/testfiles/storage_csm_powerflex.yaml b/tests/e2e/testfiles/storage_csm_powerflex.yaml index ab1706e51..8099dbaa8 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex.yaml @@ -16,7 +16,7 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -178,7 +178,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly @@ -195,7 +195,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology @@ -289,13 +289,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -310,7 +310,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -350,7 +350,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml index bb5f823ae..9330df402 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_1.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 2 dnsPolicy: ClusterFirstWithHostNet forceUpdate: true @@ -168,10 +168,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -185,14 +185,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -217,7 +217,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: false # image: Defines PowerFlex metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powerflex:v1.5.0 + image: dellemc/csm-metrics-powerflex:v1.8.1 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml index a3caf9fcc..9526609c6 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_2.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "None" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -168,10 +168,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -185,14 +185,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -217,7 +217,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: false # image: Defines PowerFlex metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powerflex:v1.8.0 + image: dellemc/csm-metrics-powerflex:v1.8.1 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml index ccce18a82..887f9a2d0 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_3.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -169,10 +169,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -186,14 +186,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -218,7 +218,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: false # image: Defines PowerFlex metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powerflex:v1.8.0 + image: dellemc/csm-metrics-powerflex:v1.8.1 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int diff --git a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml index 57dacef90..cc1f81e4a 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_alt_vals_4.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -168,10 +168,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -185,14 +185,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -217,7 +217,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: false # image: Defines PowerFlex metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powerflex:v1.8.0 + image: dellemc/csm-metrics-powerflex:v1.8.1 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int diff --git a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml index a2612a799..9572e2ba6 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_auth.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -137,7 +137,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml index 0cdcaac53..d409271e8 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_health_monitor.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -168,10 +168,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -185,14 +185,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -217,7 +217,7 @@ spec: # enabled: Enable/Disable PowerFlex metrics enabled: false # image: Defines PowerFlex metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powerflex:v1.8.0 + image: dellemc/csm-metrics-powerflex:v1.8.1 envs: # POWERFLEX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerFlex # Allowed values: int diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml index 9b7aa2ffe..dfe93a44c 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -138,7 +138,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml index b0346f792..6d33eed30 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_auth.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -138,7 +138,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly @@ -154,7 +154,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml index 103e9f359..f798e7370 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_custom_cert.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -138,7 +138,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml index 6343fc6fa..648e36e25 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_observability_otel_custom_cert.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -138,7 +138,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology diff --git a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml index 92de3b6f2..f7009396c 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_replica.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 2 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -165,13 +165,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -187,7 +187,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration diff --git a/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml index 85b5d2860..9c5e88bd2 100644 --- a/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerflex_resiliency.yaml @@ -27,7 +27,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 replicas: 1 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false @@ -150,29 +150,6 @@ spec: # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" - # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint - # - key: "node-role.kubernetes.io/master" - # operator: "Exists" - # effect: "NoSchedule" - # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled - # - key: "offline.vxflexos.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "vxflexos.podmon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "offline.unity.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "unity.podmon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "offline.isilon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "isilon.podmon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" initContainers: - image: dellemc/sdc:4.5.1 @@ -190,7 +167,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: true - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: podmon-controller image: dellemc/podmon:nightly @@ -231,7 +208,3 @@ data: driver-config-params.yaml: | CSI_LOG_LEVEL: "debug" CSI_LOG_FORMAT: "TEXT" - PODMON_CONTROLLER_LOG_LEVEL: "debug" - PODMON_CONTROLLER_LOG_FORMAT: "TEXT" - PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "TEXT" diff --git a/tests/e2e/testfiles/storage_csm_powermax.yaml b/tests/e2e/testfiles/storage_csm_powermax.yaml index 669d7e40d..4793933e4 100644 --- a/tests/e2e/testfiles/storage_csm_powermax.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax.yaml @@ -31,8 +31,8 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerMax v2.10.0 driver - configVersion: v2.10.0 + # Config version for CSI PowerMax v2.10.1 driver + configVersion: v2.10.1 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 @@ -44,8 +44,8 @@ spec: forceUpdate: false forceRemoveDriver: true common: - # Image for CSI PowerMax driver v2.10.0 - image: dellemc/csi-powermax:v2.10.0 + # Image for CSI PowerMax driver v2.10.1 + image: dellemc/csi-powermax:v2.10.1 # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. @@ -179,14 +179,14 @@ spec: - name: csireverseproxy # enabled: Always set to true enabled: true - configVersion: v2.9.0 + configVersion: v2.9.1 forceRemoveModule: true components: - name: csipowermax-reverseproxy # image: Define the container images used for the reverse proxy # Default value: None - # Example: "csipowermax-reverseproxy:v2.9.0" - image: dellemc/csipowermax-reverseproxy:v2.9.0 + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:v2.9.1 envs: # "tlsSecret" defines the TLS secret that is created with certificate # and its associated key diff --git a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml index 399cf9cd8..551f5b47b 100644 --- a/tests/e2e/testfiles/storage_csm_powermax_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powermax_observability.yaml @@ -31,8 +31,8 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI PowerMax v2.10.0 driver - configVersion: v2.10.0 + # Config version for CSI PowerMax v2.10.1 driver + configVersion: v2.10.1 # replica: Define the number of PowerMax controller nodes # to deploy to the Kubernetes release # Allowed values: n, where n > 0 @@ -44,8 +44,8 @@ spec: forceUpdate: false forceRemoveDriver: true common: - # Image for CSI PowerMax driver v2.10.0 - image: dellemc/csi-powermax:v2.10.0 + # Image for CSI PowerMax driver v2.10.1 + image: dellemc/csi-powermax:v2.10.1 # imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container. # Allowed values: # Always: Always pull the image. @@ -179,14 +179,14 @@ spec: - name: csireverseproxy # enabled: Always set to true enabled: true - configVersion: v2.8.0 + configVersion: v2.9.1 forceRemoveModule: true components: - name: csipowermax-reverseproxy # image: Define the container images used for the reverse proxy # Default value: None - # Example: "csipowermax-reverseproxy:v2.8.0" - image: dellemc/csipowermax-reverseproxy:v2.8.0 + # Example: "csipowermax-reverseproxy:v2.9.1" + image: dellemc/csipowermax-reverseproxy:v2.9.1 envs: # "tlsSecret" defines the TLS secret that is created with certificate # and its associated key @@ -202,14 +202,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -258,7 +258,7 @@ spec: # enabled: Enable/Disable PowerMax metrics enabled: true # image: Defines PowerMax metrics image. This shouldn't be changed - image: dellemc/csm-metrics-powermax:v1.3.0 + image: dellemc/csm-metrics-powermax:v1.3.1 envs: # POWERMAX_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerMax # Allowed values: int diff --git a/tests/e2e/testfiles/storage_csm_powerscale.yaml b/tests/e2e/testfiles/storage_csm_powerscale.yaml index 158eda213..6a37f6eb8 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: isilon-creds replicas: 1 dnsPolicy: ClusterFirstWithHostNet @@ -253,7 +253,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly @@ -275,13 +275,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -297,7 +297,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -334,14 +334,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -367,7 +367,7 @@ spec: enabled: false # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-metrics-powerscale:v1.5.0 + image: dellemc/csm-metrics-powerscale:v1.5.1 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int @@ -436,7 +436,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml index feeb0ab46..2dbaa8100 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_1.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "File" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: csm-creds # currently fails with something about nodes taints etc replicas: 3 @@ -261,10 +261,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -283,13 +283,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -305,7 +305,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -342,14 +342,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -375,7 +375,7 @@ spec: enabled: false # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-metrics-powerscale:v1.5.0 + image: dellemc/csm-metrics-powerscale:v1.5.1 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml index a2a8616cf..d38093a78 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_2.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "None" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: csm-creds replicas: 1 dnsPolicy: ClusterFirstWithHostNet @@ -245,10 +245,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -267,13 +267,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -289,7 +289,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -326,14 +326,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -359,7 +359,7 @@ spec: enabled: false # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-metrics-powerscale:v1.5.0 + image: dellemc/csm-metrics-powerscale:v1.5.1 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int diff --git a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml index 30dc8ccae..c61895363 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_alt_vals_3.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: csm-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -245,10 +245,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -267,13 +267,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -289,7 +289,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -326,14 +326,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -359,7 +359,7 @@ spec: enabled: false # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-metrics-powerscale:v1.5.0 + image: dellemc/csm-metrics-powerscale:v1.5.1 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int diff --git a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml index c845c3e05..9a81addea 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_auth.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: isilon-creds-auth replicas: 1 dnsPolicy: ClusterFirstWithHostNet @@ -244,7 +244,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml index 00f70f459..4a58bcbcb 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_health_monitor.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: csm-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -245,10 +245,10 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: dellemc/csm-authorization-sidecar:v1.10.1 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -267,13 +267,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -289,7 +289,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -326,14 +326,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -359,7 +359,7 @@ spec: enabled: false # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-metrics-powerscale:v1.5.0 + image: dellemc/csm-metrics-powerscale:v1.5.1 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml index 53268738f..7ce11ffc4 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -245,7 +245,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly @@ -267,13 +267,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -289,7 +289,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -326,7 +326,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology @@ -452,7 +452,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.6.0 + configVersion: v1.9.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml index 807f0be85..40e644436 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_auth.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: isilon-creds-auth replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -237,7 +237,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly @@ -253,14 +253,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: true # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 # certificate: certificate for cert/private-key pair -- please add cert here to use custom certificates # for self-signed certs, leave empty string # Allowed values: string @@ -310,7 +310,7 @@ spec: enabled: true # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-metrics-powerscale:v1.5.0 + image: dellemc/csm-metrics-powerscale:v1.5.1 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int diff --git a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml index 149c1ac95..f24d35e9e 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_observability_top_custom_cert.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -245,7 +245,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly @@ -267,13 +267,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -289,7 +289,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -326,7 +326,7 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology @@ -452,7 +452,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.6.0 + configVersion: v1.9.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml index daa75caa9..5e376667f 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_replica.yaml @@ -11,7 +11,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -245,7 +245,7 @@ spec: - name: authorization # enable: Enable/Disable csm-authorization enabled: false - configVersion: v1.10.0 + configVersion: v1.10.1 components: - name: karavi-authorization-proxy image: dellemc/csm-authorization-sidecar:nightly @@ -267,13 +267,13 @@ spec: # false: disable replication feature(do not install dell-csi-replicator sidecar) # Default value: false enabled: true - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: dell-csi-replicator # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.8.0 + image: dellemc/dell-csi-replicator:v1.8.1 envs: # replicationPrefix: prefix to prepend to storage classes parameters # Allowed values: string @@ -289,7 +289,7 @@ spec: - name: dell-replication-controller-manager # image: Defines controller image. This shouldn't be changed # Allowed values: string - image: dellemc/dell-replication-controller:v1.8.0 + image: dellemc/dell-replication-controller:v1.8.1 envs: # TARGET_CLUSTERS_IDS: comma separated list of cluster IDs of the targets clusters. DO NOT include the source(wherever CSM Operator is deployed) cluster ID # Set the value to "self" in case of stretched/single cluster configuration @@ -326,14 +326,14 @@ spec: - name: observability # enabled: Enable/Disable observability enabled: false - configVersion: v1.8.0 + configVersion: v1.8.1 components: - name: topology # enabled: Enable/Disable topology enabled: false # image: Defines karavi-topology image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-topology:v1.8.0 + image: dellemc/csm-topology:v1.8.1 envs: # topology log level # Valid values: TRACE, DEBUG, INFO, WARN, ERROR, FATAL, PANIC @@ -359,7 +359,7 @@ spec: enabled: false # image: Defines PowerScale metrics image. This shouldn't be changed # Allowed values: string - image: dellemc/csm-metrics-powerscale:v1.5.0 + image: dellemc/csm-metrics-powerscale:v1.5.1 envs: # POWERSCALE_MAX_CONCURRENT_QUERIES: set the default max concurrent queries to PowerScale # Allowed values: int @@ -428,7 +428,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.8.1 + configVersion: v1.9.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml index 993e6d161..578812c92 100644 --- a/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerscale_resiliency.yaml @@ -26,7 +26,7 @@ spec: # Allowed values: ReadWriteOnceWithFSType, File , None # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" - configVersion: v2.10.0 + configVersion: v2.10.1 authSecret: isilon-creds replicas: 2 dnsPolicy: ClusterFirstWithHostNet @@ -246,25 +246,6 @@ spec: # - key: "node-role.kubernetes.io/control-plane" # operator: "Exists" # effect: "NoSchedule" - # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled - # - key: "offline.vxflexos.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "vxflexos.podmon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "offline.unity.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "unity.podmon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "offline.isilon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" - # - key: "isilon.podmon.storage.dell.com" - # operator: "Exists" - # effect: "NoSchedule" sideCars: - name: provisioner @@ -282,7 +263,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: true - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: podmon-controller image: dellemc/podmon:nightly @@ -316,18 +297,3 @@ spec: - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - "--driverPodLabelValue=dell-storage" - "--ignoreVolumelessPods=false" - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: isilon-config-params - namespace: isilon -data: - driver-config-params.yaml: | - CSI_LOG_LEVEL: "debug" - CSI_LOG_FORMAT: "TEXT" - PODMON_CONTROLLER_LOG_LEVEL: "debug" - PODMON_CONTROLLER_LOG_FORMAT: "TEXT" - PODMON_NODE_LOG_LEVEL: "debug" - PODMON_NODE_LOG_FORMAT: "TEXT" diff --git a/tests/e2e/testfiles/storage_csm_powerstore.yaml b/tests/e2e/testfiles/storage_csm_powerstore.yaml index 8749375e7..4181bbd09 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore.yaml @@ -28,8 +28,8 @@ spec: # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" storageCapacity: false - # Config version for CSI PowerStore v2.10.0 driver - configVersion: v2.10.0 + # Config version for CSI PowerStore v2.10.1 driver + configVersion: v2.10.1 authSecret: powerstore-config # Controller count replicas: 2 @@ -153,7 +153,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: false - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml index df5000db0..f4425eb68 100644 --- a/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml +++ b/tests/e2e/testfiles/storage_csm_powerstore_resiliency.yaml @@ -28,8 +28,8 @@ spec: # Default value: ReadWriteOnceWithFSType fSGroupPolicy: "ReadWriteOnceWithFSType" storageCapacity: false - # Config version for CSI PowerStore v2.10.0 driver - configVersion: v2.10.0 + # Config version for CSI PowerStore v2.10.1 driver + configVersion: v2.10.1 authSecret: powerstore-config # Controller count replicas: 2 @@ -153,7 +153,7 @@ spec: # false: disable Resiliency feature(do not deploy podmon sidecar) # Default value: false enabled: true - configVersion: v1.9.0 + configVersion: v1.9.1 components: - name: podmon-controller image: dellemc/podmon:nightly diff --git a/tests/e2e/testfiles/storage_csm_unity.yaml b/tests/e2e/testfiles/storage_csm_unity.yaml index 400f1e176..365ebc1fc 100644 --- a/tests/e2e/testfiles/storage_csm_unity.yaml +++ b/tests/e2e/testfiles/storage_csm_unity.yaml @@ -16,15 +16,15 @@ spec: # true: enable storage capacity tracking # false: disable storage capacity tracking storageCapacity: true - # Config version for CSI Unity v2.10.0 driver - configVersion: v2.10.0 + # Config version for CSI Unity v2.10.1 driver + configVersion: v2.10.1 # Controller count replicas: 2 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false forceRemoveDriver: true common: - # Nightly Image for CSI Unity driver v2.10.0 + # Nightly Image for CSI Unity driver v2.10.1 image: "dellemc/csi-unity:nightly" imagePullPolicy: IfNotPresent envs: diff --git a/tests/shared/common.go b/tests/shared/common.go index 1e3621cab..22f8a4f70 100644 --- a/tests/shared/common.go +++ b/tests/shared/common.go @@ -27,17 +27,16 @@ import ( // ConfigVersions used for all unit tests const ( - PFlexConfigVersion string = "v2.10.0" + PFlexConfigVersion string = "v2.10.1" ConfigVersion string = "v2.8.0" UpgradeConfigVersion string = "v2.9.0" - JumpUpgradeConfigVersion string = "v2.10.0" + JumpUpgradeConfigVersion string = "v2.10.1" OldConfigVersion string = "v2.2.0" BadConfigVersion string = "v0" - PStoreConfigVersion string = "v2.10.0" - UnityConfigVersion string = "v2.10.0" - PScaleConfigVersion string = "v2.10.0" - PmaxConfigVersion string = "v2.10.0" - AuthServerConfigVersion string = "v1.10.0" + PStoreConfigVersion string = "v2.10.1" + UnityConfigVersion string = "v2.10.1" + PScaleConfigVersion string = "v2.10.1" + PmaxConfigVersion string = "v2.10.1" AccConfigVersion string = "v1.0.0" )