[charts/csi-powerflex] Centralize all images to one place #263 (#311)

* Centralize all images to one place * Use latest CSI sidecars and default container to driver * Add default annotation * Use bleeding edge helm validation action to workaround cosign issue
dell · Nov 7, 2023 · b656c2b · b656c2b
1 parent 3394a3f
commit b656c2b
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 104 deletions.
diff --git a/.github/workflows/helm-validations.yml b/.github/workflows/helm-validations.yml
@@ -41,7 +41,8 @@ jobs:
       # Lint and version increment checks on updated charts   
       - name: Run lint/version increment checks
         id: versionIncrement
-        uses: helm/[email protected]
+        # Bump to proper version after this issue is fixed : https://github.com/helm/chart-testing-action/issues/132
+        uses: helm/chart-testing-action@cb49023b9227b1097e5eddd8824f48bdea11b1aa
         with:
           command: lint
           config: lintConfig.yaml
@@ -62,7 +63,7 @@ jobs:
       # Run a check on karavi-observability chart for updated dependency versions
       - name: Run dependency version checks
         id: lint
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@cb49023b9227b1097e5eddd8824f48bdea11b1aa
         with:
           command: lint
           config: dependencyConfig.yaml
diff --git a/charts/csi-vxflexos/templates/_helpers.tpl b/charts/csi-vxflexos/templates/_helpers.tpl
@@ -1,61 +1,10 @@
-{{/*
-Return the appropriate sidecar images based on k8s version
-*/}}
-{{- define "csi-vxflexos.attacherImage" -}}
-  {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}}
-      {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.4.1" -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-
-{{- define "csi-vxflexos.provisionerImage" -}}
-  {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}}
-      {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.6.0" -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-
-{{- define "csi-vxflexos.snapshotterImage" -}}
-  {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}}
-      {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.3.0" -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-
-{{- define "csi-vxflexos.resizerImage" -}}
-  {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}}
-      {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.9.0" -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-
-{{- define "csi-vxflexos.registrarImage" -}}
-  {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}}
-      {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0" -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-
-{{- define "csi-vxflexos.healthmonitorImage" -}}
-  {{- if eq .Capabilities.KubeVersion.Major "1" }}
-    {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}}
-      {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0" -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-
 {{/*
 Return true if storage capacity tracking is enabled and is supported based on k8s version
 */}}
 {{- define "csi-vxflexos.isStorageCapacitySupported" -}}
-{{- if eq .Values.storageCapacity.enabled true -}}
-  {{- if and (eq .Capabilities.KubeVersion.Major "1") (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") -}}
-      {{- true -}}
+  {{- if eq .Values.storageCapacity.enabled true -}}
+    {{- if and (eq .Capabilities.KubeVersion.Major "1") (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") -}}
+        {{- true -}}
+    {{- end -}}
   {{- end -}}
-{{- end -}}
 {{- end -}}
diff --git a/charts/csi-vxflexos/templates/controller.yaml b/charts/csi-vxflexos/templates/controller.yaml
@@ -145,7 +145,7 @@ metadata:
   {{- if hasKey .Values "authorization" }}
   {{- if eq .Values.authorization.enabled true }}
   annotations:
-      com.dell.karavi-authorization-proxy: "true"
+    com.dell.karavi-authorization-proxy: "true"
   {{ end }}
   {{ end }}
 spec:
@@ -167,6 +167,8 @@ spec:
         vg-snapshotter-enabled: "false"
       {{- end }}
         name: {{ .Release.Name }}-controller
+      annotations:
+        kubectl.kubernetes.io/default-container: "driver"
     spec:
       affinity:
         nodeSelector:
@@ -192,7 +194,7 @@ spec:
 {{- if hasKey .Values "podmon" }}
 {{- if eq .Values.podmon.enabled true }}
         - name: podmon
-          image: {{ required "Must provide the podmon container image." .Values.podmon.image }}
+          image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             {{- toYaml .Values.podmon.controller.args | nindent 12 }}
@@ -217,7 +219,7 @@ spec:
 {{- end }}
 {{- end }}
         - name: attacher
-          image: {{ required "Must provide the CSI attacher container image." ( include "csi-vxflexos.attacherImage" . ) }}
+          image: {{ required "Must provide the CSI attacher container image." .Values.images.attacher }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--csi-address=$(ADDRESS)"
@@ -232,7 +234,7 @@ spec:
         {{- if hasKey .Values.controller "replication" }}
         {{- if eq .Values.controller.replication.enabled true}}
         - name: dell-csi-replicator
-          image: {{ required "Must provide the Dell CSI Replicator image." .Values.controller.replication.image}}
+          image: {{ required "Must provide the Dell CSI Replicator image." .Values.images.replication }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--csi-address=$(ADDRESS)"
@@ -258,7 +260,7 @@ spec:
         {{- end }}
         {{- end }}
         - name: provisioner
-          image: {{ required "Must provide the CSI provisioner container image." ( include "csi-vxflexos.provisionerImage" . ) }}	
+          image: {{ required "Must provide the CSI provisioner container image." .Values.images.provisioner }}	
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--csi-address=$(ADDRESS)"
@@ -290,7 +292,7 @@ spec:
         {{- if hasKey .Values.controller "healthMonitor" }}
         {{- if eq .Values.controller.healthMonitor.enabled true}}
         - name: csi-external-health-monitor-controller
-          image: {{ required "Must provide the CSI external health monitor image." ( include "csi-vxflexos.healthmonitorImage" . ) }}
+          image: {{ required "Must provide the CSI external health monitor image." .Values.images.healthmonitor }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--csi-address=$(ADDRESS)"
@@ -311,7 +313,7 @@ spec:
 {{- if hasKey .Values "vgsnapshotter" }}
 {{- if eq .Values.vgsnapshotter.enabled true }}
         - name: vg-snapshotter
-          image: {{ required "Must provide the vgsnapshotter container image." .Values.vgsnapshotter.image }}
+          image: {{ required "Must provide the vgsnapshotter container image." .Values.images.vgsnapshotter }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           env:
             - name: ADDRESS
@@ -324,7 +326,7 @@ spec:
 {{- if hasKey .Values.controller "snapshot" }}
 {{- if eq .Values.controller.snapshot.enabled true }}
         - name: snapshotter
-          image: {{ required "Must provide the CSI snapshotter container image. " ( include "csi-vxflexos.snapshotterImage" . ) }}
+          image: {{ required "Must provide the CSI snapshotter container image. " .Values.images.snapshotter }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--csi-address=$(ADDRESS)"
@@ -342,7 +344,7 @@ spec:
 {{- if hasKey .Values.controller "resizer" }}
 {{- if eq .Values.controller.resizer.enabled true }}
         - name: resizer
-          image: {{ required "Must provide the CSI resizer container image." ( include "csi-vxflexos.resizerImage" . ) }}
+          image: {{ required "Must provide the CSI resizer container image." .Values.images.resizer }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--csi-address=$(ADDRESS)"
@@ -359,7 +361,7 @@ spec:
 {{- if hasKey .Values "authorization" }}
 {{- if eq .Values.authorization.enabled true }}
         - name: karavi-authorization-proxy
-          image: {{ required "Must provide the authorization sidecar container image." .Values.authorization.sidecarProxyImage }}
+          image: {{ required "Must provide the authorization sidecar container image." .Values.images.authorization }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           env:
             - name: PROXY_HOST
@@ -388,7 +390,7 @@ spec:
 {{- end }}
 {{- end }}
         - name: driver
-          image: "{{ required "Must provide the driver image repository." .Values.images.driverRepository }}/{{ .Chart.Name }}:{{ .Values.version }}"
+          image: "{{ required "Must provide the driver image repository." .Values.images.driver }}"
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           command: [ "/csi-vxflexos.sh" ]
           args:

diff --git a/charts/csi-vxflexos/templates/node.yaml b/charts/csi-vxflexos/templates/node.yaml
@@ -80,6 +80,8 @@ spec:
 {{- if eq .Values.podmon.enabled true }}
         driver.dellemc.com: dell-storage
 {{- end }}
+      annotations:
+        kubectl.kubernetes.io/default-container: "driver"
     spec:
       {{- if .Values.node.nodeSelector }}
       nodeSelector:
@@ -106,7 +108,7 @@ spec:
             capabilities:
               add: ["SYS_ADMIN"]
             allowPrivilegeEscalation: true
-          image: {{ required "Must provide the podmon container image." .Values.podmon.image }}
+          image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             {{- toYaml .Values.podmon.node.args | nindent 12 }}
@@ -148,7 +150,7 @@ spec:
 {{- if hasKey .Values "authorization" }}
 {{- if eq .Values.authorization.enabled true }}
         - name: karavi-authorization-proxy
-          image: {{ required "Must provide the authorization sidecar container image." .Values.authorization.sidecarProxyImage }}
+          image: {{ required "Must provide the authorization sidecar container image." .Values.images.authorization }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           env:
             - name: PROXY_HOST
@@ -182,7 +184,7 @@ spec:
             allowPrivilegeEscalation: true
             capabilities:
               add: ["SYS_ADMIN"]
-          image: "{{ required "Must provide the driver image repository." .Values.images.driverRepository }}/{{ .Chart.Name }}:{{ .Values.version }}"
+          image: "{{ required "Must provide the driver image repository." .Values.images.driver }}"
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           command: [ "/csi-vxflexos.sh" ]
           args:
@@ -238,7 +240,7 @@ spec:
               readOnly: true
 {{- end}}
         - name: registrar
-          image: {{ required "Must provide the CSI registrar container image." ( include "csi-vxflexos.registrarImage" . ) }}
+          image: {{ required "Must provide the CSI registrar container image." .Values.images.registrar }}
           imagePullPolicy: {{ .Values.imagePullPolicy }}
           args:
             - "--v=5"

diff --git a/charts/csi-vxflexos/values.yaml b/charts/csi-vxflexos/values.yaml
@@ -5,13 +5,26 @@
 # Not recommend to change
 version: v2.9.0
 
+# "images" defines every container images used for the driver and its sidecars.
+#  To use your own images, or a private registry, change the values here.
+
 images:
   # "driver" defines the container image, used for the driver container.
-  driverRepository: dellemc
-
+  driver: dellemc/csi-vxflexos:v2.9.0
   # "powerflexSdc" defines the SDC image for init container.
   powerflexSdc: dellemc/sdc:4.5
-
+  # CSI sidecars
+  attacher: registry.k8s.io/sig-storage/csi-attacher:v4.4.0
+  provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.6.0
+  snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.0
+  resizer: registry.k8s.io/sig-storage/csi-resizer:v1.9.0
+  registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0
+  healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0
+  # CSM sidecars
+  replication: dellemc/dell-csi-replicator:v1.6.0
+  vgsnapshotter: dellemc/csi-volumegroup-snapshotter:v1.3.0
+  podmon: dellemc/podmon:v1.7.0
+  authorization: dellemc/csm-authorization-sidecar:v1.8.0
 
 # Represents number of certificate secrets, which user is going to create for ssl authentication. (vxflexos-cert-0..vxflexos-cert-n)
 # If user does not use certificate, set to 0
@@ -107,11 +120,6 @@ controller:
     # Default value: false
     enabled: false
 
-    # image: Image to use for dell-csi-replicator. This shouldn't be changed
-    # Allowed values: string
-    # Default value: None
-    image: dellemc/dell-csi-replicator:v1.6.0
-
     # replicationContextPrefix: prefix to use for naming of resources created by replication feature
     # Allowed values: string
     # Default value: powerflex
@@ -301,31 +309,30 @@ monitor:
 # These options control the running of the vgsnapshotter container
 vgsnapshotter:
   enabled: false
-  image: dellemc/csi-volumegroup-snapshotter:v1.3.0
 
 # Podmon is an optional feature under development and tech preview.
 # Enable this feature only after contact support for additional information
 podmon:
   enabled: false
-  image: dellemc/podmon:v1.7.0
-  #controller:
-  # args:
-  #   - "--csisock=unix:/var/run/csi/csi.sock"
-  #   - "--labelvalue=csi-vxflexos"
-  #   - "--mode=controller"
-  #   - "--skipArrayConnectionValidation=false"
-  #   - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml"
-  #   - "--driverPodLabelValue=dell-storage"
-  #   - "--ignoreVolumelessPods=false"
-  #node:
-  # args:
-  #   - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock"
-  #   - "--labelvalue=csi-vxflexos"
-  #   - "--mode=node"
-  #   - "--leaderelection=false"
-  #   - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml"
-  #   - "--driverPodLabelValue=dell-storage"
-  #   - "--ignoreVolumelessPods=false"
+
+  controller:
+    args:
+      - "--csisock=unix:/var/run/csi/csi.sock"
+      - "--labelvalue=csi-vxflexos"
+      - "--mode=controller"
+      - "--skipArrayConnectionValidation=false"
+      - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml"
+      - "--driverPodLabelValue=dell-storage"
+      - "--ignoreVolumelessPods=false"
+  node:
+    args:
+      - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock"
+      - "--labelvalue=csi-vxflexos"
+      - "--mode=node"
+      - "--leaderelection=false"
+      - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml"
+      - "--driverPodLabelValue=dell-storage"
+      - "--ignoreVolumelessPods=false"
 
 # CSM module attributes
 # authorization: enable csm-authorization for RBAC
@@ -337,10 +344,6 @@ podmon:
 authorization:
   enabled: false
 
-  # sidecarProxyImage: the container image used for the csm-authorization-sidecar.
-  # Default value: dellemc/csm-authorization-sidecar:v1.8.0
-  sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.8.0
-
   # proxyHost: hostname of the csm-authorization server
   # Default value: None
   proxyHost: