From df51de12bc8e5326a49c89ed9a484f336d614bf6 Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Thu, 24 Aug 2023 07:13:51 -0400 Subject: [PATCH 01/12] add cosi driver helm chart --- charts/cosi/Chart.yaml | 36 +++++ charts/cosi/templates/NOTES.txt | 5 + charts/cosi/templates/_helpers.tpl | 183 ++++++++++++++++++++++ charts/cosi/templates/deployment.yaml | 90 +++++++++++ charts/cosi/templates/role.yaml | 52 ++++++ charts/cosi/templates/rolebinding.yaml | 20 +++ charts/cosi/templates/secret.yaml | 15 ++ charts/cosi/templates/serviceaccount.yaml | 12 ++ charts/cosi/values.yaml | 153 ++++++++++++++++++ 9 files changed, 566 insertions(+) create mode 100644 charts/cosi/Chart.yaml create mode 100644 charts/cosi/templates/NOTES.txt create mode 100644 charts/cosi/templates/_helpers.tpl create mode 100644 charts/cosi/templates/deployment.yaml create mode 100644 charts/cosi/templates/role.yaml create mode 100644 charts/cosi/templates/rolebinding.yaml create mode 100644 charts/cosi/templates/secret.yaml create mode 100644 charts/cosi/templates/serviceaccount.yaml create mode 100644 charts/cosi/values.yaml diff --git a/charts/cosi/Chart.yaml b/charts/cosi/Chart.yaml new file mode 100644 index 00000000..8ab988dd --- /dev/null +++ b/charts/cosi/Chart.yaml @@ -0,0 +1,36 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + +apiVersion: v2 +name: cosi-driver +description: Container Object Storage Interface (COSI) Driver for Dell ObjectScale + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: 1.0.0-alpha diff --git a/charts/cosi/templates/NOTES.txt b/charts/cosi/templates/NOTES.txt new file mode 100644 index 00000000..dd78f413 --- /dev/null +++ b/charts/cosi/templates/NOTES.txt @@ -0,0 +1,5 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named {{ .Release.Name }}. + +For more information visit CSM documentation: https://dell.github.io/csm-docs/ diff --git a/charts/cosi/templates/_helpers.tpl b/charts/cosi/templates/_helpers.tpl new file mode 100644 index 00000000..6b1fa63d --- /dev/null +++ b/charts/cosi/templates/_helpers.tpl @@ -0,0 +1,183 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cosi-driver.name" }} + {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cosi-driver.fullname" }} + {{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} + {{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- if contains $name .Release.Name }} + {{- .Release.Name | trunc 63 | trimSuffix "-" }} + {{- else }} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} + {{- end }} + {{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cosi-driver.chart" }} + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +# COSI driver log level +# Possible values: "trace" "debug" "info" "warn" "error" "fatal" "panic" +# Default value: "debug" +*/}} +{{- define "cosi-driver.logLevel" }} + {{- $logLevelValues := list "trace" "debug" "info" "warn" "error" "fatal" "panic" }} + {{- if (has .Values.provisioner.logLevel $logLevelValues) }} + {{- .Values.provisioner.logLevel }} + {{- else }} + {{- "debug" }} + {{- end }} +{{- end }} + +{{/* +# COSI driver sidecar log level +# Values are set to the integer value, higher value means more verbose logging +*/}} +{{- define "cosi-driver.provisionerSidecarVerbosity" }} + {{- if (kindIs "int" .Values.sidecar.verbosity) }} + {{- .Values.sidecar.verbosity }} + {{- else }} + {{- 5 }} + {{- end }} +{{- end }} + +{{/* +# COSI driver log format +# Possible values: "json" "text" +# Default value: "json" +*/}} +{{- define "cosi-driver.logFormat" }} + {{- $logFormatValues := list "json" "text" }} + {{- if (has .Values.provisioner.logFormat $logFormatValues) }} + {{- .Values.provisioner.logFormat }} + {{- else }} + {{- "text" }} + {{- end }} +{{- end }} + +{{/* +# COSI driver OTEL endpoint +# Default value is left empty on purpose, to not start any tracing if no argument was provided. +# Default value: "" +*/}} +{{- define "cosi-driver.otelEndpoint" }} + {{- if .Values.provisioner.otelEndpoint }} + {{- .Values.provisioner.otelEndpoint }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cosi-driver.labels" }} +helm.sh/chart: {{ include "cosi-driver.chart" . }} +{{- include "cosi-driver.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cosi-driver.selectorLabels" }} +app.kubernetes.io/name: {{ include "cosi-driver.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the role to use +*/}} +{{- define "cosi-driver.roleName" }} + {{- if and .Values.rbac.create }} + {{- default (printf "%s" (include "cosi-driver.fullname" .)) .Values.rbac.role.name }} + {{- else }} + {{- .Values.rbac.role.name }} + {{- end }} +{{- end }} + +{{/* +Create the name of the role binding to use +*/}} +{{- define "cosi-driver.roleBindingName" }} + {{- if and .Values.rbac.create }} + {{- default (printf "%s" (include "cosi-driver.fullname" .)) .Values.rbac.roleBinding.name }} + {{- else }} + {{- .Values.rbac.roleBinding.name }} + {{- end }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cosi-driver.serviceAccountName" -}} + {{- if .Values.serviceAccount.create -}} + {{ default (include "cosi-driver.fullname" .) .Values.serviceAccount.name }} + {{- else -}} + {{ default "default" .Values.serviceAccount.name }} + {{- end -}} +{{- end -}} + +{{/* +Create the name of provisioner container +*/}} +{{- define "cosi-driver.provisionerContainerName" }} + {{- default "objectstorage-provisioner" .Values.provisioner.name }} +{{- end }} + +{{/* +Create the name of provisioner sidecar container +*/}} +{{- define "cosi-driver.provisionerSidecarContainerName" }} + {{- default "objectstorage-provisioner-sidecar" .Values.sidecar.name }} +{{- end }} + +{{/* +Create the full name of provisioner image from repository and tag +*/}} +{{- define "cosi-driver.provisionerImageName" }} + {{- .Values.provisioner.image.repository }}:{{ .Values.provisioner.image.tag | default .Chart.AppVersion }} +{{- end }} + +{{/* +Create the full name of provisioner sidecar image from repository and tag +*/}} +{{- define "cosi-driver.provisionerSidecarImageName" }} + {{- .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }} +{{- end }} + +{{/* +Create the secret name +*/}} +{{- define "cosi-driver.secretName" }} + {{- if .Values.configuration.create }} + {{- default (printf "%s-config" (include "cosi-driver.name" . )) .Values.configuration.secretName }} + {{- else }} + {{- .Values.configuration.secretName }} + {{- end }} +{{- end }} + +{{/* +Create the name for secret volume +*/}} +{{- define "cosi-driver.secretVolumeName" }} + {{- printf "%s-config" (include "cosi-driver.name" . ) }} +{{- end }} diff --git a/charts/cosi/templates/deployment.yaml b/charts/cosi/templates/deployment.yaml new file mode 100644 index 00000000..8dcaa105 --- /dev/null +++ b/charts/cosi/templates/deployment.yaml @@ -0,0 +1,90 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "cosi-driver.fullname" . }} + labels: + {{- include "cosi-driver.labels" . | trim | nindent 4 }} + {{- with .Values.rbac.role.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "cosi-driver.selectorLabels" . | trim | nindent 6 }} + template: + metadata: + labels: + {{- include "cosi-driver.labels" . | trim | nindent 8 }} + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "cosi-driver.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ include "cosi-driver.provisionerContainerName" . }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + image: {{ include "cosi-driver.provisionerImageName" . }} + imagePullPolicy: {{ .Values.provisioner.image.pullPolicy }} + args: + - "--log-level={{ include "cosi-driver.logLevel" . }}" + - "--log-format={{ include "cosi-driver.logFormat" . }}" + - "--otel-endpoint={{ include "cosi-driver.otelEndpoint" . }}" + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: {{ include "cosi-driver.secretVolumeName" . }} + mountPath: /cosi + - name: cosi-socket-dir + mountPath: /var/lib/cosi + - name: {{ include "cosi-driver.provisionerSidecarContainerName" . }} + image: {{ include "cosi-driver.provisionerSidecarImageName" . }} + imagePullPolicy: {{ .Values.sidecar.image.pullPolicy }} + args: + - "-v={{ include "cosi-driver.provisionerSidecarVerbosity" . }}" + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: cosi-socket-dir + mountPath: /var/lib/cosi + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: {{ include "cosi-driver.secretVolumeName" . }} + secret: + secretName: {{ include "cosi-driver.secretName" . }} + - name: cosi-socket-dir + emptyDir: {} diff --git a/charts/cosi/templates/role.yaml b/charts/cosi/templates/role.yaml new file mode 100644 index 00000000..609487bd --- /dev/null +++ b/charts/cosi/templates/role.yaml @@ -0,0 +1,52 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "cosi-driver.roleName" . }} + labels: + {{- include "cosi-driver.labels" . | trim | nindent 4 }} + {{- with .Values.rbac.roleBinding.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - objectstorage.k8s.io # COSI resources are grouped here + resources: # we do not add bucketclasses here, as those are managed by COSI Controller + - buckets + - bucketclaims + - bucketaccesses + - bucketaccessclasses + - buckets/status + - bucketaccesses/status + - bucketclaims/status + - bucketaccessclasses/status + verbs: # CRUD + list/watch + - create + - get + - update + - delete + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases # lease is created during leader election process by COSI Provisioner Sidecar + verbs: # CRUD + list/watch + - create + - get + - update + - delete + - list + - watch +- apiGroups: + - "" # empty for default API group + resources: + - events # events are emmited from COSI Provisioner Sidecar + - secrets # secrets are created by COSI Provisioner Sidecar as a part of access granting + verbs: # CRUD + - create + - get + - update + - delete +{{- end }} diff --git a/charts/cosi/templates/rolebinding.yaml b/charts/cosi/templates/rolebinding.yaml new file mode 100644 index 00000000..1c3da15f --- /dev/null +++ b/charts/cosi/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "cosi-driver.roleBindingName" . }} + labels: + {{- include "cosi-driver.labels" . | trim | nindent 4 }} + {{- with .Values.rbac.roleBinding.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +subjects: + - kind: ServiceAccount + name: {{ include "cosi-driver.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "cosi-driver.roleName" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/cosi/templates/secret.yaml b/charts/cosi/templates/secret.yaml new file mode 100644 index 00000000..ef1c4513 --- /dev/null +++ b/charts/cosi/templates/secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.configuration.create }} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "cosi-driver.secretName" . }} + labels: + {{- include "cosi-driver.labels" . | trim | nindent 4 }} + {{- with .Values.configuration.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + config.yaml: {{ toString .Values.configuration.data | b64enc }} +{{- end }} diff --git a/charts/cosi/templates/serviceaccount.yaml b/charts/cosi/templates/serviceaccount.yaml new file mode 100644 index 00000000..11d48c1d --- /dev/null +++ b/charts/cosi/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{ if .Values.rbac.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "cosi-driver.serviceAccountName" . }} + labels: + {{- include "cosi-driver.labels" . | trim | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end}} diff --git a/charts/cosi/values.yaml b/charts/cosi/values.yaml new file mode 100644 index 00000000..87ea5d40 --- /dev/null +++ b/charts/cosi/values.yaml @@ -0,0 +1,153 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + +# Default values for cosi-driver. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# provisioner specifies parameters for the COSI driver provisioner container. +provisioner: + # name of the COSI driver provisioner container. + name: "objectstorage-provisioner" + # logLevel is the logging level for the COSI driver provisioner, + # Possible values: "trace" "debug" "info" "warn" "error" "fatal" "panic". + logLevel: "debug" + # logFormat is the logging format for the COSI driver provisioner, + # Possible values: "json" "text". + logFormat: "text" + # otelEndpoint specifies the endpoint on which the OTEL Collector is set up and to which data is sent over gRPC. + otelEndpoint: "otel-collector.namespace:4317" + # image specifies the COSI driver provisioner container image. + image: + # repository is the COSI driver provisioner container image repository. + repository: "docker.io/dell/cosi" + # tag is the COSI driver provisioner container image tag. + tag: "v0.1.0" + # pullPolicy is the COSI driver provisioner container image pull policy. + pullPolicy: "IfNotPresent" + +# sidecar specifies parameters for the COSI driver sidecar container. +sidecar: + # name of the COSI driver sidecar container. + name: "objectstorage-provisioner-sidecar" + # verbosity is the logging verbosity for the COSI driver sidecar, higher values are more verbose, + # Possible values: integers from -2,147,483,648 to 2,147,483,647 + # + # Generally the range used is between -4 and 12. However, there may be cases where numbers outside + # that range might provide more information. + # For additional information, refer to the cosi sidecar documentation: + # - https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar + verbosity: 5 + # image specifies the COSI driver sidecar container image. + image: + # repository is the COSI driver sidecar container image repository. + repository: "gcr.io/k8s-staging-sig-storage/objectstorage-sidecar/objectstorage-sidecar" + # tag is the COSI driver sidecar container image tag. + tag: "v20230130-v0.1.0-24-gc0cf995" + # pullPolicy is the COSI driver sidecar container image pull policy. + pullPolicy: "IfNotPresent" + +# configuration of the driver can be set with with --set-file configuration.data=path/to/config.yaml +# or created manually and provided with --set configuration.secretName=existing-secret-name +configuration: + # Specifies whether a secret with driver configuration should be created + # If set to false, you must set `configuration.secretName` field to an existing configuration secret name. + create: true + annotations: {} + # name can be used to specify an existing secret name to use for the driver configuration or override the generated name (default `cosi-driver`). + secretName: "" + # data should be provided when installing chart, it will be used to create the Secret with the driver configuration. + # `configuration.create` must be set to `true` for this to work. + data: "" + +# rbac specifies parameters for the COSI driver RBAC resources. +rbac: + # create specifies whether RBAC resources should be created. + create: true + # role specifies parameters for the COSI driver Role. + role: + # annotations to add to the Role resource + annotations: {} + # name of the Role to create (efault `cosi-driver-role`). + name: "" + # roleBinding specifies parameters for the COSI driver RoleBinding. + roleBinding: + # Annotations to add to the RoleBinding + annotations: {} + # name of the RoleBinding to create (default `cosi-driver-rolebinding`). + name: "" + +# serviceAccount specifies parameters for the COSI driver ServiceAccount. +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # Annotations to add to the ServiceAccount + annotations: {} + # The name of the ServiceAccount to create (or just use if `rbac.create=false`, default `cosi-driver-sa`). + name: "" + +# replicaCount specifies the number of replicas of the COSI driver. +replicaCount: 1 +# nameOverride specifies the name override for the COSI driver installation (default is `name` form `Chart.yaml`). +nameOverride: "" +# fullnameOverride specifies the full name override for the COSI driver installation (generated based on release name). +fullnameOverride: "" +# podAnnotations specifies the list of annotations to add to the COSI driver pod. +podAnnotations: {} +# imagePullSecrets specifies the list of image pull secrets. +imagePullSecrets: [] + +# podSecurityContext specifies the security context for the COSI driver pod. +podSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + # fsGroup: 2000 + +# securityContext specifies the security context for the COSI driver containers. +securityContext: + readOnlyRootFilesystem: true + # capabilities: + # drop: + # - ALL + +# resources specifies the resource limits and requests for the COSI driver containers. +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# autoscaling rules for COSI driver deployment. +autoscaling: + # enabled specifies whether autoscaling is enabled. + enabled: false + # minReplicas specifies the minimum number of replicas. + minReplicas: 1 + # maxReplicas specifies the maximum number of replicas. + maxReplicas: 100 + # targetCPUUtilizationPercentage specifies the target CPU utilization percentage. + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage specifies the target memory utilization percentage. + # targetMemoryUtilizationPercentage: 80 + +# nodeSelector specifies the node selector for the COSI driver pod. +nodeSelector: {} +# tolerations specifies the list of tolerations for the COSI driver pod. +tolerations: [] +# affinity specifies the affinity for the COSI driver pod. +affinity: {} From 85886a6ea735c0c087b7928570006a53e5c4b84d Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Thu, 24 Aug 2023 08:45:55 -0400 Subject: [PATCH 02/12] add cosi specific linters --- .github/workflows/cosi-helm.yaml | 58 +++++++++++++++++++++++++++ cosi-kubelinter-config.yaml | 69 ++++++++++++++++++++++++++++++++ 2 files changed, 127 insertions(+) create mode 100644 .github/workflows/cosi-helm.yaml create mode 100644 cosi-kubelinter-config.yaml diff --git a/.github/workflows/cosi-helm.yaml b/.github/workflows/cosi-helm.yaml new file mode 100644 index 00000000..feb60943 --- /dev/null +++ b/.github/workflows/cosi-helm.yaml @@ -0,0 +1,58 @@ +name: Helm Chart + +on: + push: + branches: [main] + pull_request: + branches: ["**"] + +env: + GOPRIVATE: github.com/dell/* + TOKEN: ${{ secrets.GH_DELL_ACCESS }} + +jobs: + kube-linter: + name: Kube Linter + runs-on: ubuntu-latest + steps: + - name: Configure git for private modules + run: | + git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com" + echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc + - name: Checkout the code + uses: actions/checkout@v3.5.3 + - name: "Vendor packages" + run: | + go mod vendor + - name: Scan repo with kube-linter + uses: stackrox/kube-linter-action@v1.0.4 + with: + directory: charts/cosi + config: kubelinter-config.yaml + + helm-check: + name: Chart Testing + runs-on: ubuntu-latest + steps: + - name: Configure git for private modules + run: | + git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com" + echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc + - name: Checkout the code + uses: actions/checkout@v3.5.3 + - name: "Vendor packages" + run: | + go mod vendor + - name: Set up Helm + uses: azure/setup-helm@v3 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: "3.9" + check-latest: true + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.4.0 + - name: Run chart-testing (lint) + run: ct lint --config helm/ct-config.yaml diff --git a/cosi-kubelinter-config.yaml b/cosi-kubelinter-config.yaml new file mode 100644 index 00000000..9e79fd83 --- /dev/null +++ b/cosi-kubelinter-config.yaml @@ -0,0 +1,69 @@ +checks: + # NOTE: Include all checks, comment failing + include: + - "access-to-create-pods" + # - "access-to-secrets" + - "cluster-admin-role-binding" + - "dangling-horizontalpodautoscaler" + - "dangling-ingress" + - "dangling-networkpolicy" + - "dangling-networkpolicypeer-podselector" + - "dangling-service" + - "default-service-account" + - "deprecated-service-account-field" + # - "dnsconfig-options" + - "docker-sock" + - "drop-net-raw-capability" + - "duplicate-env-var" + - "env-var-secret" + - "exposed-services" + - "host-ipc" + - "host-network" + - "host-pid" + - "hpa-minimum-three-replicas" + - "invalid-target-ports" + - "latest-tag" + # - "minimum-three-replicas" + - "mismatching-selector" + - "no-anti-affinity" + - "no-extensions-v1beta" + # - "no-liveness-probe" + # - "no-node-affinity" + - "no-read-only-root-fs" + # - "no-readiness-probe" + # - "no-rolling-update-strategy" + - "non-existent-service-account" + # - "non-isolated-pod" + - "privilege-escalation-container" + - "privileged-container" + - "privileged-ports" + - "read-secret-from-env-var" + # - "required-annotation-email" + # - "required-label-owner" + - "run-as-non-root" + - "sensitive-host-mounts" + - "ssh-port" + - "unsafe-proc-mount" + - "unsafe-sysctls" + # - "unset-cpu-requirements" + # - "unset-memory-requirements" + # - "use-namespace" + - "wildcard-in-rules" + - "writable-host-mount" + + # NOTE: manually exclude failing for documentation, fix them in future or + # comment why are they disabled. + exclude: + - "access-to-secrets" # NOTE: COSI Provisioner Sidecar requires access to secrets + - "dnsconfig-options" + - "minimum-three-replicas" + - "no-liveness-probe" + - "no-node-affinity" + - "no-readiness-probe" + - "no-rolling-update-strategy" + - "non-isolated-pod" + - "required-annotation-email" + - "required-label-owner" + - "unset-cpu-requirements" + - "unset-memory-requirements" + - "use-namespace" From acb8d3d73f0084f02e5dda570f5a21965dd8ef43 Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Thu, 24 Aug 2023 08:48:43 -0400 Subject: [PATCH 03/12] remove go mod from cosi linters --- .github/workflows/cosi-helm.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/cosi-helm.yaml b/.github/workflows/cosi-helm.yaml index feb60943..659adaaa 100644 --- a/.github/workflows/cosi-helm.yaml +++ b/.github/workflows/cosi-helm.yaml @@ -21,9 +21,6 @@ jobs: echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc - name: Checkout the code uses: actions/checkout@v3.5.3 - - name: "Vendor packages" - run: | - go mod vendor - name: Scan repo with kube-linter uses: stackrox/kube-linter-action@v1.0.4 with: @@ -40,9 +37,6 @@ jobs: echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc - name: Checkout the code uses: actions/checkout@v3.5.3 - - name: "Vendor packages" - run: | - go mod vendor - name: Set up Helm uses: azure/setup-helm@v3 env: From 1b1aea46a564b78e5298262815b7c6741a53f94c Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Thu, 24 Aug 2023 09:03:23 -0400 Subject: [PATCH 04/12] fix typos --- .github/workflows/cosi-helm.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cosi-helm.yaml b/.github/workflows/cosi-helm.yaml index 659adaaa..6d01d83d 100644 --- a/.github/workflows/cosi-helm.yaml +++ b/.github/workflows/cosi-helm.yaml @@ -25,7 +25,7 @@ jobs: uses: stackrox/kube-linter-action@v1.0.4 with: directory: charts/cosi - config: kubelinter-config.yaml + config: cosi-kubelinter-config.yaml helm-check: name: Chart Testing @@ -49,4 +49,4 @@ jobs: - name: Set up chart-testing uses: helm/chart-testing-action@v2.4.0 - name: Run chart-testing (lint) - run: ct lint --config helm/ct-config.yaml + run: ct lint --config lintConfig.yaml From ff204664d3c3eca9a31425f2eff7b971d4ab9747 Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Thu, 24 Aug 2023 09:13:20 -0400 Subject: [PATCH 05/12] add cosi-ct-config.yaml --- .github/workflows/cosi-helm.yaml | 2 +- cosi-ct-config.yaml | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 cosi-ct-config.yaml diff --git a/.github/workflows/cosi-helm.yaml b/.github/workflows/cosi-helm.yaml index 6d01d83d..368f703f 100644 --- a/.github/workflows/cosi-helm.yaml +++ b/.github/workflows/cosi-helm.yaml @@ -49,4 +49,4 @@ jobs: - name: Set up chart-testing uses: helm/chart-testing-action@v2.4.0 - name: Run chart-testing (lint) - run: ct lint --config lintConfig.yaml + run: ct lint --config cosi-ct-config.yaml diff --git a/cosi-ct-config.yaml b/cosi-ct-config.yaml new file mode 100644 index 00000000..fb357429 --- /dev/null +++ b/cosi-ct-config.yaml @@ -0,0 +1,8 @@ +target-branch: main +chart-dirs: + - charts +charts: + - charts/cosi +check-version-increment: true +validate-chart-schema: false +validate-maintainers: false \ No newline at end of file From 08b6b06bf905e786e3268fca05c2564496f23d69 Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Thu, 24 Aug 2023 10:40:25 -0400 Subject: [PATCH 06/12] change workflow name --- .github/workflows/cosi-helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cosi-helm.yaml b/.github/workflows/cosi-helm.yaml index 368f703f..0fc8fce5 100644 --- a/.github/workflows/cosi-helm.yaml +++ b/.github/workflows/cosi-helm.yaml @@ -1,4 +1,4 @@ -name: Helm Chart +name: COSI driver on: push: From 9b2f24cb578be28796c7723f4691fc6fd982b5d9 Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Fri, 25 Aug 2023 05:55:58 -0400 Subject: [PATCH 07/12] change log levels in cosi chart --- .github/workflows/cosi-helm.yaml | 25 +------------------ charts/cosi/values.yaml | 4 +-- cosi-ct-config.yaml | 8 ------ ...nter-config.yaml => kubelinter-config.yaml | 0 4 files changed, 3 insertions(+), 34 deletions(-) delete mode 100644 cosi-ct-config.yaml rename cosi-kubelinter-config.yaml => kubelinter-config.yaml (100%) diff --git a/.github/workflows/cosi-helm.yaml b/.github/workflows/cosi-helm.yaml index 0fc8fce5..12552646 100644 --- a/.github/workflows/cosi-helm.yaml +++ b/.github/workflows/cosi-helm.yaml @@ -25,28 +25,5 @@ jobs: uses: stackrox/kube-linter-action@v1.0.4 with: directory: charts/cosi - config: cosi-kubelinter-config.yaml + config: kubelinter-config.yaml - helm-check: - name: Chart Testing - runs-on: ubuntu-latest - steps: - - name: Configure git for private modules - run: | - git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com" - echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc - - name: Checkout the code - uses: actions/checkout@v3.5.3 - - name: Set up Helm - uses: azure/setup-helm@v3 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: "3.9" - check-latest: true - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.4.0 - - name: Run chart-testing (lint) - run: ct lint --config cosi-ct-config.yaml diff --git a/charts/cosi/values.yaml b/charts/cosi/values.yaml index 87ea5d40..de658203 100644 --- a/charts/cosi/values.yaml +++ b/charts/cosi/values.yaml @@ -19,8 +19,8 @@ provisioner: # name of the COSI driver provisioner container. name: "objectstorage-provisioner" # logLevel is the logging level for the COSI driver provisioner, - # Possible values: "trace" "debug" "info" "warn" "error" "fatal" "panic". - logLevel: "debug" + # Possible values: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 + logLevel: 4 # logFormat is the logging format for the COSI driver provisioner, # Possible values: "json" "text". logFormat: "text" diff --git a/cosi-ct-config.yaml b/cosi-ct-config.yaml deleted file mode 100644 index fb357429..00000000 --- a/cosi-ct-config.yaml +++ /dev/null @@ -1,8 +0,0 @@ -target-branch: main -chart-dirs: - - charts -charts: - - charts/cosi -check-version-increment: true -validate-chart-schema: false -validate-maintainers: false \ No newline at end of file diff --git a/cosi-kubelinter-config.yaml b/kubelinter-config.yaml similarity index 100% rename from cosi-kubelinter-config.yaml rename to kubelinter-config.yaml From 0068140d0d5be7c0d611a5091e7cd8c0c6eaae7e Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Fri, 25 Aug 2023 06:11:34 -0400 Subject: [PATCH 08/12] update actions --- .github/workflows/cosi-helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cosi-helm.yaml b/.github/workflows/cosi-helm.yaml index 12552646..ddfaa766 100644 --- a/.github/workflows/cosi-helm.yaml +++ b/.github/workflows/cosi-helm.yaml @@ -20,7 +20,7 @@ jobs: git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com" echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc - name: Checkout the code - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v3.6.0 - name: Scan repo with kube-linter uses: stackrox/kube-linter-action@v1.0.4 with: From 1279038f91d7cf42854d9b349c62445d857f0a5a Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Mon, 28 Aug 2023 04:08:33 -0400 Subject: [PATCH 09/12] change name from cosi-driver to cosi --- charts/cosi/Chart.yaml | 2 +- charts/cosi/templates/_helpers.tpl | 52 +++++++++++------------ charts/cosi/templates/deployment.yaml | 32 +++++++------- charts/cosi/templates/role.yaml | 4 +- charts/cosi/templates/rolebinding.yaml | 8 ++-- charts/cosi/templates/secret.yaml | 4 +- charts/cosi/templates/serviceaccount.yaml | 4 +- charts/cosi/values.yaml | 10 ++--- 8 files changed, 58 insertions(+), 58 deletions(-) diff --git a/charts/cosi/Chart.yaml b/charts/cosi/Chart.yaml index 8ab988dd..157a687d 100644 --- a/charts/cosi/Chart.yaml +++ b/charts/cosi/Chart.yaml @@ -11,7 +11,7 @@ # limitations under the License apiVersion: v2 -name: cosi-driver +name: cosi description: Container Object Storage Interface (COSI) Driver for Dell ObjectScale # A chart can be either an 'application' or a 'library' chart. diff --git a/charts/cosi/templates/_helpers.tpl b/charts/cosi/templates/_helpers.tpl index 6b1fa63d..3aa8c08a 100644 --- a/charts/cosi/templates/_helpers.tpl +++ b/charts/cosi/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "cosi-driver.name" }} +{{- define "cosi.name" }} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "cosi-driver.fullname" }} +{{- define "cosi.fullname" }} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,7 +26,7 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "cosi-driver.chart" }} +{{- define "cosi.chart" }} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} @@ -35,7 +35,7 @@ Create chart name and version as used by the chart label. # Possible values: "trace" "debug" "info" "warn" "error" "fatal" "panic" # Default value: "debug" */}} -{{- define "cosi-driver.logLevel" }} +{{- define "cosi.logLevel" }} {{- $logLevelValues := list "trace" "debug" "info" "warn" "error" "fatal" "panic" }} {{- if (has .Values.provisioner.logLevel $logLevelValues) }} {{- .Values.provisioner.logLevel }} @@ -48,7 +48,7 @@ Create chart name and version as used by the chart label. # COSI driver sidecar log level # Values are set to the integer value, higher value means more verbose logging */}} -{{- define "cosi-driver.provisionerSidecarVerbosity" }} +{{- define "cosi.provisionerSidecarVerbosity" }} {{- if (kindIs "int" .Values.sidecar.verbosity) }} {{- .Values.sidecar.verbosity }} {{- else }} @@ -61,7 +61,7 @@ Create chart name and version as used by the chart label. # Possible values: "json" "text" # Default value: "json" */}} -{{- define "cosi-driver.logFormat" }} +{{- define "cosi.logFormat" }} {{- $logFormatValues := list "json" "text" }} {{- if (has .Values.provisioner.logFormat $logFormatValues) }} {{- .Values.provisioner.logFormat }} @@ -75,7 +75,7 @@ Create chart name and version as used by the chart label. # Default value is left empty on purpose, to not start any tracing if no argument was provided. # Default value: "" */}} -{{- define "cosi-driver.otelEndpoint" }} +{{- define "cosi.otelEndpoint" }} {{- if .Values.provisioner.otelEndpoint }} {{- .Values.provisioner.otelEndpoint }} {{- else }} @@ -86,9 +86,9 @@ Create chart name and version as used by the chart label. {{/* Common labels */}} -{{- define "cosi-driver.labels" }} -helm.sh/chart: {{ include "cosi-driver.chart" . }} -{{- include "cosi-driver.selectorLabels" . }} +{{- define "cosi.labels" }} +helm.sh/chart: {{ include "cosi.chart" . }} +{{- include "cosi.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -98,17 +98,17 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "cosi-driver.selectorLabels" }} -app.kubernetes.io/name: {{ include "cosi-driver.name" . }} +{{- define "cosi.selectorLabels" }} +app.kubernetes.io/name: {{ include "cosi.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the role to use */}} -{{- define "cosi-driver.roleName" }} +{{- define "cosi.roleName" }} {{- if and .Values.rbac.create }} - {{- default (printf "%s" (include "cosi-driver.fullname" .)) .Values.rbac.role.name }} + {{- default (printf "%s" (include "cosi.fullname" .)) .Values.rbac.role.name }} {{- else }} {{- .Values.rbac.role.name }} {{- end }} @@ -117,9 +117,9 @@ Create the name of the role to use {{/* Create the name of the role binding to use */}} -{{- define "cosi-driver.roleBindingName" }} +{{- define "cosi.roleBindingName" }} {{- if and .Values.rbac.create }} - {{- default (printf "%s" (include "cosi-driver.fullname" .)) .Values.rbac.roleBinding.name }} + {{- default (printf "%s" (include "cosi.fullname" .)) .Values.rbac.roleBinding.name }} {{- else }} {{- .Values.rbac.roleBinding.name }} {{- end }} @@ -128,9 +128,9 @@ Create the name of the role binding to use {{/* Create the name of the service account to use */}} -{{- define "cosi-driver.serviceAccountName" -}} +{{- define "cosi.serviceAccountName" -}} {{- if .Values.serviceAccount.create -}} - {{ default (include "cosi-driver.fullname" .) .Values.serviceAccount.name }} + {{ default (include "cosi.fullname" .) .Values.serviceAccount.name }} {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} @@ -139,37 +139,37 @@ Create the name of the service account to use {{/* Create the name of provisioner container */}} -{{- define "cosi-driver.provisionerContainerName" }} +{{- define "cosi.provisionerContainerName" }} {{- default "objectstorage-provisioner" .Values.provisioner.name }} {{- end }} {{/* Create the name of provisioner sidecar container */}} -{{- define "cosi-driver.provisionerSidecarContainerName" }} +{{- define "cosi.provisionerSidecarContainerName" }} {{- default "objectstorage-provisioner-sidecar" .Values.sidecar.name }} {{- end }} {{/* Create the full name of provisioner image from repository and tag */}} -{{- define "cosi-driver.provisionerImageName" }} +{{- define "cosi.provisionerImageName" }} {{- .Values.provisioner.image.repository }}:{{ .Values.provisioner.image.tag | default .Chart.AppVersion }} {{- end }} {{/* Create the full name of provisioner sidecar image from repository and tag */}} -{{- define "cosi-driver.provisionerSidecarImageName" }} +{{- define "cosi.provisionerSidecarImageName" }} {{- .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }} {{- end }} {{/* Create the secret name */}} -{{- define "cosi-driver.secretName" }} +{{- define "cosi.secretName" }} {{- if .Values.configuration.create }} - {{- default (printf "%s-config" (include "cosi-driver.name" . )) .Values.configuration.secretName }} + {{- default (printf "%s-config" (include "cosi.name" . )) .Values.configuration.secretName }} {{- else }} {{- .Values.configuration.secretName }} {{- end }} @@ -178,6 +178,6 @@ Create the secret name {{/* Create the name for secret volume */}} -{{- define "cosi-driver.secretVolumeName" }} - {{- printf "%s-config" (include "cosi-driver.name" . ) }} +{{- define "cosi.secretVolumeName" }} + {{- printf "%s-config" (include "cosi.name" . ) }} {{- end }} diff --git a/charts/cosi/templates/deployment.yaml b/charts/cosi/templates/deployment.yaml index 8dcaa105..29bf0511 100644 --- a/charts/cosi/templates/deployment.yaml +++ b/charts/cosi/templates/deployment.yaml @@ -1,9 +1,9 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "cosi-driver.fullname" . }} + name: {{ include "cosi.fullname" . }} labels: - {{- include "cosi-driver.labels" . | trim | nindent 4 }} + {{- include "cosi.labels" . | trim | nindent 4 }} {{- with .Values.rbac.role.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -14,11 +14,11 @@ spec: {{- end }} selector: matchLabels: - {{- include "cosi-driver.selectorLabels" . | trim | nindent 6 }} + {{- include "cosi.selectorLabels" . | trim | nindent 6 }} template: metadata: labels: - {{- include "cosi-driver.labels" . | trim | nindent 8 }} + {{- include "cosi.labels" . | trim | nindent 8 }} {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} @@ -28,37 +28,37 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "cosi-driver.serviceAccountName" . }} + serviceAccountName: {{ include "cosi.serviceAccountName" . }} {{- with .Values.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} containers: - - name: {{ include "cosi-driver.provisionerContainerName" . }} + - name: {{ include "cosi.provisionerContainerName" . }} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} - image: {{ include "cosi-driver.provisionerImageName" . }} + image: {{ include "cosi.provisionerImageName" . }} imagePullPolicy: {{ .Values.provisioner.image.pullPolicy }} args: - - "--log-level={{ include "cosi-driver.logLevel" . }}" - - "--log-format={{ include "cosi-driver.logFormat" . }}" - - "--otel-endpoint={{ include "cosi-driver.otelEndpoint" . }}" + - "--log-level={{ include "cosi.logLevel" . }}" + - "--log-format={{ include "cosi.logFormat" . }}" + - "--otel-endpoint={{ include "cosi.otelEndpoint" . }}" {{- with .Values.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - - name: {{ include "cosi-driver.secretVolumeName" . }} + - name: {{ include "cosi.secretVolumeName" . }} mountPath: /cosi - name: cosi-socket-dir mountPath: /var/lib/cosi - - name: {{ include "cosi-driver.provisionerSidecarContainerName" . }} - image: {{ include "cosi-driver.provisionerSidecarImageName" . }} + - name: {{ include "cosi.provisionerSidecarContainerName" . }} + image: {{ include "cosi.provisionerSidecarImageName" . }} imagePullPolicy: {{ .Values.sidecar.image.pullPolicy }} args: - - "-v={{ include "cosi-driver.provisionerSidecarVerbosity" . }}" + - "-v={{ include "cosi.provisionerSidecarVerbosity" . }}" {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 12 }} @@ -83,8 +83,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: - - name: {{ include "cosi-driver.secretVolumeName" . }} + - name: {{ include "cosi.secretVolumeName" . }} secret: - secretName: {{ include "cosi-driver.secretName" . }} + secretName: {{ include "cosi.secretName" . }} - name: cosi-socket-dir emptyDir: {} diff --git a/charts/cosi/templates/role.yaml b/charts/cosi/templates/role.yaml index 609487bd..7a76974d 100644 --- a/charts/cosi/templates/role.yaml +++ b/charts/cosi/templates/role.yaml @@ -2,9 +2,9 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ include "cosi-driver.roleName" . }} + name: {{ include "cosi.roleName" . }} labels: - {{- include "cosi-driver.labels" . | trim | nindent 4 }} + {{- include "cosi.labels" . | trim | nindent 4 }} {{- with .Values.rbac.roleBinding.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/cosi/templates/rolebinding.yaml b/charts/cosi/templates/rolebinding.yaml index 1c3da15f..632dedb6 100644 --- a/charts/cosi/templates/rolebinding.yaml +++ b/charts/cosi/templates/rolebinding.yaml @@ -2,19 +2,19 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ include "cosi-driver.roleBindingName" . }} + name: {{ include "cosi.roleBindingName" . }} labels: - {{- include "cosi-driver.labels" . | trim | nindent 4 }} + {{- include "cosi.labels" . | trim | nindent 4 }} {{- with .Values.rbac.roleBinding.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} subjects: - kind: ServiceAccount - name: {{ include "cosi-driver.serviceAccountName" . }} + name: {{ include "cosi.serviceAccountName" . }} namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole - name: {{ include "cosi-driver.roleName" . }} + name: {{ include "cosi.roleName" . }} apiGroup: rbac.authorization.k8s.io {{- end }} diff --git a/charts/cosi/templates/secret.yaml b/charts/cosi/templates/secret.yaml index ef1c4513..62df6eaf 100644 --- a/charts/cosi/templates/secret.yaml +++ b/charts/cosi/templates/secret.yaml @@ -3,9 +3,9 @@ apiVersion: v1 kind: Secret type: Opaque metadata: - name: {{ include "cosi-driver.secretName" . }} + name: {{ include "cosi.secretName" . }} labels: - {{- include "cosi-driver.labels" . | trim | nindent 4 }} + {{- include "cosi.labels" . | trim | nindent 4 }} {{- with .Values.configuration.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/cosi/templates/serviceaccount.yaml b/charts/cosi/templates/serviceaccount.yaml index 11d48c1d..6b85d83f 100644 --- a/charts/cosi/templates/serviceaccount.yaml +++ b/charts/cosi/templates/serviceaccount.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "cosi-driver.serviceAccountName" . }} + name: {{ include "cosi.serviceAccountName" . }} labels: - {{- include "cosi-driver.labels" . | trim | nindent 4 }} + {{- include "cosi.labels" . | trim | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/cosi/values.yaml b/charts/cosi/values.yaml index de658203..50d1e4cb 100644 --- a/charts/cosi/values.yaml +++ b/charts/cosi/values.yaml @@ -10,7 +10,7 @@ # See the License for the specific language governing permissions and # limitations under the License -# Default values for cosi-driver. +# Default values for cosi. # This is a YAML-formatted file. # Declare variables to be passed into your templates. @@ -63,7 +63,7 @@ configuration: # If set to false, you must set `configuration.secretName` field to an existing configuration secret name. create: true annotations: {} - # name can be used to specify an existing secret name to use for the driver configuration or override the generated name (default `cosi-driver`). + # name can be used to specify an existing secret name to use for the driver configuration or override the generated name (default `cosi`). secretName: "" # data should be provided when installing chart, it will be used to create the Secret with the driver configuration. # `configuration.create` must be set to `true` for this to work. @@ -77,13 +77,13 @@ rbac: role: # annotations to add to the Role resource annotations: {} - # name of the Role to create (efault `cosi-driver-role`). + # name of the Role to create (efault `cosi-role`). name: "" # roleBinding specifies parameters for the COSI driver RoleBinding. roleBinding: # Annotations to add to the RoleBinding annotations: {} - # name of the RoleBinding to create (default `cosi-driver-rolebinding`). + # name of the RoleBinding to create (default `cosi-rolebinding`). name: "" # serviceAccount specifies parameters for the COSI driver ServiceAccount. @@ -92,7 +92,7 @@ serviceAccount: create: true # Annotations to add to the ServiceAccount annotations: {} - # The name of the ServiceAccount to create (or just use if `rbac.create=false`, default `cosi-driver-sa`). + # The name of the ServiceAccount to create (or just use if `rbac.create=false`, default `cosi-sa`). name: "" # replicaCount specifies the number of replicas of the COSI driver. From c07128b7370c469dfc0bcf27f4f16005931e930e Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Mon, 28 Aug 2023 08:24:39 -0400 Subject: [PATCH 10/12] add kubelinter for all charts --- .github/workflows/cosi-helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cosi-helm.yaml b/.github/workflows/cosi-helm.yaml index ddfaa766..5ba605de 100644 --- a/.github/workflows/cosi-helm.yaml +++ b/.github/workflows/cosi-helm.yaml @@ -24,6 +24,6 @@ jobs: - name: Scan repo with kube-linter uses: stackrox/kube-linter-action@v1.0.4 with: - directory: charts/cosi + directory: charts config: kubelinter-config.yaml From b665359cf1856b158ab3f581ce60e77d7e99879a Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Tue, 29 Aug 2023 05:40:04 -0400 Subject: [PATCH 11/12] revert kubelinter --- .github/workflows/{cosi-helm.yaml => kubelinter.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{cosi-helm.yaml => kubelinter.yaml} (95%) diff --git a/.github/workflows/cosi-helm.yaml b/.github/workflows/kubelinter.yaml similarity index 95% rename from .github/workflows/cosi-helm.yaml rename to .github/workflows/kubelinter.yaml index 5ba605de..ddfaa766 100644 --- a/.github/workflows/cosi-helm.yaml +++ b/.github/workflows/kubelinter.yaml @@ -24,6 +24,6 @@ jobs: - name: Scan repo with kube-linter uses: stackrox/kube-linter-action@v1.0.4 with: - directory: charts + directory: charts/cosi config: kubelinter-config.yaml From aeb8fb39601ee016b79cffef93a6db4d74cc1885 Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Wed, 30 Aug 2023 06:21:51 -0400 Subject: [PATCH 12/12] change log levels in chart's template --- charts/cosi/templates/_helpers.tpl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/cosi/templates/_helpers.tpl b/charts/cosi/templates/_helpers.tpl index 3aa8c08a..9181052c 100644 --- a/charts/cosi/templates/_helpers.tpl +++ b/charts/cosi/templates/_helpers.tpl @@ -32,15 +32,15 @@ Create chart name and version as used by the chart label. {{/* # COSI driver log level -# Possible values: "trace" "debug" "info" "warn" "error" "fatal" "panic" -# Default value: "debug" +# Possible values: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 +# Default value: 4 */}} {{- define "cosi.logLevel" }} - {{- $logLevelValues := list "trace" "debug" "info" "warn" "error" "fatal" "panic" }} + {{- $logLevelValues := list 0 1 2 3 4 5 6 7 8 9 10 }} {{- if (has .Values.provisioner.logLevel $logLevelValues) }} {{- .Values.provisioner.logLevel }} {{- else }} - {{- "debug" }} + {{- 4 }} {{- end }} {{- end }}