diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index c1172db3..62dc61ae 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -5,7 +5,7 @@ # These are the default owners for the code and will # be requested for review when someone opens a pull request. -# order is alphabetical for easier maintenance. +# Order is alphabetical for easier maintenance. # # Sean Gallacher (gallacher) # Trevor Dawe (tdawe) @@ -18,11 +18,13 @@ # Niranjan N (niranjan-n1) # Shayna Finocchiaro (shaynafinocchiaro) # Sharmila Ramamoorthy (sharmilarama) +# Sushma T S(tssushma) # Tao He (taohe1012) # Peter Cao (P-Cao) +# Yamunadevi Shanmugam(shanmydell) # Yiming Bao (baoy1) # Yian Zong (YianZong) # Forrest Xia (forrestxia) # for all files: -* @gallacher @tdawe @alikdell @atye @hoppea2 @chaganti-rajitha @coulof @meggm @niranjan-n1 @shaynafinocchiaro @sharmilarama @taohe1012 @P-Cao @baoy1 @YianZong @forrestxia \ No newline at end of file +* @gallacher @tdawe @alikdell @atye @hoppea2 @chaganti-rajitha @coulof @meggm @niranjan-n1 @shaynafinocchiaro @sharmilarama @tssushma @taohe1012 @P-Cao @shanmydell @baoy1 @YianZong @forrestxia diff --git a/.github/workflows/helm-validations.yml b/.github/workflows/helm-validations.yml index f06c35a9..2993841f 100644 --- a/.github/workflows/helm-validations.yml +++ b/.github/workflows/helm-validations.yml @@ -8,7 +8,7 @@ on: - main - karavi-observability-release - csm-authorization-release - - release-v1.7.0 + - release-v* jobs: # This job will check to see if any .yaml file is modified diff --git a/.github/workflows/kubelinter.yaml b/.github/workflows/kubelinter.yaml new file mode 100644 index 00000000..ddfaa766 --- /dev/null +++ b/.github/workflows/kubelinter.yaml @@ -0,0 +1,29 @@ +name: COSI driver + +on: + push: + branches: [main] + pull_request: + branches: ["**"] + +env: + GOPRIVATE: github.com/dell/* + TOKEN: ${{ secrets.GH_DELL_ACCESS }} + +jobs: + kube-linter: + name: Kube Linter + runs-on: ubuntu-latest + steps: + - name: Configure git for private modules + run: | + git config --global url."https://csmbot:$TOKEN@github.com".insteadOf "https://github.com" + echo "machine github.com login csmbot password $TOKEN" >> ~/.netrc + - name: Checkout the code + uses: actions/checkout@v3.6.0 + - name: Scan repo with kube-linter + uses: stackrox/kube-linter-action@v1.0.4 + with: + directory: charts/cosi + config: kubelinter-config.yaml + diff --git a/charts/container-storage-modules/Chart.yaml b/charts/container-storage-modules/Chart.yaml index d760d77b..56ad1eb7 100644 --- a/charts/container-storage-modules/Chart.yaml +++ b/charts/container-storage-modules/Chart.yaml @@ -30,52 +30,58 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.0 +version: 1.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.0.0" +appVersion: "1.1.0" dependencies: - name: csi-powerstore - version: 2.7.0 + version: 2.8.0 repository: https://dell.github.io/helm-charts + #repository: file://../csi-powerstore condition: csi-powerstore.enabled - name: csi-powermax - version: 2.7.0 + version: 2.8.0 repository: https://dell.github.io/helm-charts + #repository: file://../csi-powermax condition: csi-powermax.enabled - name: csi-isilon - version: 2.7.0 + version: 2.8.0 repository: https://dell.github.io/helm-charts + #repository: file://../csi-isilon condition: csi-isilon.enabled - name: csi-vxflexos - version: 2.7.0 + version: 2.8.0 repository: https://dell.github.io/helm-charts + #repository: file://../csi-vxflexos condition: csi-vxflexos.enabled - name: csi-unity - version: 2.7.0 + version: 2.8.0 repository: https://dell.github.io/helm-charts + #repository: file://../csi-unity condition: csi-unity.enabled - name: csm-replication - version: 1.5.0 + version: 1.6.0 repository: https://dell.github.io/helm-charts + #repository: file://../csm-replication condition: csm-replication.enabled - + - name: karavi-observability - version: 1.5.0 + version: 1.6.0 repository: https://dell.github.io/helm-charts + #repository: file://../karavi-observability condition: karavi-observability.enabled - name: cert-manager version: 1.10.0 repository: https://charts.jetstack.io condition: cert-manager.enabled - diff --git a/charts/container-storage-modules/values.yaml b/charts/container-storage-modules/values.yaml index 617908e4..d42f26e8 100644 --- a/charts/container-storage-modules/values.yaml +++ b/charts/container-storage-modules/values.yaml @@ -20,9 +20,7 @@ ######################## csi-powerstore: enabled: false - version: "v2.7.0" - images: - driverRepository: dellemc + version: "v2.8.0" ## Controller ATTRIBUTES controller: controllerCount: 2 @@ -31,11 +29,8 @@ csi-powerstore: nodeSelector: replication: enabled: false - image: dellemc/dell-csi-replicator:v1.5.0 vgsnapshot: enabled: false - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 - metadataretriever: dellemc/csi-metadata-retriever:v1.4.0 snapshot: enabled: true resizer: @@ -45,7 +40,7 @@ csi-powerstore: healthMonitor: enabled: false nodeSelector: - # Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled + # Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled # tolerations: # - key: "offline.vxflexos.storage.dell.com" # operator: "Exists" @@ -76,29 +71,8 @@ csi-powerstore: # Enable this feature only after contact support for additional information podmon: enabled: false - image: dellemc/podmon:v1.6.0 - controller: - args: - - "--csisock=unix:/var/run/csi/csi.sock" - - "--labelvalue=csi-powerstore" - - "--arrayConnectivityPollRate=60" - - "--driverPath=csi-powerstore.dellemc.com" - - "--mode=controller" - - "--skipArrayConnectionValidation=false" - - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" - node: - args: - - "--csisock=unix:/var/lib/kubelet/plugins/csi-powerstore.dellemc.com/csi_sock" - - "--labelvalue=csi-powerstore" - - "--arrayConnectivityPollRate=60" - - "--driverPath=csi-powerstore.dellemc.com" - - "--mode=node" - - "--leaderelection=false" - - "--driver-config-params=/powerstore-config-params/driver-config-params.yaml" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" + # maxPowerstoreVolumesPerNode: Specify default value for maximum number of volumes that controller can publish to the node. + maxPowerstoreVolumesPerNode: 0 ## CSI PowerMax ######################## @@ -117,9 +91,7 @@ csi-powermax: - endpoint: https://backup-1.unisphe.re:8443 # - endpoint: https://primary-2.unisphe.re:8443 # - endpoint: https://backup-2.unisphe.re:8443 - version: "v2.7.0" - images: - driverRepository: "dellemc" + version: "v2.8.0" clusterPrefix: ABC portGroups: PortGroup1, PortGroup2, PortGroup3 controller: @@ -136,18 +108,13 @@ csi-powermax: enabled: false nodeSelector: csireverseproxy: - image: dellemc/csipowermax-reverseproxy:v2.6.0 deployAsSidecar: true replication: enabled: false - image: dellemc/dell-csi-replicator:v1.5.0 migration: enabled: false - image: dellemc/dell-csi-migrator:v1.1.1 - nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.1 authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0 proxyHost: vSphere: enabled: false @@ -160,9 +127,7 @@ csi-powermax: ######################## csi-isilon: enabled: false - version: "v2.7.0" - images: - driverRepository: dellemc + version: "v2.8.0" ## Controller ATTRIBUTES controller: controllerCount: 2 @@ -171,7 +136,6 @@ csi-isilon: nodeSelector: replication: enabled: false - image: dellemc/dell-csi-replicator:v1.5.0 snapshot: enabled: true resizer: @@ -206,33 +170,8 @@ csi-isilon: # Enable this feature only after contact support for additional information podmon: enabled: false - image: dellemc/podmon:v1.6.0 - #controller: - # args: - # - "--csisock=unix:/var/run/csi/csi.sock" - # - "--labelvalue=csi-isilon" - # - "--arrayConnectivityPollRate=60" - # - "--driverPath=csi-isilon.dellemc.com" - # - "--mode=controller" - # - "--skipArrayConnectionValidation=false" - # - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - # - "--driverPodLabelValue=dell-storage" - # - "--ignoreVolumelessPods=false" - - #node: - # args: - # - "--csisock=unix:/var/lib/kubelet/plugins/csi-isilon/csi_sock" - # - "--labelvalue=csi-isilon" - # - "--arrayConnectivityPollRate=60" - # - "--driverPath=csi-isilon.dellemc.com" - # - "--mode=node" - # - "--leaderelection=false" - # - "--driver-config-params=/csi-isilon-config-params/driver-config-params.yaml" - # - "--driverPodLabelValue=dell-storage" - # - "--ignoreVolumelessPods=false" authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0 proxyHost: encryption: enabled: false @@ -241,15 +180,11 @@ csi-isilon: ######################## csi-vxflexos: enabled: false - version: v2.7.0 - images: - driverRepository: dellemc - powerflexSdc: dellemc/sdc:3.6.0.6 + version: v2.8.0 certSecretCount: 0 controller: replication: enabled: false - image: dellemc/dell-csi-replicator:v1.5.0 healthMonitor: enabled: false controllerCount: 2 @@ -282,42 +217,27 @@ csi-vxflexos: # - key: "isilon.podmon.storage.dell.com" # operator: "Exists" # effect: "NoSchedule" + storageCapacity: + enabled: true monitor: enabled: false vgsnapshotter: enabled: false - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + # maxVxflexosVolumesPerNode - Maximum number of volumes that controller can publish to the node. + maxVxflexosVolumesPerNode: 0 + podmon: enabled: false - image: dellemc/podmon:v1.6.0 - # controller: - # args: - # - "--csisock=unix:/var/run/csi/csi.sock" - # - "--labelvalue=csi-vxflexos" - # - "--mode=controller" - # - "--skipArrayConnectionValidation=false" - # - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - # - "--driverPodLabelValue=dell-storage" - # - "--ignoreVolumelessPods=false" - # node: - # args: - # - "--csisock=unix:/var/lib/kubelet/plugins/vxflexos.emc.dell.com/csi_sock" - # - "--labelvalue=csi-vxflexos" - # - "--mode=node" - # - "--leaderelection=false" - # - "--driver-config-params=/vxflexos-config-params/driver-config-params.yaml" - # - "--driverPodLabelValue=dell-storage" - # - "--ignoreVolumelessPods=false" + authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0 proxyHost: ## CSI Unity ######################## csi-unity: enabled: false - version: "v2.7.0" + version: "v2.8.0" # certSecretCount: Represents number of certificate secrets, which user is going to create for # ssl authentication. (unity-cert-0..unity-cert-n) @@ -405,27 +325,6 @@ csi-unity: # effect: "NoSchedule" podmon: enabled: false - image: dellemc/podmon:v1.6.0 - controller: - args: - - "--csisock=unix:/var/run/csi/csi.sock" - - "--labelvalue=csi-unity" - - "--driverPath=csi-unity.dellemc.com" - - "--mode=controller" - - "--skipArrayConnectionValidation=false" - - "--driver-config-params=/unity-config/driver-config-params.yaml" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" - node: - args: - - "--csisock=unix:/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock" - - "--labelvalue=csi-unity" - - "--driverPath=csi-unity.dellemc.com" - - "--mode=node" - - "--leaderelection=false" - - "--driver-config-params=/unity-config/driver-config-params.yaml" - - "--driverPodLabelValue=dell-storage" - - "--ignoreVolumelessPods=false" # allowRWOMultiPodAccess - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode. allowRWOMultiPodAccess: "false" @@ -436,6 +335,11 @@ csi-unity: # tenantName - Tenant name that need to added while adding host entry to the array. tenantName: "" +# Storage Capacity Tracking +# Note: Capacity tracking is supported in kubernetes v1.24 and above, this feature will be automatically disabled in older versions. +storageCapacity: + enabled: true + images: driverRepository: dellemc diff --git a/charts/cosi/Chart.yaml b/charts/cosi/Chart.yaml new file mode 100644 index 00000000..157a687d --- /dev/null +++ b/charts/cosi/Chart.yaml @@ -0,0 +1,36 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + +apiVersion: v2 +name: cosi +description: Container Object Storage Interface (COSI) Driver for Dell ObjectScale + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: 1.0.0-alpha diff --git a/charts/cosi/templates/NOTES.txt b/charts/cosi/templates/NOTES.txt new file mode 100644 index 00000000..dd78f413 --- /dev/null +++ b/charts/cosi/templates/NOTES.txt @@ -0,0 +1,5 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named {{ .Release.Name }}. + +For more information visit CSM documentation: https://dell.github.io/csm-docs/ diff --git a/charts/cosi/templates/_helpers.tpl b/charts/cosi/templates/_helpers.tpl new file mode 100644 index 00000000..9181052c --- /dev/null +++ b/charts/cosi/templates/_helpers.tpl @@ -0,0 +1,183 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "cosi.name" }} + {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "cosi.fullname" }} + {{- if .Values.fullnameOverride }} + {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} + {{- else }} + {{- $name := default .Chart.Name .Values.nameOverride }} + {{- if contains $name .Release.Name }} + {{- .Release.Name | trunc 63 | trimSuffix "-" }} + {{- else }} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} + {{- end }} + {{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cosi.chart" }} + {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +# COSI driver log level +# Possible values: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 +# Default value: 4 +*/}} +{{- define "cosi.logLevel" }} + {{- $logLevelValues := list 0 1 2 3 4 5 6 7 8 9 10 }} + {{- if (has .Values.provisioner.logLevel $logLevelValues) }} + {{- .Values.provisioner.logLevel }} + {{- else }} + {{- 4 }} + {{- end }} +{{- end }} + +{{/* +# COSI driver sidecar log level +# Values are set to the integer value, higher value means more verbose logging +*/}} +{{- define "cosi.provisionerSidecarVerbosity" }} + {{- if (kindIs "int" .Values.sidecar.verbosity) }} + {{- .Values.sidecar.verbosity }} + {{- else }} + {{- 5 }} + {{- end }} +{{- end }} + +{{/* +# COSI driver log format +# Possible values: "json" "text" +# Default value: "json" +*/}} +{{- define "cosi.logFormat" }} + {{- $logFormatValues := list "json" "text" }} + {{- if (has .Values.provisioner.logFormat $logFormatValues) }} + {{- .Values.provisioner.logFormat }} + {{- else }} + {{- "text" }} + {{- end }} +{{- end }} + +{{/* +# COSI driver OTEL endpoint +# Default value is left empty on purpose, to not start any tracing if no argument was provided. +# Default value: "" +*/}} +{{- define "cosi.otelEndpoint" }} + {{- if .Values.provisioner.otelEndpoint }} + {{- .Values.provisioner.otelEndpoint }} + {{- else }} + {{- "" }} + {{- end }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "cosi.labels" }} +helm.sh/chart: {{ include "cosi.chart" . }} +{{- include "cosi.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "cosi.selectorLabels" }} +app.kubernetes.io/name: {{ include "cosi.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the role to use +*/}} +{{- define "cosi.roleName" }} + {{- if and .Values.rbac.create }} + {{- default (printf "%s" (include "cosi.fullname" .)) .Values.rbac.role.name }} + {{- else }} + {{- .Values.rbac.role.name }} + {{- end }} +{{- end }} + +{{/* +Create the name of the role binding to use +*/}} +{{- define "cosi.roleBindingName" }} + {{- if and .Values.rbac.create }} + {{- default (printf "%s" (include "cosi.fullname" .)) .Values.rbac.roleBinding.name }} + {{- else }} + {{- .Values.rbac.roleBinding.name }} + {{- end }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cosi.serviceAccountName" -}} + {{- if .Values.serviceAccount.create -}} + {{ default (include "cosi.fullname" .) .Values.serviceAccount.name }} + {{- else -}} + {{ default "default" .Values.serviceAccount.name }} + {{- end -}} +{{- end -}} + +{{/* +Create the name of provisioner container +*/}} +{{- define "cosi.provisionerContainerName" }} + {{- default "objectstorage-provisioner" .Values.provisioner.name }} +{{- end }} + +{{/* +Create the name of provisioner sidecar container +*/}} +{{- define "cosi.provisionerSidecarContainerName" }} + {{- default "objectstorage-provisioner-sidecar" .Values.sidecar.name }} +{{- end }} + +{{/* +Create the full name of provisioner image from repository and tag +*/}} +{{- define "cosi.provisionerImageName" }} + {{- .Values.provisioner.image.repository }}:{{ .Values.provisioner.image.tag | default .Chart.AppVersion }} +{{- end }} + +{{/* +Create the full name of provisioner sidecar image from repository and tag +*/}} +{{- define "cosi.provisionerSidecarImageName" }} + {{- .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }} +{{- end }} + +{{/* +Create the secret name +*/}} +{{- define "cosi.secretName" }} + {{- if .Values.configuration.create }} + {{- default (printf "%s-config" (include "cosi.name" . )) .Values.configuration.secretName }} + {{- else }} + {{- .Values.configuration.secretName }} + {{- end }} +{{- end }} + +{{/* +Create the name for secret volume +*/}} +{{- define "cosi.secretVolumeName" }} + {{- printf "%s-config" (include "cosi.name" . ) }} +{{- end }} diff --git a/charts/cosi/templates/deployment.yaml b/charts/cosi/templates/deployment.yaml new file mode 100644 index 00000000..29bf0511 --- /dev/null +++ b/charts/cosi/templates/deployment.yaml @@ -0,0 +1,90 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "cosi.fullname" . }} + labels: + {{- include "cosi.labels" . | trim | nindent 4 }} + {{- with .Values.rbac.role.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "cosi.selectorLabels" . | trim | nindent 6 }} + template: + metadata: + labels: + {{- include "cosi.labels" . | trim | nindent 8 }} + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "cosi.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: {{ include "cosi.provisionerContainerName" . }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + image: {{ include "cosi.provisionerImageName" . }} + imagePullPolicy: {{ .Values.provisioner.image.pullPolicy }} + args: + - "--log-level={{ include "cosi.logLevel" . }}" + - "--log-format={{ include "cosi.logFormat" . }}" + - "--otel-endpoint={{ include "cosi.otelEndpoint" . }}" + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: {{ include "cosi.secretVolumeName" . }} + mountPath: /cosi + - name: cosi-socket-dir + mountPath: /var/lib/cosi + - name: {{ include "cosi.provisionerSidecarContainerName" . }} + image: {{ include "cosi.provisionerSidecarImageName" . }} + imagePullPolicy: {{ .Values.sidecar.image.pullPolicy }} + args: + - "-v={{ include "cosi.provisionerSidecarVerbosity" . }}" + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: cosi-socket-dir + mountPath: /var/lib/cosi + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: {{ include "cosi.secretVolumeName" . }} + secret: + secretName: {{ include "cosi.secretName" . }} + - name: cosi-socket-dir + emptyDir: {} diff --git a/charts/cosi/templates/role.yaml b/charts/cosi/templates/role.yaml new file mode 100644 index 00000000..7a76974d --- /dev/null +++ b/charts/cosi/templates/role.yaml @@ -0,0 +1,52 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "cosi.roleName" . }} + labels: + {{- include "cosi.labels" . | trim | nindent 4 }} + {{- with .Values.rbac.roleBinding.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - objectstorage.k8s.io # COSI resources are grouped here + resources: # we do not add bucketclasses here, as those are managed by COSI Controller + - buckets + - bucketclaims + - bucketaccesses + - bucketaccessclasses + - buckets/status + - bucketaccesses/status + - bucketclaims/status + - bucketaccessclasses/status + verbs: # CRUD + list/watch + - create + - get + - update + - delete + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases # lease is created during leader election process by COSI Provisioner Sidecar + verbs: # CRUD + list/watch + - create + - get + - update + - delete + - list + - watch +- apiGroups: + - "" # empty for default API group + resources: + - events # events are emmited from COSI Provisioner Sidecar + - secrets # secrets are created by COSI Provisioner Sidecar as a part of access granting + verbs: # CRUD + - create + - get + - update + - delete +{{- end }} diff --git a/charts/cosi/templates/rolebinding.yaml b/charts/cosi/templates/rolebinding.yaml new file mode 100644 index 00000000..632dedb6 --- /dev/null +++ b/charts/cosi/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "cosi.roleBindingName" . }} + labels: + {{- include "cosi.labels" . | trim | nindent 4 }} + {{- with .Values.rbac.roleBinding.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +subjects: + - kind: ServiceAccount + name: {{ include "cosi.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "cosi.roleName" . }} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/cosi/templates/secret.yaml b/charts/cosi/templates/secret.yaml new file mode 100644 index 00000000..62df6eaf --- /dev/null +++ b/charts/cosi/templates/secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.configuration.create }} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "cosi.secretName" . }} + labels: + {{- include "cosi.labels" . | trim | nindent 4 }} + {{- with .Values.configuration.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + config.yaml: {{ toString .Values.configuration.data | b64enc }} +{{- end }} diff --git a/charts/cosi/templates/serviceaccount.yaml b/charts/cosi/templates/serviceaccount.yaml new file mode 100644 index 00000000..6b85d83f --- /dev/null +++ b/charts/cosi/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{ if .Values.rbac.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "cosi.serviceAccountName" . }} + labels: + {{- include "cosi.labels" . | trim | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end}} diff --git a/charts/cosi/values.yaml b/charts/cosi/values.yaml new file mode 100644 index 00000000..50d1e4cb --- /dev/null +++ b/charts/cosi/values.yaml @@ -0,0 +1,153 @@ +# Copyright © 2023 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License + +# Default values for cosi. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# provisioner specifies parameters for the COSI driver provisioner container. +provisioner: + # name of the COSI driver provisioner container. + name: "objectstorage-provisioner" + # logLevel is the logging level for the COSI driver provisioner, + # Possible values: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 + logLevel: 4 + # logFormat is the logging format for the COSI driver provisioner, + # Possible values: "json" "text". + logFormat: "text" + # otelEndpoint specifies the endpoint on which the OTEL Collector is set up and to which data is sent over gRPC. + otelEndpoint: "otel-collector.namespace:4317" + # image specifies the COSI driver provisioner container image. + image: + # repository is the COSI driver provisioner container image repository. + repository: "docker.io/dell/cosi" + # tag is the COSI driver provisioner container image tag. + tag: "v0.1.0" + # pullPolicy is the COSI driver provisioner container image pull policy. + pullPolicy: "IfNotPresent" + +# sidecar specifies parameters for the COSI driver sidecar container. +sidecar: + # name of the COSI driver sidecar container. + name: "objectstorage-provisioner-sidecar" + # verbosity is the logging verbosity for the COSI driver sidecar, higher values are more verbose, + # Possible values: integers from -2,147,483,648 to 2,147,483,647 + # + # Generally the range used is between -4 and 12. However, there may be cases where numbers outside + # that range might provide more information. + # For additional information, refer to the cosi sidecar documentation: + # - https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar + verbosity: 5 + # image specifies the COSI driver sidecar container image. + image: + # repository is the COSI driver sidecar container image repository. + repository: "gcr.io/k8s-staging-sig-storage/objectstorage-sidecar/objectstorage-sidecar" + # tag is the COSI driver sidecar container image tag. + tag: "v20230130-v0.1.0-24-gc0cf995" + # pullPolicy is the COSI driver sidecar container image pull policy. + pullPolicy: "IfNotPresent" + +# configuration of the driver can be set with with --set-file configuration.data=path/to/config.yaml +# or created manually and provided with --set configuration.secretName=existing-secret-name +configuration: + # Specifies whether a secret with driver configuration should be created + # If set to false, you must set `configuration.secretName` field to an existing configuration secret name. + create: true + annotations: {} + # name can be used to specify an existing secret name to use for the driver configuration or override the generated name (default `cosi`). + secretName: "" + # data should be provided when installing chart, it will be used to create the Secret with the driver configuration. + # `configuration.create` must be set to `true` for this to work. + data: "" + +# rbac specifies parameters for the COSI driver RBAC resources. +rbac: + # create specifies whether RBAC resources should be created. + create: true + # role specifies parameters for the COSI driver Role. + role: + # annotations to add to the Role resource + annotations: {} + # name of the Role to create (efault `cosi-role`). + name: "" + # roleBinding specifies parameters for the COSI driver RoleBinding. + roleBinding: + # Annotations to add to the RoleBinding + annotations: {} + # name of the RoleBinding to create (default `cosi-rolebinding`). + name: "" + +# serviceAccount specifies parameters for the COSI driver ServiceAccount. +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # Annotations to add to the ServiceAccount + annotations: {} + # The name of the ServiceAccount to create (or just use if `rbac.create=false`, default `cosi-sa`). + name: "" + +# replicaCount specifies the number of replicas of the COSI driver. +replicaCount: 1 +# nameOverride specifies the name override for the COSI driver installation (default is `name` form `Chart.yaml`). +nameOverride: "" +# fullnameOverride specifies the full name override for the COSI driver installation (generated based on release name). +fullnameOverride: "" +# podAnnotations specifies the list of annotations to add to the COSI driver pod. +podAnnotations: {} +# imagePullSecrets specifies the list of image pull secrets. +imagePullSecrets: [] + +# podSecurityContext specifies the security context for the COSI driver pod. +podSecurityContext: + runAsNonRoot: true + runAsUser: 1000 + # fsGroup: 2000 + +# securityContext specifies the security context for the COSI driver containers. +securityContext: + readOnlyRootFilesystem: true + # capabilities: + # drop: + # - ALL + +# resources specifies the resource limits and requests for the COSI driver containers. +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +# autoscaling rules for COSI driver deployment. +autoscaling: + # enabled specifies whether autoscaling is enabled. + enabled: false + # minReplicas specifies the minimum number of replicas. + minReplicas: 1 + # maxReplicas specifies the maximum number of replicas. + maxReplicas: 100 + # targetCPUUtilizationPercentage specifies the target CPU utilization percentage. + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage specifies the target memory utilization percentage. + # targetMemoryUtilizationPercentage: 80 + +# nodeSelector specifies the node selector for the COSI driver pod. +nodeSelector: {} +# tolerations specifies the list of tolerations for the COSI driver pod. +tolerations: [] +# affinity specifies the affinity for the COSI driver pod. +affinity: {} diff --git a/charts/csi-isilon/Chart.yaml b/charts/csi-isilon/Chart.yaml index 7ec43fe1..870eaa52 100644 --- a/charts/csi-isilon/Chart.yaml +++ b/charts/csi-isilon/Chart.yaml @@ -1,11 +1,11 @@ apiVersion: v2 name: csi-isilon -version: 2.7.0 -appVersion: "2.7.0" -kubeVersion: ">= 1.21.0 < 1.28.0" +version: 2.8.0 +appVersion: "2.8.0" +kubeVersion: ">= 1.21.0 < 1.29.0" #If you are using a complex K8s version like "v1.22.3-mirantis-1", use this kubeVersion check instead #WARNING: this version of the check will allow the use of alpha and beta versions, which is NOT SUPPORTED -#kubeVersion: ">= 1.21.0-0 < 1.28.0-0" +#kubeVersion: ">= 1.21.0-0 < 1.29.0-0" description: | PowerScale CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as diff --git a/charts/csi-isilon/templates/_helpers.tpl b/charts/csi-isilon/templates/_helpers.tpl index 02b2867e..0bf04fae 100644 --- a/charts/csi-isilon/templates/_helpers.tpl +++ b/charts/csi-isilon/templates/_helpers.tpl @@ -3,7 +3,7 @@ Return the appropriate sidecar images based on k8s version */}} {{- define "csi-isilon.attacherImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}} {{- end -}} {{- end -}} @@ -11,7 +11,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-isilon.provisionerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}} {{- end -}} {{- end -}} @@ -19,7 +19,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-isilon.snapshotterImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}} {{- end -}} {{- end -}} @@ -27,7 +27,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-isilon.resizerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}} {{- end -}} {{- end -}} @@ -35,7 +35,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-isilon.registrarImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}} {{- end -}} {{- end -}} @@ -43,7 +43,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-isilon.healthmonitorImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}} {{- end -}} {{- end -}} diff --git a/charts/csi-isilon/values.yaml b/charts/csi-isilon/values.yaml index 4245696c..59414b3c 100644 --- a/charts/csi-isilon/values.yaml +++ b/charts/csi-isilon/values.yaml @@ -2,7 +2,7 @@ ######################## # version: version of this values file # Note: Do not change this value -version: "v2.7.0" +version: "v2.8.0" # CSI driver log level # Allowed values: "error", "warn"/"warning", "info", "debug" @@ -127,7 +127,7 @@ controller: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.5.0 + image: dellemc/dell-csi-replicator:v1.6.0 # replicationContextPrefix: prefix to use for naming of resources created by replication feature # Allowed values: string @@ -360,8 +360,8 @@ autoProbe: true authorization: enabled: false # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.7.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0 + # Default value: dellemc/csm-authorization-sidecar:v1.8.0 + sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.8.0 # proxyHost: hostname of the csm-authorization server # Default value: None proxyHost: @@ -389,7 +389,7 @@ storageCapacity: # Enable this feature only after contact support for additional information podmon: enabled: false - image: dellemc/podmon:v1.6.0 + image: dellemc/podmon:v1.7.0 #controller: # args: # - "--csisock=unix:/var/run/csi/csi.sock" diff --git a/charts/csi-powermax/Chart.yaml b/charts/csi-powermax/Chart.yaml index af51a96b..b4244160 100644 --- a/charts/csi-powermax/Chart.yaml +++ b/charts/csi-powermax/Chart.yaml @@ -1,22 +1,22 @@ apiVersion: v2 -appVersion: "2.7.0" +appVersion: "2.8.0" name: csi-powermax -version: 2.7.0 +version: 2.8.0 description: | PowerMax CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a PowerMax StorageClass. type: application -kubeVersion: ">= 1.23.0 < 1.28.0" +kubeVersion: ">= 1.23.0 < 1.29.0" # If you are using a complex K8s version like "v1.23.3-mirantis-1", use this kubeVersion check instead # WARNING: this version of the check will allow the use of alpha and beta versions, which is NOT SUPPORTED -# kubeVersion: ">= 1.23.0-0 < 1.28.0-0" +# kubeVersion: ">= 1.23.0-0 < 1.29.0-0" keywords: - csi - storage dependencies: - name: csireverseproxy - version: 2.6.0 + version: 2.7.0 condition: required home: https://github.com/dell/csi-powermax icon: https://avatars1.githubusercontent.com/u/20958494?s=200&v=4 diff --git a/charts/csi-powermax/charts/csireverseproxy/Chart.yaml b/charts/csi-powermax/charts/csireverseproxy/Chart.yaml index 3ea07357..1825b03b 100644 --- a/charts/csi-powermax/charts/csireverseproxy/Chart.yaml +++ b/charts/csi-powermax/charts/csireverseproxy/Chart.yaml @@ -4,6 +4,6 @@ description: A Helm chart for CSI PowerMax ReverseProxy type: application -version: 2.6.0 +version: 2.7.0 -appVersion: 2.6.0 +appVersion: 2.7.0 diff --git a/charts/csi-powermax/charts/csireverseproxy/values.yaml b/charts/csi-powermax/charts/csireverseproxy/values.yaml index 32b0106b..fcd87e30 100644 --- a/charts/csi-powermax/charts/csireverseproxy/values.yaml +++ b/charts/csi-powermax/charts/csireverseproxy/values.yaml @@ -1,4 +1,4 @@ -image: dellemc/csipowermax-reverseproxy:v2.6.0 +image: dellemc/csipowermax-reverseproxy:v2.7.0 port: 2222 # TLS secret which is used for setting up the proxy HTTPS server diff --git a/charts/csi-powermax/templates/_helpers.tpl b/charts/csi-powermax/templates/_helpers.tpl index 51e4c90f..4cb67bdd 100644 --- a/charts/csi-powermax/templates/_helpers.tpl +++ b/charts/csi-powermax/templates/_helpers.tpl @@ -3,7 +3,7 @@ Return the appropriate sidecar images based on k8s version */}} {{- define "csi-powermax.attacherImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}} {{- end -}} {{- end -}} @@ -11,7 +11,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-powermax.provisionerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}} {{- end -}} {{- end -}} @@ -19,7 +19,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-powermax.snapshotterImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}} {{- end -}} {{- end -}} @@ -27,7 +27,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-powermax.resizerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}} {{- end -}} {{- end -}} @@ -35,7 +35,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-powermax.registrarImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}} {{- end -}} {{- end -}} @@ -43,8 +43,16 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-powermax.healthmonitorImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "23") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}} {{- end -}} {{- end -}} {{- end -}} + +{{- define "csi-powermax.isStorageCapacitySupported" -}} +{{- if eq .Values.storageCapacity.enabled true -}} + {{- if and (eq .Capabilities.KubeVersion.Major "1") (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") -}} + {{- true -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/csi-powermax/templates/controller.yaml b/charts/csi-powermax/templates/controller.yaml index f5118102..7785fbf0 100644 --- a/charts/csi-powermax/templates/controller.yaml +++ b/charts/csi-powermax/templates/controller.yaml @@ -91,7 +91,19 @@ rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["create", "delete", "get", "list", "watch", "update", "patch"] - {{- end}} + {{- end}} + # Permissions for Storage Capacity + {{- if eq (include "csi-powermax.isStorageCapacitySupported" .) "true" }} + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] + {{- end }} --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -184,9 +196,20 @@ spec: - "--leader-election" - "--extra-create-metadata" - "--feature-gates=Topology=true" + - "--enable-capacity={{ (include "csi-powermax.isStorageCapacitySupported" .) | default false }}" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval={{ .Values.storageCapacity.pollInterval | default "5m" }}" env: - name: ADDRESS value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name volumeMounts: - name: socket-dir mountPath: /var/run/csi @@ -487,4 +510,4 @@ spec: secret: secretName: proxy-server-root-certificate {{ end }} - {{ end }} \ No newline at end of file + {{ end }} diff --git a/charts/csi-powermax/templates/csidriver.yaml b/charts/csi-powermax/templates/csidriver.yaml index 52cc6694..2717b327 100644 --- a/charts/csi-powermax/templates/csidriver.yaml +++ b/charts/csi-powermax/templates/csidriver.yaml @@ -7,5 +7,7 @@ metadata: name: csi-powermax {{- end }} spec: + podInfoOnMount: true attachRequired: true - fsGroupPolicy: {{ .Values.fsGroupPolicy }} \ No newline at end of file + storageCapacity: {{ (include "csi-powermax.isStorageCapacitySupported" .) | default false }} + fsGroupPolicy: {{ .Values.fsGroupPolicy }} diff --git a/charts/csi-powermax/templates/node.yaml b/charts/csi-powermax/templates/node.yaml index 0d0cdae8..2d91c9b1 100644 --- a/charts/csi-powermax/templates/node.yaml +++ b/charts/csi-powermax/templates/node.yaml @@ -1,4 +1,3 @@ -{{- if or (eq .Values.migration.enabled true) (eq .Values.openshift true) }} apiVersion: v1 kind: ServiceAccount metadata: @@ -14,6 +13,9 @@ metadata: name: {{ .Release.Name }}-node {{- end }} rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "update", "patch"] {{- if eq .Values.openshift true }} - apiGroups: ["security.openshift.io"] resources: ["securitycontextconstraints"] @@ -60,7 +62,6 @@ roleRef: {{- end }} apiGroup: rbac.authorization.k8s.io --- -{{ end }} kind: DaemonSet apiVersion: apps/v1 metadata: @@ -81,9 +82,7 @@ spec: labels: app: {{ .Release.Name }}-node spec: - {{- if or (eq .Values.migration.enabled true) (eq .Values.openshift true) }} serviceAccountName: {{ .Release.Name }}-node - {{ end }} {{ if .Values.node.nodeSelector }} nodeSelector: {{- toYaml .Values.node.nodeSelector | nindent 8 }} @@ -121,6 +120,8 @@ spec: value: unix://{{ .Values.kubeletConfigDir }}/plugins/powermax.emc.dell.com/csi_sock - name: X_CSI_MODE value: node + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "{{ .Values.maxPowerMaxVolumesPerNode }}" - name: X_CSI_PRIVATE_MOUNT_DIR value: "{{ .Values.kubeletConfigDir }}/plugins/powermax.emc.dell.com/disks" - name: X_CSI_MANAGED_ARRAYS @@ -395,4 +396,4 @@ spec: secret: secretName: proxy-server-root-certificate {{ end }} - {{ end }} \ No newline at end of file + {{ end }} diff --git a/charts/csi-powermax/values.yaml b/charts/csi-powermax/values.yaml index 418b1c32..885a8ba9 100644 --- a/charts/csi-powermax/values.yaml +++ b/charts/csi-powermax/values.yaml @@ -49,7 +49,7 @@ global: # Current version of the driver # Don't modify this value as this value will be used by the install script -version: "v2.7.0" +version: "v2.8.0" images: # "driver" defines the container image, used for the driver container. @@ -101,6 +101,13 @@ kubeletConfigDir: /var/lib/kubelet # Default value: ReadWriteOnceWithFSType fsGroupPolicy: ReadWriteOnceWithFSType +# maxPowermaxVolumesPerNode: Specify default value for maximum number of volumes that controller can publish to the node. +# If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. +# This limit is applicable to all the nodes in the cluster for which node label 'max-Powermax-volumes-per-node' is not set. +# Allowed values: n, where n >= 0 +# Default value: 0 +maxPowerMaxVolumesPerNode: 0 + # controller: configure controller specific parameters controller: # controllerCount: Define the number of PowerMax controller nodes @@ -255,8 +262,8 @@ enableCHAP: false csireverseproxy: # image: Define the container images used for the reverse proxy # Default value: None - # Example: "csipowermax-reverseproxy:v2.6.0" - image: dellemc/csipowermax-reverseproxy:v2.6.0 + # Example: "csipowermax-reverseproxy:v2.7.0" + image: dellemc/csipowermax-reverseproxy:v2.7.0 # "tlsSecret" defines the TLS secret that is created with certificate # and its associated key # Default value: None @@ -375,7 +382,7 @@ replication: enabled: false # Change this to use any specific version of the dell-csi-replicator sidecar # Default value: None - image: dellemc/dell-csi-replicator:v1.5.0 + image: dellemc/dell-csi-replicator:v1.6.0 # replicationContextPrefix enables side cars to read # required information from the volume context # Default value: "powermax" @@ -396,10 +403,10 @@ migration: enabled: false # Change this to use any specific version of the dell-csi-migrator sidecar # Default value: None - image: dellemc/dell-csi-migrator:v1.1.1 + image: dellemc/dell-csi-migrator:v1.2.0 # Node rescan sidecar does a rescan on nodes for identifying new paths - # Default value: dellemc/dell-csi-node-rescanner:v1.0.1 - nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.1 + # Default value: None + nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.1.0 # migrationPrefix: Determine if migration is enabled # Default value: "migration.storage.dell.com" # Examples: "migration.storage.dell.com" @@ -415,8 +422,8 @@ migration: authorization: enabled: false # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.7.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0 + # Default value: dellemc/csm-authorization-sidecar:v1.8.0 + sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.8.0 # proxyHost: hostname of the csm-authorization server # Default value: None proxyHost: @@ -427,6 +434,20 @@ authorization: # Default value: "true" skipCertificateValidation: true +# Storage Capacity Tracking +# Note: Capacity tracking is supported in kubernetes v1.24 and above, this feature will be automatically disabled in older versions. +storageCapacity: + # enabled : Enable/Disable storage capacity tracking + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + # Default value: true + enabled: true + # pollInterval : Configure how often external-provisioner polls the driver to detect changed capacity + # Allowed values: 1m,2m,3m,...,10m,...,60m etc + # Default value: 5m + pollInterval: 5m + # VMware/vSphere virtualization support # set enable to true, if you to enable VMware virtualized environment support via RDM # Allowed Values: diff --git a/charts/csi-powerstore/Chart.yaml b/charts/csi-powerstore/Chart.yaml index f64ae17c..d7815a98 100644 --- a/charts/csi-powerstore/Chart.yaml +++ b/charts/csi-powerstore/Chart.yaml @@ -14,18 +14,18 @@ # # apiVersion: v2 -appVersion: "2.7.0" +appVersion: "2.8.0" name: csi-powerstore -version: 2.7.0 +version: 2.8.0 description: | PowerStore CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a PowerStore StorageClass. type: application -kubeVersion: ">= 1.22.0 < 1.28.0" -# If you are using a complex K8s version like "v1.23.3-mirantis-1", use this kubeVersion check instead +kubeVersion: ">= 1.24.0 < 1.29.0" +# If you are using a complex K8s version like "v1.24.3-mirantis-1", use this kubeVersion check instead # WARNING: this version of the check will allow the use of alpha and beta versions, which is NOT SUPPORTED -# kubeVersion: ">= 1.22.0-0 < 1.28.0-0" +# kubeVersion: ">= 1.24.0-0 < 1.29.0-0" keywords: - csi - storage diff --git a/charts/csi-powerstore/templates/_helpers.tpl b/charts/csi-powerstore/templates/_helpers.tpl index 8da93b35..300585d6 100644 --- a/charts/csi-powerstore/templates/_helpers.tpl +++ b/charts/csi-powerstore/templates/_helpers.tpl @@ -3,7 +3,7 @@ Return the appropriate sidecar images based on k8s version */}} {{- define "csi-powerstore.attacherImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}} {{- end -}} {{- end -}} @@ -11,7 +11,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-powerstore.provisionerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}} {{- end -}} {{- end -}} @@ -19,7 +19,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-powerstore.snapshotterImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}} {{- end -}} {{- end -}} @@ -27,7 +27,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-powerstore.resizerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}} {{- end -}} {{- end -}} @@ -35,7 +35,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-powerstore.registrarImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}} {{- end -}} {{- end -}} @@ -43,7 +43,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-powerstore.healthmonitorImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "22") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}} {{- end -}} {{- end -}} diff --git a/charts/csi-powerstore/templates/node.yaml b/charts/csi-powerstore/templates/node.yaml index d4773176..9771df68 100644 --- a/charts/csi-powerstore/templates/node.yaml +++ b/charts/csi-powerstore/templates/node.yaml @@ -193,6 +193,8 @@ spec: value: {{ .Values.node.nodeNamePrefix }} - name: X_CSI_POWERSTORE_NODE_ID_PATH value: /node-id + - name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE + value: "{{ .Values.maxPowerstoreVolumesPerNode }}" - name: X_CSI_POWERSTORE_NODE_CHROOT_PATH value: /noderoot - name: X_CSI_POWERSTORE_TMP_DIR @@ -201,8 +203,6 @@ spec: value: {{ .Values.driverName }} - name: X_CSI_FC_PORTS_FILTER_FILE_PATH value: {{ .Values.nodeFCPortsFilterFile }} - - name: X_CSI_DRIVER_NAME - value: {{ .Values.driverName }} {{- if eq .Values.connection.enableCHAP true }} - name: X_CSI_POWERSTORE_ENABLE_CHAP value: "true" diff --git a/charts/csi-powerstore/values.yaml b/charts/csi-powerstore/values.yaml index ec8db4f5..6fb15f4a 100644 --- a/charts/csi-powerstore/values.yaml +++ b/charts/csi-powerstore/values.yaml @@ -23,7 +23,7 @@ driverName: "csi-powerstore.dellemc.com" # Driver version required to pull the latest driver image -version: "v2.7.0" +version: "v2.8.0" # Specify kubelet config dir path. # Ensure that the config.yaml file is present at this path. @@ -53,6 +53,13 @@ externalAccess: # Default value: None imagePullPolicy: IfNotPresent +# maxPowerstoreVolumesPerNode: Specify default value for maximum number of volumes that controller can publish to the node. +# If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. +# This limit is applicable to all the nodes in the cluster for which node label 'max-powerstore-volumes-per-node' is not set. +# Allowed values: n, where n >= 0 +# Default value: 0 +maxPowerstoreVolumesPerNode: 0 + # nfsAcls: enables setting permissions on NFS mount directory # This value acts as default value for NFS ACL (nfsAcls), if not specified for an array config in secret # Permissions can be specified in two formats: @@ -151,7 +158,7 @@ controller: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.5.0 + image: dellemc/dell-csi-replicator:v1.6.0 # replicationContextPrefix: prefix to use for naming of resources created by replication feature # Allowed values: string @@ -164,7 +171,7 @@ controller: replicationPrefix: "replication.storage.dell.com" # Image for csi-metadata-retriever - metadataretriever: dellemc/csi-metadata-retriever:v1.4.0 + metadataretriever: dellemc/csi-metadata-retriever:v1.5.0 # nodeSelector: Define node selection constraints for controller pods. # For the pod to be eligible to run on a node, the node must have each @@ -311,7 +318,7 @@ storageCapacity: # Enable this feature only after contact support for additional information podmon: enabled: false - image: dellemc/podmon:v1.6.0 + image: dellemc/podmon:v1.7.0 controller: args: - "--csisock=unix:/var/run/csi/csi.sock" diff --git a/charts/csi-unity/Chart.yaml b/charts/csi-unity/Chart.yaml index c1a1c271..e0071cc2 100644 --- a/charts/csi-unity/Chart.yaml +++ b/charts/csi-unity/Chart.yaml @@ -1,20 +1,20 @@ apiVersion: v2 -appVersion: 2.7.0 +appVersion: 2.8.0 name: csi-unity -version: 2.7.0 +version: 2.8.0 description: | Unity XT CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a Unity XT StorageClass. type: application -kubeVersion: ">= 1.24.0 < 1.28.0" +kubeVersion: ">= 1.24.0 < 1.29.0" # If you are using a complex K8s version like "v1.24.3-mirantis-1", use this kubeVersion check instead # WARNING: this version of the check will allow the use of alpha and beta versions, which is NOT SUPPORTED -# kubeVersion: ">= 1.24.0-0 < 1.28.0-0" +# kubeVersion: ">= 1.24.0-0 < 1.29.0-0" keywords: - csi - storage sources: - https://github.com/dell/csi-unity maintainers: -- name: DellEMC +- name: DellEMC \ No newline at end of file diff --git a/charts/csi-unity/templates/_helpers.tpl b/charts/csi-unity/templates/_helpers.tpl index e5bc0130..c20b246f 100644 --- a/charts/csi-unity/templates/_helpers.tpl +++ b/charts/csi-unity/templates/_helpers.tpl @@ -3,7 +3,7 @@ Return the appropriate sidecar images based on k8s version */}} {{- define "csi-unity.attacherImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}} {{- end -}} {{- end -}} @@ -11,7 +11,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-unity.provisionerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}} {{- end -}} {{- end -}} @@ -19,7 +19,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-unity.snapshotterImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}} {{- end -}} {{- end -}} @@ -27,7 +27,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-unity.resizerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}} {{- end -}} {{- end -}} @@ -35,7 +35,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-unity.registrarImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}} {{- end -}} {{- end -}} @@ -43,8 +43,19 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-unity.healthmonitorImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}} {{- end -}} {{- end -}} {{- end -}} + +{{/* +Return true if storage capacity tracking is enabled and is supported based on k8s version +*/}} +{{- define "csi-unity.isStorageCapacitySupported" -}} +{{- if eq .Values.storageCapacity.enabled true -}} + {{- if and (eq .Capabilities.KubeVersion.Major "1") (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") -}} + {{- true -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/csi-unity/templates/controller.yaml b/charts/csi-unity/templates/controller.yaml index 2cf81728..2b126072 100644 --- a/charts/csi-unity/templates/controller.yaml +++ b/charts/csi-unity/templates/controller.yaml @@ -83,6 +83,18 @@ rules: - apiGroups: [""] resources: ["persistentvolumeclaims/status"] verbs: ["update", "patch"] + # Permissions for CSIStorageCapacity + {{- if eq (include "csi-unity.isStorageCapacitySupported" .) "true" }} + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] + {{- end }} --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -188,9 +200,20 @@ spec: - "--leader-election" - "--leader-election-namespace={{ .Release.Namespace }}" - "--default-fstype={{ .Values.defaultFsType | default "ext4" }}" + - "--enable-capacity={{ (include "csi-unity.isStorageCapacitySupported" .) | default false }}" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval={{ .Values.storageCapacity.pollInterval | default "5m" }}" env: - name: ADDRESS value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name volumeMounts: - name: socket-dir mountPath: /var/run/csi diff --git a/charts/csi-unity/templates/csidriver.yaml b/charts/csi-unity/templates/csidriver.yaml index f38d58ee..f9d57239 100644 --- a/charts/csi-unity/templates/csidriver.yaml +++ b/charts/csi-unity/templates/csidriver.yaml @@ -3,9 +3,10 @@ kind: CSIDriver metadata: name: csi-unity.dellemc.com spec: + storageCapacity: {{ (include "csi-unity.isStorageCapacitySupported" .) | default false }} attachRequired: true podInfoOnMount: true volumeLifecycleModes: - Persistent - Ephemeral - fsGroupPolicy: {{ .Values.fsGroupPolicy }} + fsGroupPolicy: {{ .Values.fsGroupPolicy }} \ No newline at end of file diff --git a/charts/csi-unity/values.yaml b/charts/csi-unity/values.yaml index 5cca28ff..56825fae 100644 --- a/charts/csi-unity/values.yaml +++ b/charts/csi-unity/values.yaml @@ -3,8 +3,8 @@ # version: version of this values file # Note: Do not change this value -# Examples : "v2.7.0" , "nightly" -version: "v2.7.0" +# Examples : "v2.8.0" , "nightly" +version: "v2.8.0" # LogLevel is used to set the logging level of the driver. # Allowed values: "error", "warn"/"warning", "info", "debug" @@ -194,7 +194,7 @@ podmon: # allowed values - string # default value : None # Example : "podman:latest", "pod:latest" - image: dellemc/podmon:v1.6.0 + image: dellemc/podmon:v1.7.0 controller: args: - "--csisock=unix:/var/run/csi/csi.sock" @@ -242,6 +242,20 @@ maxUnityVolumesPerNode: 0 # Examples : "tenant2" , "tenant3" tenantName: "" +# Storage Capacity Tracking +# Note: Capacity tracking is supported in kubernetes v1.24 and above, this feature will be automatically disabled in older versions. +storageCapacity: + # enabled : Enable/Disable storage capacity tracking + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + # Default value: true + enabled: true + # pollInterval : Configure how often external-provisioner polls the driver to detect changed capacity + # Allowed values: 1m,2m,3m,...,10m,...,60m etc + # Default value: 5m + pollInterval: 5m + images: # "driver" defines the container image, used for the driver container. driverRepository: dellemc diff --git a/charts/csi-vxflexos/Chart.yaml b/charts/csi-vxflexos/Chart.yaml index 960d6e6e..adc4da24 100644 --- a/charts/csi-vxflexos/Chart.yaml +++ b/charts/csi-vxflexos/Chart.yaml @@ -1,15 +1,15 @@ apiVersion: v2 -appVersion: "2.7.0" +appVersion: "2.8.0" name: csi-vxflexos -version: "2.7.0" +version: "2.8.0" description: | VxFlex OS CSI (Container Storage Interface) driver Kubernetes integration. This chart includes everything required to provision via CSI as well as a VxFlex OS StorageClass. -kubeVersion: ">= 1.21.0 < 1.28.0" +kubeVersion: ">= 1.21.0 < 1.29.0" # If you are using a complex K8s version like "v1.21.3-mirantis-1", use this kubeVersion check instead # WARNING: this version of the check will allow the use of alpha and beta versions, which is NOT SUPPORTED -# kubeVersion: ">= 1.21.0-0 < 1.28.0-0" +# kubeVersion: ">= 1.21.0-0 < 1.29.0-0" keywords: - csi - storage @@ -17,4 +17,3 @@ maintainers: - name: DellEMC sources: - https://github.com/dell/csi-vxflexos - diff --git a/charts/csi-vxflexos/templates/_helpers.tpl b/charts/csi-vxflexos/templates/_helpers.tpl index 63e654ea..621f38fc 100644 --- a/charts/csi-vxflexos/templates/_helpers.tpl +++ b/charts/csi-vxflexos/templates/_helpers.tpl @@ -3,7 +3,7 @@ Return the appropriate sidecar images based on k8s version */}} {{- define "csi-vxflexos.attacherImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-attacher:v4.3.0" -}} {{- end -}} {{- end -}} @@ -11,7 +11,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-vxflexos.provisionerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-provisioner:v3.5.0" -}} {{- end -}} {{- end -}} @@ -19,7 +19,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-vxflexos.snapshotterImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-snapshotter:v6.2.2" -}} {{- end -}} {{- end -}} @@ -27,7 +27,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-vxflexos.resizerImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-resizer:v1.8.0" -}} {{- end -}} {{- end -}} @@ -35,7 +35,7 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-vxflexos.registrarImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.8.0" -}} {{- end -}} {{- end -}} @@ -43,8 +43,19 @@ Return the appropriate sidecar images based on k8s version {{- define "csi-vxflexos.healthmonitorImage" -}} {{- if eq .Capabilities.KubeVersion.Major "1" }} - {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "27") -}} + {{- if and (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "21") (le (trimSuffix "+" .Capabilities.KubeVersion.Minor) "28") -}} {{- print "registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.9.0" -}} {{- end -}} {{- end -}} {{- end -}} + +{{/* +Return true if storage capacity tracking is enabled and is supported based on k8s version +*/}} +{{- define "csi-vxflexos.isStorageCapacitySupported" -}} +{{- if eq .Values.storageCapacity.enabled true -}} + {{- if and (eq .Capabilities.KubeVersion.Major "1") (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") -}} + {{- true -}} + {{- end -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/csi-vxflexos/templates/controller.yaml b/charts/csi-vxflexos/templates/controller.yaml index 8c4b4bef..0b064b32 100644 --- a/charts/csi-vxflexos/templates/controller.yaml +++ b/charts/csi-vxflexos/templates/controller.yaml @@ -111,6 +111,18 @@ rules: verbs: ["create", "get", "list", "watch"] {{- end}} {{- end}} +# Permissions for CSIStorageCapacity +{{- if eq (include "csi-vxflexos.isStorageCapacitySupported" .) "true" }} + - apiGroups: ["storage.k8s.io"] + resources: ["csistoragecapacities"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get"] +{{- end }} --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -258,9 +270,20 @@ spec: - "--v=5" - "--default-fstype={{ .Values.defaultFsType | default "ext4" }}" - "--extra-create-metadata" + - "--enable-capacity={{ (include "csi-vxflexos.isStorageCapacitySupported" .) | default false }}" + - "--capacity-ownerref-level=2" + - "--capacity-poll-interval={{ .Values.storageCapacity.pollInterval | default "5m" }}" env: - name: ADDRESS value: /var/run/csi/csi.sock + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name volumeMounts: - name: socket-dir mountPath: /var/run/csi @@ -397,6 +420,16 @@ spec: value: "{{ .Values.controller.healthMonitor.enabled }}" {{- end }} {{- end }} + {{- if hasKey .Values "nfsAcls" }} + - name: X_CSI_NFS_ACLS + value: "{{ .Values.nfsAcls }}" + {{- end }} + {{- if hasKey .Values "enableQuota" }} + {{- if eq .Values.enableQuota true}} + - name: X_CSI_QUOTA_ENABLED + value: "{{ .Values.enableQuota }}" + {{- end }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/run/csi @@ -439,4 +472,4 @@ spec: - key: cert-{{ $e }} path: cert-{{ $e }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/csi-vxflexos/templates/csidriver.yaml b/charts/csi-vxflexos/templates/csidriver.yaml index f8aac725..8bd88e7a 100644 --- a/charts/csi-vxflexos/templates/csidriver.yaml +++ b/charts/csi-vxflexos/templates/csidriver.yaml @@ -3,6 +3,7 @@ kind: CSIDriver metadata: name: csi-vxflexos.dellemc.com spec: + storageCapacity: {{ (include "csi-vxflexos.isStorageCapacitySupported" .) | default false }} fsGroupPolicy: {{ .Values.fsGroupPolicy }} attachRequired: true podInfoOnMount: true diff --git a/charts/csi-vxflexos/templates/node.yaml b/charts/csi-vxflexos/templates/node.yaml index 2ba5d3c6..44806fb0 100644 --- a/charts/csi-vxflexos/templates/node.yaml +++ b/charts/csi-vxflexos/templates/node.yaml @@ -197,6 +197,8 @@ spec: value: "{{ .Values.kubeletConfigDir }}/plugins/vxflexos.emc.dell.com/disks" - name: X_CSI_ALLOW_RWO_MULTI_POD_ACCESS value: "{{ required "Must provide a true/false string to allow RWO multi pod access." .Values.allowRWOMultiPodAccess }}" + - name: X_CSI_MAX_VOLUMES_PER_NODE + value: "{{ .Values.maxVxflexosVolumesPerNode }}" - name: SSL_CERT_DIR value: /certs {{- if hasKey .Values.node "healthMonitor" }} diff --git a/charts/csi-vxflexos/values.yaml b/charts/csi-vxflexos/values.yaml index ec5c6dd6..31cbc9fb 100644 --- a/charts/csi-vxflexos/values.yaml +++ b/charts/csi-vxflexos/values.yaml @@ -3,14 +3,14 @@ # "version" is used to verify the values file matches driver version # Not recommend to change -version: v2.7.0 +version: v2.8.0 images: # "driver" defines the container image, used for the driver container. driverRepository: dellemc # "powerflexSdc" defines the SDC image for init container. - powerflexSdc: dellemc/sdc:3.6.0.6 + powerflexSdc: dellemc/sdc:3.6.1 # Represents number of certificate secrets, which user is going to create for ssl authentication. (vxflexos-cert-0..vxflexos-cert-n) @@ -46,6 +46,29 @@ defaultFsType: ext4 # Default value: None imagePullPolicy: IfNotPresent +# nfsAcls: enables setting permissions on NFS mount directory +# This value acts as default value for NFS ACL (nfsAcls), if not specified for an array config in secret +# Permissions can be specified in two formats: +# 1) Unix mode (NFSv3) +# 2) NFSv4 ACLs (NFSv4) +# NFSv4 ACLs are supported on NFSv4 share only. +# Allowed values: +# 1) Unix mode: valid octal mode number +# Examples: "0777", "777", "0755" +# 2) NFSv4 acls: valid NFSv4 acls, separated by comma +# Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy" +# Optional: true +# Default value: "0777" +nfsAcls: "0777" + +# enableQuota: a boolean that, when enabled, will set quota limit for a newly provisioned NFS volume. +# Allowed values: +# true: set quota for volume +# false: do not set quota for volume +# Optional: true +# Default value: none +enableQuota: false + # "enablesnapshotcgdelete"- a boolean that, when enabled, will delete all snapshots in a consistency group # everytime a snap in the group is deleted # Allowed values: true, false @@ -54,7 +77,7 @@ enablesnapshotcgdelete: "false" # "enablelistvolumesnapshot" - a boolean that, when enabled, will allow list volume operation to include snapshots (since creating a volume # from a snap actually results in a new snap) -# It is recommend this be false unless instructed otherwise. +# It is recommended this be false unless instructed otherwise. # Allowed values: true, false # Default value: none enablelistvolumesnapshot: "false" @@ -62,7 +85,7 @@ enablelistvolumesnapshot: "false" # Setting allowRWOMultiPodAccess to "true" will allow multiple pods on the same node # to access the same RWO volume. This behavior conflicts with the CSI specification version 1.3 # NodePublishVolume descrition that requires an error to be returned in this case. -# However some other CSI drivers support this behavior and some customers desire this behavior. +# However, some other CSI drivers support this behavior and some customers desire this behavior. # Kubernetes could make a change at their discretion that would preclude our ability to support this option. # Customers use this option at their own risk. # You should leave this set as "false" unless instructed to change it by Dell support. @@ -79,6 +102,13 @@ allowRWOMultiPodAccess: "false" # None: volumes will be mounted with no modifications. fsGroupPolicy: File +# maxVxflexosVolumesPerNode: Specify default value for maximum number of volumes that controller can publish to the node. +# If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. +# This limit is applicable to all the nodes in the cluster for which node label 'maxVxflexosVolumesPerNode' is not set. +# Allowed values: n, where n >= 0 +# Default value: 0 +maxVxflexosVolumesPerNode: 0 + # "controller" allows to configure controller specific parameters controller: @@ -95,7 +125,7 @@ controller: # image: Image to use for dell-csi-replicator. This shouldn't be changed # Allowed values: string # Default value: None - image: dellemc/dell-csi-replicator:v1.5.0 + image: dellemc/dell-csi-replicator:v1.6.0 # replicationContextPrefix: prefix to use for naming of resources created by replication feature # Allowed values: string @@ -245,6 +275,21 @@ node: # Default value: false enabled: false +# Storage Capacity Tracking +# Note: Capacity tracking is supported in kubernetes v1.24 and above, this feature will be automatically disabled in older versions. +storageCapacity: + # enabled : Enable/Disable storage capacity tracking + # Allowed values: + # true: enable storage capacity tracking + # false: disable storage capacity tracking + # Default value: true + enabled: true + # pollInterval : Configure how often external-provisioner polls the driver to detect changed capacity + # Allowed values: 1m,2m,3m,...,10m,...,60m etc + # Default value: 5m + pollInterval: 5m + + # monitoring pod details # These options control the running of the monitoring container # This container gather diagnostic information in case of failure @@ -277,7 +322,7 @@ vgsnapshotter: # Enable this feature only after contact support for additional information podmon: enabled: false - image: dellemc/podmon:v1.6.0 + image: dellemc/podmon:v1.7.0 #controller: # args: # - "--csisock=unix:/var/run/csi/csi.sock" @@ -308,8 +353,8 @@ authorization: enabled: false # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.7.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0 + # Default value: dellemc/csm-authorization-sidecar:v1.8.0 + sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.8.0 # proxyHost: hostname of the csm-authorization server # Default value: None @@ -320,4 +365,4 @@ authorization: # "true" - TLS certificate verification will be skipped # "false" - TLS certificate will be verified # Default value: "true" - skipCertificateValidation: true + skipCertificateValidation: true \ No newline at end of file diff --git a/charts/csm-authorization/Chart.yaml b/charts/csm-authorization/Chart.yaml index e4f2f594..21dbf905 100644 --- a/charts/csm-authorization/Chart.yaml +++ b/charts/csm-authorization/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: csm-authorization -version: 1.7.0 -appVersion: 1.7.0 +version: 1.8.0 +appVersion: 1.8.0 type: application description: | CSM for Authorization is part of the [Container Storage Modules](https://github.com/dell/csm) open source suite of Kubernetes diff --git a/charts/csm-authorization/values.yaml b/charts/csm-authorization/values.yaml index 22f83d7b..c07ff9b8 100644 --- a/charts/csm-authorization/values.yaml +++ b/charts/csm-authorization/values.yaml @@ -11,10 +11,10 @@ cert-manager: authorization: # images to use in installation images: - proxyService: dellemc/csm-authorization-proxy:v1.7.0 - tenantService: dellemc/csm-authorization-tenant:v1.7.0 - roleService: dellemc/csm-authorization-role:v1.7.0 - storageService: dellemc/csm-authorization-storage:v1.7.0 + proxyService: dellemc/csm-authorization-proxy:v1.8.0 + tenantService: dellemc/csm-authorization-tenant:v1.8.0 + roleService: dellemc/csm-authorization-role:v1.8.0 + storageService: dellemc/csm-authorization-storage:v1.8.0 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 diff --git a/charts/csm-replication/Chart.yaml b/charts/csm-replication/Chart.yaml index 93a3e4e0..a287568b 100644 --- a/charts/csm-replication/Chart.yaml +++ b/charts/csm-replication/Chart.yaml @@ -3,5 +3,5 @@ name: csm-replication type: application description: | CSM for Replication helm charts -version: 1.5.0 -appVersion: "1.5.0" +version: 1.6.0 +appVersion: "1.6.0" diff --git a/charts/csm-replication/templates/controller.yaml b/charts/csm-replication/templates/controller.yaml index d0f408cc..4fc19d96 100644 --- a/charts/csm-replication/templates/controller.yaml +++ b/charts/csm-replication/templates/controller.yaml @@ -17,10 +17,8 @@ rules: resources: - customresourcedefinitions verbs: - - create - get - list - - update - watch - apiGroups: - apiextensions.k8s.io @@ -29,7 +27,6 @@ rules: verbs: - get - list - - patch - watch - apiGroups: - coordination.k8s.io @@ -267,12 +264,6 @@ spec: {{- toYaml .Values.hostAliases | nindent 6 }} {{- end }} serviceAccountName: dell-replication-controller-sa - initContainers: - - name: init-rg-migration - imagePullPolicy: Always - image: {{ .Values.initImage }} - command: - - /upgrade/migrate_rg.sh containers: - args: - prefix=replication.storage.dell.com diff --git a/charts/csm-replication/values.yaml b/charts/csm-replication/values.yaml index d9463d7d..c49882b5 100644 --- a/charts/csm-replication/values.yaml +++ b/charts/csm-replication/values.yaml @@ -5,11 +5,7 @@ replicas: 1 # image: Defines controller image. This shouldn't be changed # Allowed values: string -image: dellemc/dell-replication-controller:v1.5.0 - -# image: Defines controller's init container image. This shouldn't be changed -# Allowed values: string -initImage: dellemc/dell-replication-init:v1.0.1 +image: dellemc/dell-replication-controller:v1.6.0 # logLevel: Defines initial log level for controller. This can be changed in runtime # Allowed values: "debug", "info", "warn", "error", "panic" diff --git a/charts/karavi-observability/Chart.yaml b/charts/karavi-observability/Chart.yaml index 5a356407..d15b0f5e 100644 --- a/charts/karavi-observability/Chart.yaml +++ b/charts/karavi-observability/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: "1.5.0" +appVersion: "1.6.0" name: karavi-observability description: CSM for Observability is part of the [Container Storage Modules](https://github.com/dell/csm) open source suite of Kubernetes storage enablers for Dell EMC storage products. CSM for Observability provides Kubernetes administrators with visibility into metrics and topology data related to containerized storage. type: application -version: 1.5.1 +version: 1.6.0 dependencies: - name: cert-manager version: 1.10.0 diff --git a/charts/karavi-observability/values.yaml b/charts/karavi-observability/values.yaml index c169c805..c47aecbc 100644 --- a/charts/karavi-observability/values.yaml +++ b/charts/karavi-observability/values.yaml @@ -1,5 +1,5 @@ karaviTopology: - image: dellemc/csm-topology:v1.5.0 + image: dellemc/csm-topology:v1.6.0 enabled: true # comma separated list of provisioner names (ex: csi-vxflexos.dellemc.com) provisionerNames: csi-vxflexos.dellemc.com,csi-powerstore.dellemc.com,csi-isilon.dellemc.com,csi-powermax.dellemc.com @@ -13,7 +13,7 @@ karaviTopology: probability: 0.0 karaviMetricsPowerflex: - image: dellemc/csm-metrics-powerflex:v1.5.0 + image: dellemc/csm-metrics-powerflex:v1.6.0 enabled: true collectorAddr: otel-collector:55680 # comma separated list of provisioner names (ex: csi-vxflexos.dellemc.com) @@ -40,8 +40,8 @@ karaviMetricsPowerflex: authorization: enabled: false # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.6.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + # Default value: dellemc/csm-authorization-sidecar:v1.8.0 + sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.8.0 # proxyHost: hostname of the csm-authorization server # Default value: None proxyHost: @@ -53,7 +53,7 @@ karaviMetricsPowerflex: skipCertificateValidation: true karaviMetricsPowerstore: - image: dellemc/csm-metrics-powerstore:v1.5.0 + image: dellemc/csm-metrics-powerstore:v1.6.0 enabled: true collectorAddr: otel-collector:55680 # comma separated list of provisioner names (ex: csi-powerstore.dellemc.com) @@ -79,7 +79,7 @@ karaviMetricsPowerstore: probability: 0.0 karaviMetricsPowerscale: - image: dellemc/csm-metrics-powerscale:v1.2.0 + image: dellemc/csm-metrics-powerscale:v1.3.0 enabled: true collectorAddr: otel-collector:55680 # comma separated list of provisioner names (ex: csi-isilon.dellemc.com) @@ -116,8 +116,8 @@ karaviMetricsPowerscale: authorization: enabled: false # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.6.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + # Default value: dellemc/csm-authorization-sidecar:v1.8.0 + sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.8.0 # proxyHost: hostname of the csm-authorization server # Default value: None proxyHost: @@ -129,7 +129,7 @@ karaviMetricsPowerscale: skipCertificateValidation: true karaviMetricsPowermax: - image: dellemc/csm-metrics-powermax:v1.0.0 + image: dellemc/csm-metrics-powermax:v1.1.0 enabled: true collectorAddr: otel-collector:55680 # comma separated list of provisioner names (ex: csi-powermax.dellemc.com) @@ -153,8 +153,8 @@ karaviMetricsPowermax: authorization: enabled: false # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.6.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + # Default value: dellemc/csm-authorization-sidecar:v1.8.0 + sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.8.0 # proxyHost: hostname of the csm-authorization server # Default value: None proxyHost: diff --git a/kubelinter-config.yaml b/kubelinter-config.yaml new file mode 100644 index 00000000..9e79fd83 --- /dev/null +++ b/kubelinter-config.yaml @@ -0,0 +1,69 @@ +checks: + # NOTE: Include all checks, comment failing + include: + - "access-to-create-pods" + # - "access-to-secrets" + - "cluster-admin-role-binding" + - "dangling-horizontalpodautoscaler" + - "dangling-ingress" + - "dangling-networkpolicy" + - "dangling-networkpolicypeer-podselector" + - "dangling-service" + - "default-service-account" + - "deprecated-service-account-field" + # - "dnsconfig-options" + - "docker-sock" + - "drop-net-raw-capability" + - "duplicate-env-var" + - "env-var-secret" + - "exposed-services" + - "host-ipc" + - "host-network" + - "host-pid" + - "hpa-minimum-three-replicas" + - "invalid-target-ports" + - "latest-tag" + # - "minimum-three-replicas" + - "mismatching-selector" + - "no-anti-affinity" + - "no-extensions-v1beta" + # - "no-liveness-probe" + # - "no-node-affinity" + - "no-read-only-root-fs" + # - "no-readiness-probe" + # - "no-rolling-update-strategy" + - "non-existent-service-account" + # - "non-isolated-pod" + - "privilege-escalation-container" + - "privileged-container" + - "privileged-ports" + - "read-secret-from-env-var" + # - "required-annotation-email" + # - "required-label-owner" + - "run-as-non-root" + - "sensitive-host-mounts" + - "ssh-port" + - "unsafe-proc-mount" + - "unsafe-sysctls" + # - "unset-cpu-requirements" + # - "unset-memory-requirements" + # - "use-namespace" + - "wildcard-in-rules" + - "writable-host-mount" + + # NOTE: manually exclude failing for documentation, fix them in future or + # comment why are they disabled. + exclude: + - "access-to-secrets" # NOTE: COSI Provisioner Sidecar requires access to secrets + - "dnsconfig-options" + - "minimum-three-replicas" + - "no-liveness-probe" + - "no-node-affinity" + - "no-readiness-probe" + - "no-rolling-update-strategy" + - "non-isolated-pod" + - "required-annotation-email" + - "required-label-owner" + - "unset-cpu-requirements" + - "unset-memory-requirements" + - "use-namespace"