[bug-1581]: Offline bundle contains Authorization v2 server images (#777

) * add authorization server images * fix env * use karavi-authorization-proxy * update sidecar in samples * add auth sample * revert some changes * add sample * update kube-mgmt and redis tag * remake bundle
dell · Nov 19, 2024 · 1260d28 · 1260d28
1 parent 0172207
commit 1260d28
Show file tree

Hide file tree

Showing 10 changed files with 268 additions and 13 deletions.
diff --git a/bundle/manifests/csm-config-params_v1_configmap.yaml b/bundle/manifests/csm-config-params_v1_configmap.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  csm-config-params.yaml: |-
+    CONCURRENT_POWERFLEX_REQUESTS: 10
+    CONCURRENT_POWERSCALE_REQUESTS: 10
+    LOG_LEVEL: debug
+    STORAGE_CAPACITY_POLL_INTERVAL: 5m
+kind: ConfigMap
+metadata:
+  name: csm-config-params
diff --git a/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml b/bundle/manifests/dell-csm-operator.clusterserviceversion.yaml
@@ -4,6 +4,86 @@ metadata:
   annotations:
     alm-examples: |-
       [
+        {
+          "apiVersion": "storage.dell.com/v1",
+          "kind": "ContainerStorageModule",
+          "metadata": {
+            "name": "authorization",
+            "namespace": "authorization"
+          },
+          "spec": {
+            "modules": [
+              {
+                "components": [
+                  {
+                    "enabled": true,
+                    "name": "nginx"
+                  },
+                  {
+                    "enabled": true,
+                    "name": "cert-manager"
+                  },
+                  {
+                    "authorizationController": "quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0",
+                    "authorizationControllerReplicas": 1,
+                    "certificate": "",
+                    "controllerReconcileInterval": "5m",
+                    "enabled": true,
+                    "hostname": "csm-authorization.com",
+                    "leaderElection": true,
+                    "name": "proxy-server",
+                    "opa": "docker.io/openpolicyagent/opa:latest",
+                    "opaKubeMgmt": "docker.io/openpolicyagent/kube-mgmt:8.5.10",
+                    "openTelemetryCollectorAddress": "",
+                    "privateKey": "",
+                    "proxyServerIngress": [
+                      {
+                        "annotations": {},
+                        "hosts": [],
+                        "ingressClassName": "nginx"
+                      }
+                    ],
+                    "proxyService": "quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0",
+                    "proxyServiceReplicas": 1,
+                    "roleService": "quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0",
+                    "roleServiceReplicas": 1,
+                    "storageService": "quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0",
+                    "storageServiceReplicas": 1,
+                    "tenantService": "quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0",
+                    "tenantServiceReplicas": 1
+                  },
+                  {
+                    "commander": "docker.io/rediscommander/redis-commander:latest",
+                    "name": "redis",
+                    "redis": "docker.io/redis:7.4.1-alpine",
+                    "redisCommander": "rediscommander",
+                    "redisName": "redis-csm",
+                    "redisReplicas": 5,
+                    "sentinel": "sentinel"
+                  },
+                  {
+                    "name": "vault",
+                    "vaultConfigurations": [
+                      {
+                        "address": "https://10.0.0.1:8400",
+                        "certificateAuthority": "",
+                        "clientCertificate": "",
+                        "clientKey": "",
+                        "identifier": "vault0",
+                        "role": "csm-authorization",
+                        "skipCertificateValidation": true
+                      }
+                    ]
+                  }
+                ],
+                "configVersion": "v2.0.0",
+                "enabled": true,
+                "forceRemoveModule": true,
+                "name": "authorization-proxy-server"
+              }
+            ]
+          }
+        },
         {
           "apiVersion": "storage.dell.com/v1",
           "kind": "ContainerStorageModule",
@@ -177,7 +257,7 @@ metadata:
                         "value": "true"
                       }
                     ],
-                    "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0",
+                    "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0",
                     "name": "karavi-authorization-proxy"
                   }
                 ],
@@ -577,7 +657,7 @@ metadata:
                         "value": "true"
                       }
                     ],
-                    "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0",
+                    "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0",
                     "name": "karavi-authorization-proxy"
                   }
                 ],
@@ -1229,7 +1309,7 @@ metadata:
                         "value": "true"
                       }
                     ],
-                    "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0",
+                    "image": "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0",
                     "name": "karavi-authorization-proxy"
                   }
                 ],
@@ -1419,7 +1499,7 @@ metadata:
     capabilities: Seamless Upgrades
     categories: Storage
     containerImage: quay.io/dell/container-storage-modules/dell-csm-operator:v1.7.0
-    createdAt: "2024-09-30T10:28:43Z"
+    createdAt: "2024-11-13T20:54:04Z"
     description: Easily install and manage Dell’s CSI Drivers and CSM
     features.operators.openshift.io/disconnected: "true"
     features.operators.openshift.io/fips-compliant: "false"
@@ -4290,7 +4370,17 @@ spec:
                       - name: RELATED_IMAGE_sdc
                         value: docker.io/dellemc/sdc:4.5.2.1
                       - name: RELATED_IMAGE_karavi-authorization-proxy
-                        value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0
+                        value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0
+                      - name: RELATED_IMAGE_csm-authorization-proxy
+                        value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0
+                      - name: RELATED_IMAGE_csm-authorization-tenant
+                        value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0
+                      - name: RELATED_IMAGE_csm-authorization-role
+                        value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0
+                      - name: RELATED_IMAGE_csm-authorization-storage
+                        value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0
+                      - name: RELATED_IMAGE_csm-authorization-controller
+                        value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0
                       - name: RELATED_IMAGE_dell-csi-replicator
                         value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0
                       - name: RELATED_IMAGE_dell-replication-controller-manager
@@ -4400,8 +4490,18 @@ spec:
       name: csi-vxflexos
     - image: docker.io/dellemc/sdc:4.5.2.1
       name: sdc
-    - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0
+    - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0
       name: karavi-authorization-proxy
+    - image: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0
+      name: csm-authorization-proxy
+    - image: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0
+      name: csm-authorization-tenant
+    - image: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0
+      name: csm-authorization-role
+    - image: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0
+      name: csm-authorization-storage
+    - image: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0
+      name: csm-authorization-controller
     - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0
       name: dell-csi-replicator
     - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -45,8 +45,18 @@ spec:
               name: RELATED_IMAGE_csi-vxflexos
             - value: docker.io/dellemc/sdc:4.5.2.1
               name: RELATED_IMAGE_sdc
-            - value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0
-              name: RELATED_IMAGE_karavi-authorization-proxy
+            - name: RELATED_IMAGE_karavi-authorization-proxy
+              value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0
+            - name: RELATED_IMAGE_csm-authorization-proxy
+              value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0
+            - name: RELATED_IMAGE_csm-authorization-tenant
+              value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0
+            - name: RELATED_IMAGE_csm-authorization-role
+              value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0
+            - name: RELATED_IMAGE_csm-authorization-storage
+              value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0
+            - name: RELATED_IMAGE_csm-authorization-controller
+              value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0
             - value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0
               name: RELATED_IMAGE_dell-csi-replicator
             - value: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0

diff --git a/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml b/config/manifests/bases/dell-csm-operator.clusterserviceversion.yaml
@@ -1753,8 +1753,18 @@ spec:
       name: csi-vxflexos
     - image: docker.io/dellemc/sdc:4.5.2.1
       name: sdc
-    - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0
+    - image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0
       name: karavi-authorization-proxy
+    - image: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0
+      name: csm-authorization-proxy
+    - image: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0
+      name: csm-authorization-tenant
+    - image: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0
+      name: csm-authorization-role
+    - image: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0
+      name: csm-authorization-storage
+    - image: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0
+      name: csm-authorization-controller
     - image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0
       name: dell-csi-replicator
     - image: quay.io/dell/container-storage-modules/dell-replication-controller:v1.10.0

diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml
@@ -5,4 +5,5 @@ resources:
   - storage_v1_csm_powerstore.yaml
   - storage_v1_csm_unity.yaml
   - storage_v1_csm_powermax.yaml
+  - storage_v1_csm_authorization_v2.yaml
 # +kubebuilder:scaffold:manifestskustomizesamples
diff --git a/config/samples/storage_v1_csm_authorization_v2.yaml b/config/samples/storage_v1_csm_authorization_v2.yaml
@@ -0,0 +1,114 @@
+apiVersion: storage.dell.com/v1
+kind: ContainerStorageModule
+metadata:
+  name: authorization
+  namespace: authorization
+spec:
+  modules:
+    # Authorization: enable csm-authorization proxy server for RBAC
+    - name: authorization-proxy-server
+      # enable: Enable/Disable csm-authorization
+      enabled: true
+      configVersion: v2.0.0
+      forceRemoveModule: true
+      components:
+        # For Kubernetes Container Platform only
+        # enabled: Enable/Disable NGINX Ingress Controller
+        # Allowed values:
+        #   true: enable deployment of NGINX Ingress Controller
+        #   false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section
+        # Default value: true
+        - name: nginx
+          enabled: true
+        # enabled: Enable/Disable cert-manager
+        # Allowed values:
+        #   true: enable deployment of cert-manager
+        #   false: disable deployment of cert-manager only if it's already deployed
+        # Default value: true
+        - name: cert-manager
+          enabled: true
+        - name: proxy-server
+          # enable: Enable/Disable csm-authorization proxy server
+          enabled: true
+          proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0
+          proxyServiceReplicas: 1
+          tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0
+          tenantServiceReplicas: 1
+          roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0
+          roleServiceReplicas: 1
+          storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0
+          storageServiceReplicas: 1
+          opa: docker.io/openpolicyagent/opa:latest
+          opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:8.5.10
+          authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0
+          authorizationControllerReplicas: 1
+          leaderElection: true
+          # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis.
+          controllerReconcileInterval: 5m
+          # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates
+          # for self-signed certs, leave empty string
+          # Allowed values: string
+          certificate: ""
+          # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates
+          # for self-signed certs, leave empty string
+          # Allowed values: string
+          privateKey: ""
+          # proxy-server ingress will use this hostname
+          # NOTE: an additional hostname can be configured in proxyServerIngress.hosts
+          # NOTE: proxy-server ingress is configured to accept IP address connections so hostnames are not required
+          hostname: "csm-authorization.com"
+          # proxy-server ingress configuration
+          proxyServerIngress:
+            - ingressClassName: nginx
+              # additional host rules for the proxy-server ingress
+              hosts: []
+              # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local
+
+              # additional annotations for the proxy-server ingress
+              annotations: {}
+          # openTelemetryCollectorAddress: the OTLP receiving endpoint using gRPC
+          openTelemetryCollectorAddress: ""
+        - name: redis
+          redis: docker.io/redis:7.4.1-alpine
+          commander: docker.io/rediscommander/redis-commander:latest
+          redisName: redis-csm
+          redisCommander: rediscommander
+          sentinel: sentinel
+          redisReplicas: 5
+        - name: vault
+          vaultConfigurations:
+            - identifier: vault0
+              address: https://10.0.0.1:8400
+              role: csm-authorization
+              skipCertificateValidation: true
+              # clientCertificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates
+              # for self-signed certs, leave empty string
+              # Allowed values: string
+              clientCertificate: ""
+              # clientKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates
+              # for self-signed certs, leave empty string
+              # Allowed values: string
+              clientKey: ""
+              # certificateAuthority: base64-encoded certificate authority for validating vault server certificate -- add certificate authority here to use custom certificates
+              #  for self-signed certs, leave empty string
+              # Allowed values: string
+              certificateAuthority: ""
+#            - identifier: vault0
+#              address: https://10.0.0.1:8400
+#              role: csm-authorization
+#              skipCertificateValidation: true
+#              clientCertificate:
+#              clientKey:
+#              certificateAuthority:
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: csm-config-params
+  namespace: authorization
+data:
+  csm-config-params.yaml: |-
+    CONCURRENT_POWERFLEX_REQUESTS: 10
+    CONCURRENT_POWERSCALE_REQUESTS: 10
+    LOG_LEVEL: debug
+    STORAGE_CAPACITY_POLL_INTERVAL: 5m
diff --git a/config/samples/storage_v1_csm_powerflex.yaml b/config/samples/storage_v1_csm_powerflex.yaml
@@ -197,7 +197,7 @@ spec:
       components:
         - name: karavi-authorization-proxy
           # Use image: dellemc/csm-authorization-sidecar:v2.0.0-alpha for PowerFlex Tech-Preview v2.0.0-alpha
-          image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0
+          image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0
           envs:
             # proxyHost: hostname of the csm-authorization server
             - name: "PROXY_HOST"

diff --git a/config/samples/storage_v1_csm_powermax.yaml b/config/samples/storage_v1_csm_powermax.yaml
@@ -278,7 +278,7 @@ spec:
       configVersion: v1.12.0
       components:
         - name: karavi-authorization-proxy
-          image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0
+          image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0
           envs:
             # proxyHost: hostname of the csm-authorization server
             - name: "PROXY_HOST"

diff --git a/config/samples/storage_v1_csm_powerscale.yaml b/config/samples/storage_v1_csm_powerscale.yaml
@@ -255,7 +255,7 @@ spec:
       configVersion: v1.12.0
       components:
         - name: karavi-authorization-proxy
-          image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0
+          image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0
           envs:
             # proxyHost: hostname of the csm-authorization server
             - name: "PROXY_HOST"

diff --git a/deploy/operator.yaml b/deploy/operator.yaml
@@ -1329,7 +1329,17 @@ spec:
             - name: RELATED_IMAGE_sdc
               value: docker.io/dellemc/sdc:4.5.2.1
             - name: RELATED_IMAGE_karavi-authorization-proxy
-              value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0
+              value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0
+            - name: RELATED_IMAGE_csm-authorization-proxy
+              value: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0
+            - name: RELATED_IMAGE_csm-authorization-tenant
+              value: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0
+            - name: RELATED_IMAGE_csm-authorization-role
+              value: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0
+            - name: RELATED_IMAGE_csm-authorization-storage
+              value: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0
+            - name: RELATED_IMAGE_csm-authorization-controller
+              value: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0
             - name: RELATED_IMAGE_dell-csi-replicator
               value: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.10.0
             - name: RELATED_IMAGE_dell-replication-controller-manager